Configure security policies by using Azure Security Center

cheahengsoon profile image Eng Soon Cheah ・2 min read

Configure endpoint protection

  • The information under Endpoint protection issues can help you create a plan to address any issues identified
  • Security Center reports the following endpoint protection issues:
    • Endpoint protection not installed on Azure VMs
    • Endpoint protection not installed on non-Azure computers
    • Endpoint protection health issues
  • Security Center presents the endpoint protection issues as a recommendation Alt text of image

Configure centralized policy management by using Azure Security Center

  • By default, all prevention policies are turned on
  • Enabling a prevention policy, such as OS vulnerabilities, enables recommendations for that policy
  • You can enable or disable recommendations for:
    • System updates
    • OS vulnerabilities
    • Endpoint protection
    • Disk encryption
    • Network security groups
    • Web application firewall
    • Vulnerability Assessment
    • NGFW
    • SQL auditing & Threat detection
    • SQL Encryption Alt text of image

Configure vulnerability scanning and policies

  • Azure Security Center provides you with a centralized view of your Azure resources and their active security state
  • It provides integrated security monitoring and policy management across your Azure subscriptions, and works with a broad ecosystem of security solutions
  • Security Center delivers these solutions through the following capabilities:
    • Prevention
    • Detection
    • Response
  • A security policy defines the set of controls that are recommended for resources within the specified subscription or resource group
  • In Azure Security Center, you define policies for your Azure subscriptions or resource groups 
  • Enabling Security Center and data collection enables all the security policies by default
  • Three policy components include:
    • Prevention policy
    • Email notifications
    • Pricing tier Alt text of image

Configure JIT VM access by using Azure Security Center

  • RDP brute-force attacks are the attack method most commonly used to access Azure VMs
  • To blunt RDP brute-force attacks, you can:
    • Disable the public IP address and use a connection method such as P2S VPN, S2S VPN, or Azure ExpressRoute
    • Require two-factor authentication
    • Use complex passwords
    • Limit the time that the ports are open
  • Azure Security Center implements the last method by using JIT VM access
  • By enabling JIT VM access for your VMs, you can create a policy that determines the ports to help protect, the time ports should remain open, and the approved IP addresses that can access these ports


Editor guide