DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Azure Tenant Security Solution (AzTS)

Secure DevOps Kit for Azure (AzSK) is being phased out through FY21.The AzSK is transitioning to a more scalable and robust solution called Azure Tenant Security scanner (AzTS) which is based on Azure Functions and a central scan model where scans are performed via a managed identity with Reader access to subscriptions configured at management group level. This new approach helps us scale efficiently and with less process overhead to get the same level of visibility to compliance of several thousand subscriptions. It is also designed to help accelerate our migration to native security offerings in Azure such as Policy, Security Center, Management Groups, Azure Resource Graph, etc.


  1. Download the Power Shell Scripts from Here (
  2. Open the DeploymentFolder that you had created and open the script with Power Shell IDE
    Alt Text

  3. Replace the information for
    $TenantId - you can get in the Azure Active Directory
    Alt Text

$MIHostingSubId,$HostSubscriptionId - Your Subscription ID
$MIHostingRGName,$HostResourceGroupName - Resources Group Name
$Location -"East Asia"
$MIName = "Name of the Scanner MI"
$TargetSubscriptionIds - Your Subscription ID
$AzureEnvironmentName = "AzureCloud" or others
$SendAlertNotificationToEmailIds = the email to receive notification

4.After execute the scripts, you will saw the azure services are setup in your resources group.
Alt Text

5.When you open the webapp, the data is still blank.
Remember to execute the PowerShell Command, its take around 15 minutes.

Start-AzSKTenantSecuritySolutionOnDemandScan -SubscriptionId $HostSubscriptionId1 -ScanHostRGName $HostResourceGroupName1
Enter fullscreen mode Exit fullscreen mode

After end of execution, the messages will display
"Subscriptions have been queued for scan. The scan result will be available in the next 2 hours."

At the end,Open the webapp again,you will get the results as below
Alt Text


Top comments (0)