Configuring Security Policies using Azure Security Center
In this tutorial, we will learn and understand about configuring security policies using Azure Security Center.
Security policies overview
A security policy specifies how your workloads should be configured. Furthermore, it aids in ensuring that your company’s or regulators’ security needs are met.
The Azure Security Center delivers security recommendations based on policies that have been selected. In which the Security Center policies are based on Azure Policy policy efforts. Azure Policy, on the other hand, may be used to manage policies and define policies across Management groups and subscriptions.
For working with security policies security center offers the following options:
- Firstly, viewing and editing the built-in default policy. That means when you enable Security Center, then a built-in initiative named ‘ASC default’ is automatically assigned to all Security Center registered subscriptions.
- Secondly, adding your own customs policies. This means if you want to customize the security initiatives applied to your subscription, then you can do so within the Security Center.
- Thirdly, adding regulatory compliance policies. This states that the security center’s regulatory compliance dashboard displays the status of all the assessments within your environment in the context of a particular standard or regulation.
Managing your security policies
For viewing your security policies in Security Center:
- Firstly, in the Security Center dashboard, select Security policy.
- Secondly, select the subscription or management group whose policies you want to view.
- Thirdly, the security policy page for that subscription or management group appears. It displays the available and assigned policies.
- Then, select from the available options on this page:
- To working with industry policies, select Add more standards.
- For assigning and managing custom initiatives, select Add custom initiatives.
- For viewing and editing the default policy, select View effective policy.
However, this Security policy screen reflects the action taken by the policies assigned on the subscription or management group you selected.
- Firstly, use the links at the top to open a policy assignment that applies on the subscription or management group.
- Secondly, in the list of policies, you can see the effective application of the policy on your subscription or management group. However, the settings of each policy that apply to the scope are taken into consideration and the cumulative outcome of actions taken by the policy is shown.
- Lastly, the policies’ effect can be Append, Audit, AuditIfNotExists, Deny, DeployIfNotExists, Disabled.
You should know that you can edit security policies through the Azure Policy portal, via REST API, or using Windows PowerShell.
Disabling security policies and disable recommendations
You can prohibit a recommendation from surfacing again if your security effort activates one that is irrelevant to your environment. Deactivate the policy that creates the suggestion to disable the recommendation.
If the advice you wish to deactivate is necessary for a regulatory standard you’ve applied with Security Center’s regulatory compliance capabilities, it will still show. Even if you’ve deactivated a policy in the built-in initiative, if it’s required for compliance, a policy in the regulatory standard’s initiative will activate the suggestion.
- Firstly, in the Security Center, from the Policy & Compliance section, select the Security policy.
- Secondly, select the subscription or management group for which you want to disable the recommendation.
- Thirdly, select View effective policy.
- Then, select the assigned policy.
- After that, in the PARAMETERS section, search for the policy that invokes the recommendation that you want to disable. And then, from the dropdown list, select Disabled
- Lastly, select Save.
Reference: Microsoft Documentation