Azure Security Center analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls. Recommendations apply to Azure resource types: virtual machines (VMs), networking, SQL, and applications.
This article addresses recommendations that apply to your network. Network recommendations center around next generation firewalls, Network Security Groups, configuring inbound traffic rules, and more. Use the table below as a reference to help you understand the available network recommendations and what each one does if you apply it.
Available network recommendations
|Add a Next Generation Firewall||Recommends that you add a Next Generation Firewall (NGFW) from a Microsoft partner to increase your security protections.|
|Route traffic through NGFW only||Recommends that you configure network security group (NSG) rules that force inbound traffic to your VM through your NGFW.|
|Enable Network Security Groups on subnets or virtual machines||Recommends that you enable NSGs on subnets or VMs.|
|Restrict access through Internet facing endpoint||Recommends that you configure inbound traffic rules for NSGs.|
To learn more about recommendations that apply to other Azure resource types, see the following:
- Protecting your virtual machines in Azure Security Center
- Protecting your applications in Azure Security Center
- Protecting your Azure SQL service in Azure Security Center
To learn more about Security Center, see the following:
- Setting security policies in Azure Security Center -- Learn how to configure security policies for your Azure subscriptions and resource groups.
- Managing and responding to security alerts in Azure Security Center -- Learn how to manage and respond to security alerts.
- Azure Security Center FAQ -- Find frequently asked questions about using the service.