Azure Security Center best practices

Best practice rules for Security Center

Trend Micro Cloud One™ – Conformity monitors Security Center with the following rules:

• Check for Azure Security Center Recommendations

  Ensure that Microsoft Azure Security Center recommendations are examined and resolved.

• Enable Adaptive Application Safelisting Monitoring

  Enable adaptive application safelisting monitoring for Microsoft Azure virtual machines.

• Enable Alert Notifications for Subscription Owners

  Ensure that "Also send email notification to subscription owners" feature is enabled within Azure Security Center.

• Enable Automatic Provisioning of the Monitoring Agent

  Ensure that "Automatic provisioning of monitoring agent" feature is enabled to enhance security at the virtual machine (VM) level.

• Enable DDoS Protection Standard Monitoring for Public Virtual Networks

  Ensure that monitoring of DDoS protection at the Azure virtual network level is enabled.

• Enable Disk Encryption Monitoring

  Enable disk encryption monitoring for Microsoft Azure virtual machines (VMs).

• Enable Email Notification for Alerts

  Ensure that "Email Notification for Alerts" security feature is enabled within Azure Security Center.

• Enable Endpoint Protection Monitoring

  Enable endpoint protection monitoring and recommendations for Microsoft Azure virtual machines.

• Enable JIT Network Access Monitoring

  Ensure that JIT network access monitoring for Azure virtual machines (VMs) is enabled.

• Enable Monitoring for OS Vulnerabilities

  Enable OS vulnerability monitoring for Microsoft Azure virtual machines (VMs).

• Enable Monitoring of Deprecated Accounts

  Ensure that monitoring of deprecated accounts within your Azure subscription(s) is enabled.

• Enable Network Security Group Monitoring

  Enable network security group recommendations for Microsoft Azure virtual machines (VMs).

• Enable Next Generation Firewall (NGFW) Monitoring

  Ensure that next generation firewall monitoring for Azure virtual machines (VMs) is enabled.

• Enable SQL Auditing Monitoring

  Enable SQL auditing and threat detection monitoring for Microsoft Azure SQL servers.

• Enable SQL Encryption Monitoring

  Enable SQL encryption monitoring and recommendations for Microsoft Azure SQL servers.

• Enable Standard Pricing Tier

  Ensure that Security Center standard pricing tier is enabled in your Microsoft Azure account.

• Enable Storage Encryption Monitoring

  Enable storage encryption monitoring and recommendations for Azure Storage resources.

• Enable System Updates Monitoring

  Enable system updates recommendations for Microsoft Azure virtual machines (VMs).

• Enable Virtual Machine IP Forwarding Monitoring

  Ensure that IP forwarding enabled on your Azure virtual machines (VMs) is being monitored.

• Enable Vulnerability Assessment Monitoring

  Ensure that vulnerability assessment monitoring for Azure virtual machines (VMs) is enabled.

• Enable Web Application Firewall Monitoring

  Enable web application firewall monitoring for Microsoft Azure virtual machines (VMs).

• Monitor External Accounts with Write Permissions

  Ensure that the external accounts with write permissions are monitored using Azure Security Center.

• Monitor the Total Number of Subscription Owners

  Ensure that the total number of subscription owners within your Azure account is monitored.

• Security Contact Emails In Use

  Ensure that one or more security contact email addresses are defined within Azure Security Center settings.

• Security Contact Phone Numbers In Use

  Ensure that a security contact phone number is provided in the Azure Security Center settings.