Best tip ever for Azure Security – Security Center built-in policies

As far as the inception of the ASC (Azure Security Center) Security Policies, I’ve been recommending attaching security policies to subscription, or management group.

Best part of this, is that the deployment is handled for you by ASC, if you’ve allowed/configured ASC policies in first place

  • On as side note, once you get comfy with policies, you’ll want to add region restrictions + bunch of best practice policies, but that shall be part of another blog post.

ASC’s default policy initiative

ref: https://docs.microsoft.com/en-us/azure/security-center/security-center-azure-policy 

With the ASC’s default policy initiative you get to audit and monitor the following controls proactively

  • Compute And Apps (14 out of 14 policies enabled)
  • Data (12 out of 12 policies enabled)
  • Identity (10 out of 10 policies enabled)

Kuvaesitys vaatii JavaScriptin.

 

How to assign ASC’s default policy initiative?

If for some reason this isn’t setup for you, you might want to check the following setting in security center

  • Once you’ve acknowledged and understand how you’re inheritance and ASC Plan is configured, you can enable the policies by one simple control ’ Assign Security Policy ’

ASC

3


Once the policies start, you’ll begin see the results of evaluation

  • 289 resources evaluated 🙂 – How great is this!

ASC45

Highly recommended!

Br, Joosua

 

Vastaa

Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:

WordPress.com-logo

Olet kommentoimassa WordPress.com -tilin nimissä. Log Out /  Muuta )

Google photo

Olet kommentoimassa Google -tilin nimissä. Log Out /  Muuta )

Twitter-kuva

Olet kommentoimassa Twitter -tilin nimissä. Log Out /  Muuta )

Facebook-kuva

Olet kommentoimassa Facebook -tilin nimissä. Log Out /  Muuta )

Muodostetaan yhteyttä palveluun %s