Security Center settings

This article provides an overview of settings in Security Center.

The following settings can be reached under Security Policy:

  • Data collection: Determines agent provisioning and data collection settings.
  • Security policy: Determines which controls Security Center monitors and recommends. You can edit the security policy in Security Center. You can also use Azure Policy to create new definitions, define additional policies, and assign policies across management groups.
  • Email notifications: Determines security contacts, and email notification settings.
  • Pricing tier: Defines free or standard pricing selection. The tier you choose determines which Security Center features are available for resources in scope. You can specify a tier for subscriptions, resource groups, and workspaces.

Note

You can set all of these per subscription. For Workspaces, you can set only Data collection and Pricing tier. For Resource groups you can set only Pricing tier.

Who can edit security policies?

Security Center uses Role-Based Access Control (RBAC), which provides built-in roles that can be assigned to users, groups, and services in Azure. When users open Security Center, they see only information that's related to resources they have access to. Which means that users are assigned the role of owner, contributor, or reader to the subscription or resource group that a resource belongs to. In addition to these roles, there are two specific Security Center roles:

  • Security reader: Have view rights to Security Center, which includes recommendations, alerts, policy, and health, but they can't make changes.
  • Security admin: Have the same view rights as security reader, and they can also update the security policy and dismiss recommendations and alerts.

Next steps

In this article, you learned about security policies in Azure Security Center. To learn more about Azure Security Center, see the following articles: