Conditions and Terms of Use

Microsoft Confidential

Copyright and Trademarks

© 2021 Microsoft Corporation. All rights reserved.

http://www.microsoft.com/en-us/legal/intellectualproperty/Permissions/default.aspx
 Agenda

• Asset Inventory
• Security Hygiene
• Agent Health
• Azure Defender Health
• Strengthen Your Security Posture
• Security Center for IoT Architecture
• Azure Resource Graph
• Asset Inventory FAQ
• Security Solutions
Azure Security Center

Leveraging
Cloud Security Posture Management Cloud Workload Protection Platform Azure Arc

Strengthen multi cloud Protect your hybrid cloud

security posture with Azure Defender

Secure Policies and Improved Vulnerability

For For Advanced
cloud native Detection and
For databases
Score compliance automation assessment
servers protection
workloads response
and storage

For Azure For IoT

service layers devices

Streamline security management

 Azure Security Center Operational Monitoring

• Security Center ensures that you have

visibility throughout your workloads, and Cloud Security Posture Management
that best practices recommendations are
reviewed and implemented Strengthen multi cloud
security posture

Secure Policies and Improved

Score compliance automation
 Asset Inventory
Asset inventory experience

• The Inventory page in Azure

Security Center provides a
single page experience so Inventory page Outstanding
you can view the security Recommendations

posture of the resources

you've connected to Security
Center.

• Security Center analyzes the

security state of your Azure
resources to identify potential
security vulnerabilities. It then
provides you with
recommendations on how to
remediate those vulnerabilities.
 Asset Inventory
Asset inventory experience
The Inventory page provides you
a quick view of Resources.
Total Resources -
Shows you the total number of
resources connected to Security
Center

Unhealthy Resources –
Identifies resources that have
active security recommendations
Unmonitored Resources –
These are resources with agent
monitoring issues. The resource
has the Log Analytics agent
deployed, but the agent isn't
sending data or has other health
issues
 Asset Inventory
Asset inventory experience Filter on your subscriptions Write queries using resource graph explorer
Automate with
Onboard servers Assign tagsDownload reports Logic Apps
The Inventory page provides
you action options to help you
perform many tasks on your
monitored resources.

• Filter your subscriptions

• Onboard non-Azure servers
• View your security posture
data using resource graph
explorer
• Assign tags to your
resources
• Download reports
• Use logic apps to automate
tasks
 Asset Inventory
Asset inventory experience
• Using the filter options will allow you a quick way to refine your resource list so you can find the resource
you are looking for
 Asset Inventory
Asset inventory experience
Use search to find a resource
by name
 Asset Inventory
Asset inventory experience

Use the Resource groups and Resource

types filters to narrow your resource search

Each filter option also has a

search capability
 Asset Inventory
Add Filter Tags
• You can add a filter Tags to help you search
• Example: You want to see the health of all your Dev resources
 Asset Inventory
Add Filter Tags The filter Tag uses the Tags that
are defined on the resources

Now you can explore the

recommendations for each of
the Dev resources that need to
be remediated
 Asset Inventory
Search for Security Vulnerabilities
• Use the Security findings contain filter, enter free text from the ID, security check, or CVE name of a
vulnerability finding to filter to the affected resources
This example we are searching by CVE to find
machines that are missing security updates

Now you can further explore the

machines to determine what
security updates are missing
 Asset Inventory
Search for Security Vulnerabilities
• When you select the machine you will be
able to see the virtual machine health
and recommendations

• In the Recommendation section you will

find Vulnerabilities in your virtual
machines should be remediated

Select Vulnerabilities in your virtual

machines should be remediated
 Asset Inventory
Search for Security Vulnerabilities
• When you select Vulnerabilities in
your virtual machines should be
remediated you will be able to
see all the security updates that Here are all the missing security
are not installed updates

Select one of the missing

updates to get more details
 Asset Inventory
Search for Security Vulnerabilities
Understand the
By selecting one of the missing Impact

security updates you will be able to

see additional details such as:

• Description
• Impact
• General information Information on the
CVEs
• Threat
• Remediation
• Additional References
• Affected resources Here are additional machines that are also
missing this security update
 Security Hygiene
Update Management Solution available in Log Analytics

• For good security hygiene, ensure your computers have the latest updates
installed

• You can automate Windows and Linux updates with Azure Automation

• Update Management provides the following benefits:

• Reporting dashboard
• Configure alerting
• Schedule deployments
• Maintenance windows
• Reboot options
 Security Hygiene
Update Management assess and apply security updates in a workspace
Machines that are managed by Update
Management use the following
configurations to perform assessment
and to update deployments:

• Log Analytics agent for Windows or Linux

• PowerShell Desired State Configuration

(DSC) for Linux

• Automation Hybrid Runbook Worker

• Microsoft Update or Windows Server

Update Services (WSUS) for Windows
machines
 Security Hygiene
Update Management Solution available in Log Analytics

What updatesCreate Deployment

Update Management requires are missing Schedules
linking a Log Analytics workspace
to your Automation account Windows & Linux

Update
Management
 Asset Inventory
Search for Security Vulnerabilities High-level summary of
recommendations
• You can also select a machine to more
details of the virtual machine's health
and recommendations

• In the Recommendation section you

will find System updates should be
installed on your machines

Select System updates should

be installed on your machines
 Asset Inventory
Search for Security Vulnerabilities

When you selected System updates should be installed

on your machines a KQL query is populated with a
search query and runs automatically

Here is the missing patch

 Agent Health
What is the health of your agents?
Why is it important to know if your Log Analytic agents are in a healthy state?

• If your agents are not reporting or if the agent is not installed data is not collected from the machine

What data will you be missing?

• Security-related configurations
• Event logs from the machine
• Operating system information
• Running processes, machine name, IP addresses, and logged in user
• Visibility into missing updates
• Misconfigured OS security settings
• Endpoint protection status
• Health and threat protection
 Agent Health
What is the health of your agents Using the Agent monitoring filter
option will help you identify
machines with agent issues
 Agent Health
How to fix your agent health using Quick Fix

No data is being collected from this

machine

Use the Quick Fix

option to install the
agent
 Azure Defender Health
Is Azure Defender protecting your Azure and hybrid workloads?
Azure Defender is the cloud workload protection platform (CWPP) integrated within Security Center for advanced,
intelligent, protection of your Azure and hybrid workloads.

• Azure Defender for servers

• Azure Defender for App Service

• Azure Defender for Storage

• Azure Defender for SQL

• Azure Defender for IoT

• Azure Defender for Key Vault

• Azure Defender for Kubernetes

• Azure Defender for container registries

 Azure Defender Health
Is Azure Defender protecting your Azure and hybrid workloads?

Using the Azure Defender filter

option will help you identify is
protecting your Azure and hybrid
workloads
 Azure Defender Health
How to enable Azure Defender with Quick Fix

Using the Quick Fix option to enable

Azure Defender on your Azure and
hybrid workloads
 Strengthen Your Security Posture
Use Azure Security Center to enhance your Security Hygiene
Using Security Center’s Inventory page with the Resource types filter will help you discover unhealthy resources
that require further attention. Below are some examples of resource types that are available in the Inventory page.

App Services Load Balancers SQL Databases

Application Gateways Logic Apps SQL Managed Instances
Automation Accounts Managed Databases SQL Servers
Container Registries Network Interfaces Storage Accounts
Disks Network Security Groups Subnets
Event Hubs Network Security Rules Subscriptions
Firewalls Public IP Address Virtual Machine Scale Sets
IoT Hubs Recovery Services Vaults Virtual Machines
Key Vaults Role Definitions Virtual Machines Extensions
Kubernetes Services Service Bus Names Virtual Networks
 Strengthen Your Security Posture
Use Azure Security Center to enhance your Security Hygiene
App services filter includes your App
service environments and their current Use the Resource type filter
to see if your app services
security state are healthy

• App services provides a health summary

of App servers, Web applications, and Review the
Functions applications Recommendations for
the Web Application

• Review and remediate unhealthy

resources to help reduce your web Use the Quick Fix
applications exposure options to get healthy
 Strengthen Your Security Posture
Use Azure Security Center to enhance your Security Hygiene
Searching for Virtual Machine then using
Search for virtual machine
the filter to include all virtual machines will
allow you to focus on the health of those
machines Use the filter to select
multiple options

• Select a computer to view all its

recommendations
Notice the Monitoring State
• Review the Monitoring State for status
details
Review
Recommendations
• The recommendation list identifies all for the VM
recommendations, and assessments
that are specific to that system
 Security Center for IoT Architecture

Azure Security Center for IoT simplifies hybrid workload protection by delivering unified visibility and control,
adaptive threat prevention, and intelligent threat detection and response across workloads running on edge, on-
premises, in Azure, and in other clouds.
 Strengthen Your Security Posture
Use Azure Security Center to enhance your Security Hygiene Review the
Recommendations
summary

Using the IoT Hub filter will help you

identify health issues you may have on
your IoT Hub resources

• Select a IoT resource

• Review the recommendation list of Filter on IoT Hub

recommendations, and assessments
for that IoT Hub resource
Review Recommendations
 Strengthen Your Security Posture
Use Azure Security Center to enhance your Security Hygiene
• Use the filter option to identify if specific recommendations for your IoT devices need attention
• Use the search option for just IoT
Recommendations filters

Search for IoT

Select on IoT related
Recommendations
 Azure Resource Graph

• Asset inventory utilizes Azure Resource Graph (ARG), an Azure service that provides the ability to query Security
Center's security posture data across multiple subscriptions

2nd Select View in Resource Graph

1st Add a filter

 Azure Resource Graph
• Using the Kusto Query Language (KQL), asset inventory can quickly produce deep insights by cross-referencing
ASC data with other resource properties
Filter on subscriptions
1st run query Save your query

Make changes to your query

Make different charts like Map,

Bar Chart or Donut Chart

Pin your query to a dashboard

Select a formatted view
 Asset Inventory FAQ

Question: If I have access to monitor 10 subscriptions why do I only see 6 subscriptions when I filter on Resource
types that equals subscription?

Filter on subscriptions

Only 6 subscriptions are displayed?

 Asset Inventory FAQ

Answer: The filters don't return every resource in your environment, only the ones with outstanding (or 'active')
recommendations will be shown. You can always use the search option to find a resource.

Search for the

resource by name

No filters are being used because All is selected

The resource is in a healthy state

 Asset Inventory FAQ
Answer: Because not all Security Center monitored resources have agents. For example, Azure Storage accounts or
Question: Whysuch
PaaS resources do some of my
as disks, resources
Logic showLake
Apps, Data blankAnalysis,
values inand
theEvent
AzureHub.
Defender or agent
Also when monitoring
pricing or agentcolumns?
monitoring
isn't relevant for a resource, nothing will be shown in those columns of inventory.
 Security Solutions

Integrated Azure Security Solutions

• Another important part of operational
monitoring is enabling additional
security solutions to help strengthen
your security posture

• Security Center allows you to connect

both 1st party and partner solutions
such as:
Review the state of the solution

• Web Application Firewalls (WAF)

• Microsoft, Barracuda, F5, Fortinet
and Imperva

• Next Generation Firewall

• Checkpoint, Cisco, Fortinet, and
Palo Alto Start here to connect security solutions
Hands On – Security Center Monitoring
Questions?