# Lab 5 – Azure Security Center for security recommendations ## Understand your application security posture in Azure To take full advantage of Security Center, you need to complete the steps below to upgrade to the Standard tier and install the Microsoft Monitoring Agent Security Center collects data from your Azure VMs and non-Azure computers to monitor for security vulnerabilities and threats. Data is collected using the Microsoft Monitoring Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. By default, Security Center will create a new workspace for you. When automatic provisioning is enabled, Security Center installs the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created. Automatic provisioning is strongly recommended. ### 5.1 - Enable Security Center Standard 30-day trial Azure Security Center _Basic_ Plan is included free with every Azure subscription. However, this workshop demonstrates and uses some of the functionality available in the _Standard_ plan. Follow these steps to enable thr trial and start configuring the environment... 1. From the Azure Portal, select **Security Centre** from the list of options at the far-left of the portal screen. Alternatively, type **Security Centre** in the search bar at the top of the portal window and select it from the drop-down options. ![ASC-trial](/images/lab5/Lab5-ASCGettingStarted.png) 2. The 'landing' screen for Security Center details some of the enhanced and additional features of the Standard Plan, and it also provides the ability to activate a 30-day trial of Security Center Standard Plan. Activate the trial by clicking **Start trial** 3. The window will switch to the screen mentioning data collection agents similar to below: ![ASC-agents](/images/lab5/Lab5-ASCInstallAgents.png) Azure Security Center (ASC) has a feature which automatically installs the monitoring agent on all virtual machines deployed and managed by ASC. This is a requirement for later labs, so enable the feature by clicking **Install agents**. **Please note**: If the button has been greyed out, then it is already switched on. 4. The **Security Center - Overview** screen will be displayed. Review the details in the main page and note that the system has already started to anaylse the working subscription and provide insights and recommendations. As the workshop progresses this screen will refresh as new resources are created and additional security is put into place. ### 5.2 - Doing more stuff 5. Click on **Security policy** 6. Your subscription (Azure pass) should be listed (if it does not, close your browser session and open a new one) 7. On the line where it lists your Azure subscription (Azure pass), click on **Edit settings** 8. Set **Auto Provisioning** to **On** (if it's not already set to On) 9. Under workspace configuration, click **User another workspace** and select your Log Analytics workspace created in previous labs 10. Click on **Save** 11. Click on **Yes** on **Would you like to reconfigure monitored VMs?** 12. Switch back to **Security Policy** and ignore the message "Your unsaved edits will be discarded" 13. On the line where it lists your workspace, click on **Edit settings** 14. Click on Pricing tier, select **Standard** and click on **Save** 15. Click on **Data collection** and select **All Events** and click on **Save** Go to the **Security Center – Overview** which provides a unified view into the security posture of your hybrid cloud workloads, enabling you to discover and assess the security of your workloads and to identify and mitigate risk. You can view and filter the list of subscriptions by clicking the Subscriptions menu item. Security Center will now begin assessing the security of these subscriptions to identify security vulnerabilities. To customize the types of assessments, you can modify the security policy. A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. Within minutes of launching Security Center the first time, you may see: - **Recommendations** for ways to improve the security of your Azure subscriptions. Clicking the Recommendations tile will launch a prioritized list. - An inventory of **Compute & apps, Networking, Data security, and Identity & Access** resources that are now being assessed by Security Center along with the security posture of each. Now that you’ve upgraded to the Standard tier, you have access to additional Security Center features, including **adaptive application controls, just in time VM access, security alerts, threat intelligence, automation playbooks**, and more. Note that security alerts will only appear when Security Center detects malicious activity. ![oms global](/images/lab5/oms-global.png) With this new insight into your Azure VMs, Security Center can provide additional recommendations related to system update status, Operating System security configurations, endpoint protection, as well as generate additional security alerts. ![oms recomm](/images/lab5/oms-recomm.png) << [Back to home page](/README.md) << [Previous Lab](lab-04-app-gateway.md) . . . . . [Next Lab](lab-06-storage-security.md) >>