The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. For more information, see Windows Security Baselines.
Baseline security policies for Windows Server 2022.
But what’s new in Microsoft Windows Server 2022?
Here we have some new Windows Server 2022 security features :
Virtualization-based security (VBS)
Transport: HTTPS and TLS 1.3 enabled by default on Windows Server 2022
Secure DNS: Encrypted DNS name resolution requests with DNS-over-HTTPS
Server Message Block (SMB): SMB AES-256 encryption for the most security conscious
SMB: East-West SMB encryption controls for internal cluster communications
Windows Server 2022 security features
In the following steps you will see some of the security features of Microsoft Windows Server 2022.
When your Windows Server 2022 is running on a Hypervisor like Hyper-V, you can set Memory integrity under Windows Security to ON.
This prevents attacks from inserting malicious code into high security processes. When you set this security feature on, the Server needs a reboot to activate.
Memory Integrity needs a reboot.
Windows Security Notifications.
By default Virus & Threat protection notification is active, when you want notifications about Microsoft defender firewall blocking a new application, you have to turn this feature on and select the firewalls.
In Windows security we have also ransomware protection.
Protect your files against threats like ransomware, and see how to restore files in case of an attack.
You can do this by Controlled folder access.
Protect files, folders and memory on your Server from unauthorized changes by software.
New in Windows Server 2022 is Tamper protection in Windows Security.
This Prevents others from tampering with important security features.
This was all Microsoft Windows Server 2022 security in the VM, but how about your Windows Server 2022 Hyper-V Hypervisors?
Hypervisor-protected Code Integrity (HVCI) is a virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity.
HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system.
See Virtualization Based Security System Resource Protections for more details on these protections.
Here you find a great video with a session of Jeff Woolsey Principal Program Manager at Microsoft. It’s all about What’s new in Windows Server 2022.
Start with Microsoft Windows Server 2022 today and make your test environment to play with Windows Server 2022 and Security.
Make your core business application solution more secure then ever, and let a ethical hacker do pen tests on your solution.
When you have security by default in your architectural designs, and test your Windows Server 2022 for production workloads it makes a big different to keep your environment and solution safe. And when you monitor your Windows Server 2022 solution pro-active with Azure Monitor, Azure Security Center, Azure Defender like this with Azure Arc enabled Servers
This keeps you in Control on Security by design for your business.
Microsoft Ignite 2021
Join Microsoft and the Community November 2–4, 2021 to explore the latest tools, training sessions, technical expertise, networking opportunities, and more. You can register here
Here you find some great MSIgnite guidance on Microsoft Tech Community :
Of course you can make your own schedule from the session catalog here
Don’t forget your Registration and have a Great innovative Microsoft Ignite 2021 Event 😉
Security by Design is increasingly becoming the mainstream development approach to ensure security of software systems. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. In the following steps we will make a security baseline for Windows Servers with different tools.
1.Microsoft Security Compliance Toolkit
The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A lot of hacks are based on registry settings, so that’s why Windows Server Security Baseline is important.
You can download the Microsoft Security Compliance Toolkit here
2. Windows Defender Firewall with Advanced Security
Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy. So set only the firewall ports you need end to end.
Windows Security Setting Firewall & Network Protection
Select Advanced settings
Windows Defender Firewall Advanced settings
Set only active what you need!
3. Windows Defender Security Virus & Threat Protection
Schedule a Full Scan in the Night for Threats
and Set the Windows Security options.
Keep your Defender and Virus definition files up-to-date.
4. Windows Updates
When your Windows Server is ready for production, you have to keep it Up-to-Date with Windows Updates. It’s not only the Windows Security patches, but all the software that’s running on your Server. One software leak is enough for a hacker to compromise your Server.
Have a look at the Microsoft Update Catalog
Lot of Companies are using Microsoft WSUS Services or Microsoft Endpoint Configuration Manager to deploy the software Life cycle Management Security updates to Servers to keep them secure as possible. These are not only Microsoft Security Updates but also from third party Software vendors, like adobe, Google, etc.
5. Security Monitoring and Remediation
This Cycle is important for Security!
IT departments have multiple teams with different disciplines, so when the Windows Server is ready
for the Administrator it goes to the Application Admin in a different IT Team. They will install the Application software and maybe
some software connections with other Servers by a third IT Team. To get in control of those security steps is important, because when a IT Consultant of a third party vendor is installing old legacy software you will have hacker leaks again and that’s making your Server vulnerable. Here is where Azure Security Center and Azure Defender will support you in monitoring and remediation of security issues.
It doesn’t matter where your Windows Server is installed, in Azure Cloud or On-premises in your datacenter, it can connect securely via internet for monitoring the Server. When it’s on-premises you can install the Microsoft Arc agent
Microsoft Azure Arc Connected Machine Agent.
Azure Arc enabled Server from On-premises
When the Microsoft Azure Arc Agent is installed on the Server, you can use these Azure Services for example :
- Azure Update Management
- Azure Monitoring
- Azure Security Center with Azure Defender
- Azure Policies for Compliance
- Change Tracking and Inventory
- Automation of Tasks
These Microsoft Azure features are supporting you to keep your Server as safe as possible and your security Up-to-Date.
From here you can add the Windows Server to Microsoft Azure Security Center with the right log analytics workspace.
Microsoft Azure Security Center Recommendations
Remediate Security Configurations on the Arc enabled Server
Remediation of Vulnerabilities on your Windows Server (Arc Enabled)
Azure Defender is a built-in tool that provides threat protection for workloads running in Azure, on premises, and in other clouds. Integrated with Azure Security Center, Azure Defender protects your hybrid data, cloud-native services, and servers and integrates with your existing security workflows, such as SIEM solutions and vast Microsoft threat intelligence, to streamline threat mitigation.
Workflow of Azure Defender for Vulnerability Scanning.
When Azure Security Center and Azure Defender are installed, you can do a Vulnerability Assessment on your Azure Arc enabled Server which is on-premises datacenter before your Windows Server is going in Production.
Vulnerabilities after Assessment on Windows Server with Arc enabled with remediation
This happens a lot when there is third party software installed on the Server.
To get a list of your high security vulnerabilities, you can use the Azure Resource Graph explorer.
Azure Resource Graph Explorer
Here you can download your high risks into a CSV or Pin to a Dashboard.
6. Compliance and Security Policies
Learn how Microsoft products and services help your organization meet regulatory compliance standards.
When you have to manage a lot of Windows Servers or Linux Servers, you want them compliant with the right security policies.
Regulatory Compliance of your environment.
With Azure Security Policy you can configure your Compliance.
in the following steps you will see an Sample alert :
Sample Alerts with Mitre ATT&CK Tactics
Take Action on the Security Alert.
Mitigate the Threat
Prevent future attacks
Trigger automated response
Suppress similar Alerts.
Security by Design Conclusion
Before you begin with deploying Windows Servers in your datacenter or in the Azure Cloud, it’s good to make a High Level design with your security set for the right compliance of your new Windows Server. You can use all the security On-Premises for Windows Server but with Azure Security Center, Azure Monitor, Azure Arc Services, Azure Defender you get all the security Insights and remediation options when a vulnerability is discovered. Windows Server and Azure Security Center is better together for Security Management.
If you want to keep your Windows Servers secure as possible, you need to keep doing these steps above. Continuous Monitoring and remediate vulnerabilities is a on-going process for SecOps and Administrators. Make it hackers difficult to add ransomware on your Servers. One more important IT Service, is your Backup / Disaster Recovery solution. This should be secure from hackers and from ransomware encryption. I always say think of this rule :
Windows Admin Center Hyper-V Host
Simplify server management
Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.
Operate hybrid seamlessly
Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:
- Backup and disaster recovery
- Additional capacity for compute, file servers and storage
- Centralized management for monitoring, threat protection and update management
In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.
Click in the Left toolbar on Virtual Machines
and then on Add New
Deployment settings for the New Virtual Machine.
Here we set the following settings :
- Virtual Machine Name
- Generation VM ( gen 2 is recommended )
- The path of the VM settings and Disk
- Virtual Processors
- a mark for nested virtualization ( for the Hyper-V feature )
- Network / Virtual Switch
When you Add Storage you can select also the new ISO file for Installation.
I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.
Windows Admin Center will create the Virtual Machine really fast.
Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.
Before you Start running the VM, have a look at the settings
If you want you can set more Security features here.
You can set Encryption and Security Policy.
Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )
Installation of Windows Server Core 20H2 version Build 10.0.19042
The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.
Click on Connect
Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect
Here we see the Console for the Windows Server Installation.
The Windows Server Core 20H2 is Installed.
Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.
Via Windows Admin Center ( Manage) you can add the Machine to the domain.
Add the Server to the domain with your account and Click on Join
Server will Restart, Click on Yes
Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully
Adding the Windows Server Core 20H2 to Windows Admin Center
Add Dark20H2.mvplab.cloud to Windows Admin Center.
Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.
Windows Server Core 20H2 in Windows Admin Center.
First thing what I do in my MVPLAB is Windows Updates.
December Updates for Windows Server Core 20H2
Updates Installed Successfully 🙂
Azure Hybrid Services
Azure Hybrid Services
You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :
- Azure Backup Services
- Azure Monitoring Services
- Disaster Recovery
- Azure File Sync Services
- Azure Security Center / Azure Defender Services
Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center
I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉
What’s New in Azure Security Center
Security Center is in active development and receives improvements on an ongoing basis. To stay up to date with the most recent developments, this page provides you with information about new features, bug fixes, and deprecated functionality.
Updates in November include:
- 29 preview recommendations added to increase coverage of Azure Security Benchmark
- NIST SP 800 171 R2 added to Security Center’s regulatory compliance dashboard
- Recommendations list now includes filters
- Auto provisioning experience improved and expanded
- Secure score is now available in continuous export (preview)
- “System updates should be installed on your machines” recommendation now includes sub-recommendations
Microsoft Azure Defender Dashboard
Azure Security Center’s features cover the two broad pillars of cloud security:
- Cloud security posture management (CSPM) – Security Center is available for free to all Azure users. The free experience includes CSPM features such as secure score, detection of security misconfigurations in your Azure machines, asset inventory, and more. Use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies.
- Cloud workload protection (CWP) – Security Center’s integrated cloud workload protection platform (CWPP), Azure Defender, brings advanced, intelligent, protection of your Azure and hybrid resources and workloads. Enabling Azure Defender brings a range of additional security features as described on this page. In addition to the built-in policies, when you’ve enabled any Azure Defender plan, you can add custom policies and initiatives. You can add regulatory standards – such as NIST and Azure CIS – as well as the Azure Security Benchmark for a truly customized view of your compliance.
Additional threat protections in Azure Security Center
Microsoft Azure Security Center Team is working hard on additional threat protections for :
- Threat protection for Azure Network Layer
- Threat protection for Azure Resource Manager ( Preview)
- Threat Protection for Azure Cosmos DB ( Preview)
- Threat Protection for Azure WAF
- Threat Protection for Azure DDoS Protection
What is Azure Sentinel?
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Who to follow on Social Media for Azure Security Center
On twitter you have to follow Principal Program Manager at Microsoft C+AI Security Yuri Diogenes : @yuridiogenes
On YouTube you can subscribe to Azure Security Center in the Field ( #ascinthefield) YouTube
On LinkedIn JOIN the Microsoft Azure Monitor & Security for Hybrid IT Community Group
Windows Admin Center for Hybrid IT Management
As an Administrator, I like to work with Microsoft Windows Admin Center, It’s a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. You can download Windows Admin Center here and use it for Free in your Production environment. What is Windows Admin Center? What are my benefits? Here you see Windows Admin Center Architecture how it works.
Windows Admin Center Architecture.
So you can use Windows Admin Center everywhere, you can Install it on a Server on-premises without any internet connections, or in a hybrid way with a internet connection for Cloud
services integrations like Azure Backup, Azure Security Center, Azure Monitor or Azure File Sync and to manage your Virtual Machines in the Cloud.
Microsoft is now busy with Windows Admin Center in the Azure Portal in Preview to manage your Hybrid Datacenter. Here you find a blogpost about it in the Microsoft Tech Community.
Manage Internet Access in Windows Admin Center.
Datacenter Administrators want to manage Windows Servers in an Easy way but it must be secure. Microsoft has some user access options for using Windows Admin Center.
The one I like most is Microsoft Azure MFA (Two-Factor-Authentication) on your Windows Admin Center environment. Here you find more information about User Access WAC.
Choose the right Windows Admin Center installation for your environment:
Windows Admin Center Installation types.
These are Production Ready.
But don’t forget the Microsoft Windows Admin Center in the Azure Portal Preview :
Windows Admin Center in the Azure Portal Preview.
Windows Admin Center | Management | Azure Security Center Integration.
The Power of a Modern Management tool like Windows Admin Center is the Extensions feature to integrate with external Services like Azure Cloud Services, or third party vendors like Dell EMC or HP, Fujitsu, Data-On with great management solutions. An other example of a Windows Admin Center Extension are Containers.
In the following steps you will see how easy it is to manage and integrate Azure Security Center into Windows Admin Center for your Servers.
When you have installed Windows Admin Center, you have to add your Microsoft Azure Subscription into WAC.
Azure Registration in Windows Admin Center.
In the upper right you have the settings icon of Windows Admin Center, from there you can select Azure and do the registration. What it will do is making a API with your Microsoft Azure subscription:
Here you see the Registration in Microsoft Azure.
When that is completed successfully, you can add the Microsoft Azure Services via Extensions in Settings. We are going to Select Azure Security Center.
Install the Microsoft Azure Security Center Extension.
From here you have installed the basics for your Servers, now the Microsoft Azure Security Center feature is added in the left management bar at each Server in Windows Admin Center.
Now we only have to register the Servers into Azure Security Center with Windows Admin Center.
Here you see my MVPLAB Machines.
I have two Azure Stack HCI virtual Machines and I like to know if they are secure. ( Skywalker01 and Skywalker02) I start with the Azure Security Center Installation on Skywalker01 VM.
Azure Stack HCI VM called Skywalker01.mvplab.cloud
Sign into Azure.
Select your Azure Subscription, Create or Use existing workspace.
Select Region, and Create or use existing Resource Group.
Click on Setup.
The Virtual Machine will be added to Azure Security Center.
From here it need some time to do the job with doing assessments, getting the metadata of the server with log analytics. Microsoft Azure Security Center will come with security recommendations like:
Here you can do a Quick Fix and do Remediation.
After a view minutes the Security issues are also coming into Windows Admin Center.
Here I get some Security advice in Windows Admin Center for Skywalker01 VM
Here you see the Power of the Azure Cloud with Log Analytics and the
Azure Security Center baselines for Skywalker01 Azure Stack HCI VM.
I forgot Skywalker02 VM to do the monthly security updates and that is a Security Risk too of course :
Skywalker02 Azure Stack HCI VM at High Security Risk.
Of course we have Windows Updates in Windows Admin Center, Just have to select and approve the updates for Skywalker02 to solve this high Risk issue.
Skywalker02 Azure Stack HCI VM Security Risk Solved 😉
In a Hybrid IT world today is Better Together my motto with Windows Admin Center and Microsoft Azure Security Center you have a Great solution. You can make your own Azure Security Center Baseline policy to deploy on your Windows Servers to make them more Secure. Get a High Security Score ! And don’t worry you can add all your Windows Servers into Windows Admin Center if they are on-premises or in the Cloud.
With Azure MFA Two-Factor access authentication, you make your Management tool Windows Admin Center more Secure for your environment. If you don’t use Windows Admin Center yet, start Today !
More Information :
Windows Admin Center on Twitter : @servermgmt
Microsoft Azure Arc Servers On-Premises and Azure Cloud Services
Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.
Azure Arc Extensions settings of the Server.
Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)
After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.
Azure Arc Insights Performance monitor
The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :
- CPU Utilization
- Available Memory
- Logical disk IOPS
- Logical disk MB/s
- Logical disk Latency
- Max logical disk used %
- Bytes Sent Rate
- Bytes Received Rate
Azure Arc Logs Analytics
Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉
Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server
Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.
Microsoft Azure Security Center for Azure Arc Servers
One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.
Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.
Azure Arc Server in Azure Security Center recommendations Summary
Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.
Here you see the Security advise and the Remediation to take action on your Server.
Microsoft Azure Security Center Overview with the Overall Secure Score.
Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.
To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.
To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies
Azure Arc Policies to meet your Compliance state.
Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉
Microsoft Azure Sentinel
Microsoft Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
- Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
- Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
- Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
- Respond to incidents rapidly with built-in orchestration and automation of common tasks.
In the following step-by-step guide you get a global overview of Azure Sentinel :
Click on Create
Connect or add your Workspace.
Click on Add Azure Sentinel
Azure Sentinel is added to your workspace.
Here you can collect all your Security Cases
Azure AD Audit Logs
Linux Machines Security
When you have your Azure Sentinel Solutions in place with alerting rules and telemetry and analytics is coming to your workspace, Hunting is the next Threat management tool :
Azure sentinel Hunting
Working with Tags and Collaborate with Teammates
Launch Investigations and Bookmark
Working with Azure Notebooks for Azure Sentinel
Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, dashboards and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit any issues or feature requests as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com
Get started from here to Configure your Azure Sentinel Environment
Choose your Data Collections for Azure Sentinel Security
Lot of Choice already Build-in for you.
From here you can make your own Azure Sentinel Analytics Alert Rules.
Create Alert rules with the right mappings, triggers, and scheduling, response automation.
Add your own playbooks for your Security
Unlock the power of AI for security with Machine Learning
Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.
Building your Full Screen Dashboard for Monitoring
More information about Azure Sentinel Intelligent Security :
When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :
- Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
- Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
- Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift”
- Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 Data Migration
- Managing and Working with Azure Network Security Groups (NSG)
Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.
From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :
Microsoft Azure Security Center is working with the following navigation menu’s on the left :
- Policy & Compliance
- Resource Security Hygiene
- Advanced Cloud Defense
- Threat Protection
- Automation & Orchestration
Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture.
Improve your secure score in Azure Security Center
Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.
From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.
Azure Security Center Advise on Disk Encryption
- Description on Applying Disk Encryption on your Virtual Machines
- General Information, with Impact and Implementation Cost.
- Threats, what can happen when you don’t implement the security.
- Remediation Steps from Microsoft Azure Security Center
Like this : Managing security recommendations in Azure Security Center
I really like this feature in Azure Security Policy & Compliancy to help the business with GDPR and keep your Data Save by Security.
So now you can work on your Security and Compliance
Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.