Managing security recommendations in Azure Security Center
This document walks you through how to use recommendations in Azure Security Center to help you protect your Azure resources.
This document introduces the service by using an example deployment. This document is not a step-by-step guide.
What are security recommendations?
Security Center periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls.
Implementing security recommendations
In Setting security policies in Azure Security Center, you learn to:
- Configure security policies.
- Turn on data collection.
- Choose which recommendations to see as part of your security policy.
Current policy recommendations center around system updates, baseline rules, anti-malware programs, network security groups on subnets and network interfaces, SQL database auditing, SQL database transparent data encryption, and web application firewalls. Setting security policies provides a description of each recommendation option.
After setting a security policy, Security Center analyzes the security state of your resources to identify potential vulnerabilities. The Recommendations tile under Overview lets you know the total number of recommendations identified by Security Center.
To see the details of each recommendation, select the Recommendations tile under Overview. Recommendations opens.
You can filter recommendations. To filter the recommendations, select Filter on the Recommendations blade. The Filter blade opens and you select the severity and state values you wish to see.
The recommendations are shown in a table format where each line represents one particular recommendation. The columns of this table are:
- DESCRIPTION: Explains the recommendation and what needs to be done to address it.
- RESOURCE: Lists the resources to which this recommendation applies.
- STATE: Describes the current state of the recommendation:
- Open: The recommendation hasn't been addressed yet.
- In Progress: The recommendation is currently being applied to the resources, and no action is required by you.
- Resolved: The recommendation has already been completed (in this case, the line is grayed out).
- SEVERITY: Describes the severity of that particular recommendation:
- High: A vulnerability exists with a meaningful resource (such as an application, a VM, or a network security group) and requires attention.
- Medium: A vulnerability exists and non-critical or additional steps are required to eliminate it or to complete a process.
- Low: A vulnerability exists that should be addressed but does not require immediate attention. (By default, low recommendations aren't presented, but you can filter on low recommendations if you want to see them.)
Use the table below as a reference to help you understand the available recommendations and what each one does if you apply it.
You will want to understand the classic and Resource Manager deployment models for Azure resources.
After reviewing all recommendations, decide which one you should apply first. We recommend that you use the severity rating as the main parameter to evaluate which recommendations should be applied first.
In this document, you were introduced to security recommendations in Security Center. To learn more about Security Center, see the following:
- Setting security policies in Azure Security Center — Learn how to configure security policies for your Azure subscriptions and resource groups.
- Security health monitoring in Azure Security Center — Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center — Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center — Learn how to monitor the health status of your partner solutions.
- Azure Security Center FAQ — Find frequently asked questions about using the service.
- Azure Security blog — Find blog posts about Azure security and compliance.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.