Microsoft added three standards for use with Azure Security Center. Using the regulatory compliance dashboard, you can now track your compliance with:
In this article, I will show you how you add a custom policy to Azure Security Center Recommendation.
These recommendations are based on industry best practices, which are incorporated into the generic, default security policy supplied to all customers. They can also come from Security Center’s knowledge of industry and regulatory standards.
With this feature, you can add your own custom initiatives. You’ll then receive recommendations if your environment doesn’t follow the policies you create.
In the Azure Security Center Portal, please select « Regulatory compliance » under « Cloud Security ».
Select, « Manage compliance policies »
Select « Add a custom initiative »
Select, « Creare New »
Select « Add policy definition(s) »
Select your policies, in this example: « Storage accounts should have infrastructure encryption »
Select « Create Control »
Define a new control, in this example Storage, with the Domain Storage security
Now the custom initiatives is created, please click on « add ».
Please find wait 1 hours before to see our custom initiative in the Azure Security Center Recommendation section.
After 1 hours, we can see our custom initiative in the Azure Security Center Recommendation section:
It’s also possible to Azure Resource Graph to see this custom policies.
securityresources | where type == "microsoft.security/assessments" | extend resourceId = properties.resourceDetails.Id | extend resourceName = tostring(split(resourceId, "/")) | extend resourceGroup = (split(resourceId, "/")) | extend status = properties.status.code | extend recommendatioName = properties.displayName | project subscriptionId, recommendatioName, resourceName, resourceGroup, status, resourceId
I had the pleasure to be speaker for The Azure Group (Toronto, Canada) for a session about Azure Defender.
Please find below my slides:
Video recording: https://lnkd.in/epbR6qn
Do not hesitate to reach me if you have any questions.