mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !

Advertisements

Happy Holidays – Merry Christmas and Happy New Year !

Leave a comment


Leave a comment

Awesome #Microsoft Azure 101 Cards and Interactive Sites #Azure #Cloud

Microsoft Azure Services 101 Cards

From here you can get the Azure Container Instances Information

Go and see for your self the Microsoft Azure 101 Cards

Microsoft Interactives :

  • Azure Products
  • Cloud Design Patterns
  • Azure Security and Operations Management

Microsoft Azure Security Interactive


Leave a comment

#Microsoft Azure Log Analytics Query Playground Available #MSOMS #Azure #Analytics #HybridCloud

Azure Log Analytics

You can access Log Analytics through the OMS portal or the Azure portal which run in any browser and provide you with access to configuration settings and multiple tools to analyze and act on collected data. From the portal you can leverage log searches where you construct queries to analyze collected data, dashboards which you can customize with graphical views of your most valuable searches, and solutions which provide additional functionality and analysis tools.

If you have no current monitoring in place for your Azure environment, you should start with Azure Monitor which collects and analyzes monitoring data for your Azure resources. Log Analytics can collect data from Azure Monitor to correlate it with other data and provide additional analysis.
If you want to monitor your on-premises environment or you have existing monitoring using services such as Azure Monitor or System Center Operations Manager, then Log Analytics can add significant value. It can collect data directly from your agents and also from these other tools into a single repository. Analysis tools in Log Analytics such as log searches, views, and solutions work against all collected data providing you with centralized analysis of your entire environment.

Microsoft Azure log analytics is very powerful for Hybrid IT management and getting you in control of your Hybrid Cloud Datacenter(s).

Select Data by type

You can change the chart here

Computers sending Heartbeat with date and time

Here you can export to Excel, PowerBI or Share the Query

Set your Query in a Time range

Here you find Online documentation and Query Reference guide

Start Today with Azure Log Analytics !

To play free with Microsoft Azure Log Analytics and Query on all the solutions there is a Demo environment available.

More links for Microsoft Azure Log Analytics :

Azure Log Analytics Query Language

Azure Log Analytics Query Examples

Azure Log Analytics website

Azure Log Analytics tech Docs Online

Microsoft Azure Management Blog

Microsoft Operations Management Suit (OMS) Blog

Social Media :

Microsoft Azure on Twitter

Microsoft OMS on Facebook #MSOMS

Get started with the Microsoft Azure Log Analytics Query Language today to get you and your Business in Control with innovative Hybrid IT Management.

 

 


Leave a comment

Monitoring Microsoft Azure Cloud Services and On-premises Datacenters #Azure #MSOMS #Cloud

Microsoft Azure Monitor

There are a range of tools for monitoring your Azure environment, from the application code running on Azure to the services and infrastructure hosting your application. These tools work together to offer comprehensive cloud monitoring and include:

  • Azure Monitor – the Azure service that operates as a consolidated pipeline for all monitoring data from Azure services. It gives you access to performance metrics and events that describe the operation of the Azure infrastructure and any Azure services you are using. Azure Monitor is a monitoring data pipeline for your Azure environment, and offers that data directly into Log Analytics as well as 3rd party tools where you can gain insight into that data and combine it with data from on premises or other cloud resources.
  • Application Insights – the Azure service that offers application performance monitoring and user analytics. It monitors the code you’ve written and applications you’ve deployed on Azure, on-premises, or other clouds. By instrumenting your application with the Application Insights SDK you can get access to a range of data including response times of dependencies, exception traces, debugging snapshots, and execution profiles. It provides powerful tools for analyzing this application telemetry while developing and operating your application. It deeply integrates with Visual Studio to enable you to get right to the problem line(s) of code so you can fix it, and offers usage analytics to analyze customer usage of your applications for product managers as well.

Overview of Application Insights for DevOps

  • Log Analytics –  is an Azure service that ingests log and metric data from Azure services (via Azure Monitor), Azure VMs, and on-premises or other cloud infrastructure and offers flexible log search and out-of-the box analytics on top of this data. It provides rich tools to analyze data across sources, allows complex queries across all logs, and can proactively alert on specified conditions. You can even collect custom data into its central repository so you can query and visualize it. You can also take advantage of Log Analytic’s built-in solutions to immediately gain insights into the security and functionality of your infrastructure.

Log Analytics Documentation

Azure Monitor enables you to consume telemetry to gain visibility into the performance and health of your workloads on Azure. The most important type of Azure telemetry data is the metrics (also called performance counters) emitted by most Azure resources. Azure Monitor provides several ways to configure and consume these metrics for monitoring and troubleshooting.

Telemetry data is important

Because telemetry data is sending every minute, you get near to real-time monitoring of your data and/or your IT Solution.

Alerts on Azure Monitor data

Azure Monitor provides several ways to interact with metrics, including charting them in the portal, accessing them through the REST API, or querying them using PowerShell or CLI. Here you find a complete list of all metrics currently available with Azure Monitor’s metric pipeline.

There are three types of alerts off of data available from Azure Monitor — metric alerts, near real-time metric alerts (preview) and Activity Log alerts.

  1. Metric alerts – This alert triggers when the value of a specified metric crosses a threshold that you assign. The alert generates a notification when the alert is “Activated” (when the threshold is crossed and the alert condition is met) as well as when it is “Resolved” (when the threshold is crossed again and the condition is no longer met)
  2. Near real-time metric alerts (preview) – These alerts are similar to metric alerts but differ in a few ways. Firstly, as the name suggests these alerts can trigger in near real-time (as fast as 1 min). They also support monitoring multiple(currently two) metrics. The alert generates a notification when the alert is “Activated” (when the thresholds for each metric are crossed at the same time and the alert condition is met) as well as when it is “Resolved” (when at least one metric crosses the threshold again and the condition is no longer met).
  3. Activity log alerts – A streaming log alert that triggers when an Activity Log event is generated that matches filter criteria that you have assigned. These alerts have only one state, “Activated,” since the alert engine simply applies the filter criteria to any new event. These alerts can be used to become notified when a new Service Health incident occurs or when a user or application performs an operation in your subscription, for example, “Delete virtual machine.”

Alerts overview

 

When you go to the Microsoft Azure Portal and click on the left side on Monitor you can start your Solutions and configure them.

To Gain visibility and control across your hybrid cloud with simplified security and operations management there is Microsoft Operations Management Suite (OMS)

Here you find a lot of Hybrid Solutions to monitor and find the benefits of Cloud management with Log Analytics.

Understanding alerts in Log Analytics :

 

Alerts are created by alert rules that automatically run log searches at regular intervals. If the results of the log search match particular criteria then an alert record is created. The rule can then automatically run one or more actions to proactively notify you of the alert or invoke another process. Different types of alert rules use different logic to perform this analysis.

In addition to creating an alert record in the Log Analytics repository, alerts can take the following actions.

  • Email. Send an email to proactively notify you of a detected issue.
  • Runbook. An alert in Log Analytics can start a runbook in Azure Automation. This is typically done to attempt to correct the detected issue. The runbook can be started in the cloud in the case of an issue in Azure or another cloud, or it could be started on a local agent for an issue on a physical or virtual machine.
  • Webhook. An alert can start a webhook and pass it data from the results of the log search. This allows integration with external services such as an alternate alerting system, or it may attempt to take corrective action for an external web site.

Here you find more on Understanding alerts in Log Analytics

To keep you in Control of monitoring, Microsoft made two Mobile Apps :

Microsoft Operations Management Suite Mobile App

Microsoft OMS on my Phone

And you got the Microsoft Azure Mobile App

For Microsoft Azure Monitoring there are all kind of Solutions in the Marketplace available :

Microsoft Azure Marketplace

Conclusion :

Monitoring your IT Solutions is really important for your Application Life Cycle management to get feedback for improvements and to get Customer satisfaction.
With Microsoft Monitoring from the Cloud with Azure and OMS you get more inside information via telemetry and log analytics to keep you Up-To-Date of
your IT Hybrid Infrastructure. Modern Hybrid Cloud Datacenter(s) need a Modern Secure Monitoring environment to keep yourself and your business in Control all the time in this rapidly fast changing IT World.
Monitoring via the Microsoft Cloud gives you :

  • More Security information, Alerts and Advice to prevent security leaks
  • Application improvements in your Life Cycle management
  • Automation of action plans on Events.
  • The Health of your IT Hybrid Cloud Services
  • Makes troubleshooting much easier with Diagnostics logs
  • Integration with on-premises IT Infrastructures
  • OMS assessments, like Active Directory, SQL, Upgrades, Malware, Security & Audits………… and More
  • Great Dashboards for DevOps, IT Administrators, IT Managers, or for your Customers.

To get More information and benefits about Monitoring and diagnostics for your Design ( Best Practices )

Hope this information is helpful to get you in control of monitoring your Hybrid Cloud Solutions.


Leave a comment

Cross-Blogpost Microsoft #AzureStack Developer Kit (ASDK) in the Classroom #MVPbuzz for #Education

Azure Stack in the Classroom for Education

 


Leave a comment

Watch all those Awesome Microsoft #MSIgnite 2017 video sessions #Azure #AzureStack #MSOMS

Empower IT and developer productivity with Microsoft Azure with @scottgu

Microsoft Azure virtual machine infrastructure innovation and automation

Microsoft Azure Stack Development Kit and why it matters

Manage hybrid cloud and transform your workplace with PowerShell and Azure Automation

See here all the Microsoft Ignite 2017 video sessions

Thank you Microsoft and MVP’s for those Awesome sessions at Ignite 2017