Continue from Lab 1 : Explore Azure Security Center
In this section of the lab, we’ll take a look around Azure Security Center and explore what it has to offer.
1) In the Azure portal, click on Security Center on the left hand menu.
2) The overview section of the Security Center shows an ‘at-a-glance’ view of any security recommendations, alerts and prevention items relating to compute, storage, networking and applications, as shown in Figure 7.
Figure 7: Azure Security Center Main Screen
3) Click on ‘Recommendations’ in the Security Center menu. You will see a list of recommendations relating to various areas of the environment – for example, the need to add Network Security Groups on subnets and VMs, or the recommendation to apply disk encryption to VMs.
Figure 8: Azure Security Center Recommendations
4) Click on ‘Compute & Apps’ in the left hand menu. This will take you to a compute specific recommendations page where we can begin to apply recommendations.
5) Click on the ‘VMs and Computers’ tab where you will see a list of all VMs in your subscription and the issues that ASC has found.
6) One of the common warnings is related to endpoint protection on virtual machines. Click on the ‘Compute’ item in the menu and then click on the warning for ‘Endpoint Protection Issues’. This will take you to a screen showing how many VMs are not protected.
Figure 9: Azure Security Center Endpoint Protection
7) Click on the ‘Endpoint Protection Not Installed’ item and then select the eligible VMs (VM1 & VM2 in your case). Click the button ‘Install on 2 VMs’.
8) Select ‘Microsoft Anti-Malware’ and then select all defaults before clicking ‘OK’ and letting the anti-malware software install on your VMs.
9) Return to the ‘Overview’ page within the Compute section and click on ‘Add a vulnerability assessment solution’. Select all four virtual machines and then click ‘Install’. From here, you can install a 3rd party vulnerability assessment tool (Qualys) on your VMs. Do not proceed with the installation, but instead proceed to the next step.
10) Return to the main ASC screen and then click on Networking. From here, you’ll be able to see that your VMs (VM1 – 4) are listed as ‘Internet Facing Endpoints’ but have no protection from either Network Security Groups or Next Generation Firewalls (Figure 10). You’ll add Network Security Groups to the environment later.
Figure 10: Azure Security Center Networking Recommendations
11) From the main ASC page, click on Security Policy on the left hand menu. Click on your subscription.
12) From here, you can control the security policy recommendations (in the security policy section), set up email addresses for automated alerting and configure the pricing tier.
13) From the ‘Data Collection’ page, turn on the automatic provisioning of the monitoring agent and click save. This will allow Azure Security Center to automatically install the monitoring agent on the VMs in your subscription.