Azure Security Center bast practices

Best practice rules for Security Center

Cloud Conformity monitors Security Center following the following rules:

Enable adaptive application whitelisting monitoring for Microsoft Azure virtual machines.

Ensure that "Also send email notification to subscription owners" feature is enabled within Azure Security Center.

Ensure that "Automatic provisioning of monitoring agent" feature is enabled to enhance security at the virtual machine (VM) level.

Enable disk encryption monitoring for Microsoft Azure virtual machines (VMs).

Enable endpoint protection monitoring and recommendations for Microsoft Azure virtual machines.

Ensure that "Send email notification for high severity alerts" security feature is enabled within Azure Security Center.

Ensure that JIT network access monitoring for Azure virtual machines (VMs) is enabled.

Enable OS vulnerability monitoring for Microsoft Azure virtual machines (VMs).

Enable network security group recommendations for Microsoft Azure virtual machines (VMs).

Ensure that next generation firewall monitoring for Azure virtual machines (VMs) is enabled.

Enable SQL auditing and threat detection monitoring for Microsoft Azure SQL servers.

Enable SQL encryption monitoring and recommendations for Microsoft Azure SQL servers.

Ensure that Security Center standard pricing tier is enabled in your Microsoft Azure account.

Enable storage encryption monitoring and recommendations for Azure Storage resources.

Enable system updates recommendations for Microsoft Azure virtual machines (VMs).

Ensure that vulnerability assessment monitoring for Azure virtual machines (VMs) is enabled.

Enable web application firewall monitoring for Microsoft Azure virtual machines (VMs).

Ensure that one or more security contact email addresses are defined within Azure Security Center settings.

Ensure that a security contact phone number is provided in the Azure Security Center settings.