Quickstart: Setting up Azure Security Center

Azure Security Center provides unified security management and threat protection across your hybrid cloud workloads. While the free features offer limited security for your Azure resources only, enabling Azure Defender extends these capabilities to on-premises and other clouds. Azure Defender helps you find and fix security vulnerabilities, apply access and application controls to block malicious activity, detect threats using analytics and intelligence, and respond quickly when under attack. You can try Azure Defender at no cost. To learn more, see the pricing page.

In this article, you upgrade to Azure Defender for added security and install the Log Analytics agent on your machines to monitor for security vulnerabilities and threats.


To get started with Security Center, you must have a subscription to Microsoft Azure. If you do not have a subscription, you can sign up for a free account.

To enable Azure Defender on a subscription, you must be assigned the role of Subscription Owner, Subscription Contributor, or Security Admin.

Enable Security Center on your Azure subscription

  1. Sign into the Azure portal.

  2. From the portal's menu, select Security Center.

    Security Center's overview page opens.

    Security Center's overview dashboard

Security Center – Overview provides a unified view into the security posture of your hybrid cloud workloads, enabling you to discover and assess the security of your workloads and to identify and mitigate risk. Security Center automatically, at no cost, enables any of your Azure subscriptions not previously onboarded by you or another subscription user.

You can view and filter the list of subscriptions by selecting the Subscriptions menu item. Security Center will adjust the display to reflect the security posture of the selected subscriptions.

Within minutes of launching Security Center the first time, you may see:

  • Recommendations for ways to improve the security of your connected resources.
  • An inventory of your resources that are now being assessed by Security Center, along with the security posture of each.

To take full advantage of Security Center, you need to complete the steps below to enable Azure Defender and install the Log Analytics agent.


To enable Security Center on all subscriptions within a management group, see Enable Security Center on multiple Azure subscriptions.

Enable Azure Defender

For the purpose of the Security Center quickstarts and tutorials you must enable Azure Defender. A free 30-day trial is available. To learn more, see the pricing page.

  1. From Security Center's sidebar, select Getting started.

    Upgrade tab of the getting started page

    The Upgrade tab lists subscriptions and workspaces eligible for onboarding.

  2. From the Select workspaces to enable Azure Defender on list, select the workspaces to upgrade.

    • If you select subscriptions and workspaces that aren't eligible for trial, the next step will upgrade them and charges will begin.
    • If you select a workspace that's eligible for a free trial, the next step will begin a trial.
  3. Select Upgrade to enable Azure Defender.

Enable automatic data collection

Security Center collects data from your machines to monitor for security vulnerabilities and threats. Data is collected using the Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. By default, Security Center will create a new workspace for you.

When automatic provisioning is enabled, Security Center installs the Log Analytics agent on all supported machines and any new ones that are created. Automatic provisioning is strongly recommended.

To enable automatic provisioning of the Log Analytics agent:

  1. From Security Center's menu, select Pricing & settings.

  2. Select the relevant subscription.

  3. In the Data collection page, set Auto provisioning to On.

  4. Select Save.

    Enabling auto-provisioning of the Log Analytics agent


If a workspace needs to be provisioned, agent installation might take up to 25 minutes.

With the agent deployed to your machines, Security Center can provide additional recommendations related to system update status, OS security configurations, endpoint protection, as well as generate additional security alerts.


Setting auto provisioning to Off doesn't remove the Log Analytics agent from Azure VMs where the agent has already been provisioned. Disabling automatic provisioning limits security monitoring for your resources.

Next steps

In this quickstart you enabled Azure Defender and provisioned the Log Analytics agent for unified security management and threat protection across your hybrid cloud workloads. To learn more about how to use Security Center, continue to the quickstart for onboarding Windows computers that are on-premises and in other clouds.

Want to optimize and save on your cloud spending?