Security configuration for Azure
Applies to: Microsoft Cloud App Security
Microsoft Cloud App Security provides you with a security configuration assessment of your Azure environment. The assessment, powered by Azure Security Center, provides recommendations for missing configuration and security control.
Enable security configuration recommendations
To use this feature, you need the appropriate permissions in Azure AD and in the Azure portal. By default, the Azure AD Global administrator role doesn't provide you with access to Azure subscriptions. Elevate your permissions to grant access to Azure subscriptions for yourself and other users.
We recommend that you disable the elevation after you complete the following process.
To enable security configuration recommendations in Microsoft Cloud App Security:
Gain tenant-wide visibility for Azure Security Center. This process includes:
- Granting yourself and all the other Microsoft Cloud App Security administrators you want to grant access to this page, the role of Reader for all subscriptions.
- Assigning the role on the root management group in Azure Security Center
- Elevating your Azure AD Global administrator to grant access to Azure subscriptions.
- The article describes the process for becoming a Security administrator. For this integration to work, the minimum permissions you need are Reader.
Make sure to open Azure Security Center for the changes to take effect.
In Cloud App Security, browse to Investigate > Security configuration, and then select the Azure tab.
- Microsoft Cloud App Security provides recommendations for only the top 50 subscriptions.
- It might take up to 15 minutes before your changes take effect.
You can filter the recommendations by type, by resource, and by subscription. Additionally, you can click on the security configuration icon to open the recommendation in Azure Security Center for more information and to deep dive into the recommendation.
For information about how to implement security recommendations, see Managing security recommendations in Azure Security Center.