How to collect Security Data and generate a report from an Azure Subscription to check compliance

%3CLINGO-SUB%20id%3D%22lingo-sub-1281189%22%20slang%3D%22en-US%22%3EHow%20to%20collect%20Security%20Data%20and%20generate%20a%20report%20from%20an%20Azure%20Subscription%20to%20check%20compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281189%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20helping%20a%20customer%20who%20is%20in%20the%20education%20industry.%20They%20are%20a%20big%20university.%20We%20have%20to%20find%20out%20what%20kind%20of%20security%20mechanisms%20are%20in%20place%20in%20their%20environment%20and%20the%20resources%20they%20have%20deployed.%20My%20customer%20is%20using%20AKS%2C%20Azure%20VMs%20and%20few%20PaaS%20Services.%3C%2FP%3E%3CP%3ESo%20i%20would%20like%20to%20know%20what%20is%20the%20best%20way%20to%20generate%20this%20report%20of%20the%20existing%20Security%20features%20and%20controls%20that%20are%20in%20place%20in%20the%20environment%20to%20ensure%20they%20are%20compliant%20with%20PCI%20and%20HIPAA%20standards%20or%20NIST%20800-53%20R4.%20Based%20on%20this%20report%20we%20have%20to%20recommend%20them%20Azure%20security%20best%20practices%20so%20that%20the%20security%20gaps%20are%20plugged%20.%20Someone%20was%20telling%20me%20to%20use%20tools%20from%20Tenable%20and%20Prisma%20from%20Palo%20Alto.%3C%2FP%3E%3CP%3EIs%20there%20any%20native%20way%20in%20Azure%20that%20i%20can%20generate%20this%20report%20or%20can%20this%20be%20done%20using%20any%20powershell%20scripts%20say%3F%3C%2FP%3E%3CP%3EAppreciate%20any%20help%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1291405%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20collect%20Security%20Data%20and%20generate%20a%20report%20from%20an%20Azure%20Subscription%20to%20check%20complianc%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1291405%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F260641%22%20target%3D%22_blank%22%3E%40palchak%3C%2FA%3E%20enable%20Azure%20Security%20Center%20in%20your%20subscription%2C%20upgrade%20it%20to%20Standard%20tier%20(upgrade%20is%20free%20for%2030%20days)%20and%20wait%20for%20ASC%20to%20scan%20the%20resources%20available%20in%20the%20subscription%20and%20generate%20the%20security%20recommendations.%20Here%20a%20quick%20tutorial%20on%20how%20to%20onboard%20ASC%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-get-started%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-get-started%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We are helping a customer who is in the education industry. They are a big university. We have to find out what kind of security mechanisms are in place in their environment and the resources they have deployed. My customer is using AKS, Azure VMs and few PaaS Services.

So i would like to know what is the best way to generate this report of the existing Security features and controls that are in place in the environment to ensure they are compliant with PCI and HIPAA standards or NIST 800-53 R4. Based on this report we have to recommend them Azure security best practices so that the security gaps are plugged . Someone was telling me to use tools from Tenable and Prisma from Palo Alto.

Is there any native way in Azure that i can generate this report or can this be done using any powershell scripts say?

Appreciate any help

1 Reply
Highlighted

@palchak enable Azure Security Center in your subscription, upgrade it to Standard tier (upgrade is free for 30 days) and wait for ASC to scan the resources available in the subscription and generate the security recommendations. Here a quick tutorial on how to onboard ASC https://docs.microsoft.com/en-us/azure/security-center/security-center-get-started