You can configure automated compliance remediation by applying host security configuration rules and setting options to enforce hardening rules.

1. Add the Apply Host Security Configuration Rules out of the box workflow to the vRealize Orchestrator server. For more information, see Import Workflow.
2. Log in to vRealize Orchestrator to enforce the hardening rules in vRealize Orchestrator.
3. Run the Configure Host Security Config Data workflow to configure the Host Security Hardening Configuration and Email Config attributes.
4. In the Enforce Options, you can choose to selectively enforce rules by configuring the configuration elements.
   1. Under Configurations, set the NTP values.
      
   2. Under Email Options, configure Send Email Notifications?
      
   3. Under vRealize Operations Connections, configure the connection and login credentials.
      
   After executing the workflow, both the Host Security Hardening Options and Email Config configurational elements are filled with attribute values that are enforced.

   

   

5. After setting the options to enforce hardening rules, enforce them automatically through auto remediation feature of Management Pack for vRealize Orchestrator
   1. Go to Administration > Policies.
   2. Edit the policy currently active.
   3. Select the Symptom Definitions tab on the left, and search for the alert, ESXi Host is violating VMware vSphere Security Configuration Guide for vCenter version 6.5 or 6.7 on the panel that appears on the right.
   4. Select the alert and in the Automate column, change the value to local.
   5. Select the Apply Policy to Groups tab on the left and and select the checkbox against vRealize Orchestrator Adapter Managed Objects in the panel that appears on the right.