-
Notifications
You must be signed in to change notification settings - Fork 0
lab 05 security centre
To take full advantage of Security Center, you need to complete the steps below to upgrade to the Standard tier and install the Microsoft Monitoring Agent
Security Center collects data from your Azure VMs and non-Azure computers to monitor for security vulnerabilities and threats. Data is collected using the Microsoft Monitoring Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. By default, Security Center will create a new workspace for you. When automatic provisioning is enabled, Security Center installs the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created. Automatic provisioning is strongly recommended.
Azure Security Center Basic Plan is included free with every Azure subscription. However, this workshop demonstrates and uses some of the functionality available in the Standard plan. Follow these steps to enable thr trial and start configuring the environment...
-
From the Azure Portal, select Security Centre from the list of options at the far-left of the portal screen. Alternatively, type Security Centre in the search bar at the top of the portal window and select it from the drop-down options.
-
The 'landing' screen for Security Center details some of the enhanced and additional features of the Standard Plan, and it also provides the ability to activate a 30-day trial of Security Center Standard Plan.
Activate the trial by clicking Start trial
-
The window will switch to the screen mentioning data collection agents similar to below:
Azure Security Center (ASC) has a feature which automatically installs the monitoring agent on all virtual machines deployed and managed by ASC. This is a requirement for later labs, so enable the feature by clicking Install agents.
Please note: If the button has been greyed out, then it is already switched on.
-
The Security Center - Overview screen will be displayed. Review the details in the main page and note that the system has already started to anaylse the working subscription and provide insights and recommendations. As the workshop progresses this screen will refresh as new resources are created and additional security is put into place.
- Click on Security policy
- Your subscription (Azure pass) should be listed (if it does not, close your browser session and open a new one)
- On the line where it lists your Azure subscription (Azure pass), click on Edit settings
- Set Auto Provisioning to On (if it's not already set to On)
- Under workspace configuration, click User another workspace and select your Log Analytics workspace created in previous labs
- Click on Save
- Click on Yes on Would you like to reconfigure monitored VMs?
- Switch back to Security Policy and ignore the message "Your unsaved edits will be discarded"
- On the line where it lists your workspace, click on Edit settings
- Click on Pricing tier, select Standard and click on Save
- Click on Data collection and select All Events and click on Save
Go to the Security Center – Overview which provides a unified view into the security posture of your hybrid cloud workloads, enabling you to discover and assess the security of your workloads and to identify and mitigate risk.
You can view and filter the list of subscriptions by clicking the Subscriptions menu item. Security Center will now begin assessing the security of these subscriptions to identify security vulnerabilities. To customize the types of assessments, you can modify the security policy. A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements.
Within minutes of launching Security Center the first time, you may see:
- Recommendations for ways to improve the security of your Azure subscriptions. Clicking the Recommendations tile will launch a prioritized list.
- An inventory of Compute & apps, Networking, Data security, and Identity & Access resources that are now being assessed by Security Center along with the security posture of each.
Now that you’ve upgraded to the Standard tier, you have access to additional Security Center features, including adaptive application controls, just in time VM access, security alerts, threat intelligence, automation playbooks, and more. Note that security alerts will only appear when Security Center detects malicious activity.
With this new insight into your Azure VMs, Security Center can provide additional recommendations related to system update status, Operating System security configurations, endpoint protection, as well as generate additional security alerts.
<< Previous Lab . . . . . Next Lab >>