DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Edited on

Configure security policies by using Azure Security Center

#azure #security

Configure endpoint protection

  • The information under Endpoint protection issues can help you create a plan to address any issues identified
  • Security Center reports the following endpoint protection issues:
    • Endpoint protection not installed on Azure VMs
    • Endpoint protection not installed on non-Azure computers
    • Endpoint protection health issues
  • Security Center presents the endpoint protection issues as a recommendation Alt text of image

Configure centralized policy management by using Azure Security Center

  • By default, all prevention policies are turned on
  • Enabling a prevention policy, such as OS vulnerabilities, enables recommendations for that policy
  • You can enable or disable recommendations for:
    • System updates
    • OS vulnerabilities
    • Endpoint protection
    • Disk encryption
    • Network security groups
    • Web application firewall
    • Vulnerability Assessment
    • NGFW
    • SQL auditing & Threat detection
    • SQL Encryption Alt text of image

Configure vulnerability scanning and policies

  • Azure Security Center provides you with a centralized view of your Azure resources and their active security state
  • It provides integrated security monitoring and policy management across your Azure subscriptions, and works with a broad ecosystem of security solutions
  • Security Center delivers these solutions through the following capabilities:
    • Prevention
    • Detection
    • Response
  • A security policy defines the set of controls that are recommended for resources within the specified subscription or resource group
  • In Azure Security Center, you define policies for your Azure subscriptions or resource groups 
  • Enabling Security Center and data collection enables all the security policies by default
  • Three policy components include:
    • Prevention policy
    • Email notifications
    • Pricing tier Alt text of image

Configure JIT VM access by using Azure Security Center

  • RDP brute-force attacks are the attack method most commonly used to access Azure VMs
  • To blunt RDP brute-force attacks, you can:
    • Disable the public IP address and use a connection method such as P2S VPN, S2S VPN, or Azure ExpressRoute
    • Require two-factor authentication
    • Use complex passwords
    • Limit the time that the ports are open
  • Azure Security Center implements the last method by using JIT VM access
  • By enabling JIT VM access for your VMs, you can create a policy that determines the ports to help protect, the time ports should remain open, and the approved IP addresses that can access these ports

Top comments (0)

Read next

bytehackr profile image

Understanding the Basics of ELF Files on Linux

Sandipan Roy -

genius_introuble profile image

Mastering OSINT for Bug Bounty Success: Advanced Tools and Techniques for Deep Recon

Genius_InTrouble -

sushantrahate profile image

Node.js Authentication: Best Practices and Key Strategies

Sushant Rahate -

td_inc profile image

Meme Monday

TechDogs -