Learn about Azure Security Center, its key capabilities, and how it works.
Beginning in early June 2017, Security Center will use the Microsoft Monitoring Agent to collect and store data. See Azure Security Center Platform Migration to learn more. The information in this article represents Security Center functionality after transition to the Microsoft Monitoring Agent.
What is Azure Security Center?
Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
Security Center delivers easy-to-use and effective threat prevention, detection, and response capabilities that are built in to Azure. Key capabilities are:
|Prevent||Monitors the security state of your Azure resources|
|Prevent||Defines policies for your Azure subscriptions based on your company’s security requirements, the types of applications that you use, and the sensitivity of your data|
|Prevent||Uses policy-driven security recommendations to guide service owners through the process of implementing needed controls|
|Prevent||Rapidly deploys security services and appliances from Microsoft and partners|
|Detect||Automatically collects and analyzes security data from your Azure resources, the network, and partner solutions like antimalware programs and firewalls|
|Detect||Uses global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds|
|Detect||Applies advanced analytics, including machine learning and behavioral analysis|
|Respond||Provides prioritized security incidents/alerts|
|Respond||Offers insights into the source of the attack and impacted resources|
|Respond||Suggests ways to stop the current attack and help prevent future attacks|
This document introduces the service by using an example deployment. This document is not a step-by-step guide.
You access Security Center from the Azure portal. Sign in to the portal. Under the main portal menu, scroll to the Security Center option or select the Security Center tile that you previously pinned to the portal dashboard.
From Security Center, you can set security policies, monitor security configurations, and view security alerts.
You can define policies for your Azure subscriptions according to your company's security requirements. You can also tailor them to the types of applications you're using or to the sensitivity of the data in each subscription. For example, resources used for development or testing may have different security requirements than those used for production applications. Likewise, applications with regulated data like PII may require a higher level of security.
To modify a security policy, you must be a Security Administrator or the subscription's Owner or Contributor. To learn more about roles and allowed actions in Security Center, see Permissions in Azure Security Center.
On the Security Center blade, select the Policy tile for a list of your subscriptions and resource groups.
On the Security policy blade, select a subscription to view the policy details.
Data collection enables data collection for a security policy. Enabling provides:
- Daily scanning of all supported virtual machines (VMs) for security monitoring and recommendations.
- Collection of security events for analysis and threat detection.
Data collection is configured at the subscription level.
Select Prevention policy to open the Prevention policy blade. Show recommendations for lets you choose the security controls that you want to monitor and the recommendations that you want to see based on the security needs of the resources within the subscription.
Security Center analyzes the security state of your Azure resources to identify potential security vulnerabilities. A list of recommendations guides you through the process of configuring needed controls. Examples include:
- Provisioning antimalware to help identify and remove malicious software
- Configuring network security groups and rules to control traffic to VMs
- Provisioning of web application firewalls to help defend against attacks that target your web applications
- Deploying missing system updates
- Addressing OS configurations that do not match the recommended baselines
Click the Recommendations tile for a list of recommendations. Click each recommendation to view additional information or to take action to resolve the issue.
Security state of Azure resources
The Prevention section of the dashboard shows the overall security posture of the environment by resource type, including VMs, web applications, and other resources.
Select a resource type under Prevention to view more information, including a list of any potential security vulnerabilities that have been identified. (Compute is selected in the example below.)
Security Center automatically collects, analyzes, and integrates log data from your Azure resources, the network, and partner solutions like antimalware programs and firewalls. When threats are detected, a security alert is created. Examples include detection of:
- Compromised VMs communicating with known malicious IP addresses
- Advanced malware detected by using Windows error reporting
- Brute force attacks against VMs
- Security alerts from integrated antimalware programs and firewalls
Clicking the Security alerts tile displays a list of prioritized alerts.
Selecting an alert shows more information about the attack and suggestions for how to remediate it.
The Partner solutions tile lets you monitor at a glance the security state of your partner solutions integrated with your Azure subscription. Security Center displays alerts coming from the solutions.
Select the Partner solutions tile. A blade opens displaying a list of all connected partner solutions.
To get started with Security Center, you need a subscription to Microsoft Azure. Security Center is enabled with your Azure subscription. If you do not have a subscription, you can sign up for a free trial.
Getting started with Azure Security Center quickly guides you through the security-monitoring and policy-management components of Security Center.
In this document, you were introduced to Security Center, its key capabilities, and how to get started. To learn more, see the following resources:
- Setting security policies in Azure Security Center — Learn how to configure security policies for your Azure subscriptions and resource groups.
- Managing security recommendations in Azure Security Center — Learn how recommendations help you protect your Azure resources.
- Security health monitoring in Azure Security Center — Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center — Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center — Learn how to monitor the health status of your partner solutions.
- Azure Security Center data security - Learn how data is managed and safeguarded in Security Center.
- Azure Security Center FAQ — Find frequently asked questions about using the service.
- Azure Security blog — Get the latest Azure security news and information.