Identity and Access in Security Center?

For those who are missing the once great Identity and Access solution in ASC, worry no more – It’s available as an Sentinel dashboard, which you can simply add from the dashboards (Given that you’re collecting the data)

HoneyPot and Sentinel is a nice combination
Dashboards in Sentinel
KB https://docs.microsoft.com/en-us/azure/security-center/security-center-features-retirement-july2019#menu_classicidentity 
Whats coming next? https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-workbooks 

Best tip ever for Azure Security – Security Center built-in policies

As far as the inception of the ASC (Azure Security Center) Security Policies, I’ve been recommending attaching security policies to subscription, or management group.

Best part of this, is that the deployment is handled for you by ASC, if you’ve allowed/configured ASC policies in first place

  • On as side note, once you get comfy with policies, you’ll want to add region restrictions + bunch of best practice policies, but that shall be part of another blog post.

ASC’s default policy initiative

ref: https://docs.microsoft.com/en-us/azure/security-center/security-center-azure-policy 

With the ASC’s default policy initiative you get to audit and monitor the following controls proactively

  • Compute And Apps (14 out of 14 policies enabled)
  • Data (12 out of 12 policies enabled)
  • Identity (10 out of 10 policies enabled)

Kuvaesitys vaatii JavaScriptin.

 

How to assign ASC’s default policy initiative?

If for some reason this isn’t setup for you, you might want to check the following setting in security center

  • Once you’ve acknowledged and understand how you’re inheritance and ASC Plan is configured, you can enable the policies by one simple control ’ Assign Security Policy ’

ASC

3


Once the policies start, you’ll begin see the results of evaluation

  • 289 resources evaluated 🙂 – How great is this!

ASC45

Highly recommended!

Br, Joosua