Azure – The Azure Security team has developed a Power BI Dashboard

The team in charge of Azure Security Center has developed a Power Bi dashboard to help you track your Secure Score evolution. It also includes backlog of actions to be performed.

You will have 2 setup options:

  • Edit a Power BI template with Power BI desktop
  • Use a Power BI application

Prepare your Azure environment for use with Secure Score dashboard

Then you will need to deploy a playbook to get Secure Score data (Get-SecureScoreData); you can deploy from here https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Security-Center%2Fmaster%2FSecure%2520Score%2FGet-SecureScoreData%2Fazuredeploy.json)

After logging on your Azure portal, define the subscription and resource group for the deployment

image

The playbook will gather the Secure Data (including recommendations) every 24 hours.

The playbook consist of:

  • 1 Logic App – Get-SecureScoreData
  • 1 Log Analytics – SecureScoreData-<unique identifier>
  • 1 API Connection – azureloganalyticsdatacollector-Get-SecureScoreData
  • 1 workbook – <unique identifier> (SecureScoreWorkbook)

image

You will need to gather Log Analytics workspace ID created above by accessing the Azure portal and search for Log Analytics

image

Once you have identified the Log Analytics access the Overview tab to get the workspace ID

image

Then you need to assign Reader access to either the subscription(s) (recommended) and/or resource groups you want to include in the report to the Logic App created above (Get-SecureScoreData)

image

Then you can go back to the Logic App to manually trigger the first run

image

The initial run will take about 15 s; you can check the result if all steps have been executed successfully

image

Use the Power BI template

You need of course a Power BI account to be able to use it –  a Pro license is required if you want to open it as an application.

You will need to use the latest version of Power BI Desktop – version 2.83.5894.961 (available here https://aka.ms/pbiSingleInstaller)

You can get the template from https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score/PowerBI-SecureScoreReport

Now you can open the Power BI template file to edit it; you will be asked to provide the Workspace ID gathered above

image

It will then start loading the data and request you to authenticate with an account with permission to access the workspace; use the Organizational Account authentication option and use the OAuth2 method

image  image  image

Then you have some data starting to be displayed

image

You can now publish it to your Power BI service for reading access.

Use the Power BI Application


You will need to allow to Install templates app not listed in AppSource; to do it connect with an administrator account to your PowerBI https://app.powerbi.com/ and access the Admin portal to update the Tenant Settings

image  image

Now you can install the Secure Score reporting app using this link https://app.powerbi.com/Redirect?action=InstallApp&appId=0c3bbb94-36cc-4153-a5c2-b63181a17166&packageKey=14ec9028-3513-4a1c-aed1-83a01ecfc975qTsHacSHROKH9oDSq9Co9Ln72xYehlJKmEvIYPIxbz8&ownerId=72f988bf-86f1-41af-91ab-2d7cd011db47&buildVersion=12

You will be asked to confirm the application install

image  image  image

The Secure Score app is now installed

image

You can now connect to your Azure tenant by using the Connect your data option

image

There enter the Log Analytics workspace ID created during the Azure preparation steps

image  image

Then you need to use your organizational account; you can define whatever privacy level you want

image

Then the Power BI application is refreshing the data; it may take up to 10 minutes to complete

image

Once completed, you can access the Report using the Reports\Secure score report navigation

image

Leave a Comment

Your email address will not be published.