This post is the first part of a of series about Azure Security Center
In this post series, we will talk about one of the most important services on Azure, the Azure Security Center. Throughout this post, we will read what Azure Security Center is, what are the licensing tiers, how we can enable and use the security functionalities that it offers.
Azure Security Center is a unified monitor security management platform across our cloud, on-premises and hybrid workloads. We can achieve this security for our workloads by using security policies, advanced analytics reports, security alerts, threat prevention, JIT access, etc.
Azure Security Center has two tier offerings:
- Free: The Free tier is by default enable to all Azure Subscriptions and it provides security assessment, policy and recommendations.
- Standard: The Standard tier provides more security functionalities, like regulatory compliance, Just in time VM access, threat protection for PaaS and IaaS, adaptive application controls.
In the table below we can see what Standard tier provides in contrast to Free.
|Continuous assessment and security recommendations||Yes||Yes|
|Azure Secure Score||Yes||Yes|
|Adaptive application Controls and network hardening||No||Yes|
|Threat protection for supported PaaS services||No||Yes|
|Regulatory compliance dashboard and reports||No||Yes|
|Threat protection for Azure VMs and non-Azure servers (including Server EDR)||No||Yes|
|Just in time VM Access||No||Yes|
|Microsoft Defender ATP for Servers||No||Yes|
|Resource Type||Standard Tier|
|App Services||App Service/hour|
|IoT Devices – by device||€0.0009/month|
|IoT Devices – by messages||€0.169/25K transactions|
|Azure Kubernetes Services||vCore/hour|
|Azure Container Registry||Per image|
|Key Vaults||10K transactions|
For more details please check this document.
Azure Security Center supports the following Cloud and Hybrid environments:
- Only Azure
- Azure and on-premises
- Azure and other clouds
- Azure, other clouds, and on-premises
Azure Security Center Modules Overview
POLICY & COMPLIANCE
RESOURCE SECURITY HYGIENE
- Compute & apps
- IoT Hubs & resources
- Data & storage
- Identity & access
- Security solutions
ADVANCED CLOUD DEFENSE
- Adaptive application controls
- Just in time VM access
- Adaptive network hardening
- File Integrity Monitoring