Security recommendations in Azure Security Center

This topic explains how to view and understand the recommendations in Azure Security Center to help you protect your Azure resources.

Note

This document introduces the service by using an example deployment. This document is not a step-by-step guide.

What are security recommendations?

Security Center periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the needed controls.

Implementing security recommendations

Set recommendations

In Setting security policies in Azure Security Center, you learn to:

  • Configure security policies.
  • Turn on data collection.
  • Choose which recommendations to see as part of your security policy.

Current policy recommendations center around system updates, baseline rules, anti-malware programs, network security groups on subnets and network interfaces, SQL database auditing, SQL database transparent data encryption, and web application firewalls. Setting security policies provides a description of each recommendation option.

Monitor recommendations

After setting a security policy, Security Center analyzes the security state of your resources to identify potential vulnerabilities. The Recommendations tile under Overview shows the total number of recommendations identified by Security Center.

Security center overview

  1. Select the Recommendations tile under Overview. The Recommendations list opens.

    View recommendations

    You can filter recommendations. To filter the recommendations, select Filter on the Recommendations blade. The Filter blade opens and you select the severity and state values you wish to see.

    • RECOMMENDATIONS: The recommendation.
    • SECURE SCORE IMPACT: A score generated by Security Center using your security recommendations, and applying advanced algorithms to determine how crucial each recommendation is. For more information, see Secure score calculation.
    • RESOURCE: Lists the resources to which this recommendation applies.
    • STATUS BARS: Describes the severity of that particular recommendation:
      • High (Red): A vulnerability exists with a meaningful resource (such as an application, a VM, or a network security group) and requires attention.
      • Medium (Orange): A vulnerability exists and non-critical or additional steps are required to eliminate it or to complete a process.
      • Low (Blue): A vulnerability exists that should be addressed but does not require immediate attention. (By default, low recommendations aren't presented, but you can filter on low recommendations if you want to see them.)
      • Healthy (Green):
      • Not Available (Grey):
  2. To view each recommendation's details, click on the recommendation.

    Recommendation details

Note

See classic and Resource Manager deployment models for Azure resources.

Apply recommendations

After reviewing all recommendations, decide which one to apply first. We recommend that you use the secure score impact to evaluate which recommendations should be applied first.

  1. From the list, click on the recommendation.
  2. Follow the instructions in the Remediation steps section.

Next steps

In this document, you were introduced to security recommendations in Security Center. To learn more about Security Center, see the following topics: