Security recommendations in Azure Security Center
This topic explains how to view and understand the recommendations in Azure Security Center to help you protect your Azure resources.
This document introduces the service by using an example deployment. This document is not a step-by-step guide.
What are security recommendations?
Security Center periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls.
Implementing security recommendations
In Setting security policies in Azure Security Center, you learn to:
- Configure security policies.
- Turn on data collection.
- Choose which recommendations to see as part of your security policy.
Current policy recommendations center around system updates, baseline rules, anti-malware programs, network security groups on subnets and network interfaces, SQL database auditing, SQL database transparent data encryption, and web application firewalls. Setting security policies provides a description of each recommendation option.
After setting a security policy, Security Center analyzes the security state of your resources to identify potential vulnerabilities. The Recommendations tile under Overview shows the total number of recommendations identified by Security Center.
Select the Recommendations tile under Overview. The Recommendations list opens.
You can filter recommendations. To filter the recommendations, select Filter on the Recommendations blade. The Filter blade opens and you select the severity and state values you wish to see.
- RECOMMENDATIONS: The recommendation.
- SECURE SCORE IMPACT: A score generated by Security Center using your security recommendations, and applying advanced algorithms to determine how crucial each recommendation is. For more information, see Secure score calculation.
- RESOURCE: Lists the resources to which this recommendation applies.
- STATUS BARS: Describes the severity of that particular recommendation:
- High (Red): A vulnerability exists with a meaningful resource (such as an application, a VM, or a network security group) and requires attention.
- Medium (Orange): A vulnerability exists and non-critical or additional steps are required to eliminate it or to complete a process.
- Low (Blue): A vulnerability exists that should be addressed but does not require immediate attention. (By default, low recommendations aren't presented, but you can filter on low recommendations if you want to see them.)
- Healthy (Green):
- Not Available (Grey):
To view each recommendation's details, click on the recommendation.
See classic and Resource Manager deployment models for Azure resources.
After reviewing all recommendations, decide which one to apply first. We recommend that you use the secure score impact to evaluate which recommendations should be applied first.
- From the list, click on the recommendation.
- Follow the instructions in the Remediation steps section.
In this document, you were introduced to security recommendations in Security Center. To learn more about Security Center, see the following topics:
- Setting security policies in Azure Security Center — Learn how to configure security policies for your Azure subscriptions and resource groups.
- Security health monitoring in Azure Security Center — Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center — Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center — Learn how to monitor the health status of your partner solutions.
- Azure Security Center FAQ — Find frequently asked questions about using the service.
- Azure Security blog — Find blog posts about Azure security and compliance.
Send feedback about: