Team,

We want to update that new built-in Azure policies to create and configure Continuous export and Workflow automation in ASC at scale are now available.

These DeployIfNotExist policies can be used to create the desired configurations on any scope, subscription/s or management groups, and can be found through Azure Policy:

• Continuous export

‘Deploy export to Event Hub for Azure Security Center alerts and recommendations’ – Policy Id: cdfcce10-4578-4ecd-9703-530938e4abcb

‘Deploy export to Log Analytics workspace for Azure Security Center alerts and recommendations’ – Policy Id: ffb6f416-7bd2-4488-8828-56585fef2be9

• Workflow automation

‘Deploy Workflow Automation for Azure Security Center alerts’ – Policy Id: f1525828-9a90-4fcf-be48-268cdd02361e

‘Deploy Workflow Automation for Azure Security Center recommendations’ – Policy Id: 73d6ab6c-2475-4850-afd6-43795f3492ef

We hope you will find these useful and will appreciate any feedback.