Azure – You can now get notification when your Secure Score downgrade

After releasing a Power BI dashboard to follow up on the evolution of your Azure Secure Score (see, you can now get an email notification if your Secure Score is reducing.

The playbook is available for deployment in the Azure Security Center Github repository here

Connect to the above URL and use the Deploy to Azure button


Then you may be asked to authenticate against your Azure tenant.

Once authenticated, fill up the deployment details as below:

  • Select the subscription where the playbook will be deployed
  • As well as the resource group
  • The region will be set automatically based on the above selection
  • Provide the Log Analytics name, resource group and subscription ID
  • Update (if needed) the frequency of reviewing the Secure Score and the percentage threshold reduction (meaning if the Secure Score reduces by x%)
  • The notification email


Now you can complete the deployment


A Logic App called Send-SecureScoreReductionAlert with 2 API Connection called office365 and azuremonitorlogs been deployed.

You then need to grant Reader permission to the subscription(s) you want to get monitored for Secure Score reduction by accessing the Subscription Access Control blade


Then select the Reader role to be assigned to a Logic App and then select the Send-SecureScoreReductionAlert


Then go back to the resource group where the playbook has been deployed to edit the office365 API connection


Access the Edit API connection and then hit the blue ribbon to Authorize the connection; an authentication prompt may appear to ask you to sign in


You should then see a blue notification on top if the authorization has been successful; you can now save the modification

 image  image

Repeat the same with the other API connection azuremonitorlogs

You can review above operations has been successful by accessing the Send-SecureScoreReductionAlert Logic app and then looking at the Run query and list results action available within the For Each loop using the Logic app designer blade; you should see the Connected to azuremonitorlogs information

image  image image

Then you can force an initial run using the Run Trigger


Then if the reduction threshold is reached you will get the following type of notification


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.