Control: Windows Defender Exploit Guard should be enabled on your machines
Description
Windows Defender Exploit Guard uses the Azure Policy Guest Configuration agent. Exploit Guard has four components that are designed to lock down devices against a wide variety of attack vectors and block behaviors commonly used in malware attacks while enabling enterprises to balance their security risk and productivity requirements (Windows only).
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_vm_windows_defender_exploit_guard_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_vm_windows_defender_exploit_guard_enabled --shareSQL
This control uses a named query:
compute_vm_windows_defender_exploit_guard_enabled