Protecting your network in Azure Security Center

Azure Security Center analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls. Recommendations apply to Azure resource types: virtual machines (VMs), networking, SQL, and applications.

This article addresses recommendations that apply to your network. Network recommendations center around next generation firewalls, Network Security Groups, configuring inbound traffic rules, and more. Use the table below as a reference to help you understand the available network recommendations and what each one does if you apply it.

Available network recommendations

Recommendation Description
Add a Next Generation Firewall Recommends that you add a Next Generation Firewall (NGFW) from a Microsoft partner to increase your security protections.
Route traffic through NGFW only Recommends that you configure network security group (NSG) rules that force inbound traffic to your VM through your NGFW.
Enable Network Security Groups on subnets or virtual machines Recommends that you enable NSGs on subnets or VMs.
Restrict access through Internet facing endpoint Recommends that you configure inbound traffic rules for NSGs.

See also

To learn more about recommendations that apply to other Azure resource types, see the following:

To learn more about Security Center, see the following: