Microsoft

A Guided Tour of Azure Security Center and Governance Services

digital data cloud

Security and governance are the cornerstones of foundational cloud implementation. Microsoft provides powerful services to support deploying, integrating, operating, governing and securing cloud environments to meet any organization’s unique requirements. Whether your organization uses Azure Platform as a Service (PaaS) or Azure Infrastructure as a Service (IaaS), Azure Security Center is a centralized and unified security management service for your cloud environment.

The Azure Security Center is responsible for continuously scanning your Azure resources. Security Center provides recommendations so administrators and developers can act immediately and proactively to protect their environment. Its functionality can also extend to hybrid environments by installing agents on your on-premises virtual machines or resources on other clouds.

Security Center is natively embedded in all Azure services and integrates with Azure Advisor to provide a unified experience for securing your entire Azure environment.Azure Security Center Architechture

Azure Advisor

Azure Advisor scans the cloud environment and provides personalized recommendations including resource optimizations and security-based recommendations. It’s worth noting that those security-based recommendations are provided by Security Center itself, hence you can review your recommendations directly in Security Center or you can act and review them in Azure advisor.Azure Advisor

In the above diagram you can see that there are two Azure subscriptions along with recommendations and security alerts to review. Below that is the Secure Score, which provides a high-level overview of the overall status for how secure your environment is (the higher the score the more secure your environment). On the right-hand side are Insights, providing the most impactful recommendations that you should attend to first.

Azure Defender Panel

The Azure Defender panel is part of the paid version of Azure Security Center and provides additional alerts, threat detection, vulnerability assessments, just-in-time (JIT) access and more. The pricing is flexible, allowing you to select the proper resources and only pay for those you want to protect.

The Regulatory Compliance panel gives recommendations based on the most common compliance standards across industries.Azure Defender Panel Recommendations

In the image above, the top recommendation indicates that by enabling MFA (multi-factor authentication) for owner accounts, the Secure Score will increase by 18%.

Security Alerts

Security Alert

Security Alerts display the security alerts generated by Security Center. Each alert contains a description and current status, as well as the severity, which indicates the business impact and how urgent it is to take action. In the ‘Take Action’ tab, you’ll find a list of recommendations to mitigate the threat or prevent future attacks based on the most popular recommendations from Azure Security Center.

Security Inventory

Security Inventory

Security Center’s Inventory tab offers another way of looking at recommendations from the perspective of specific Azure and on-premises resources. Listed here are the protected resources in your Azure subscriptions and their overall health. If you decide to install Security Center agents in your on-premises environments, these will also be listed.

Pricing Structure

There are two tiers available for Security Center. The free version is included with all Azure services and provides continuous assessment, a Security Score and actionable security recommendations. Even with a trial version of Azure, you are benefitting from environment protection with access to Security Center.

Azure Security Center Free Tier by default disables Azure Defender.  The paid version enables Azure Defender – giving you additional capabilities like hybrid security, protection powers, vulnerability scanning for virtual machines, just-in-time (JIT) access for the virtual machines and more.

Why Perficient?

As a Microsoft Gold and VMware partner, we’re uniquely positioned to deliver application transformations using Java, open source, .NET, VMware Tanzu, and the Microsoft Azure platform. We’ve helped clients across industries develop strategic solutions and accelerate innovative cloud projects. Plug into our cloud, development, and application platform expertise to increase developer velocity and shorten delivery cycles.

Ready to advance your app innovation and modernization journey? Contact our team about this solution.

About the Author

Ajinkya Gadge has over 2 years of IT experience and looks forward to writing many blogs for Perficient.

More from this Author

Thoughts on “A Guided Tour of Azure Security Center and Governance Services”

  1. Suraj Singh Thakur

    Great work!!! Ajinkya, this will surely helpful in compliance planning of Security and Governance services.

  2. Prathmesh Wanjari

    Okay, means if I have to use vulnerability scanning for virtual machines I will need Azure Defender. Thanks for this information, it will help me in my project.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up