Getting Started with the Azure Security Center

 

chrome 2017 01 19 10 43 33

In today’s Ask the Admin, I’ll show you how to get started with the Azure Security Center.

The Azure Security Center reached general availability mid-2016 and automatically alerts you if threats are detected on virtual machines (VMs), other resources, and third-party solutions running in the Azure cloud. Not only does Security Center provide an overview of the security posture of your Azure apps, but behavioral analysis also identifies threats based on intelligence collected by Microsoft from telemetry and well-established best practices.

 

 

Information is gathered using the Azure Monitoring Agent and Security Monitoring extension, which is then analyzed to produce a set of tailored recommendations for your environment based on existing knowledge.

The Azure Security Center can monitor the following resources:

  • VMs
  • Cloud Services
  • Azure virtual networks (vnets)
  • Azure SQL service
  • Partner solutions integrated with Azure

The data collected is stored in a storage account in the same region as the VMs from which the data is collected, helping to protect privacy and maintain data sovereignty.

It’s worth noting that the Microsoft Security Response Center (MSRC) monitors the Azure network and infrastructure, plus it receives threat intelligence and abuse complaints from third parties. Whereas Security Center is an Azure service that monitors the customer’s app deployments.

Standard Tier Free for 90 Days

In the steps that follow, we’ll sign up for a 90-day free trial of Security Center. The standard tier is required to enable threat intelligence, behavioral analysis, crash analysis, and anomaly detection. For more information on pricing, see Microsoft’s website here.

  • Log in to the Azure management portal here using a tenant administrator account.
  • In the Azure Management Portal window, click Security Center in the list of options on the left.
  • In the Overview panel, click the Policy tile.
Upgrade from the Free to Standard tier (90-day trial) - Image Credit (Russell Smith)
Upgrade from the Free to Standard tier (90-day trial) – Image Credit (Russell Smith)
  • In the Security policy panel, click the subscription that you’d like to upgrade.
  • In the Security policy panel, click Pricing tier.
  • In the Choose your pricing tier panel, select Standard – Free Trial and click Select.

Configure Policy

Now that we have a trial of the standard tier, let’s enable data collection so that Security Center can evaluate the security of your Azure resources. In the Security policy panel, toggle the Data collection switch to On, and click Save at the top of the panel. Data collection agents will install on any existing VMs in your subscription.

Customize Prevention Policy Settings

You can choose to receive recommendations for different types of Azure resources by modifying prevention policy. By default, you’ll receive recommendations for all types of supported resources.

  • Click Prevention policy in the Security policy panel.
  • In the Prevention policy panel, you can see turn on or off recommendations for different types of resources. I’m going to leave them all enabled.
  • Close the panel.
Configure prevention policy in the Azure Security Center (Image Credit: Russell Smith)
Configure prevention policy in the Azure Security Center (Image Credit: Russell Smith)

Email Notifications and Security Information

If you’d like Microsoft to contact you when a resource is compromised, you can provide an email address and phone number by doing the following:

  • Click Email notifications in the Security policy panel.
  • In the Email notifications panel, add an email address to which security alerts should be sent.
  • Optionally, you can also enter a phone number.
  • If you want to receive high severity alerts to the email address you specified in the last step, you’ll need to toggle Send me emails about alerts (Preview) to On.
  • If you’d like high severity alerts to also be sent to users with the Subscription Owner role, set Send email also to subscription owners (Preview) to On.
  • Click OK.
  • In the Security policy panel, click Save at the top of the panel.
  • Close the two Security policy panels.

Recommendations and Security Alerts

The most important sections of the Security Center are Recommendations and Security Alerts, where best practice information is consolidated for resources deployed in your Azure subscription. Click the Recommendations tile on the Overview screen. Note that the Recommendations tile is divided into different levels of severity and you can drill down into different severity levels, or just click the tile to see all recommendations.

Security recommendations in the Azure Security Center (Image Credit: Russell Smith)
Security recommendations in the Azure Security Center (Image Credit: Russell Smith)

In the Recommendations pane, you can see a list of recommendations. Click one to get more information about how to resolve the problem.

For instance, one of my VMs doesn’t have disk encryption enabled. If I click the recommendation, I get presented with a link where I can find instructions on how to encrypt a virtual disk. Similarly, to view security alerts, click the Security alerts tile in the Overview panel or Security alerts in the list of options on the left of the Security Center – Overview. Any security alerts will be listed in the Security alerts panel.

In this article, I showed you how to set up data collection in Azure Security Center using a 90-day trial of the Standard tier.