Getting Started with the Azure Security Center
In today’s Ask the Admin, I’ll show you how to get started with the Azure Security Center.
The Azure Security Center reached general availability mid-2016 and automatically alerts you if threats are detected on virtual machines (VMs), other resources, and third-party solutions running in the Azure cloud. Not only does Security Center provide an overview of the security posture of your Azure apps, but behavioral analysis also identifies threats based on intelligence collected by Microsoft from telemetry and well-established best practices.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Information is gathered using the Azure Monitoring Agent and Security Monitoring extension, which is then analyzed to produce a set of tailored recommendations for your environment based on existing knowledge.
The Azure Security Center can monitor the following resources:
- Cloud Services
- Azure virtual networks (vnets)
- Azure SQL service
- Partner solutions integrated with Azure
The data collected is stored in a storage account in the same region as the VMs from which the data is collected, helping to protect privacy and maintain data sovereignty.
It’s worth noting that the Microsoft Security Response Center (MSRC) monitors the Azure network and infrastructure, plus it receives threat intelligence and abuse complaints from third parties. Whereas Security Center is an Azure service that monitors the customer’s app deployments.
Standard Tier Free for 90 Days
In the steps that follow, we’ll sign up for a 90-day free trial of Security Center. The standard tier is required to enable threat intelligence, behavioral analysis, crash analysis, and anomaly detection. For more information on pricing, see Microsoft’s website here.
- Log in to the Azure management portal here using a tenant administrator account.
- In the Azure Management Portal window, click Security Center in the list of options on the left.
- In the Overview panel, click the Policy tile.
- In the Security policy panel, click the subscription that you’d like to upgrade.
- In the Security policy panel, click Pricing tier.
- In the Choose your pricing tier panel, select Standard – Free Trial and click Select.
Now that we have a trial of the standard tier, let’s enable data collection so that Security Center can evaluate the security of your Azure resources. In the Security policy panel, toggle the Data collection switch to On, and click Save at the top of the panel. Data collection agents will install on any existing VMs in your subscription.
Customize Prevention Policy Settings
You can choose to receive recommendations for different types of Azure resources by modifying prevention policy. By default, you’ll receive recommendations for all types of supported resources.
- Click Prevention policy in the Security policy panel.
- In the Prevention policy panel, you can see turn on or off recommendations for different types of resources. I’m going to leave them all enabled.
- Close the panel.
Email Notifications and Security Information
If you’d like Microsoft to contact you when a resource is compromised, you can provide an email address and phone number by doing the following:
- Click Email notifications in the Security policy panel.
- In the Email notifications panel, add an email address to which security alerts should be sent.
- Optionally, you can also enter a phone number.
- If you want to receive high severity alerts to the email address you specified in the last step, you’ll need to toggle Send me emails about alerts (Preview) to On.
- If you’d like high severity alerts to also be sent to users with the Subscription Owner role, set Send email also to subscription owners (Preview) to On.
- Click OK.
- In the Security policy panel, click Save at the top of the panel.
- Close the two Security policy panels.
Recommendations and Security Alerts
The most important sections of the Security Center are Recommendations and Security Alerts, where best practice information is consolidated for resources deployed in your Azure subscription. Click the Recommendations tile on the Overview screen. Note that the Recommendations tile is divided into different levels of severity and you can drill down into different severity levels, or just click the tile to see all recommendations.
In the Recommendations pane, you can see a list of recommendations. Click one to get more information about how to resolve the problem.
For instance, one of my VMs doesn’t have disk encryption enabled. If I click the recommendation, I get presented with a link where I can find instructions on how to encrypt a virtual disk. Similarly, to view security alerts, click the Security alerts tile in the Overview panel or Security alerts in the list of options on the left of the Security Center – Overview. Any security alerts will be listed in the Security alerts panel.
In this article, I showed you how to set up data collection in Azure Security Center using a 90-day trial of the Standard tier.