This week Azure Security Center went from private preview to public preview, this new Azure service is designed to provide Azure administrators with a view of security across their Azure subscriptions.
The current public preview focuses on IaaS security, in particular VNets and virtual machines. Azure Security Center comes with extensions that can be automatically installed in to your Azure VM’s (Windows and Ubuntu Linux with more distro’s supported in the future) which gives Azure Security center great visibility as to your security posture .
As well as reporting on the current security stance of the virtual machine the Azure Security Center also alerts if there are brute force attacks against your VM and if it is communicating with known malicious IP addresses.
Azure Security Center works with VM’s deployed using both Azure Service Manger (Classic VM’s) and Azure Resource Manager managed VM’s.
To find Azure Security Center log in to the new Azure portal http://portal.azure.com. Using the navigation pane on the left hand side of the portal select Browse then scroll down and select Security Center. (clicking the star will add Security Center to the left hand side navigation bar)
Once you have opened Security Center the first thing to do is enable the collection of information, clicking Security Policy will display your subscriptions and for each subscription you can enable the collection of security information, the storage account Security Center should store security logs for that subscription and the recommendations you wish to enable.
Enabling data collection will trigger the Security Center extension to be installed on all VM’s in that subscription.
Once the extensions are installed Security Center will show the security stance of your VM’s and recommend actions to remediate security issues.
Security Center will have more Azure services added to it over time and will be a key tool for monitoring the security of your Azure based services and infrastructure.