As far as the inception of the ASC (Azure Security Center) Security Policies, I’ve been recommending attaching security policies to subscription, or management group.
Best part of this, is that the deployment is handled for you by ASC, if you’ve allowed/configured ASC policies in first place
- On as side note, once you get comfy with policies, you’ll want to add region restrictions + bunch of best practice policies, but that shall be part of another blog post.
ASC’s default policy initiative
ref: https://docs.microsoft.com/en-us/azure/security-center/security-center-azure-policy
With the ASC’s default policy initiative you get to audit and monitor the following controls proactively
- Compute And Apps (14 out of 14 policies enabled)
- Data (12 out of 12 policies enabled)
- Identity (10 out of 10 policies enabled)
How to assign ASC’s default policy initiative?
If for some reason this isn’t setup for you, you might want to check the following setting in security center
- Once you’ve acknowledged and understand how you’re inheritance and ASC Plan is configured, you can enable the policies by one simple control ’ Assign Security Policy ’
Once the policies start, you’ll begin see the results of evaluation
- 289 resources evaluated 🙂 – How great is this!
Highly recommended!
Br, Joosua
SecureCloudBlog 
0 comments on “Best tip ever for Azure Security – Security Center built-in policies”