Azure Security Center topics https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/bd-p/AzureSecurityCenter Azure Security Center topics Thu, 21 Oct 2021 04:40:01 GMT AzureSecurityCenter 2021-10-21T04:40:01Z Disable MFA 14 day grace period? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/disable-mfa-14-day-grace-period/m-p/2864460#M614 Hi,<BR /><BR />Just looking for some advice here...<BR />Is it possible to disable/remove the 14 day "grace period" for MFA registration for new users?<BR /><BR />Premium subscription being used. Customer wants all new users to be forced to set up MFA when they first log in and not allow them to skip for 14 days.<BR /><BR />I can't find anywhere to disable this? Security defaults is not enabled. A 3rd party service is being used for SSPR.<BR /><BR />Thanks. Wed, 20 Oct 2021 09:39:51 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/disable-mfa-14-day-grace-period/m-p/2864460#M614 luke_m137 2021-10-20T09:39:51Z Azure Private Link in Secure Score https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-private-link-in-secure-score/m-p/2857808#M612 <P>How does the use of Azure Private link get evaluated in ASC? does it affect the Secure Score</P> Mon, 18 Oct 2021 16:41:43 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-private-link-in-secure-score/m-p/2857808#M612 Dean Gross 2021-10-18T16:41:43Z New Blog Post | Azure Defender Alerts Workbook https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-alerts-workbook/m-p/2842828#M609 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1634144299065.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/317099iD66AE132B96F7AC2/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1634144299065.png" alt="JasonCohen1892_0-1634144299065.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-alerts-workbook/ba-p/2841990" target="_blank" rel="noopener">Azure Defender Alerts Workbook - Microsoft Tech Community</A></P> <P>Azure Defender is an evolution of threat-detection technologies in Security Center protecting Azure, On-premises, and hybrid cloud environments. Security Alerts are the notifications that Security Center generates when it detects threats on your resources. Security Center prioritizes and lists the alerts, along with information needed for you to quickly investigate the problem. Security Center also provides detailed steps to help you remediate attacks. Alerts data is retained for 90 days.<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Here</A><SPAN>&nbsp;</SPAN>is the list of resource types that Azure Defender secures. Make sure to visit<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">this article</A><SPAN>&nbsp;</SPAN>that lists the security alerts you might get from Azure Security Center and any Azure Defender plans you’ve enabled.</P> <P>&nbsp;</P> <P>Azure Security Center allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source. For example, with Secure Score Over Time report, you can track your organization’s security posture. Read more about how workbooks provide rich set of functionalities in our<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Azure monitor documentation</A><SPAN>&nbsp;</SPAN>and to understand workbooks gallery in Azure Security Center, make sure to<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">review our documentation</A>.</P> <P>&nbsp;</P> <P>With this blog, we are introducing you to another great template that provides representation of your active alerts in different pivots that would help you understand the overall threats on your environment and prioritize between them.</P> <P>&nbsp;</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-alerts-workbook/m-p/2842811" target="_blank" rel="noopener">New Blog Post | Azure Defender Alerts Workbook - Microsoft Tech Community</A></P> Wed, 13 Oct 2021 17:01:28 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-alerts-workbook/m-p/2842828#M609 JasonCohen1892 2021-10-13T17:01:28Z Azure Security Center Logging via AMA Agent vs. MMA https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-logging-via-ama-agent-vs-mma/m-p/2816629#M602 <P>I would like to separate performance and diagnostic data from security data. With the MMA it is only possible to send to one Log Analytic Workspace and has no capability to separate data. With MMA you can restrict access to the relevant tables like SecurityEvent can only be distinguished via access rights in RBAC and you can handle retention time individually&nbsp; via rules. However, due to compliance requirements, you often want to define separate log targets from scratch in order to handle them independently of each other. So requirement is to end up with two seperate LAWs. For this I found the new Azure Monitor Agent which allows to send data to two different LAWs via Data Collection Rules and thus enables a data separation. Now I have the question from Security Center point of view if I can do without the classic MMA agent on the machines or if I still need it for Defender and co. on the machines?</P><P>Kind Regards</P><P>Sebastian</P> Wed, 06 Oct 2021 09:46:59 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-logging-via-ama-agent-vs-mma/m-p/2816629#M602 msmotto21 2021-10-06T09:46:59Z ASC Recommendations On Deleted Resources https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-recommendations-on-deleted-resources/m-p/2813702#M597 <P>Hi all,&nbsp;</P><P>last week i deleted some virtual machines that were onboarded in the security center. Now these resources are still displayed under the recommendations. How can I get these old entries out of the ASC?</P><P>Kind Regards</P><P>Sebastian</P> Tue, 05 Oct 2021 15:56:25 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-recommendations-on-deleted-resources/m-p/2813702#M597 msmotto21 2021-10-05T15:56:25Z Communication with suspicious random domain name (Preview) https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/communication-with-suspicious-random-domain-name-preview/m-p/2795653#M593 <P>Hi All</P><P>&nbsp;</P><P>So we are seeing multiple alerts via Azure Security Centre for the following</P><P>&nbsp;</P><P><SPAN>Communication with suspicious random domain name (Preview)</SPAN></P><P>&nbsp;</P><P><SPAN>The alerts show that various assets connected to our domain are querying&nbsp;via our DNS server various nefarious looking domain names such as&nbsp;25jimj.qgxouyclggk.com and 3dde4b.zbrjtstrclnm.com</SPAN></P><P>&nbsp;</P><P><SPAN>In all of these cases we can see that the asset has connected to various IP addresses that are registered to amazon. We seee multiple hits to amazon and then we see hits to these random domains.</SPAN></P><P>&nbsp;</P><P><SPAN>The alert points us to the following&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN><A href="#" target="_blank">https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&amp;reportCreateDateTime=2021-07-07T08%3a33%3a40&amp;reportName=MSTI-TS-DNS-Changer.pdf&amp;tenantId=c4a31167-4b24-47e3-a4b4-93d92097a1e3&amp;urlCreateDateTime=2021-07-07T08%3a33%3a40&amp;token=6WEIykYGq3uD81RbTof8TYiRqAqA91erSiZwWuAM0l0=</A></SPAN></P><P>&nbsp;</P><P><SPAN>We run virus scans on these machines and no malware or issues are being reported.</SPAN></P><P>&nbsp;</P><P><SPAN>This alert is in preview so very little online about the alert itself.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Does anyone on here know much about this alert?&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>How concerned should we be?</SPAN></P><P>&nbsp;</P><P><SPAN>These assets themselves are onboarded&nbsp;onto Defender but this activity does not trigger any alert.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Sep 2021 15:29:53 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/communication-with-suspicious-random-domain-name-preview/m-p/2795653#M593 ragnar667 2021-09-29T15:29:53Z ASC Log Analytics Agent auto-provisioning policy https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-log-analytics-agent-auto-provisioning-policy/m-p/2791838#M592 <P>If I've understood correctly when I flip the switch on auto-provisioning there is a policy (deployIfNotExists) created behind the scenes. I tried going through the policies and could not find it. I only have the Azure Security Benchmark definition assigned and I don't think it includes any 'modify' or 'deployIfNotExists' policies.<BR /><BR />Is this policy hidden somewhere? It somewhat bothers me that I don't seem to have visibility on this policy. I have a Linux box that has had a problem with the OmsAgentForLinux VM Extension. I'd like to see if the policy will re-install the extension.&nbsp;</P> Tue, 28 Sep 2021 14:27:22 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-log-analytics-agent-auto-provisioning-policy/m-p/2791838#M592 tommihovi 2021-09-28T14:27:22Z JIT with VM protected by Azure Firewall Manager https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/jit-with-vm-protected-by-azure-firewall-manager/m-p/2781026#M591 <P>Currently, JIT access is not supported for&nbsp;&nbsp;VM protected by Azure Firewall Manager. When will it be supported or any roadmap?&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tommychoy_0-1632470468321.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/312598i4E4416EF9632B3AC/image-size/medium?v=v2&amp;px=400" role="button" title="Tommychoy_0-1632470468321.png" alt="Tommychoy_0-1632470468321.png" /></span></P><P>&nbsp;</P> Fri, 24 Sep 2021 08:05:26 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/jit-with-vm-protected-by-azure-firewall-manager/m-p/2781026#M591 Tommychoy 2021-09-24T08:05:26Z New Blog Post | Azure Defender PoC Series - Azure Defender for Servers https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2771491#M589 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1632247370230.jpeg" style="width: 682px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311851iAF4EF8C73B5ED562/image-dimensions/682x412?v=v2" width="682" height="412" role="button" title="AshleyMartin_0-1632247370230.jpeg" alt="AshleyMartin_0-1632247370230.jpeg" /></span></P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-servers/ba-p/2767508" target="_blank" rel="noopener">Azure Defender PoC Series - Azure Defender for Servers - Microsoft Tech Community</A></P> <P>This article is part of our Azure Defender PoC Series which provides you with guidelines on how to perform a successful proof of concept for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener">How to Effectively Perform an Azure Security Center PoC</A>.</P> <P>&nbsp;</P> <P>Azure Defender is the Cloud Workload Protection Platform (CWPP) built into Azure Security Center, which provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more.</P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener noreferrer">Azure Defender for Servers</A><SPAN>&nbsp;</SPAN>adds threat detection and advanced defenses for your Windows and Linux machines.</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2771463#M6355" target="_blank" rel="noopener">New Blog Post | Azure Defender PoC Series - Azure Defender for Servers - Microsoft Tech Community</A></P> Tue, 21 Sep 2021 18:13:34 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2771491#M589 AshleyMartin 2021-09-21T18:13:34Z New Blog Post | ASC to find machines affected OMI vulnerabilities in Azure VM Management Extension https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-asc-to-find-machines-affected-omi-vulnerabilities/m-p/2767936#M588 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1632157489239.gif" style="width: 705px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311613iE706476DEE037DF7/image-dimensions/705x476?v=v2" width="705" height="476" role="button" title="AshleyMartin_0-1632157489239.gif" alt="AshleyMartin_0-1632157489239.gif" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/using-asc-to-find-machines-affected-by-omi-vulnerabilities-in/ba-p/2767240" target="_blank" rel="noopener">Using ASC to find&nbsp;machines affected by OMI vulnerabilities in Azure VM Management Extensions - Microsoft Tech Community</A></P> <P>Two weeks ago,&nbsp;Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework:&nbsp; CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.&nbsp;&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>OMI is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Several Azure Virtual Machine (VM) management extensions use this framewor to orchestrate configuration management and log collection on Linux VMs. The remote code execution vulnerability,&nbsp;CVE-2021-38647,&nbsp;only impacts customers using a Linux management solution (on-premises SCOM or Azure Automation State Configuration or Azure Desired State Configuration extension) that enables remote OMI management.&nbsp;&nbsp;</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-asc-to-find-machines-affected-omi-vulnerabilities/m-p/2767911#M6345" target="_blank" rel="noopener">New Blog Post | ASC to find machines affected OMI vulnerabilities in Azure VM Management Extension - Microsoft Tech Community</A></P> Mon, 20 Sep 2021 17:09:02 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-asc-to-find-machines-affected-omi-vulnerabilities/m-p/2767936#M588 AshleyMartin 2021-09-20T17:09:02Z RE: Suspicious incoming RDP: Victim IP - 13.65.113.217 https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/re-suspicious-incoming-rdp-victim-ip-13-65-113-217/m-p/2741416#M579 <P>We received a LOW ASC Alert regarding an attack to 116 IP addresses.&nbsp;&nbsp;</P><P>&nbsp;</P><P>"Network traffic analysis detected anomalous incoming Remote Desktop Protocol (RDP) communication to 13.65.113.217, associated with your resource 4255c1da87924ebda2e54616ea906f74, from multiple sources."</P><P>&nbsp;</P><P>Neither of these incoming IP address nor the Resource are part of our Azure environment.&nbsp; I searched and found the IP is part of MS but not sure about the Compromised Host "4255c1da87924ebda2e54616ea906f74".&nbsp;&nbsp;</P><P>This has been reported as a Brute Force and our CISO is wanting some type of comment regarding the resolution.&nbsp; I see it as a false/positive activity from Microsoft but need to make sure.&nbsp; Has anyone ran into this type of Alert before?</P><P>&nbsp;</P><P>Cheers,</P><P>Serge</P> Fri, 10 Sep 2021 21:42:17 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/re-suspicious-incoming-rdp-victim-ip-13-65-113-217/m-p/2741416#M579 snteran 2021-09-10T21:42:17Z Possible to Disable Defender on individual Storage Accounts? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/possible-to-disable-defender-on-individual-storage-accounts/m-p/2737804#M577 <P>Hi folks,</P><P>&nbsp;</P><DIV>The gist is that we have Azure Defender enabled at a Subscription level.&nbsp; With that comes Advanced Threat Protection for Storage Accounts which is charged&nbsp;per transaction within those Storage Accounts.</DIV><DIV>&nbsp;</DIV><DIV>We have four storage accounts out of 176 that are very highly transactional and the monthly billing for Advanced Threat Protection is close to $1,000.&nbsp; They are internal storage accounts with very limited public exposure so we are not worried about threats&nbsp;within those transactions.&nbsp;&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Our ideal scenario would be to keep Defender enabled at the subscription level for all of our Storage accounts and all future storage accounts but not be billed for (or use) Advanced Threat Protection.&nbsp; It seems like this cmdlet:</DIV><DIV>&nbsp;</DIV><DIV><A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/powershell/module/az.security/disable-azsecurityadvancedthreatprotection?view=azps-6.3.0</A></DIV><DIV>&nbsp;</DIV><DIV>Should do the job, but it does not.&nbsp; Either it does not disable ATP or it does not disable the billing.&nbsp; In either of those cases it does not do what we need.</DIV><DIV>&nbsp;</DIV><DIV>After 2.5 months or trying to work through it the only option I have been given is to disable Defender at the Subscription level for all of our Storage Accounts, and then re-enable the 172 storage accounts that we do want Defender for individually via PS.&nbsp; That will and does work, but it will require overhead on our part to ensure they all stay enabled and that any future accounts are enabled by the creator and none get missed.&nbsp;&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Do we have any other avenues to suppress Advanced Threat Protection on a subset of accounts within a Subscription?&nbsp;&nbsp;</DIV> Thu, 09 Sep 2021 19:38:24 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/possible-to-disable-defender-on-individual-storage-accounts/m-p/2737804#M577 CSP_MO 2021-09-09T19:38:24Z New Blog Post | Sharing access to Workbooks in Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-sharing-access-to-workbooks-in-azure-security/m-p/2736462#M576 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1631196618380.jpeg" style="width: 702px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/309255i733421E58F90B4BC/image-dimensions/702x321?v=v2" width="702" height="321" role="button" title="AshleyMartin_0-1631196618380.jpeg" alt="AshleyMartin_0-1631196618380.jpeg" /></span><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/sharing-access-to-workbooks-in-azure-security-center/ba-p/2666440" target="_blank" rel="noopener">Sharing access to Workbooks in Azure Security Center - Microsoft Tech Community</A></P> <P><A href="#" target="_blank" rel="noopener noreferrer">Azure Workbooks</A><SPAN>&nbsp;</SPAN>are a great way of analyzing and visualizing various data in Azure. Azure Security Center (ASC) provides several built-in workbooks to track your company’s security posture, e.g. Secure Score or regulatory compliance. You can also create your own custom workbook that fits your specific needs or<SPAN>&nbsp;</SPAN><SPAN>deploy&nbsp;</SPAN>one created by the Security Center community from<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">our GitHub repository</A>. You can find<SPAN>&nbsp;</SPAN><SPAN>more</SPAN><SPAN>&nbsp;</SPAN>information about how to set up and use those workbooks in our<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">documentation.</A></P> <P>&nbsp;</P> <P>As a security professional working with ASC, you likely<SPAN>&nbsp;</SPAN><SPAN>already&nbsp;</SPAN>have access to all its features and capabilities.<SPAN>&nbsp;</SPAN><SPAN>O</SPAN>nce in a while, especially when it comes to reporting, you may need to share this information with someone, like your management, who does not know how to use the ASC dashboard or does not have permissions to access it. Today we are going to discuss exactly how to handle this situation. As of this writing (September 2021) ASC provides four out-of-box workbooks that use different data sources for reporting.</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-sharing-access-to-workbooks-in-azure-security/m-p/2736457#M6314" target="_blank" rel="noopener">New Blog Post | Sharing access to Workbooks in Azure Security Center - Microsoft Tech Community</A></P> Thu, 09 Sep 2021 14:13:57 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-sharing-access-to-workbooks-in-azure-security/m-p/2736462#M576 AshleyMartin 2021-09-09T14:13:57Z Monitoring Azure VMWare (AVS) https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/monitoring-azure-vmware-avs/m-p/2733457#M575 <P>What is the recommended approach for monitoring the new AVS with Azure Security Center?</P> Wed, 08 Sep 2021 17:01:05 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/monitoring-azure-vmware-avs/m-p/2733457#M575 Dean Gross 2021-09-08T17:01:05Z New Blog Post | Azure Defender PoC Series - Azure Defender for Kubernetes https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2712119#M573 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1630594742227.jpeg" style="width: 688px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/307640i267E518F8210D123/image-dimensions/688x343?v=v2" width="688" height="343" role="button" title="AshleyMartin_0-1630594742227.jpeg" alt="AshleyMartin_0-1630594742227.jpeg" /></span></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto"><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-kubernetes/ba-p/2711503" target="_blank" rel="noopener">Azure Defender PoC Series - Azure Defender for Kubernetes - Microsoft Tech Community</A></SPAN></P> <P><SPAN data-contrast="auto">In this article, I continue the Azure Defender PoC series by providing you with guidelines and considerations for how to successfully perform a proof of concept for&nbsp;the&nbsp;Azure Defender for Kubernetes&nbsp;plan.&nbsp;For a more holistic approach that involves validating Azure Security Center and Azure Defender, check out&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener"><SPAN data-contrast="none">How to Effectively Perform an Azure Security Center PoC</SPAN></A><SPAN data-contrast="auto">.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2712105#M6291" target="_blank" rel="noopener">New Blog Post | Azure Defender PoC Series - Azure Defender for Kubernetes - Microsoft Tech Community</A></SPAN></P> Thu, 02 Sep 2021 15:08:53 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2712119#M573 AshleyMartin 2021-09-02T15:08:53Z View secure score with only resourcegroup permissions https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/view-secure-score-with-only-resourcegroup-permissions/m-p/2707832#M572 <P>We provide resource groups for each project and bundle them together in a subscription. The project developer only have rights on their corresponding resource group, no rights on subscription level and/or resource groups in the same subscription which not belong to their projects.</P><P>now we have the problem, that these developer can't see the secure score for their resource group. only when we give them "security reader" permission on subscription level they can see the secure score, but they also can see all other resources/resource groups to which they don't need access.</P><P>&nbsp;</P><P>so this is kind of a feature request to view the secure score for whom someone has access to in a subscription, but don't give them any permission on resources they don't need access to in the same subscription.</P> Wed, 01 Sep 2021 14:49:16 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/view-secure-score-with-only-resourcegroup-permissions/m-p/2707832#M572 sveneddi 2021-09-01T14:49:16Z New Blog Post | Azure Defender PoC Series - Azure Defender for Container Registries https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2689359#M570 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1630003993376.png" style="width: 685px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/306075iA7A8FD14F35309F2/image-dimensions/685x266?v=v2" width="685" height="266" role="button" title="AshleyMartin_0-1630003993376.png" alt="AshleyMartin_0-1630003993376.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-container/ba-p/2603615" target="_blank" rel="noopener">Azure Defender PoC Series - Azure Defender for Container Registries - Microsoft Tech Community</A></P> <P>This article is part of our Azure Defender PoC Series which provides you with guidelines on how to perform a successful proof of concept for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read<SPAN>&nbsp;</SPAN><A title="How to effectively perform an Azure Security Center Poc" href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener">How to Effectively Perform an Azure Security Center PoC</A>.</P> <P>&nbsp;</P> <P>Azure Defender is the Cloud Workload Protection Platform (CWPP) built into Azure Security Center, which provides advanced threat detection and alerting for all kinds of hybrid and multi-cloud workloads, including servers and virtual machines, SQL databases, Storage, Containers and Kubernetes, Key Vaults, Web Applications, DNS, and Azure Resource Manager.</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2689348#M6255" target="_blank" rel="noopener">New Blog Post | Azure Defender PoC Series - Azure Defender for Container Registries - Microsoft Tech Community</A></P> Thu, 26 Aug 2021 18:56:24 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for/m-p/2689359#M570 AshleyMartin 2021-08-26T18:56:24Z New Blog Post | Meeting the Cybersecurity Executive Order requirements with Azure Security https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-meeting-the-cybersecurity-executive-order/m-p/2684355#M566 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1629908663937.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/305684i84796C049DA7BB0E/image-size/medium?v=v2&amp;px=400" role="button" title="AshleyMartin_0-1629908663937.png" alt="AshleyMartin_0-1629908663937.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/meeting-the-cybersecurity-executive-order-requirements-with/ba-p/2683561" target="_blank" rel="noopener">Meeting the Cybersecurity Executive Order requirements with Azure Security - Microsoft Tech Community</A></P> <P><STRONG>Azure Security Center (ASC)</STRONG><SPAN>&nbsp;</SPAN>is a unified infrastructure security management system that strengthens the security posture of your data centers.<SPAN>&nbsp;</SPAN><STRONG>Azure Defender</STRONG>, part of Azure Security Center, provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.</P> <P>&nbsp;</P> <P><STRONG>Azure Sentinel</STRONG>, our cloud-native security information event management (SIEM)&nbsp;and&nbsp;security orchestration automated response (SOAR)&nbsp;solution, is deeply integrated with Azure Security Center and provides security information event management and security orchestration automated response.&nbsp;</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-meeting-the-cybersecurity-executive-order/m-p/2684342#M6248" target="_blank" rel="noopener">New Blog Post | Meeting the Cybersecurity Executive Order requirements with Azure Security - Microsoft Tech Community</A></P> Wed, 25 Aug 2021 16:31:07 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-meeting-the-cybersecurity-executive-order/m-p/2684355#M566 AshleyMartin 2021-08-25T16:31:07Z New Blog Post | Validating Azure Defender for App Service Alerts https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-validating-azure-defender-for-app-service-alerts/m-p/2680094#M565 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1629823725152.png" style="width: 659px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/305394i7952DDC4E45BDC2F/image-dimensions/659x392?v=v2" width="659" height="392" role="button" title="AshleyMartin_0-1629823725152.png" alt="AshleyMartin_0-1629823725152.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/validating-azure-defender-for-app-service-alerts/ba-p/2656230" target="_blank" rel="noopener">Validating Azure Defender for App Service Alerts - Microsoft Tech Community</A></P> <P><SPAN>Azure Defender for App Service helps organizations be more secure by providing dedicated security analytics for your App Service resources. The purpose of this article is to provide specific guidance on how to validate Azure Defender for App Service alerts, by simulating a suspicious activity on applications running over App Service.&nbsp;</SPAN></P> <P><SPAN>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post/m-p/2680083#M6225" target="_blank" rel="noopener">New Blog Post | - Microsoft Tech Community</A></SPAN></P> Tue, 24 Aug 2021 16:54:06 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-validating-azure-defender-for-app-service-alerts/m-p/2680094#M565 AshleyMartin 2021-08-24T16:54:06Z LAW Architecture for Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/law-architecture-for-security-center/m-p/2678711#M564 <P>There are two options how to set up the LAWs for the Security Center. By default, when onboarding the subscription in the Security Center, a separate LAW is created for each subscription. Microsoft also allows you to define your own (central) LAW.<BR />Which option should be considered considering to have security logs and monitoring/performance logs? What is the difference? Can I give a Log Analytic Agent two different destinations (one for ASC Security Logs and one for Azure Monitor Logs)?</P> Tue, 24 Aug 2021 11:09:46 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/law-architecture-for-security-center/m-p/2678711#M564 msmotto21 2021-08-24T11:09:46Z New Blog Post | Azure Defender PoC Series – Azure Defender for SQL https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-sql/m-p/2666718#M562 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1629400071644.png" style="width: 699px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/304516i9ECF0D26CC1EAB46/image-dimensions/699x243?v=v2" width="699" height="243" role="button" title="AshleyMartin_0-1629400071644.png" alt="AshleyMartin_0-1629400071644.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-sql/ba-p/2657459" target="_blank" rel="noopener">Azure Defender PoC Series – Azure Defender for SQL - Microsoft Tech Community</A></P> <P>This article is a continuation of Azure Defender PoC Series which provides you guidelines on how to perform a proof of concept for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read <A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener">How to Effectively Perform an Azure Security Center PoC</A><SPAN> article</SPAN>.&nbsp;</P> <P>&nbsp;</P> <P>There can be many security vulnerabilities in databases that are sometimes taken advantage of by malicious actors. According to the<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Github 2020 report</A>, a vulnerability typically goes undetected for 218 weeks (just over four years) before being disclosed and fixed. Injection attacks, such as those on SQL and NoSQL, are among the most popular types of cyberattacks for web applications (as per<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener nofollow noreferrer">OWASP Top 10</A>).</P> <P>SQL Injection attacks, brute-force attacks, SQL shell OS attacks leading to crypto-mining and ransomware, can be detected and remediated by the<SPAN>&nbsp;</SPAN><STRONG>Azure Defender for SQL plan</STRONG>.</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-poc-series-azure-defender-for-sql/m-p/2666699" target="_blank" rel="noopener">New Blog Post | Azure Defender PoC Series – Azure Defender for SQL - Microsoft Tech Community</A></P> Thu, 19 Aug 2021 19:20:16 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-sql/m-p/2666718#M562 AshleyMartin 2021-08-19T19:20:16Z License on-premise defender for server VMs https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/license-on-premise-defender-for-server-vms/m-p/2665404#M559 <P>Hi,&nbsp;</P><P>i would like to know if someone can tell me how do i have to license defender for endpoint (server) on a on-premises virtual machine? In Azure the defender is licensed via ASC standard plan. How does it work? Kind Regards</P><P>Sebastian</P> Thu, 19 Aug 2021 14:16:23 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/license-on-premise-defender-for-server-vms/m-p/2665404#M559 msmotto21 2021-08-19T14:16:23Z New Blog Post | How and why enforce Azure Defender plans with newly released Azure policies https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-how-and-why-enforce-azure-defender-plans-with/m-p/2657565#M558 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1629226584707.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/303856i88BACA91EF122CE0/image-size/medium?v=v2&amp;px=400" role="button" title="AshleyMartin_0-1629226584707.png" alt="AshleyMartin_0-1629226584707.png" /></span></P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-and-why-enforce-azure-defender-plans-with-newly-released/ba-p/2640146" target="_blank">How and why enforce Azure Defender plans with newly released Azure policies - Microsoft Tech Community</A></P> <P>The security posture of an enterprise relies on the three pillars<SPAN>&nbsp;</SPAN><STRONG>PROTECTION, DETECTION &amp; RESPONSE.</STRONG><SPAN>&nbsp;</SPAN>Azure is designed to strengthen all three pillars by providing a Cloud Security Posture Management Tool, Azure Security Center &amp; a Cloud Workload Protection tool, Azure Defender.</P> <P>&nbsp;</P> <P>The security posture is assessed by a defined set of<SPAN>&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/security-controls-in-asc-secure-score-series-overview/ba-p/1358556" target="_blank" rel="noopener">security controls</A><SPAN>&nbsp;</SPAN>with underlying recommendations on security configurations which make up the secure score of an organization for all subscriptions where Security Center is enabled. Microsoft recommends to keep the<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">secure score</A><SPAN>&nbsp;</SPAN>to 100% so you can be sure your cloud environment is secure and your resources are protected proactively</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-how-and-why-enforce-azure-defender-plans-with/m-p/2657550#M6195" target="_blank" rel="noopener">New Blog Post | How and why enforce Azure Defender plans with newly released Azure policies - Microsoft Tech Community</A></P> Tue, 17 Aug 2021 19:29:47 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-how-and-why-enforce-azure-defender-plans-with/m-p/2657565#M558 AshleyMartin 2021-08-17T19:29:47Z New Blog Post | Azure Defender PoC Series – Azure Defender for App Service https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-app/m-p/2653638#M555 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1629140463338.png" style="width: 706px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/303582i0CDBDCFF754EEFBE/image-dimensions/706x409?v=v2" width="706" height="409" role="button" title="AshleyMartin_0-1629140463338.png" alt="AshleyMartin_0-1629140463338.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-app-service/ba-p/2652443" target="_blank" rel="noopener">Azure Defender PoC Series – Azure Defender for App Service - Microsoft Tech Community</A></P> <P><SPAN>The purpose of this article is to provide specific guidelines on how to perform a proof of concept (PoC) for Azure Defender for App Service. This article is part a series of articles, called&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/bg-p/AzureSecurityCenterBlog" target="_blank" rel="noopener">The Azure Defender PoC Series</A><SPAN>, each providing specific guidelines on how to perform a proof of concept (PoC) for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read the&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener">How to Effectively Perform an Azure Security Center PoC</A><SPAN>&nbsp;article.</SPAN></P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-app-service/ba-p/2652443" target="_blank" rel="noopener">Azure Defender PoC Series – Azure Defender for App Service - Microsoft Tech Community</A></P> Mon, 16 Aug 2021 19:10:18 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-app/m-p/2653638#M555 AshleyMartin 2021-08-16T19:10:18Z New Blog Post | Azure Defender PoC Series – Azure Defender for Key Vault https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-key/m-p/2642815#M553 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1628800413021.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302876i6C2D217892DFBC4C/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1628800413021.png" alt="JasonCohen1892_0-1628800413021.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-poc-series-azure-defender-for-key-vault/ba-p/2641138" target="_blank" rel="noopener">Azure Defender PoC Series – Azure Defender for Key Vault - Microsoft Tech Community</A></P> <P>This Azure Defender PoC Series provides guidelines on how to perform a proof of concept for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read<SPAN>&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-effectively-perform-an-azure-security-center-poc/ba-p/516874" target="_blank" rel="noopener">How to Effectively Perform an Azure Security Center PoC</A><SPAN>&nbsp;</SPAN>article.</P> <P>Azure Key Vault is used to store and access secrets, such as API keys, passwords, certificates, or cryptographic keys. Having critical data makes it a priority to maximize the threat protection of the vaults that can be provided with the security intelligence of Azure Defender for Key Vault.</P> <P>&nbsp;</P> <P>Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-blog-post-azure-defender-poc-series-azure-defender-for-key/m-p/2642813#M6187" target="_blank" rel="noopener">New Blog Post | Azure Defender PoC Series – Azure Defender for Key Vault - Microsoft Tech Community</A></P> Thu, 12 Aug 2021 20:34:45 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-defender-poc-series-azure-defender-for-key/m-p/2642815#M553 JasonCohen1892 2021-08-12T20:34:45Z Is it ok to remove azure default initiative and use the azure benchmark? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/is-it-ok-to-remove-azure-default-initiative-and-use-the-azure/m-p/2642194#M552 <P>Hi All,</P><P>&nbsp;</P><P>We have an issue using both initiatives from the security center since both show the same recommendations.&nbsp;</P><P>&nbsp;</P><P>So we got the idea to use the azure benchmark as a policy initiative. WDYT?</P> Thu, 12 Aug 2021 17:55:05 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/is-it-ok-to-remove-azure-default-initiative-and-use-the-azure/m-p/2642194#M552 ShihanSuhail 2021-08-12T17:55:05Z Freshness Interval https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/freshness-interval/m-p/2605315#M550 <P>Hello all,</P><P>&nbsp;</P><P>Just curious of you guys' freshness interval for recommendations in Azure SC. We're seeing quite a bit more than 30 minutes. One of my devs joked that it took 30 hours. We're going into our sprint review often with stale information. Any recommendations? Is there a force refresh?</P> Tue, 03 Aug 2021 15:37:03 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/freshness-interval/m-p/2605315#M550 saedarm 2021-08-03T15:37:03Z Defender for Server capability comparison https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/defender-for-server-capability-comparison/m-p/2599732#M549 <P><SPAN>Does anyone have a detailed technical and financial comparison of Azure Defender for Server and Defender for Endpoint </SPAN></P> Mon, 02 Aug 2021 20:30:07 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/defender-for-server-capability-comparison/m-p/2599732#M549 Dean Gross 2021-08-02T20:30:07Z Problems with Qualys vulnerability https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/problems-with-qualys-vulnerability/m-p/2594470#M546 <P><BR />Hello everyone, everything good? I've been using qualys a lot for vulnerability management and I've noticed that it limits the amount of alerts to a maximum of 1000, divided between low, medium or high. As much as the main dashboard in the computers tab the number of vulnerabilities is higher, it limits it to 1000. Has anyone been through this? Is there a way to change? Another problem I've been facing is that sometimes I choose a specific subscription and when generating the report by qualys it doesn't generate with some RG's. Thanks</P> Wed, 28 Jul 2021 20:11:29 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/problems-with-qualys-vulnerability/m-p/2594470#M546 mlcaffaro 2021-07-28T20:11:29Z Qualys vulnerability report https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/qualys-vulnerability-report/m-p/2563170#M539 <P>Hello everyone, everything good? Does anyone happen to tell me how often by default qualys generates the vulnerability report? I updated some machines on the 18th and when checking the status I noticed that the last vulnerability report is from the 17th. Is there a way to force the generation or change the interval if I want?</P> Mon, 19 Jul 2021 16:35:52 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/qualys-vulnerability-report/m-p/2563170#M539 mlcaffaro 2021-07-19T16:35:52Z Vulnerability issues with CENTOS 7 VMs https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/vulnerability-issues-with-centos-7-vms/m-p/2550208#M535 <P>We've got a bunch of CENTOS 7 servers in our environment.&nbsp; &nbsp; Recently we've started using Security Center to try and make sure our servers are secure and we've got a lot of remediation work to do.&nbsp; However, we're thinking that a bunch of these CENTOS alerts we are getting are false positives.&nbsp; &nbsp;Our CENTOS Servers are patched to the latest and greatest updates.&nbsp; In fact, when I click on your remediation links, it tells me I need to be at the kernel&nbsp;<STRONG>3.10.0-1160.31.1.el7.x86_64.&nbsp; &nbsp;</STRONG>&nbsp; &nbsp;</P><P>&nbsp;</P><P>When I go to my CENTOS servers and run a yum -y update to see if there are any updates for these servers, they are completely up to date and when I run a uname -a, the kernel information comes back with this:&nbsp;&nbsp;<STRONG>3.10.0-1160.31.1.el7.x86_64</STRONG>&nbsp; so I know we are on the latest and greatest kernel, despite the fact that Azure is telling us we need to update our kernel for security purposes.&nbsp;</P><P>&nbsp;</P><P>So, I'm not sure what to do at this point.&nbsp; &nbsp;Is there a way for me to modify the alert so it can be resolved?&nbsp; &nbsp;Do I open a ticket with Azure to let them know that it appears there's a problem?&nbsp; Attached is a sample screenshot of what I'm seeing.&nbsp; &nbsp;I haven't started investigating the Oracle Java SE stuff yet, just working on the CENTOS Security stuff.&nbsp; &nbsp;</P><P>&nbsp;</P><P>Please advise.&nbsp;</P><P>&nbsp;</P><P>Matt&nbsp;</P> Thu, 15 Jul 2021 00:37:52 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/vulnerability-issues-with-centos-7-vms/m-p/2550208#M535 mraymus 2021-07-15T00:37:52Z Azure Resource Graph Explorer https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-resource-graph-explorer/m-p/2548923#M532 <P>Hello everyone, everything good? Could someone let me know if there is any way to get a qualys vulnerability assessment report that appears separated by hostname? I don't know if I'm doing it right but I go into Azure Resource Graph Explorer and generate it there.</P> Wed, 14 Jul 2021 19:31:05 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-resource-graph-explorer/m-p/2548923#M532 mlcaffaro 2021-07-14T19:31:05Z Azure Defender for App Services https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-app-services/m-p/2520612#M528 <P>Hello Team,</P> <P>Does we have any guide how to trigger Azure Defender for App Services alerts? I am trying my own but I was not able to.</P> Tue, 06 Jul 2021 18:25:47 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-app-services/m-p/2520612#M528 RonaldoCosta 2021-07-06T18:25:47Z Azure Security Center Newsletter https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-newsletter/m-p/2501461#M524 <P style="margin: 0in;"><SPAN style="font-family: 'Segoe UI'; font-size: 10.5pt;">Subscribe to our </SPAN><SPAN style="font-family: Calibri; font-size: 11.0pt;">Azure Security Center and Azure Defender monthly n</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 10.5pt;">ewsletter to keep up to date on helpful tips and new releases: </SPAN><A href="#" target="_blank"><SPAN style="font-family: Calibri; font-size: 11.0pt;">https://aka.ms/ASCNewsSubscribe</SPAN></A></P> Wed, 30 Jun 2021 12:01:20 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-newsletter/m-p/2501461#M524 Stanislav Belov 2021-06-30T12:01:20Z Container scanning on private registry https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/container-scanning-on-private-registry/m-p/2475230#M517 <P>Hi was looking if there are known plans to support private container registries in Security Center. Perhaps via a service connection?</P> Wed, 23 Jun 2021 13:50:57 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/container-scanning-on-private-registry/m-p/2475230#M517 LA1976 2021-06-23T13:50:57Z Product feedback https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/product-feedback/m-p/2471957#M516 <DIV class="lia-message-subject-wrapper lia-component-subject lia-component-message-view-widget-subject-with-options"><SPAN style="font-family: inherit;">Hi all,&nbsp;</SPAN><SPAN style="font-family: inherit;">We would&nbsp;love for&nbsp;you&nbsp;to share your thoughts, feedback, and experiences using Azure Defender.</SPAN><SPAN style="font-family: inherit;">&nbsp;</SPAN></DIV> <DIV id="bodyDisplay" class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"> <DIV class="lia-message-body-content"> <P>&nbsp;</P> <P data-unlink="true">You can share them on Gartner Peer Insights by using<SPAN>&nbsp;</SPAN><A href="#" target="_self">this link</A>.&nbsp;<SPAN>Your review will help us get the word out and continue to improve our solution. Thanks!</SPAN><SPAN>&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>And if you have any questions or comments, let me know!</SPAN></P> </DIV> </DIV> Tue, 22 Jun 2021 20:26:03 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/product-feedback/m-p/2471957#M516 nataliagodyla 2021-06-22T20:26:03Z Exempt resource reported in "Container images should be deployed from trusted registries" https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/exempt-resource-reported-in-quot-container-images-should-be/m-p/2426325#M509 <P>Hello,</P><P>&nbsp;</P><P>I have K8S cluster reporting under the alert&nbsp;Container images should be deployed from trusted registries and there is <SPAN>exempt&nbsp;</SPAN>option available. How to create an exception for the reported resources.&nbsp;</P> Tue, 08 Jun 2021 13:20:54 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/exempt-resource-reported-in-quot-container-images-should-be/m-p/2426325#M509 Karthick_G 2021-06-08T13:20:54Z Search ASC alerts using KQL https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/search-asc-alerts-using-kql/m-p/2423980#M507 <P>We have several alerts that have been generated in Azure Security Center and all have been marked as "Dismiss".&nbsp; Unfortunately I'm not able to see who has marked them as "Dismiss".&nbsp; I was hoping to run a KQL query to review the alert and find perhaps a column with information regarding the audit trail.</P><P>I have checked the SecurityAlert table and it shows no results.</P><P>&nbsp;</P><P>Please advise,</P><P>&nbsp;</P><P>Serge</P><P>&nbsp;</P> Mon, 07 Jun 2021 21:52:49 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/search-asc-alerts-using-kql/m-p/2423980#M507 snteran 2021-06-07T21:52:49Z ASC - Azure Defender for SQL - Is it possible to Target Specific Resources for protection? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-azure-defender-for-sql-is-it-possible-to-target-specific/m-p/2414637#M503 <P>Good evening all!</P><P>I have have Azure defender for "SQL servers on machines" enabled on my primary Log Analytics workspace...</P><P>I have discovered that instances of SQL running on developer machines and other instances that I prefer not to monitor and be billed for in ASC have been included. I would prefer to stop "protecting" them and target only a specific set of SQL instances in my workspace...</P><P>&nbsp;</P><P><STRONG>Will "Solution targeting" within the SQLAdvancedThreatProtection and SQLVulnerabilityAssessment solutions within that workspace allow me to scope coverage and then eliminate the meter charges in Azure for the defender security services?</STRONG></P><P><STRONG>Is there an alternative approach I am missing?</STRONG></P><P>&nbsp;</P><P>Thank you for your time and consideration, and I think this product is AMAZING!</P> Thu, 03 Jun 2021 22:50:54 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-azure-defender-for-sql-is-it-possible-to-target-specific/m-p/2414637#M503 Austin Ayers 2021-06-03T22:50:54Z Azure Secure Score - endpoint protection https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-secure-score-endpoint-protection/m-p/2388767#M498 <P>One of the default checks is for endpoint protection on endpoints for defender. I don't use defender for AV on endpoints so I was wondering if Azure secure score can be configured to look for different AV products on endpoints and if so where that configuration might live at within Azure. I've reviewed the whitepapers related to what regkey its looking for but I've found nothing as far as where you can configure it to look at different products.</P> Wed, 26 May 2021 19:46:20 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-secure-score-endpoint-protection/m-p/2388767#M498 NotARobot 2021-05-26T19:46:20Z New Video | Enable MFA Security Control in Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-video-enable-mfa-security-control-in-azure-security-center/m-p/2384856#M495 <P><SPAN class="style-scope yt-formatted-string">In this video, Bojan Magusic walks you through the Enable MFA security control in Azure Security Center. </SPAN></P> <P>&nbsp;</P> <P><SPAN class="style-scope yt-formatted-string">Presenter: Bojan Magusic </SPAN></P> <P>&nbsp;</P> <P><SPAN class="style-scope yt-formatted-string">The resource referenced in the video can be found at <A href="#" target="_blank" rel="noopener">Azure Security Center's security recommendations for MFA | Microsoft Docs</A></SPAN><SPAN class="style-scope yt-formatted-string">&nbsp;and be sure to check out the accompanying blog post at </SPAN><A class="yt-simple-endpoint style-scope yt-formatted-string" dir="auto" spellcheck="false" href="#" target="_blank" rel="nofollow noopener">https://aka.ms/ASC/SecControls</A><SPAN class="style-scope yt-formatted-string">. </SPAN></P> <P>&nbsp;</P> <P><SPAN class="style-scope yt-formatted-string">For more content like this, subscribe, and join the Microsoft Security Community by visiting </SPAN><A class="yt-simple-endpoint style-scope yt-formatted-string" dir="auto" spellcheck="false" href="#" target="_blank" rel="nofollow noopener">https://aka.ms/SecurityCommunity</A><SPAN class="style-scope yt-formatted-string">.</SPAN></P> <P>&nbsp;</P> <P><SPAN class="style-scope yt-formatted-string">Original Post:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-video-enable-mfa-security-control-in-azure-security-center/m-p/2384854#M5870" target="_blank" rel="noopener">New Video | Enable MFA Security Control in Azure Security Center - Microsoft Tech Community</A></SPAN></P> Tue, 25 May 2021 17:33:41 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-video-enable-mfa-security-control-in-azure-security-center/m-p/2384856#M495 JasonCohen1892 2021-05-25T17:33:41Z Can i have security center CSPM capabilities for AWS and GCP as well? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/can-i-have-security-center-cspm-capabilities-for-aws-and-gcp-as/m-p/2377778#M490 <P>Hi Guys,</P><P>&nbsp;</P><P>Can somebody help me to understand my below query?</P><P>&nbsp;</P><P>I understand as part of ASC CWPP, security center protects the workloads of AWS and GCP with the help of Azure Arc. However I doubt is security center CSPM capabilities extended even for AWS or GCP?</P><P>&nbsp;</P><P>Please confirm whether ASC CSPM is applicable to AWS and GCP or not?</P><P>&nbsp;</P><P>&nbsp;</P><P>Looking forward to hearing the response for this?</P><P>&nbsp;</P><P>Thank you very much in advance.</P><P>&nbsp;</P><P>Mahesh.</P> Sat, 22 May 2021 12:03:52 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/can-i-have-security-center-cspm-capabilities-for-aws-and-gcp-as/m-p/2377778#M490 maheshcapj 2021-05-22T12:03:52Z Recommendations for securing azure data lake https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/recommendations-for-securing-azure-data-lake/m-p/2377767#M489 <DIV>I'm going to be meeting with a hospital next week to discuss securing their data warehouse project in azure data lake. Can anyone point me to any resources that I should review to learn more about the unique aspects of this type of project?</DIV> Sat, 22 May 2021 12:03:18 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/recommendations-for-securing-azure-data-lake/m-p/2377767#M489 Dean Gross 2021-05-22T12:03:18Z Assessing API Security Configuration https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/assessing-api-security-configuration/m-p/2350966#M488 <DIV>What is the recommended approach for comparing&nbsp; the current configuration to the recommended security baselines from MS for the API Management and the Application Gateway services?</DIV><DIV>&nbsp;</DIV><DIV>Many of recommendations are not covered by ASC, do we have to do this manually or is the an automated tool somewhere that I have not found?</DIV> Thu, 13 May 2021 13:46:51 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/assessing-api-security-configuration/m-p/2350966#M488 Dean Gross 2021-05-13T13:46:51Z API Management monitoring https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/api-management-monitoring/m-p/2322686#M481 <P>I'm curious, can anyone tell me why the none of these best practices for monitoring the API gateway are included in ASC?&nbsp;<A href="#" target="_blank">https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security-baseline</A></P> Tue, 04 May 2021 16:48:39 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/api-management-monitoring/m-p/2322686#M481 Dean Gross 2021-05-04T16:48:39Z Azure Security Centre and Sentinel sharing LAW https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-centre-and-sentinel-sharing-law/m-p/2319829#M479 <P>I have a question and am hoping someone can clarify something for me. We are working on a project deploying Azure Security Centre and Azure Defender (leveraging Qualys scanning engine) for vulnerability scanning capability, and consolidate the logs and metrics to a centralised Log Analytics Workspace. We also have a Sentinel project using its own Log Analytics Workspace. Am i correct in saying that when we deploy the LAW agents and Qualys agent it should be pointing to the same central log analytics that Sentinel uses? Or should it be using another Log Analytics Workspace and then use the connector to Sentinel?&nbsp;The Sentinel Project is looking for clarification why we should be using the Sentinel LAW instead of our own.</P> Tue, 04 May 2021 01:15:22 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-centre-and-sentinel-sharing-law/m-p/2319829#M479 Justinvw123CT 2021-05-04T01:15:22Z IMPORTANT ASC WEBINAR UPDATE! https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/important-asc-webinar-update/m-p/2299505#M477 <DIV><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1619553463485.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/276070iC07397309E091839/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1619553463485.png" alt="JasonCohen1892_0-1619553463485.png" /></span> <P><SPAN><STRONG>IMPORTANT:</STRONG></SPAN><SPAN> Due to unforeseen logistical issues, we will be postponing the session of </SPAN><SPAN><STRONG>Better together: Azure Security Center and Defender for Endpoints</STRONG></SPAN><SPAN> for this year's summer. Instead, we will have a live session on </SPAN><SPAN><STRONG>Demystifying Azure Defender Once for All.</STRONG></SPAN></P> <P><SPAN>If you have already registered for the April 29, 2021 session, there are no actions for you to attend the new webinar session of "</SPAN><SPAN><STRONG>Demystifying Azure Defender Once for All</STRONG></SPAN><SPAN>." We will communicate the new date for the </SPAN><SPAN><STRONG>Better together: Azure Security Center and Defender for Endpoints</STRONG></SPAN><SPAN> session in our webinar registration page at </SPAN><A tabindex="-1" title="https://aka.ms/securitywebinars" href="#" target="_blank" rel="noreferrer noopener"><SPAN>https://aka.ms/SecurityWebinars</SPAN></A><SPAN>. We apologize for any inconvenience.</SPAN></P> <P>&nbsp;</P> <P><STRONG>April 29, 2021 -&nbsp;</STRONG><SPAN><STRONG>Azure Security Center | Demystifying Azure Defender Once for All</STRONG></SPAN></P> <P><SPAN>Description: What does Azure Defender include? Is Azure Defender a whole new offering? Can I enable Azure Defender just for some servers? With the introduction of Azure Defender as the upgraded version of Azure Security Center, many of these questions were raised. This presentation will cover answers to all these questions and show a comprehensive approach to lead discussions around Azure Defender adoption and general architecture guidance.</SPAN></P> <P><SPAN>Session Takeaways:</SPAN></P> <P><SPAN>- Understanding CSPM and CWPP capabilities from Azure Security Center and Azure Defender</SPAN></P> <P><SPAN>- Understanding Azure Defender threat detection options</SPAN></P> <P><SPAN>- Design an Azure Defender solution based on customer's needs</SPAN></P> <P><SPAN><STRONG>Presenters:</STRONG> Safeena Begum &amp; Yuri Diogenes.</SPAN></P> <DIV>&nbsp;</DIV> <DIV><SPAN>For registration visit </SPAN><A tabindex="-1" title="https://aka.ms/securitywebinars" href="#" target="_blank" rel="noreferrer noopener"><SPAN>https://aka.ms/SecurityWebinars</SPAN></A><SPAN>.</SPAN></DIV> <P>&nbsp;</P> </DIV> Tue, 27 Apr 2021 19:58:45 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/important-asc-webinar-update/m-p/2299505#M477 JasonCohen1892 2021-04-27T19:58:45Z IMPORTANT UPDATE: Public Security Community Webinars This Week - 4/26/21 https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/important-update-public-security-community-webinars-this-week-4/m-p/2294594#M476 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1619467460089.jpeg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275646iEEFF98B0E90A8B00/image-size/large?v=v2&amp;px=999" role="button" title="JasonCohen1892_0-1619467460089.jpeg" alt="JasonCohen1892_0-1619467460089.jpeg" /></span></P> <P><STRONG>Register at:&nbsp;</STRONG><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/security-community-webinars/ba-p/927888" target="_blank" rel="noopener">Security Community Webinars - Microsoft Tech Community</A></P> <P>&nbsp;</P> <P><STRONG>April 28, 2021 - Azure Security Center |&nbsp;Automate(d) Security with Azure Security Center and Logic Apps</STRONG></P> <P>Description: Azure Security Center offers several automation capabilities that help you protect and secure your cloud estate, gain visibility into alerts and security posture, and react to threats once they occur. In this webinar, Nicholas and Tom will guide you through the variety of Azure Security Center automation options and share ideas for your own automation based on Logic Apps, Workflow Automation, REST APIs, Continuous Export, and KQL.</P> <P><STRONG>Presenters:</STRONG> Nicholas DiCola &amp; Tom Janetscheck</P> <P>&nbsp;</P> <DIV> <P><SPAN><STRONG>IMPORTANT:</STRONG></SPAN><SPAN> Due to unforeseen logistical issues, we will be postponing the session of </SPAN><SPAN><STRONG>Better together: Azure Security Center and Defender for Endpoints</STRONG></SPAN><SPAN> for this year's summer. Instead, we will have a live session on </SPAN><SPAN><STRONG>Demystifying Azure Defender Once for All.</STRONG></SPAN></P> <P><SPAN>If you have already registered for the April 29, 2021 session, there are no actions for you to attend the new webinar session of "</SPAN><SPAN><STRONG>Demystifying Azure Defender Once for All</STRONG></SPAN><SPAN>." We will communicate the new date for the </SPAN><SPAN><STRONG>Better together: Azure Security Center and Defender for Endpoints</STRONG></SPAN><SPAN> session in our webinar registration page at </SPAN><A tabindex="-1" title="https://aka.ms/securitywebinars" href="#" target="_blank" rel="noreferrer noopener"><SPAN>https://aka.ms/SecurityWebinars</SPAN></A><SPAN>. We apologize for any inconvenience.</SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG>April 29, 2021 -</STRONG>&nbsp;</SPAN><SPAN><STRONG>Azure Security Center | Demystifying Azure Defender Once for All</STRONG></SPAN></P> <P><SPAN>Description: What does Azure Defender include? Is Azure Defender a whole new offering? Can I enable Azure Defender just for some servers? With the introduction of Azure Defender as the upgraded version of Azure Security Center, many of these questions were raised. This presentation will cover answers to all these questions and show a comprehensive approach to lead discussions around Azure Defender adoption and general architecture guidance.</SPAN></P> <P><SPAN>Session Takeaways:</SPAN></P> <P><SPAN>- Understanding CSPM and CWPP capabilities from Azure Security Center and Azure Defender</SPAN></P> <P><SPAN>- Understanding Azure Defender threat detection options</SPAN></P> <P><SPAN>- Design an Azure Defender solution based on customer's needs</SPAN></P> <P><SPAN><STRONG>Presenters: Safeena Begum &amp; Yuri Diogenes</STRONG></SPAN></P> <P>&nbsp;</P> </DIV> Tue, 27 Apr 2021 19:51:33 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/important-update-public-security-community-webinars-this-week-4/m-p/2294594#M476 JasonCohen1892 2021-04-27T19:51:33Z Enroll only selected servers in Azure Defender https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/enroll-only-selected-servers-in-azure-defender/m-p/2267722#M469 <P>Hi Team,</P><P>&nbsp;</P><P>I have a existing LA Workspace which I use for Sentinel, so the MMA is installed on our on-premise servers.</P><P>Now I would like to enable this workspace in Azure Defender, but I'll only want to add some of the servers in Azure Defender(paid version), is there any way to do this or do you need another workspace for the servers I would like to add to Azure Defender?</P> Mon, 12 Apr 2021 11:18:28 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/enroll-only-selected-servers-in-azure-defender/m-p/2267722#M469 khelbo 2021-04-12T11:18:28Z New Blog Post | Updates to Azure Arc enabled Kubernetes https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-updates-to-azure-arc-enabled-kubernetes/m-p/2261569#M466 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_1-1617897982990.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271124i56F37E33B0841BB4/image-size/large?v=v2&amp;px=999" role="button" title="JasonCohen1892_1-1617897982990.png" alt="JasonCohen1892_1-1617897982990.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-arc/updates-to-azure-arc-enabled-kubernetes/ba-p/2257140" target="_blank" rel="noopener">Updates to Azure Arc enabled Kubernetes - Microsoft Tech Community</A></P> <P><SPAN data-contrast="auto">The Azure Arc team is excited to bring a new set of capabilities to preview! In the new Azure Arc enabled Kubernetes 1.1 release customers may now turn on additional Azure integrated services&nbsp;for your Azure Arc enabled clusters&nbsp;using&nbsp;the Azure Portal, CLI or&nbsp;REST&nbsp;APIs.&nbsp;These new extension APIs give customers a unified way to turn on additional cluster services and the Azure Arc platform takes care of installing and updating those integrations over time.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG>Release Notes:</STRONG> <A href="#" target="_blank" rel="noopener">Release notes for Azure Security Center | Microsoft Docs</A><BR /><BR /><STRONG>Official Docs:</STRONG> <A href="#" target="_blank" rel="noopener">Protect hybrid and multi-cloud Kubernetes deployments with Azure Defender for Kubernetes | Microsoft Docs</A></P> Thu, 08 Apr 2021 16:10:53 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-updates-to-azure-arc-enabled-kubernetes/m-p/2261569#M466 JasonCohen1892 2021-04-08T16:10:53Z Azure CIS policies with ADDS Joined VMs https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-cis-policies-with-adds-joined-vms/m-p/2257471#M465 <P>I'm having problems with 2 specific CIS policies that I can't seems to remediate.</P><P>&nbsp;</P><P>The 2 policies are as follows;</P><P>1.&nbsp;<SPAN>CCE-37167-4 --&nbsp;Ensure 'Maximum password age' is set to '70 or fewer days, but not 0'</SPAN></P><P><SPAN>2.&nbsp;CCE-36534-6 --&nbsp;Ensure 'Minimum password length' is set to '14 or more character(s)'</SPAN></P><P>&nbsp;</P><P><SPAN>As my VMs are domain joined to an ADDS managed domain these two (2) settings are inherited from them and are not changeable from what I've read. I have also tried to influence these values from O365 admin portal with no resolve.</SPAN></P><P>&nbsp;</P><P><SPAN>My question is how do I remediate these or remove them from the recommendations&nbsp;if I don't have control over there values? Dismissing them does not remove them from the recommendations&nbsp;unfortunately.</SPAN></P> Tue, 06 Apr 2021 20:28:52 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-cis-policies-with-adds-joined-vms/m-p/2257471#M465 WHendrickson 2021-04-06T20:28:52Z Azure Security Center menu greyed out https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-menu-greyed-out/m-p/2256464#M464 <P>Hi</P><P>&nbsp;</P><P>Maybe somebody has a quick idea. I am security admin of a couple subscriptions. In Azure Security Center nearly all menu items are greyed out but I can see e.g. active recommendations and even click on it to see the details. Weired. Never has this before.<BR /><BR />Thanks in advance</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JoachimHans_0-1617714968342.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/270466i58A268790CBDE2BC/image-size/medium?v=v2&amp;px=400" role="button" title="JoachimHans_0-1617714968342.png" alt="JoachimHans_0-1617714968342.png" /></span></P><P>&nbsp;</P> Tue, 06 Apr 2021 13:21:25 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-menu-greyed-out/m-p/2256464#M464 JoachimHans 2021-04-06T13:21:25Z New Blog Post | Azure Security Center: Enable JIT on your VMs from Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-enable-jit-on-your-vms-from/m-p/2254696#M463 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_1-1617652942772.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/269664i8BB11309EC507E71/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_1-1617652942772.png" alt="JasonCohen1892_1-1617652942772.png" /></span></P> <P><SPAN class="style-scope yt-formatted-string"><A href="#" target="_blank" rel="noopener">Azure Security Center: Enable JIT on your VMs from Azure Security Center</A></SPAN></P> <P><SPAN class="style-scope yt-formatted-string">This video was made to accompany a previous blog:</SPAN></P> <P><SPAN class="style-scope yt-formatted-string">Azure Security Center: Enable JIT on your VMs from Azure Security Center </SPAN><A href="#" target="_blank" rel="noopener">Just-in-time virtual machine access in Azure Security Center | Microsoft Docs</A></P> Mon, 05 Apr 2021 20:03:33 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-enable-jit-on-your-vms-from/m-p/2254696#M463 JasonCohen1892 2021-04-05T20:03:33Z New Blog Post | Azure Security Center: JIT VM Access and PowerShell https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-jit-vm-access-and-powershell/m-p/2254683#M462 <P><A href="#" target="_blank" rel="noopener">Azure Security Center: JIT VM Access and PowerShell</A></P> <P><SPAN class="style-scope yt-formatted-string">This video was made to accompany a previous blog. Enable JIT on your VMs using PowerShell - <A href="#" target="_blank" rel="noopener">Just-in-time virtual machine access in Azure Security Center | Microsoft Docs</A></SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1617652542822.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/269663i5306713CF821AE17/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1617652542822.png" alt="JasonCohen1892_0-1617652542822.png" /></span></P> <P>&nbsp;</P> Mon, 05 Apr 2021 19:56:56 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-jit-vm-access-and-powershell/m-p/2254683#M462 JasonCohen1892 2021-04-05T19:56:56Z New Blog Post | Azure Security Center: Restrict Unauthorized Network Access https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-restrict-unauthorized/m-p/2251092#M461 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1617380451267.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/269147iDBE2D9735BCCEF36/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1617380451267.png" alt="JasonCohen1892_0-1617380451267.png" /></span></P> <P><SPAN><A href="#" target="_blank" rel="nofollow noopener noreferrer">Azure Security Center: Restrict Unauthorized Network Access</A></SPAN></P> <P><SPAN>This video was made to accompany a previous blog:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/security-control-restrict-unauthorized-network-access/ba-p/1593833" target="_blank" rel="noopener">Security Control: Restrict Unauthorized Network Access - Microsoft Tech Community</A></SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN>There are many ways to protect your data nowadays; it is all about finding the best tools that adhere to your infrastructure and integrating them in the most efficient and effective way. Azure Security Center has an&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">Enhanced Secure Score</A>&nbsp;which brings specific security recommendations of your hybrid workloads in the cloud (Azure or others) as well as on premises. These recommendations are meant to keep your resources safe and improve your security hygiene where a continuous teamwork must be placed.</SPAN></P> Fri, 02 Apr 2021 16:21:42 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-restrict-unauthorized/m-p/2251092#M461 JasonCohen1892 2021-04-02T16:21:42Z Regulatory Compliance remediation for CCE-37861-2 suggests opposite of the standard. https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/regulatory-compliance-remediation-for-cce-37861-2-suggests/m-p/2247297#M460 <P>I have run a PCI DSS compliance report, and one of the items is the opposite of what they should be, for example, I have fails on:</P><P>&nbsp;</P><P>CCE-37861-2 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'</P><P>&nbsp;</P><P>The "<SPAN>Remediate security configurations" requires that I set it to "Yes", where as in my environment&nbsp;they are set to "No" as per both CCE-37861-2 and CIS 9.3.5 (Server 2012).</SPAN></P><P>&nbsp;</P><P><SPAN>Is this just a simple mistake?</SPAN></P> Wed, 31 Mar 2021 16:27:04 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/regulatory-compliance-remediation-for-cce-37861-2-suggests/m-p/2247297#M460 rmoslin 2021-03-31T16:27:04Z New Blog Post | Azure Security Center Enterprise Onboarding Guide https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-enterprise-onboarding-guide/m-p/2232563#M459 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1616596419959.jpeg" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/266677i3F71A8745166905C/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1616596419959.jpeg" alt="JasonCohen1892_0-1616596419959.jpeg" /></span></P> <DIV id="tinyMceEditorJasonCohen1892_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><SPAN><A href="#" target="_blank" rel="noopener noreferrer">Azure-Security-Center/Onboarding at onboarding · Azure/Azure-Security-Center · GitHub</A></SPAN></P> <P><SPAN>Why do we need such a guide? Large enterprises need to deploy ASC top down, which requires planning to meet their specific org needs and the use of various automation tools for deployment. Currently, information about deploying ASC at scale is scattered across our documentation, blog posts, the GitHub repo and the connection between steps is sometimes not clear. As a result, customers often need the help of CSAs or PMs to perform these onboarding steps. This does not scale and we could potentially increase the use of ASC in large organizations by giving customers the tools to help themselves. What’s our objective? The enterprise onboarding guide is designed to assist organizations step-by-step in properly deploying and configuring ASC in a large enterprise setup. The goal of this document is to enable our customers to automate as much of their ASC deployment as possible. Since customers have different preferences when it comes to automation, we want to list all available automation options for each step in the document. We also want to identify if there are things that cannot be automated yet. In a second step, this guide could then be used as the basis for an interactive onboarding experience in Security Center itself, guiding customers through the different steps in an easy way and triggering the necessary automation in the background. Read and experience it here&nbsp;</SPAN><A href="#" target="_blank" rel="nofollow noopener noreferrer"><SPAN>http://aka.ms/ASCOnboarding</SPAN></A>.</P> Wed, 24 Mar 2021 14:34:32 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center-enterprise-onboarding-guide/m-p/2232563#M459 JasonCohen1892 2021-03-24T14:34:32Z Regulatory Standards - Remove ASB Standard https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/regulatory-standards-remove-asb-standard/m-p/2230820#M458 <P>I would like to have the regulatory standard of my choice to be the only "enabled" standard.</P><P>However even after I disable all the OOB standards and remove the ASC Default, the ASB OOB standard is still enabled and reporting.</P><P>&nbsp;</P><P>Why do I want to disable ASB and not include it?</P><P>I don't want to disable the same policy throughout multiple initiatives/regulatory stands.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/266466i1E4088591032CF81/image-size/large?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 547px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/266467i712FF71E06BC31EF/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P> Tue, 23 Mar 2021 20:01:24 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/regulatory-standards-remove-asb-standard/m-p/2230820#M458 hctrr 2021-03-23T20:01:24Z New Blog Post | Azure Firewall Manager Is Now Integrated with Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-firewall-manager-is-now-integrated-with/m-p/2229850#M457 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1616509740067.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/266309i46435500090C741D/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_0-1616509740067.png" alt="JasonCohen1892_0-1616509740067.png" /></span></P> <P><SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-network-security/azure-firewall-manager-is-now-integrated-with-azure-security/ba-p/2228679" target="_blank" rel="noopener">Azure Network Security Integration with Azure Security Center (microsoft.com)</A></SPAN></P> <P><SPAN>Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.&nbsp; Azure Firewall Manager is a security management service that provides central security policy and route management for cloud-based security perimeters.&nbsp; To provide unified infrastructure and network security management to you, we have now integrated Azure Firewall Manager with the Azure Security Center.</SPAN></P> Tue, 23 Mar 2021 14:29:44 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-firewall-manager-is-now-integrated-with/m-p/2229850#M457 JasonCohen1892 2021-03-23T14:29:44Z Azure Security Center recommendations not categorized by compute, networking, data etc https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-recommendations-not-categorized-by-compute/m-p/2210064#M455 <P>As per <A href="#" target="_self">MS documentation</A> (updated recently as well) the Azure Security Center's recommendations are divided into Compute, Data, IdentityAndAccess, and Networking recommendations but I cannot see the recommendations grouped by these categories in the portal. Instead I can see something similar to this:</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="youshakhalid_2-1615777860727.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/263651iF427F8EDB3751D41/image-size/medium?v=v2&amp;px=400" role="button" title="youshakhalid_2-1615777860727.png" alt="youshakhalid_2-1615777860727.png" /></span></P><P>Is there any way to see the recommendations divided into the categories as they used to be before given that recently updated MS documentation says its divided into those categories.</P> Mon, 15 Mar 2021 03:12:48 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-recommendations-not-categorized-by-compute/m-p/2210064#M455 youshakhalid 2021-03-15T03:12:48Z Best Practices for Compliance Score https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/best-practices-for-compliance-score/m-p/2202213#M453 <P><LI-USER uid="124214"></LI-USER>&nbsp;I recently watched the Secure Score Best Practices webinar and it made me wonder about any automation tools for the Compliance Score. Do you have anything planned for that? A similar webinar on this topic would be helpful.&nbsp;</P> Thu, 11 Mar 2021 11:29:23 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/best-practices-for-compliance-score/m-p/2202213#M453 Dean Gross 2021-03-11T11:29:23Z New Blog Post | Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center/m-p/2194361#M451 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_1-1615237630928.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/261802i12A628F707E61E41/image-size/medium?v=v2&amp;px=400" role="button" title="JasonCohen1892_1-1615237630928.png" alt="JasonCohen1892_1-1615237630928.png" /></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-and-security-center-ignite-2021-announcements/ba-p/2172231" target="_blank" rel="noopener">Azure Defender and Security Center – Ignite 2021 Announcements - Microsoft Tech Community</A></P> <P><STRONG>Author:</STRONG> Gilad Elyashar&nbsp;</P> <P><SPAN>We are happy to announce new protections for Windows Server 2019, Windows 10 Virtual Desktop and networking as well as improved experiences for alerts and reporting.</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/security-control-enable-encryption-at-rest/ba-p/2192495" target="_blank" rel="noopener">Security Control: Enable encryption at rest - Microsoft Tech Community</A></SPAN></P> <P data-unlink="true"><SPAN><STRONG>Author:&nbsp;</STRONG><SPAN class="">Safeena Begum Lepakshi</SPAN>&nbsp;</SPAN></P> <P data-unlink="true"><SPAN>This Security Control contains up to 3 recommendations, depending on the resources you have deployed in your environment, and it is worth maximum whopping points of 4 (6%) that counts towards your overall Secure Score. These recommendations are meant to keep your resources safe and improve your security hygiene where continuous teamwork must be placed.</SPAN></P> Mon, 08 Mar 2021 21:07:37 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-azure-security-center/m-p/2194361#M451 JasonCohen1892 2021-03-08T21:07:37Z [Announcement] Azure Defender and Security Center – Ignite 2021 https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-defender-and-security-center-ignite-2021/m-p/2191522#M449 <P>Please review changes and new capabilities we just announced at Ignite:&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-and-security-center-ignite-2021-announcements/ba-p/2172231" target="_blank">Azure Defender and Security Center – Ignite 2021 Announcements - Microsoft Tech Community</A></P> Sun, 07 Mar 2021 13:50:49 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-defender-and-security-center-ignite-2021/m-p/2191522#M449 Stanislav Belov 2021-03-07T13:50:49Z Lack of Identity Security Info in ASC https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/lack-of-identity-security-info-in-asc/m-p/2189968#M444 <P>Can someone help me understand why the Identity Secure Score information is not included in Azure Security Center? Given that ASC is supposed to be providing cloud security posture management functionality and that it analyses security information from other clouds, I am expecting it to include the AAD security scorecard data, but it's no where to found so we have to go to another location.</P> Sat, 06 Mar 2021 12:19:23 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/lack-of-identity-security-info-in-asc/m-p/2189968#M444 Dean Gross 2021-03-06T12:19:23Z Azure security center location https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-location/m-p/2187627#M443 <P>Hi&nbsp;<BR />We are a company in europe, and are under regulation that all data has to stay in Europe.&nbsp;<BR />Now looking af the location of the Azure Security center, it lists as Centralus.&nbsp;<BR /><BR />Anyone know, if all collected data goes to this location or&nbsp; what kind of data does ?<BR />Is there anyway to change the location of the security center ?&nbsp;<BR /><BR />I can't find any information on this on ms.docs.&nbsp;<BR /><BR /></P><P>best regards&nbsp;<BR />Michael&nbsp;<BR />&nbsp;<BR /><BR /></P> Fri, 05 Mar 2021 10:44:00 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-location/m-p/2187627#M443 Michael Thogersen 2021-03-05T10:44:00Z ASC out of the box use cases https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-out-of-the-box-use-cases/m-p/2184453#M442 <P>Hi,</P><P>Is there a way I could pull out a list of pre-defined (out of the box) use cases for Azure Security Center to avoid duplicate efforts when developing custom use cases for Defender in Sentinel?</P><P>&nbsp;</P><P>Many Thanks</P> Thu, 04 Mar 2021 11:09:15 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-out-of-the-box-use-cases/m-p/2184453#M442 sergeiy 2021-03-04T11:09:15Z ASC auto provisioning https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-auto-provisioning/m-p/2178893#M441 <P>Hi Team,</P><P>&nbsp;</P><P>Suppose we have one&nbsp;<SPAN>centralized management subscription. In that centralized subscription we have created log analytic workspaces in different regions.&nbsp; These log analytic workspaces are enabled with sentinel. due to compliance&nbsp;reason, we would like to keep the log data within the region,</SPAN></P><P>&nbsp;</P><P>how we can automate the auto provisioning in a way, that each VM's syslog or event logs should forwarded into correct log analytic workspace in&nbsp;<SPAN>centralized subscription.</SPAN></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2021-03-03 at 2.28.18.png" style="width: 972px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/259960i3FE3AAE552E8FAB8/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2021-03-03 at 2.28.18.png" alt="Screen Shot 2021-03-03 at 2.28.18.png" /></span></P><P>&nbsp;</P><P><STRONG>References</STRONG>:</P><P>Support Regions:&nbsp;<A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/azure/security-center/faq-data-collection-agents</A></P><P>Enable AutoProvision:&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Install the Log Analytics agent for Linux</A></P> Tue, 02 Mar 2021 17:47:41 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-auto-provisioning/m-p/2178893#M441 MaheshUTP 2021-03-02T17:47:41Z Feedback Opportunity | Multi cloud security in Azure Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/feedback-opportunity-multi-cloud-security-in-azure-security/m-p/2160515#M440 <TABLE style="border-style: hidden; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="100%"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Survey.jpg" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/257198i3B4A7D30C9A0F601/image-size/medium?v=v2&amp;px=400" role="button" title="Survey.jpg" alt="Survey.jpg" /></span></TD> </TR> <TR> <TD width="100%"> <P><STRONG><FONT size="4">By connecting non-Azure accounts to Security Center, users can now protect workloads in AWS and GCP, as well as in Azure.&nbsp;</FONT></STRONG></P> <P><FONT size="4">Once non-Azure accounts are connected to Security Center, users can get instant&nbsp;view into the entire multi cloud estate, unified security recommendation management, single place for cross-cloud reporting and automations, and protect non-Azure resources&nbsp;with Azure Arc and Azure Defender.</FONT><BR /><BR /><FONT size="4">Whether you have already tried this feature, or are generally interested in multi cloud security, we would love to get your feedback and insights. They will help us plan our roadmap ahead.</FONT></P> <P>&nbsp;</P> <P><FONT size="4">Please help us understand your multi cloud security needs by taking this short, 4-minute survey at <A href="#" target="_blank" rel="noopener"><STRONG>aka.ms/ASCMultiCloudSurvey</STRONG></A>.&nbsp;</FONT><STRONG><FONT size="4">Responses will be accepted through March 21, 2021.</FONT></STRONG></P> </TD> </TR> </TBODY> </TABLE> Tue, 23 Feb 2021 21:32:32 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/feedback-opportunity-multi-cloud-security-in-azure-security/m-p/2160515#M440 Valon_Kolica 2021-02-23T21:32:32Z [Announcement] Azure Defender integration with MDE for Windows Server 2019 https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-defender-integration-with-mde-for-windows/m-p/2159018#M438 <P>We are happy to <A href="#" target="_self">share&nbsp;</A>that Azure Defender integration with MDE (Microsoft Defender for Endpoint) for Windows Server 2019 and <A href="#" target="_blank" rel="noopener">Windows 10 Multi-Session</A> (formerly Enterprise for Virtual Desktops (EVD) is now available for Public Preview!</P> <P>&nbsp;</P> <P><STRONG>What is MDE and what does the integration include ?</STRONG></P> <P>Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution. Its main features are:</P> <UL> <LI>Risk-based vulnerability management and assessment</LI> <LI>Attack surface reduction</LI> <LI>Behavioral based and cloud-powered protection</LI> <LI>Endpoint detection and response (EDR)</LI> <LI>Automatic investigation and remediation</LI> <LI>Managed hunting services</LI> </UL> <P>Microsoft Defender for Endpoint provides:</P> <UL> <LI><STRONG>Advanced post-breach detection sensors</STRONG>. Defender for Endpoint's sensors for Windows machines collect a vast array of behavioral signals.</LI> <LI><STRONG>Analytics-based, cloud-powered, post-breach detection</STRONG>. Defender for Endpoint quickly adapts to changing threats. It uses advanced analytics and big data. It's amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly.</LI> <LI><STRONG>Threat intelligence</STRONG>. Defender for Endpoint generates alerts when it identifies attacker tools, techniques, and procedures. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners.</LI> </UL> <P>The integration of Microsoft Defender for Endpoint with Security Center let’s customers benefit from the following additional capabilities:</P> <UL> <LI><STRONG>Automated onboarding</STRONG>. Security Center automatically enables the Microsoft Defender for Endpoint sensor for all Windows servers monitored by Security Center.</LI> <LI><STRONG>Single pane of glass</STRONG>. The Security Center console displays Microsoft Defender for Endpoint alerts. To investigate further, customers can use Microsoft Defender for Endpoint's own portal pages where they will see additional information such as the alert process tree and the incident graph. They can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.</LI> </UL> Tue, 23 Feb 2021 13:50:03 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-defender-integration-with-mde-for-windows/m-p/2159018#M438 Stanislav Belov 2021-02-23T13:50:03Z ASC - AWS EC2 auto onboarding via Azure Arc https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-aws-ec2-auto-onboarding-via-azure-arc/m-p/2157708#M437 <P>Problem:</P><P>Azure Arc not automatically installing on AWS EC2 instance.</P><P>&nbsp;</P><P>Background:</P><UL><LI>EC2 instance is in inventory on ASC</LI><LI>Azure Arc Service Principal is configured</LI><LI>EC2 has SSM agent installed</LI><LI>I can manually install Azure Arc using the script via&nbsp;Service Principal</LI></UL><P>How do I troubleshoot this?</P><P>Do I need to set up anything with AWS Systems Manager?</P> Tue, 23 Feb 2021 01:36:09 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-aws-ec2-auto-onboarding-via-azure-arc/m-p/2157708#M437 ehloworldio 2021-02-23T01:36:09Z [Announcement] Azure Security Center Newsletter https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-security-center-newsletter/m-p/2136331#M436 <P><SPAN>Do you want to stay current with Azure Security Center and Azure Defender? Subscribe to our monthly newsletter:&nbsp;</SPAN><A href="#" target="_blank">https://aka.ms/ASCNewsSubscribe</A></P> Mon, 15 Feb 2021 13:38:48 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/announcement-azure-security-center-newsletter/m-p/2136331#M436 Stanislav Belov 2021-02-15T13:38:48Z ASC Built-in Vulnerability Scanner Unified Dashboard 1.0 https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-built-in-vulnerability-scanner-unified-dashboard-1-0/m-p/2108063#M427 <P>Hello ,</P><P>&nbsp;</P><P>I was trying to implement&nbsp; vulnerability scanner unified dashboard using Azure workbook , but i get error message : Invalid Json .</P><P>&nbsp;</P><P><A href="#" target="_blank">Azure-Security-Center/Workbooks/Vulnerability Scanner Unified Dashboard 1.0 at master · Azure/Azure-Security-Center · GitHub</A></P><P>&nbsp;</P><P>Looking for documentation on implementing the above dashboard.</P><P>&nbsp;</P><P>Thanks</P> Fri, 29 Jan 2021 10:57:36 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-built-in-vulnerability-scanner-unified-dashboard-1-0/m-p/2108063#M427 CloudSec2021 2021-01-29T10:57:36Z How to forward evtx files to azure sentinel https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-forward-evtx-files-to-azure-sentinel/m-p/2098406#M424 Mon, 25 Jan 2021 01:31:55 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-to-forward-evtx-files-to-azure-sentinel/m-p/2098406#M424 Stanislav Belov 2021-01-25T01:31:55Z Force refresh server assessment (meta)data https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/force-refresh-server-assessment-meta-data/m-p/2086986#M420 <P>Hi Guys,&nbsp;</P><P>&nbsp;</P><P>got a question related to the server assessment VA /Advisor recommendation.</P><P>I just fixed a VA item, but the docs says it will take up to 48 hours before it will refresh the data/ before i can see new VA results.</P><P>"<STRONG><SPAN>How quickly will the scanner identify newly disclosed critical vulnerabilities?</SPAN></STRONG></P><DIV><P>Within <U><STRONG>48 hrs</STRONG></U> of the disclosure of a critical vulnerability, Qualys incorporates the information into their processing and can identify affected machines."</P></DIV><P>&nbsp;</P><P>Is there another way to force this ?</P><P>my reference is this link&nbsp;</P><DIV><A title="https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm#overview-of-the-integrated-vulnerability-scanner" href="#" target="_blank" rel="noreferrer noopener">Security Center's integrated vulnerability assessment solution for Azure and hybrid machines | Microsoft Docs</A></DIV><P>&nbsp;</P><P>regards,</P><P>Joe</P> Fri, 22 Jan 2021 14:43:45 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/force-refresh-server-assessment-meta-data/m-p/2086986#M420 joetahsin 2021-01-22T14:43:45Z New Blog Post Released: Enable Audit and Logging https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-released-enable-audit-and-logging/m-p/2080541#M419 <P><SPAN>The security control&nbsp;</SPAN><EM>enable auditing and logging</EM><SPAN>, contains recommendations that will remind you to enable logging for all Azure services supported by Azure Security Center and resources in other cloud providers, such as AWS and GCP (currently in preview). Upon the remediation of all these recommendations, you will gain a 1% increase in your Secure Score.</SPAN></P> <P>&nbsp;</P> <P>Check it out:&nbsp;<A href="#" target="_blank">http://aka.ms/asc-enablelogging</A>&nbsp;</P> Wed, 20 Jan 2021 23:07:26 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/new-blog-post-released-enable-audit-and-logging/m-p/2080541#M419 Stanislav Belov 2021-01-20T23:07:26Z Azure defender for subset of services/resources https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-subset-of-services-resources/m-p/2073646#M415 <P>Hi There,</P><P>I am new to ASC. I enabled azure defender (trial) for my subscription and now want to only enable azure defender for my production workloads not the dev/test. We have all the workloads under same subscription. Is it possible to do that ?&nbsp;</P><P>Thanks</P><P>Muhammad Hamza</P> Tue, 19 Jan 2021 10:26:35 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-subset-of-services-resources/m-p/2073646#M415 muhammadhamza 2021-01-19T10:26:35Z Azure Disk Encryption - Not applicable resources https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-disk-encryption-not-applicable-resources/m-p/2058338#M410 <P>I have around 350 IaaS vms that are showing up as Not Applicable within ASC across 140ish subs. I cannot seem to pin down any rhyme or reason why these machines report in this way.&nbsp;</P><P>&nbsp;</P><P>Here is an example of two VMs for one sub and what it looks like:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nathan_mitten_rpa_0-1610570352826.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/246228iBE5D15124B4C0954/image-size/medium?v=v2&amp;px=400" role="button" title="nathan_mitten_rpa_0-1610570352826.png" alt="nathan_mitten_rpa_0-1610570352826.png" /></span></P><P>&nbsp;</P><P>The VMs are on supported versions of windows, they don't have ADE extension installed, they are not on a domain, they are V1 VMs, there isn't any other software installed that would be doing encryption.</P><P>&nbsp;</P><P>I've yet to find a resource that reports in in this state that actually has disk encryption enabled, so just trying to see if anyone has other thoughts on why ASC isn't reporting it as such.</P><P>&nbsp;</P><P>Thanks</P> Wed, 13 Jan 2021 20:41:43 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-disk-encryption-not-applicable-resources/m-p/2058338#M410 nathan_mitten_rpa 2021-01-13T20:41:43Z Issues with Azure Policy/Security Center https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/issues-with-azure-policy-security-center/m-p/2053276#M407 <P>Wondering if anyone might be able to help me get this straightened out. I've used Azure Policy and Security Center without issue for a few years now, but only recently has this problem began to occur.</P><P>&nbsp;</P><P>It seems Policy is not identifying that I have the Qualys Vulnerability Assessment Solution installed on my Virtual Machines. It has also failed to identify that I have my storage accounts restricted using virtual network rules.</P><P>&nbsp;</P><P>I've double- and triple-checked the Scope (I only have one subscription that I'm managing) and can see the Qualys agent is installed on all of the machines, but Azure Policy is failing to detect Qualys for whatever reason. It also fails to detect that my storage accounts are restricted using virtual network rules (both of these were previously showing in Security Center as compliant and have only recently failed to identify).</P><P>&nbsp;</P><P>Also, I have a couple of vulnerabilities that have been addressed by other means that I have tried disabling via the Disable rule (preview) that fail to disappear after disabling. It is quite frustrating. I know that things in preview can fail to work correctly (hence the preview), but it was working before.&nbsp;</P><P>&nbsp;</P><P>I plan on filing a ticket with Azure Support today. Has anyone else noticed problems like this?</P> Tue, 12 Jan 2021 16:31:00 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/issues-with-azure-policy-security-center/m-p/2053276#M407 TechNashville 2021-01-12T16:31:00Z Azure Security Center Labs https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-labs/m-p/2050512#M406 <P>We are super happy to announce that&nbsp;Azure Security Center Labs are now available for anyone who prefers learning new things by doing. Check it out and share your feedback!&nbsp;</P> <P><A href="#" target="_blank" rel="noopener" data-attribute-index="5">http://aka.ms/asclabs</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 11 Jan 2021 21:36:06 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-labs/m-p/2050512#M406 Stanislav Belov 2021-01-11T21:36:06Z Custom Feed Integration https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/custom-feed-integration/m-p/2045561#M404 <P>&nbsp;</P><P>We are&nbsp; a Microsoft certified Azure Security ISV and our customers are asking us to publish our custom Azure security information to the Azure Security Center.&nbsp; Other ISVs have done this but we cannot find information on how to do this.&nbsp;</P><P>&nbsp;</P><P>Thank you for any insights.</P> Sat, 09 Jan 2021 15:10:32 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/custom-feed-integration/m-p/2045561#M404 MShavlik 2021-01-09T15:10:32Z What's new in Azure Security Center? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/what-s-new-in-azure-security-center/m-p/2036907#M403 <TABLE style="border-style: hidden; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="100%"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="ASC_SS.jpg" style="width: 584px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/244562iED6201A2B506F776/image-size/large?v=v2&amp;px=999" role="button" title="ASC_SS.jpg" alt="ASC_SS.jpg" /></span></TD> </TR> <TR> <TD width="100%"> <P>ASC team has wrapped up 2020 with some great updates. Here are the December updates:</P> <P>&nbsp;</P> <UL> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Azure Defender for SQL servers on machines is generally available</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool is generally available</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Global Administrators can now grant themselves tenant-level permissions</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Two new Azure Defender plans: Azure Defender for DNS and Azure Defender for Resource Manager (in preview)</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">New security alerts page in the Azure portal (preview)</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Revitalized Security Center experience in Azure SQL Database &amp; SQL Managed Instance</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Asset inventory tools and filters updated</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Recommendation about web apps requesting SSL certificates no longer part of secure score</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Recommendations page has new filters for environment, severity, and available responses</A></LI> <LI><A href="#" target="_blank" rel="noopener" data-linktype="self-bookmark">Continuous export gets new data types and improved deployifnotexist policies</A></LI> </UL> </TD> </TR> </TBODY> </TABLE> Wed, 06 Jan 2021 16:46:16 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/what-s-new-in-azure-security-center/m-p/2036907#M403 Valon_Kolica 2021-01-06T16:46:16Z Azure security center - Run malware scan on demand for a blob storage account https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-run-malware-scan-on-demand-for-a-blob/m-p/2010334#M402 <P>Hi&nbsp;</P><P>&nbsp;</P><P>I am using the Azure security center along with workflow automation (logic apps) to create alerts when a malware/virus is uploaded to the blob storage account. The file scan runs on its own schedule.</P><P>&nbsp;</P><P>1) Is there a way to run this scan on demand ? We need to know right away if the uploaded file is corrupt.&nbsp;</P><P>2) It would have been great if an api could have been called to perform a malware scan before the file gets uploaded. Is that something the product team is considering ?&nbsp;</P><P>&nbsp;</P><P>Thanks!</P><P>Sharat</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 22 Dec 2020 19:11:26 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-run-malware-scan-on-demand-for-a-blob/m-p/2010334#M402 SharatMenon 2020-12-22T19:11:26Z How do I get the SOC 2 Report? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-do-i-get-the-soc-2-report/m-p/1995781#M399 <P>Hi,</P><P>&nbsp;</P><P>I need to Download the SOC 2 Report from Azure (App Services), however, it seems I don't have it in here, how do I get the SCO 2 Report?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Natan1310_0-1608161480445.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/241199i190C185DA693590C/image-size/large?v=v2&amp;px=999" role="button" title="Natan1310_0-1608161480445.png" alt="Natan1310_0-1608161480445.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Natan1310_1-1608161549804.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/241200i777D8C002DA8E8B1/image-size/large?v=v2&amp;px=999" role="button" title="Natan1310_1-1608161549804.png" alt="Natan1310_1-1608161549804.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Dec 2020 23:32:43 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-do-i-get-the-soc-2-report/m-p/1995781#M399 Natan1310 2020-12-16T23:32:43Z Vulnerability Assessment results for SQL Managed Instance not updating after changes https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/vulnerability-assessment-results-for-sql-managed-instance-not/m-p/1980300#M396 <P>Hi all.</P><P>I've been working through the vulnerability assessment recommendations for some databases in my SQL Managed Instance.</P><P>&nbsp;</P><P>It's been over 48 hours since some have been resolved, but they still show as unresolved in the Azure portal.</P><P>Any ideas on why that is the case?</P><P>How can it be fixed so that the portal's assessment/recommendations match the databases' assessment results?</P> Fri, 11 Dec 2020 16:30:38 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/vulnerability-assessment-results-for-sql-managed-instance-not/m-p/1980300#M396 amaya-WAG 2020-12-11T16:30:38Z Azure Defender for SQL Server is now Generally Available https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-sql-server-is-now-generally-available/m-p/1950132#M394 <TABLE style="border-style: hidden; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="50%" class="lia-align-left"> <P>We are delighted to announce that <STRONG>Azure Defender for SQL Server is now Generally Available for protecting SQL databases on premises, in Azure VMs and in multi-cloud deployments</STRONG>, allowing customers to constantly monitors their SQL servers outside Azure for known vulnerabilities and threats.</P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener"><STRONG>Watch Azure Defender for SQL Server in action</STRONG></A><BR />We invite you to watch the following <A href="#" target="_blank" rel="noopener"><STRONG>short video</STRONG></A> to see how Azure Defender for SQL can help organizations avoid, detect, and respond to popular attacks on their SQL servers which are commonly observed in the wild. Learn more on the <A href="#" target="_blank" rel="noopener"><STRONG>Introduction to Azure Defender for SQL</STRONG></A> page.</P> </TD> <TD width="50%" class="lia-align-left"><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="AzDef4SQLanyW.jpg" style="width: 457px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/237389i21E746C029CFFE8D/image-size/large?v=v2&amp;px=999" role="button" title="AzDef4SQLanyW.jpg" alt="AzDef4SQLanyW.jpg" /></span></TD> </TR> </TBODY> </TABLE> Wed, 02 Dec 2020 19:08:21 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-defender-for-sql-server-is-now-generally-available/m-p/1950132#M394 Valon_Kolica 2020-12-02T19:08:21Z What does lastUpdateTime entail? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/what-does-lastupdatetime-entail/m-p/1944695#M393 <P>Hi!</P><P>&nbsp;</P><P>I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.</P><P>&nbsp;</P><P>My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it <EM>has</EM> been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.</P><P>&nbsp;</P><P>I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.</P><P>&nbsp;</P><P>Info from MS about the API call: <A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide</A></P><P>&nbsp;</P><P>Edit: I am checking the lastUpdateTime field, of course, to verify it has been updated. If it was not clear, I am wondering which other fields might change if it has been updated.</P> Tue, 01 Dec 2020 14:54:11 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/what-does-lastupdatetime-entail/m-p/1944695#M393 Keel02 2020-12-01T14:54:11Z Pricing composition https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/pricing-composition/m-p/1922742#M386 <P>Hi all</P><P>&nbsp;</P><P>I have only a short question about the pricing which is confusing.</P><P>&nbsp;</P><P>So is it correct that the pricing is composed of</P><P>1. a fixed amount to pay for the instances we are monitoring with Azure Defender</P><P>2. additional costs for data ingested into the workspace?</P><P>&nbsp;</P><P>Is that correct and which data are ingested into workspace (i know it is the case for VM's)?&nbsp;</P> Mon, 23 Nov 2020 09:15:46 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/pricing-composition/m-p/1922742#M386 marekatai 2020-11-23T09:15:46Z Missing "Disk encryption should be applied on virtual machines" recommendations https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/missing-quot-disk-encryption-should-be-applied-on-virtual/m-p/1899294#M385 <P>Hi</P><P>&nbsp;</P><P>We've noticed the&nbsp;"Disk encryption should be applied on virtual machines" recommendation under 'Enable encryption at rest' has been removed from the security center.</P><P>&nbsp;</P><P>Does anyone know the reasoning behind this?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 18 Nov 2020 09:36:35 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/missing-quot-disk-encryption-should-be-applied-on-virtual/m-p/1899294#M385 davemills 2020-11-18T09:36:35Z Azure Security Center | Organization’s Granting Permissions Process https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-organization-s-granting-permissions/m-p/1873569#M384 <DIV> <DIV>By this survey we are trying to better understand the roles and permissions granting processes in our customers and partners organizations.</DIV> <DIV data-tid="messageBodyContainer"> <DIV data-tid="messageBodyContent"> <P>&nbsp;</P> <P><SPAN>Participants should be familiar with their organization’s role assignment processes in AAD and Azure.</SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG>Survey Link:</STRONG> <U><A title="https://nam06.safelinks.protection.outlook.com/?url=https%3a%2f%2faka.ms%2frolesassignmentsurvey&amp;data=04%7c01%7ckquick%40microsoft.com%7c51a2ef4be39947a4a65d08d8857cdb8f%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c637406118591635811%7cunknown%7ctwfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0%3d%7c1000&amp;sdata=tto%2f%2bf%2fvynm2eevhfj76exavfzporw3indpkrng7svs%3d&amp;reserved=0" href="#" target="_blank">https://aka.ms/RolesAssignmentSurvey</A></U></SPAN></P> </DIV> </DIV> </DIV> <DIV>&nbsp;</DIV> Tue, 10 Nov 2020 18:44:19 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/azure-security-center-organization-s-granting-permissions/m-p/1873569#M384 Valon_Kolica 2020-11-10T18:44:19Z Eable/Disable Selective ASC Policies https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/eable-disable-selective-asc-policies/m-p/1842360#M381 <P>Hi,</P><P>Is there a way to selectively disable (not have the policy active) a secure policy either at the subscriptoon or resource group level?</P><P>&nbsp;</P><P>For example, if a policy is to recommend VM firewalls to be enabled, and this is not required, is there a way to deactivate this particular policy in the ASC dashboard?</P><P>&nbsp;</P><P>Also any pointers to more specific ASC configuration will appreciated.</P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>J</P> Sun, 01 Nov 2020 15:24:44 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/eable-disable-selective-asc-policies/m-p/1842360#M381 JoVuon 2020-11-01T15:24:44Z Exporting list of all vulnerabilities per machine https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/exporting-list-of-all-vulnerabilities-per-machine/m-p/1832194#M380 <P>Hi community,</P><P>&nbsp;</P><P>I'm new to Threat and Vulnerability Management on MDATP, i've been noticing that Microsoft doesn't offer an option to export the list of all the vulnerabilities per machine. We can export the vulnerabilities for each machine separately or all the vulnerabilities with no information about which machine has the vulnerability.</P><P>I'm used to work with Qualys and they have this option of export every vulnerability associated with each machine and their solution.</P><P>Can i customize the report to bring the columns i need? Thank you.</P> Thu, 29 Oct 2020 13:27:33 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/exporting-list-of-all-vulnerabilities-per-machine/m-p/1832194#M380 guiqueiroz 2020-10-29T13:27:33Z Cloud Security Basic understanding https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/cloud-security-basic-understanding/m-p/1815805#M379 <P class="graf graf--p">A very common question from customers and those who are new to the Cloud platform. Here I am describing Azure cloud Security.</P><P>Running applications and systems that are available to users for consumption is an<BR />important consideration for architects for any serious application. However, there is<BR />another equally important application feature that is one of the top priorities for architects<BR />and it is the scalability of applications. Imagine situations in which applications are<BR />deployed and obtain great performance and availability with a few users, but both<BR />availability and performance suffers as users start increasing. Another situation in which<BR />although the application is performant and available with large number of users but there is<BR />certain time in a day or week or there are special events during which the number of user's<BR />spikes, and you cannot gauge or predict the number of users. In extension to the previous<BR />situation, you might have provisioned the hardware and bandwidth for handling users<BR />during these occasions and there are spikes; however, most of the time, the additional<BR />hardware is not used and does not provide any return on investment. They are provisioned<BR />for usage only during few festivals or offers. I hope you are getting the problems architects<BR />are trying to solve. All these problems are related to capacity sizing and scalability of an<BR />application. The focus of this chapter is to understand scalability as architectural concern<BR />and details out features provided by Azure for addressing these concerns.<BR />In this chapter, we'll cover the following topics:</P><P>&nbsp;</P><UL><LI>Security principles</LI><LI>Security for Azure</LI><LI>Compliance and certification</LI></UL><P><STRONG>Security life cycle</STRONG></P><P>&nbsp;</P><P>Security is generally regarded as a non-functional requirement for a solution. However,<BR />with growing cyber-attacks it is considered as a functional requirement these days.<BR />Every organization follows some sort of application life cycle management for their<BR />applications. When security is treated as a functional requirement, it should follow the same<BR />process of application development. Security should not be an after-thought, rather it<BR />should be part of the application from the beginning. Within the overall planning phase for<BR />an application, security should also be planned. Based on the nature of the application,<BR />different kinds and categories of threats should be identified and based on these<BR />identifications, they should be documented in terms of approach and scope to mitigate<BR />them. A threat modeling exercise should be undertaken to illustrate the threat each<BR />component can be subjected to. This will lead to designing security standards and policies<BR />for the application. This is typically the security design phase. The next phase is called the<BR />Threat Mitigation or Build phase. In this phase, implementation of security in terms of<BR />code and configuration is executed to mitigate the security threats and risks.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-10-25 170329.png" style="width: 427px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/229086i1EB04EE4DFAD7A20/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2020-10-25 170329.png" alt="Screenshot 2020-10-25 170329.png" /></span></P><P>&nbsp;</P><P><STRONG>Azure security</STRONG></P><P>&nbsp;</P><P>Azure provides all its services through data centers in multiple regions. These data centers<BR />are interconnected within regions as well as across regions. Azure understands that it hosts<BR />mission critical and important applications, services, and data for its customers. It must<BR />ensure that security is of the utmost importance for its data centers and regions. Customers<BR />deploy applications on the cloud based on this trust that Azure will protect their<BR />applications and data from vulnerabilities and breach. Customers will not move to the<BR />cloud if this trust is broken and hence Azure implements security at all layers from physical<BR />data center perimeter to logical software components. Each layer is protected, and even<BR />Azure data center team does not have access to them.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-10-25 170210.png" style="width: 690px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/229087i0D7F40850FB51873/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2020-10-25 170210.png" alt="Screenshot 2020-10-25 170210.png" /></span></P><P>&nbsp;</P><P><STRONG>Network Security Groups</STRONG></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-10-25 170551.png" style="width: 826px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/229088iBE450AC84728C5CE/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2020-10-25 170551.png" alt="Screenshot 2020-10-25 170551.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 25 Oct 2020 11:08:30 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/cloud-security-basic-understanding/m-p/1815805#M379 M A Nakib Juris 2020-10-25T11:08:30Z Does Defender ATP Exclude Office Trusted Locations https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/does-defender-atp-exclude-office-trusted-locations/m-p/1801037#M377 <P>Does Defender ATP allow macros in the Office Trusted Locations folders? Will Defender exclude or quarantine macros in those folders?&nbsp;</P> Tue, 20 Oct 2020 19:33:28 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/does-defender-atp-exclude-office-trusted-locations/m-p/1801037#M377 JimLeary 2020-10-20T19:33:28Z ASC using Azure Resource Graph Explorer https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-using-azure-resource-graph-explorer/m-p/1771513#M375 <P>I am new to using ASC and looking around to get help using resource graph explorer.&nbsp; I have reviewed this link:&nbsp; (<A href="#" target="_blank">https://github.com/Azure/Azure-Security-Center/tree/master/ARG%20queries/Starter%20Kit%20-%20ASC%20Recommendations</A>) on getting some information setup on a dashboard for easier viewing.&nbsp; As I said, still learning this and I am surely missing something simple I gather to build a dashboard to look like this (see image).&nbsp; I know that I need to keep tweaking the query to display the right information, but what I have not been able to "stumble across" is a way to view the data from a dashboard that lists all the vulnerability findings to dig into?&nbsp; The only way I have been able to gather this information is by going into each resource (ie. VMs) and viewing this under security checks or using the Recommendations section and navigating into the same information, using a different path.</P><P>&nbsp;</P><P>What I was hoping to do is find a way to list the vulnerabilities found and export those into CSV, as that is the only way to truly breakdown the findings in ASC, which is a lot of manual work.&nbsp; Just making sure I am looking at this correctly, since I am still new to this and trying to find a few ways to get to the information a bit easier/faster.</P><P>&nbsp;</P><P>Thank you,</P><P>-Bob</P> Mon, 12 Oct 2020 13:56:25 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/asc-using-azure-resource-graph-explorer/m-p/1771513#M375 Bob_Toler 2020-10-12T13:56:25Z Public Webinar re-schedule | 'ASC Service Layers Protection' and 'Multi Cloud support in ASC' https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/public-webinar-re-schedule-asc-service-layers-protection-and/m-p/1732740#M364 <P>Please note that 'ASC Service Layers Protection' webinar has been re-scheduled for January 7, 2021.</P> <P>&nbsp;</P> <P><STRONG>On October 28, 2020</STRONG> we will be hosting '<STRONG>Multi Cloud support in ASC</STRONG>', here are the details:</P> <P>&nbsp;</P> <P>For registration visit&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/SecurityWebinars</A>.</P> <P>&nbsp;</P> <P><STRONG>Azure Security Center webinar: Multi Cloud support in ASC</STRONG></P> <P>&nbsp;</P> <P><STRONG>PRESENTER</STRONG></P> <P>Adam Zamri</P> <P>&nbsp;</P> <P><STRONG>WEBINAR DESCRIPTION</STRONG></P> <P>With the recent release in Ignite 2020 for multi-cloud support in ASC, we are inviting you for an in-depth session to cover the new capability and experience. In this webinar, Adam Zamri from the product team, will present on-boarding flow of your AWS and GCP accounts to ASC, and how ASC discovers resources and retrieves compliance data and will show the unified security posture management experience for all 3 cloud platforms with ASC.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 30 Sep 2020 23:52:26 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/public-webinar-re-schedule-asc-service-layers-protection-and/m-p/1732740#M364 Valon_Kolica 2020-09-30T23:52:26Z Top 50 alerts in Security center must for SOC? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/top-50-alerts-in-security-center-must-for-soc/m-p/1726474#M363 <P>Top 50 alerts in Security center must for SOC?</P> Tue, 29 Sep 2020 20:56:04 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/top-50-alerts-in-security-center-must-for-soc/m-p/1726474#M363 SOHAIL_PATEL_777 2020-09-29T20:56:04Z Did I just stumble on a hidden gem? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/did-i-just-stumble-on-a-hidden-gem/m-p/1723541#M362 <P>Hi all,</P><P>&nbsp;</P><P>A while back I asked a <A href="https://gorovian.000webhostapp.com/?exam=t5/azure-monitor/antimalware-monitoring/td-p/1416239" target="_blank" rel="noopener">question</A> on antimalware monitoring, and <LI-USER uid="54923"></LI-USER>&nbsp;pointed me to the Antimalware assessment. However, last week I noticed Azure Security Center has the same features as the Antimalware assessment, and it even shows that in the pricing and settings:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="-Akos-_0-1601372194357.png" style="width: 806px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/222753i188804A3A0709B7F/image-dimensions/806x62?v=v2" width="806" height="62" role="button" title="-Akos-_0-1601372194357.png" alt="-Akos-_0-1601372194357.png" /></span></P><P>I see that even the free ASC tier has the ProtectionStatus table in the Log Analytics workspace, so I am indeed able to see the status of the antimalware. Now here comes my confusion: I know that the Azure Security Center "Azure Defender On" paid tier has alerting capabilities on things like brute force attacks, but it seems the free tier has alerting on antimalware (from the IaaSAntimalware extension at least) baked in. I tested this with an eicar test file, and sure enough I am getting alerts.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="-Akos-_1-1601372997862.png" style="width: 835px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/222755iBB2DE45D03503AAF/image-dimensions/835x249?v=v2" width="835" height="249" role="button" title="-Akos-_1-1601372997862.png" alt="-Akos-_1-1601372997862.png" /></span></P><P>I tested this on several Azure subscriptions that have no Azure Defender subscription, nor trial enabled.&nbsp;I see alerts not only in ASC, but they come to the Activity Log as well, so I can alert from there, even showing me the file path and threat status whether it was quarantined.</P><P>&nbsp;</P><P><STRONG>My question:</STRONG> Is this a happy accident, or is even the free tier supposed to have antimalware alerting from Azure Security Center? Or is that ability going away like after a while, like a secret trialware?</P><P>&nbsp;</P><P>P.S. I am well aware that ASC's capabilities extend beyond just antimalware, but this feature alone would be a serious bonus.</P><P>&nbsp;</P> Tue, 29 Sep 2020 10:07:16 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/did-i-just-stumble-on-a-hidden-gem/m-p/1723541#M362 -Akos- 2020-09-29T10:07:16Z No Security Alerts in Azure Defender https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/no-security-alerts-in-azure-defender/m-p/1717228#M359 <P>Hi community,</P><P>&nbsp;</P><P>For some or other reason I've stopped seeing Security Alerts in Azure Defender. This is not typical for this environment.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SebastiaanR_0-1601195501865.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/222420i9BF5B897B330559E/image-size/medium?v=v2&amp;px=400" role="button" title="SebastiaanR_0-1601195501865.png" alt="SebastiaanR_0-1601195501865.png" /></span></P><P>&nbsp;</P><P>I have Owner permissions on the subscription, and Standard pricing applied across the environment. I can see the devices in MDATP.</P><P>&nbsp;</P><P>Any idea why no security alerts will be displayed in here, and any suggestions on how I can test to make sure things are all good?</P><P>&nbsp;</P><P>TIA</P><P>&nbsp;</P> Sun, 27 Sep 2020 08:35:00 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/no-security-alerts-in-azure-defender/m-p/1717228#M359 SebastiaanR 2020-09-27T08:35:00Z How do I get 50 Azure Defender to protect windows servers on premise? https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-do-i-get-50-azure-defender-to-protect-windows-servers-on/m-p/1715537#M358 <P>There is supposed to be a license that I can acquire that allows me to protect 50 server VM's on-premise?&nbsp; Talking to my reseller and searching online brings up references but nothing specific.</P><P>Anyone take advantage of this license and using it?&nbsp; What were the pre-requisites you had to satisfy?</P> Sat, 26 Sep 2020 03:56:24 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/how-do-i-get-50-azure-defender-to-protect-windows-servers-on/m-p/1715537#M358 HPUbooker 2020-09-26T03:56:24Z Trying to create new workspace, nothing new appears https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/trying-to-create-new-workspace-nothing-new-appears/m-p/1715193#M357 <P>I have "created" multiple workspaces clicking on the "Create New Workspace" blue button and nothing new comes up.&nbsp; I only have one and I've created at least 5 new workspaces.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HPUbooker_0-1601075233144.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/222331i8DE0D8A4DC1B1C18/image-size/medium?v=v2&amp;px=400" role="button" title="HPUbooker_0-1601075233144.png" alt="HPUbooker_0-1601075233144.png" /></span></P><P>&nbsp;</P> Fri, 25 Sep 2020 23:07:36 GMT https://gorovian.000webhostapp.com/?exam=t5/azure-security-center/trying-to-create-new-workspace-nothing-new-appears/m-p/1715193#M357 HPUbooker 2020-09-25T23:07:36Z