Azure Security Center: Monitor plugins broken

[ralish]

All of the Azure Security Center plugins which audit for monitoring of various vulnerable configurations are broken. The reasons are varied, but right now these tests appear to be just generating noise. They should be fixed or removed (preferably the latter).

• Monitor Blob Encryption
  Deprecated as blob encryption is now enabled by default and cannot be disabled. Plugin can probably be removed.
• Monitor Disk Encryption
  Appears to be replaced by the "Disk encryption should be applied on virtual machines" policy.
• Monitor Endpoint Protection
  Appears to be replaced by the "Endpoint protection solution should be installed on virtual machine scale sets" and "Monitor missing Endpoint Protection in Azure Security Center" policies.
• Monitor JIT Network Access
  Appears to be replaced by the "Management ports of virtual machines should be protected with just-in-time network access control" policy.
• Monitor NSG Enabled
  This policy appears to have been replaced with several more granular policies.
• Monitor SQL Auditing
  Replaced by the "Auditing should be enabled on advanced data security settings on SQL Server" policy.
• Monitor SQL Encryption
  Replaced by the "Transparent Data Encryption on SQL databases should be enabled" policy.
• Monitor System Updates Appears to be replaced by the "System updates should be installed on your machines" policy.
• Monitor VM Vulnerability
  Appears to be replaced by the "A vulnerability assessment solution should be enabled on your virtual machines" policy.

I think there's a strong argument that the general approach of these plugins needs a rethink, as they're ultimately auditing a small subset of the broader controls the built-in Azure policy sets provide. If that's the case, these plugins I'd suggest should still be removed until such an overhaul is implemented, as right now they're just generating alerts which effectively can't be actioned.