Secure Azure Infra – 1.2:Explore Azure Security Center

Continue from Lab 1 : Explore Azure Security Center

In this section of the lab, we’ll take a look around Azure Security Center and explore what it has to offer.

1) In the Azure portal, click on Security Center on the left hand menu.

2) The overview section of the Security Center shows an ‘at-a-glance’ view of any security recommendations, alerts and prevention items relating to compute, storage, networking and applications, as shown in Figure 7.

ASC Main

Figure 7: Azure Security Center Main Screen

3) Click on ‘Recommendations’ in the Security Center menu. You will see a list of recommendations relating to various areas of the environment – for example, the need to add Network Security Groups on subnets and VMs, or the recommendation to apply disk encryption to VMs.

ASC Recommendations

Figure 8: Azure Security Center Recommendations

4) Click on ‘Compute & Apps’ in the left hand menu. This will take you to a compute specific recommendations page where we can begin to apply recommendations.

5) Click on the ‘VMs and Computers’ tab where you will see a list of all VMs in your subscription and the issues that ASC has found.

6) One of the common warnings is related to endpoint protection on virtual machines. Click on the ‘Compute’ item in the menu and then click on the warning for ‘Endpoint Protection Issues’. This will take you to a screen showing how many VMs are not protected.

ASC Endpoint Protection

Figure 9: Azure Security Center Endpoint Protection

7) Click on the ‘Endpoint Protection Not Installed’ item and then select the eligible VMs (VM1 & VM2 in your case). Click the button ‘Install on 2 VMs’.

8) Select ‘Microsoft Anti-Malware’ and then select all defaults before clicking ‘OK’ and letting the anti-malware software install on your VMs.

9) Return to the ‘Overview’ page within the Compute section and click on ‘Add a vulnerability assessment solution’. Select all four virtual machines and then click ‘Install’. From here, you can install a 3rd party vulnerability assessment tool (Qualys) on your VMs. Do not proceed with the installation, but instead proceed to the next step.

10) Return to the main ASC screen and then click on Networking. From here, you’ll be able to see that your VMs (VM1 – 4) are listed as ‘Internet Facing Endpoints’ but have no protection from either Network Security Groups or Next Generation Firewalls (Figure 10). You’ll add Network Security Groups to the environment later.

ASC Networking

Figure 10: Azure Security Center Networking Recommendations

11) From the main ASC page, click on Security Policy on the left hand menu. Click on your subscription.

12) From here, you can control the security policy recommendations (in the security policy section), set up email addresses for automated alerting and configure the pricing tier.

13) From the ‘Data Collection’ page, turn on the automatic provisioning of the monitoring agent and click save. This will allow Azure Security Center to automatically install the monitoring agent on the VMs in your subscription.

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

Leave a Reply

Your email address will not be published. Required fields are marked *