This article helps you quickly get started with Azure Security Center by guiding you through the security monitoring and policy management components of Security Center.
This article introduces the service by using an example deployment. This article is not a step-by-step guide.
To get started with Security Center, you must have a subscription to Microsoft Azure. If you do not have a subscription, you can sign up for a free account.
The Free tier of Security Center is automatically enabled with your subscription and provides visibility into the security state of your Azure resources. It provides basic security policy management, security recommendations, and integration with security products and services from Azure partners.
In Security Center, you only see information related to an Azure resource when you are assigned the role of Owner, Contributor, or Reader for the subscription or resource group that a resource belongs to. See Permissions in Azure Security Center to learn more about roles and allowed actions in Security Center.
Security Center collects data from your virtual machines (VMs) to assess their security state, provide security recommendations, and alert you to threats. When you first access Security Center, data collection is enabled on all VMs in your subscription. Data collection is recommended, but you can opt out by turning off data collection in the Security Center policy.
The following steps describe how to access and use the components of Security Center. In these steps, we show you how to turn off data collection if you choose to opt out.
Access Security Center
In the portal, follow these steps to access Security Center:
On the Microsoft Azure menu, select Security Center.
- If you are accessing Security Center for the first time, the Welcome blade opens. Select Yes! I want to Launch Azure Security Center to open the Security Center blade and to enable data collection.
- After you launch Security Center from the Welcome blade or select Security Center from the Microsoft Azure menu, the Security Center blade opens. For easy access to the Security Center blade in the future, select the Pin blade to dashboard option (upper right).
Use Security Center
You can configure security policies for your Azure subscriptions and resource groups. Let's configure a security policy for your subscription:
- On the Security Center blade, select the Policy tile.
- On the Security policy - Define policy per subscription or resource group blade, select a subscription.
- On the Security policy blade, Data collection is enabled to automatically collect logs. The monitoring extension is provisioned on all current and new VMs in the subscription. (You can opt out of data collection by setting Data collection to Off, but this prevents Security Center from giving you security alerts and recommendations.)
On the Security policy blade, select Choose a storage account per region. For each region in which you have VMs running, you choose the storage account where data collected from those VMs is stored. If you do not choose a storage account for each region, a storage account is created for you and placed in the securitydata resource group. The data that's collected is logically isolated from other customers' data for security reasons.
We recommend that you enable data collection and choose a storage account at the subscription level first. Security policies can be set at the Azure subscription level and resource group level, but configuration of data collection and storage account occurs at the subscription level only.
- On the Security policy blade, select Prevention policy. This opens the Prevention policy blade.
On the Prevention policy blade, turn on the recommendations that you want to see as part of your security policy. Examples:
- Setting System updates to On scans all supported virtual machines for missing OS updates.
- Setting OS vulnerabilities to On scans all supported virtual machines to identify any OS configurations that might make the virtual machine more vulnerable to attack.
- Return to the Security Center blade and select the Recommendations tile. Security Center periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it shows recommendations on the Recommendations blade.
- Select a recommendation on the Recommendations blade to view more information and/or to take action to resolve the issue.
View the health and security state of your resources
- Return to the Security Center blade. The Resources security health tile contains indicators of the security state for virtual machines, networking, data, and applications.
- Select Virtual machines to view more information. The Virtual machines blade opens and displays a status summary of antimalware programs, system updates, restarts, and OS vulnerabilities of your VMs.
- Select a recommendation under VIRTUAL MACHINE RECOMMENDATIONS to view more information and/or take action to configure necessary controls.
- Select a VM under Virtual machines to view additional details.
View security alerts
Return to the Security Center blade and select the Security alerts tile. The Security alerts blade opens and displays a list of alerts. The Security Center analysis of your security logs and network activity generates these alerts. Alerts from integrated partner solutions are included.
Security alerts are only available if the Standard tier of Security Center is enabled. A 60 day free trial of the Standard tier is available. See Next steps for information on how to get the Standard tier.
- Select an alert to view additional information. In this example, let's select Modified system binary discovered. This opens blades that provide additional details about the alert.
View the health of your partner solutions
- Return to the Security Center blade. The Partner solutions tile lets you monitor, at a glance, the health status of your partner solutions integrated with your Azure subscription.
- Select the Partner solutions tile. A blade opens and displays a list of your partner solutions connected to Security Center.
- Select a partner solution. In this example, let's select the F5-WAF solution. A blade opens and shows you the status of the partner solution and the solution's associated resources. Select Solution console to open the partner management experience for this solution.
This article introduced you to the security monitoring and policy management components of Security Center. Now that you're familiar with Security Center, try the following steps:
- Configure a security policy for your Azure subscription. To learn more, see Setting security policies in Azure Security Center.
- Use the recommendations in Security Center to help you protect your Azure resources. To learn more, see Managing security recommendations in Azure Security Center.
- Review and manage your current security alerts. To learn more, see Managing and responding to security alerts in Azure Security Center.
- Learn more about the advanced threat detection features that come with the Standard tier of Security Center. The Standard tier is offered free for the first 60 days.
- If you have questions about using Security Center, see the Azure Security Center FAQ.