loading...

Create an Azure Security Center baseline

cheahengsoon profile image Eng Soon Cheah ・5 min read

Azure Security Center (ASC) provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. The following are Security Center recommendations that, if followed, will set various security policies on an Azure subscription.
These policies define the set of controls that are recommended for your resources with an Azure subscription.

Enable System Updates

Azure Security Center monitors daily Windows and Linux virtual machines (VMs) and computers for missing operating system updates. Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows computer. Security Center also checks for the latest updates in Linux systems. If your VM or computer is missing a system update, Security Center will recommend that you apply system updates.

  1. Sign in to the Azure portal.
  2. Select Security Policy on the Security Center main menu.
  3. The Policy Management screen is displayed.
  4. Choose your subscription from the displayed list.
  5. Check that System updates should be installed on your machines is one of the policies.
  6. Click the Enable Monitoring in Azure Security Center link (This may also be displayed as ASC Default witha GUID). Alt Text
  7. In this example, the ASC agent has not been deployed to a VM or physical machine so the message AuditIfNotExists is displayed. AuditIfNotExists enables auditing on resources that match the if condition. If the resource is not deployed, NotExists is displayed. Alt Text If enabled, Audit is displayed. If deployed but disabled, Disabled is displayed. Alt Text

Enable Security Configurations

Azure Security Center monitors security configurations by applying a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, Security Center generates a security recommendation.

  1. Sign in to the Azure portal.
  2. Select Security Policy on the Security Center main menu.
  3. The Policy Management screen is displayed.
  4. Choose your subscription from the displayed list.
  5. Check that Vulnerabilities in security configuration on your virtual machine scale sets should be remediated is one of the policies. Alt Text
    • Enable Endpoint Protection - Endpoint protection is recommended for all virtual machines.
    • Enable Disk Encryption - Azure Security Center recommends that you apply disk encryption if you have Windows or Linux VM disks that are not encrypted using Azure Disk Encryption. Disk Encryption lets you encrypt your Windows and Linux IaaS VM disks. Encryption is recommended for both the OS and data volumes on your VM.
    • Enable Network Security Groups Azure Security Center recommends that you enable a network security group (NSG) if one is not already enabled. NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your VM instances in a Virtual Network. NSGs can be associated with either subnets or individual VM instances within that subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VM instances in that subnet. In addition, traffic to an individual VM can be restricted further by associating an NSG directly to that VM.
    • Enable Web Application Firewall - Azure Security Center may recommend that you add a web application firewall (WAF) from a Microsoft partner to secure your web applications.
    • Enable Vulnerability Assessment - The vulnerability assessment in Azure Security Center is part of the Security Center virtual machine (VM) recommendations. If Security Center doesn't find a vulnerability assessment solution installed on your VM, it recommends that you install one. A partner agent, after being deployed, starts reporting vulnerability data to the partner's management platform. In turn, the partner's management platform provides vulnerability and health monitoring data back to Security Center.
    • Enable Storage Encryption - When this setting is enabled, any new data in Azure Blobs and Files will be encrypted.
    • Enable JIT Network Access - Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
    • Enable Adaptive Application Controls - Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence. This capability greatly simplifies the process of configuring and maintaining application whitelisting policies.
    • Enable SQL Auditing & Threat Detection - Azure Security Center will recommend that you turn on auditing and threat detection for all databases on your Azure SQL servers if auditing is not already enabled. Auditing and threat detection can help you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
    • Enable SQL Encryption - Azure Security Center will recommend that you enable Transparent Data Encryption (TDE) on SQL databases if TDE is not already enabled. TDE protects your data and helps you meet compliance requirements by encrypting your database, associated backups, and transaction log files at rest, without requiring changes to your application.
    • Set Security Contact Email and Phone Number - Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven't already. This information will be used by Microsoft to contact you if the Microsoft Security Response Center (MSRC) discovers that your customer data has been accessed by an unlawful or unauthorized party. MSRC performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties.
  6. Select Cost Management + Billing.
  7. The Contact info screen is displayed.
  8. Enter or validate the contact information displayed. Alt Text

Enable Send me emails about alerts

Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven't already.

  1. Select Cost Management + Billing.
  2. The Pricing & settings screen is displayed.
  3. Click on the subscription.
  4. Click Email notifications.
  5. Select SaveAlt Text

Enable Send email also to subscription owners

Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven't already.

  1. Using the above Email notifications form, additional emails can be added separated by commas.
  2. Click Save.

Posted on by:

cheahengsoon profile

Eng Soon Cheah

@cheahengsoon

Pursuit my dreams working in U.S.

Discussion

pic
Editor guide