|   Trend Micro Cloud One™
Open menu

Enable Standard Pricing Tier

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Risk level: Medium (should be achieved)
Rule ID: SecurityCenter-001

Ensure that Azure standard pricing tier is active in order to enable threat detection for networks and virtual machines, provide threat intelligence, anomaly detection, and behavior analytics within the Azure Security Center.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Security

Enabling Azure Security Center standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection and regulatory compliance management.

Audit

To determine if standard pricing tier is enabled within your Microsoft Azure account, perform the following actions:

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the navigation panel, choose Pricing & settings to access your Azure account subscriptions.

04 On Pricing & Settings page, click on the name of the Azure subscription that you want to examine.

05 In the blade navigation panel, choose Pricing tier and check the pricing tier enabled for the selected subscription. If the tier currently selected is not the standard one, the Azure Security Center standard pricing tier is not enabled for the selected subscription.

06 Repeat step no. 4 and 5 for each Microsoft Azure cloud subscription available.

Using Azure CLI and PowerShell

01 Run account get-access-token command (Windows/macOS/Linux) using custom query filters to expose the Security Center pricing tier currently enabled for the current Azure account subscription:

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json" GET https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings?api-version=2017-08-01-preview' | jq '.|.value[] | select(.name=="default")'|jq '.properties.pricingTier'

02 The command output should return the name of the currently active Security Center pricing tier:

"Free"

If the command output does not return "Standard", the pricing tier selected is not the standard one, thus the Azure Security Center standard pricing tier is not enabled for the selected subscription.

03 Repeat step no. 1 and 2 for each Microsoft Azure cloud subscription available.

Remediation / Resolution

To activate Security Center standard pricing tier within your Microsoft Azure cloud account, perform the following actions:

Note: Enabling the standard pricing tier for Azure Security Center incurs an additional cost per node.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the navigation panel, choose Pricing & settings to access your Azure account subscriptions.

04 On Pricing & Settings page, click on the name of the Azure subscription that you want to examine.

05 In the blade navigation panel, select Pricing tier, then click on the Standard tier box to choose the required tier.

06 Click Save to apply the changes and enable the standard pricing tier. If the request was successful, the current Azure subscription has been upgraded to the Security Center standard tier for enhanced security.

07 If required, repeat steps no. 4 – 6 for other Microsoft Azure cloud subscription available.

Using Azure CLI and PowerShell

01 Define the input parameters required for the account get-access-token command, where the pricingTier configuration attribute is set to Standard. Save the following content to a JSON file named input-parameters.json and replace the highlighted placeholder, i.e. <azure-subscription-id>, with your own Azure subscription ID:

{
   "id":"/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/pricings/default",
   "name":"default",
   "type":"Microsoft.Security/pricings",
   "properties":{
      "pricingTier":"Standard"
   }
}

02 Run account get-access-token command (Windows/macOS/Linux) using the parameters defined at the previous step (i.e. input-parameters.json file) to enable the Security Center standard pricing tier for the current Microsoft Azure subscription in order to enhance your cloud account security (the command request does not produce an output):

az account get-access-token
	--query "{subscription:subscription,accessToken:accessToken}"
	--out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/default?api-version=2017-08-01-preview -d@"input-parameters.json"'

03 If successful, the command output should return the following configuration metadata:

{"id":"/subscriptions/abcdabcd-1234-1234-1234-abcdabcdabcd/providers/Microsoft.Security/autoProvisioningSettings/default","name":"default","type":"Microsoft.Security/pricings","properties":{"pricingTier":"Standard"}}

04 If required, repeat steps no. 1 – 3 for other Microsoft Azure cloud subscription available.

References

Publication date May 21, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Enable Standard Pricing Tier

Risk level: Medium