Azure – The Security Center now provides ‘one click’ remediation (preview)

As you know, Azure integrates a security dashboard, called Azure Security Center (ASC), to help you have a bird view on the security state of your Azure (but not only as it also provides details from your on-premises) environment.

The Azure Security Center has been updated to provide a ‘one click’ remediation (when available) when an potential issue has been detected.

You already had with ASC the recommended actions to implement in order to resolve the detected issue but it can be sometime challenging to implement it; hence the ‘one click’ remediation which will apply the recommended action (also available with the Free pricing tier Smile)

The ‘one click’ remediation is currently available for the below resource types:

  • Web Apps, Function Apps, and API Apps should only be accessible over HTTPS
  • Remote debugging should be turned off for Function Apps, Web Apps, and API Apps
  • CORS should not allow every resource to access your Function Apps, Web Apps, or API Apps
  • Secure transfer to storage accounts should be enabled
  • Transparent data encryption for Azure SQL Database should be enabled
  • Monitoring agent should be installed on your virtual machines
  • Diagnostic logs in Azure Key Vault and Azure Service Bus should be enabled
  • Diagnostic logs in Service Bus should be enabled
  • Vulnerability assessment should be enabled on your SQL servers
  • Advanced data security should be enabled on your SQL servers
  • Vulnerability assessment should be enabled on your SQL managed instances
  • Advanced data security should be enabled on your SQL managed instances

 

To start using it, connect to you Azure portal (https://portal.azure.com) and reach the Security Center

image

Then reach out the Recommendations blade (which can be also accessed from the Overview)

image  image

Then, in the recommendation list you may see for some of them a ‘1-Click Fix!’ blue button image

image

If you click on the recommendation you will get more information about it and the steps to remediate (as before the ‘one click’ action) plus after selecting the impacted resource(s) you will get the Remediate button which will then implement the remediation

image  image

Depending of the remediation actions you may have to provide few additional settings; here to enable the diagnostic log for the key vault, you have to define the retention period and log analytics workspace to use

image

That’s it.

Leave a Comment

Your email address will not be published.