Managing security recommendations in Azure Security Center

This document walks you through how to use recommendations in Azure Security Center to help you protect your Azure resources.


This document introduces the service by using an example deployment. This document is not a step-by-step guide.

What are security recommendations?

Security Center periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls.

Implementing security recommendations

Set recommendations

In Setting security policies in Azure Security Center, you learn to:

  • Configure security policies.
  • Turn on data collection.
  • Choose which recommendations to see as part of your security policy.

Current policy recommendations center around system updates, baseline rules, anti-malware programs, network security groups on subnets and network interfaces, SQL database auditing, SQL database transparent data encryption, and web application firewalls. Setting security policies provides a description of each recommendation option.

Monitor recommendations

After setting a security policy, Security Center analyzes the security state of your resources to identify potential vulnerabilities. The Recommendations tile under Overview lets you know the total number of recommendations identified by Security Center.

Recommendations tile

To see the details of each recommendation, select the Recommendations tile under Overview. Recommendations opens.

Filter recommendations

You can filter recommendations. To filter the recommendations, select Filter on the Recommendations blade. The Filter blade opens and you select the severity and state values you wish to see.

  • RECOMMENDATIONS: The recommendation.
  • RESOURCE: Lists the resources to which this recommendation applies.
  • STATUS BARS: Describes the severity of that particular recommendation:
    • High (Red): A vulnerability exists with a meaningful resource (such as an application, a VM, or a network security group) and requires attention.
    • Medium (Orange): A vulnerability exists and non-critical or additional steps are required to eliminate it or to complete a process.
    • Low (Blue): A vulnerability exists that should be addressed but does not require immediate attention. (By default, low recommendations aren't presented, but you can filter on low recommendations if you want to see them.)
    • Healthy (Green):
    • Not Available (Grey):


You will want to understand the classic and Resource Manager deployment models for Azure resources.

Apply recommendations

After reviewing all recommendations, decide which one you should apply first. We recommend that you use the severity rating as the main parameter to evaluate which recommendations should be applied first.

Next steps

In this document, you were introduced to security recommendations in Security Center. To learn more about Security Center, see the following: