In today’s Ask the Admin, I’ll show you how to get started with the Azure Security Center.
The Azure Security Center reached general availability mid-2016 and automatically alerts you if threats are detected on virtual machines (VMs), other resources, and third-party solutions running in the Azure cloud. Not only does Security Center provide an overview of the security posture of your Azure apps, but behavioral analysis also identifies threats based on intelligence collected by Microsoft from telemetry and well-established best practices.
Information is gathered using the Azure Monitoring Agent and Security Monitoring extension, which is then analyzed to produce a set of tailored recommendations for your environment based on existing knowledge.
The Azure Security Center can monitor the following resources:
The data collected is stored in a storage account in the same region as the VMs from which the data is collected, helping to protect privacy and maintain data sovereignty.
It’s worth noting that the Microsoft Security Response Center (MSRC) monitors the Azure network and infrastructure, plus it receives threat intelligence and abuse complaints from third parties. Whereas Security Center is an Azure service that monitors the customer’s app deployments.
In the steps that follow, we’ll sign up for a 90-day free trial of Security Center. The standard tier is required to enable threat intelligence, behavioral analysis, crash analysis, and anomaly detection. For more information on pricing, see Microsoft’s website here.
Now that we have a trial of the standard tier, let’s enable data collection so that Security Center can evaluate the security of your Azure resources. In the Security policy panel, toggle the Data collection switch to On, and click Save at the top of the panel. Data collection agents will install on any existing VMs in your subscription.
You can choose to receive recommendations for different types of Azure resources by modifying prevention policy. By default, you’ll receive recommendations for all types of supported resources.
If you’d like Microsoft to contact you when a resource is compromised, you can provide an email address and phone number by doing the following:
The most important sections of the Security Center are Recommendations and Security Alerts, where best practice information is consolidated for resources deployed in your Azure subscription. Click the Recommendations tile on the Overview screen. Note that the Recommendations tile is divided into different levels of severity and you can drill down into different severity levels, or just click the tile to see all recommendations.
In the Recommendations pane, you can see a list of recommendations. Click one to get more information about how to resolve the problem.
For instance, one of my VMs doesn’t have disk encryption enabled. If I click the recommendation, I get presented with a link where I can find instructions on how to encrypt a virtual disk. Similarly, to view security alerts, click the Security alerts tile in the Overview panel or Security alerts in the list of options on the left of the Security Center – Overview. Any security alerts will be listed in the Security alerts panel.
In this article, I showed you how to set up data collection in Azure Security Center using a 90-day trial of the Standard tier.