Sharing access to Workbooks in Azure Security Center

Published Sep 08 2021 01:49 PM 1,658 Views
Microsoft

Azure Workbooks are a great way of analyzing and visualizing various data in Azure. Azure Security Center (ASC) provides several built-in workbooks to track your company’s security posture, e.g. Secure Score or regulatory compliance. You can also create your own custom workbook that fits your specific needs or deploy one created by the Security Center community from our GitHub repository. You can find more information about how to set up and use those workbooks in our documentation.

 

As a security professional working with ASC, you likely already have access to all its features and capabilities. Once in a while, especially when it comes to reporting, you may need to share this information with someone, like your management, who does not know how to use the ASC dashboard or does not have permissions to access it. Today we are going to discuss exactly how to handle this situation. As of this writing (September 2021) ASC provides four out-of-box workbooks that use different data sources for reporting:

 

figure1.jpg

 

First thing you need to do is to give your target audience proper permissions to access the data used by the workbooks.

 

The “Secure Score Over Time” and “Compliance Over Time” workbooks rely on data previously aggregated in a Log Analytic workspace using the continuous export feature, while the “System Updates” and “Vulnerability Assessment findings” workbooks query data directly from Azure Resource Graph (ARG).

 

Let’s start with the first two. Keeping the principal of least privilege in mind, you need to assign the “Log Analytics Reader” role in this Log Analytics workspace to an Azure Active Directory group (recommended way) or individuals we wanted to share our workbook with.

 

figure3.jpg

 

Note: If you have multiple subscriptions exporting data to different workspaces and you want to give your recipients access to all this data, you will need to repeat this process for all those workspaces.

 

For the “System Updates” and “Vulnerability Assessment findings” workbooks, you need to grant the recipients permissions to query Azure Resource Graph. This can be done at the subscription or management group level (if you want similar experience across multiple subscriptions). The Security Reader role grants the holder the ability to read data used by these two workbooks.

 

figure4.jpg

 

Note: The Security Reader role assigned at the subscription level grants read access to all Log Analytics workspaces in this subscription. If you want to delegate access to all workbooks in ASC, assigning someone this role will be just enough.

 

Now we are ready to let our target audience know how to access the reports/workbooks.

 

Let’s use the “Secure Score over time” workbook as an example, but the sharing process is the same for all of them. All you need to do is to click the "Copy link" button and either “Share link via email” to let recipients know that they now have access to this report or copy/paste the link and share it using other ways, it’s up to you. 

 

figure2.jpg

 

Once they get authenticated by Azure AD, they should be able to access the workbooks. Notice that the workbooks open as a separate blade not as part of the ASC dashboard.

 

figure5.jpg

 

figure6.jpg

 

Reference:

Azure Monitor Workbooks

Create rich, interactive reports of Security Center data

Continuously export Security Center data             

 

P.S. Subscribe to our Azure Security Center and Azure Defender Newsletter to keep up to date on helpful tips and new releases and join our Tech Community where you can be one of the first to hear the latest Azure Security Center news, announcements and get your questions answered by Azure Security experts.

 

Many thanks to my friends and colleagues @Yuri Diogenes, Future Kortor (@fkortor), and @Lior Arviv for reviewing the article.

%3CLINGO-SUB%20id%3D%22lingo-sub-2666440%22%20slang%3D%22en-US%22%3ESharing%20access%20to%20Workbooks%20in%20Azure%20Security%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2666440%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fvisualize%2Fworkbooks-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Workbooks%3C%2FA%3E%20are%20a%20great%20way%20of%20analyzing%20and%20visualizing%20various%20data%20in%20Azure.%20Azure%20Security%20Center%20(ASC)%20provides%20several%20built-in%20workbooks%20to%20track%20your%20company%E2%80%99s%20security%20posture%2C%20e.g.%20Secure%20Score%20or%20regulatory%20compliance.%20You%20can%20also%20create%20your%20own%20custom%20workbook%20that%20fits%20your%20specific%20needs%20or%20%3CSPAN%3Edeploy%20%3C%2FSPAN%3Eone%20created%20by%20the%20Security%20Center%20community%20from%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FWorkbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eour%20GitHub%20repository%3C%2FA%3E.%20You%20can%20find%20%3CSPAN%3Emore%3C%2FSPAN%3E%20information%20about%20how%20to%20set%20up%20and%20use%20those%20workbooks%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcustom-dashboards-azure-workbooks%23workbooks-gallery-in-azure-security-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20a%20security%20professional%20working%20with%20ASC%2C%20you%20likely%20%3CSPAN%3Ealready%20%3C%2FSPAN%3Ehave%20access%20to%20all%20its%20features%20and%20capabilities.%20%3CSPAN%3EO%3C%2FSPAN%3Ence%20in%20a%20while%2C%20especially%20when%20it%20comes%20to%20reporting%2C%20you%20may%20need%20to%20share%20this%20information%20with%20someone%2C%20like%20your%20management%2C%20who%20does%20not%20know%20how%20to%20use%20the%20ASC%20dashboard%20or%20does%20not%20have%20permissions%20to%20access%20it.%20Today%20we%20are%20going%20to%20discuss%20exactly%20how%20to%20handle%20this%20situation.%20As%20of%20this%20writing%20(September%202021)%20ASC%20provides%20four%20out-of-box%20workbooks%20that%20use%20different%20data%20sources%20for%20reporting%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure1.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309004i15781DFB5AED02CB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure1.jpg%22%20alt%3D%22figure1.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EFirst%20thing%20you%3C%2FSPAN%3E%20need%20to%20do%20is%20to%20give%20your%20target%20audience%20proper%20permissions%20to%20access%20%3CSPAN%3Ethe%20data%20%3C%2FSPAN%3Eused%20by%20the%20workbooks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20%E2%80%9C%3CEM%3ESecure%20Score%20Over%20Time%3C%2FEM%3E%E2%80%9D%20and%20%E2%80%9C%3CEM%3ECompliance%20Over%20Time%3C%2FEM%3E%E2%80%9D%20workbooks%20rely%20on%20data%20previously%20aggregated%20in%20a%20Log%20Analytic%20workspace%20using%3CSPAN%3E%20the%3C%2FSPAN%3E%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcontinuous-export%3Ftabs%3Dazure-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econtinuous%20export%3C%2FA%3E%20feature%2C%20while%20the%20%E2%80%9C%3CEM%3ESystem%20Updates%3C%2FEM%3E%E2%80%9D%20and%20%E2%80%9C%3CEM%3EVulnerability%20Assessment%20findings%3C%2FEM%3E%E2%80%9D%20workbooks%20query%20data%20directly%20from%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fresource-graph%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Resource%20Graph%3C%2FA%3E%20(ARG).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%E2%80%99s%20start%20with%20the%20first%20two.%20Keeping%20the%20principal%20of%20least%20privilege%20in%20%3CSPAN%3Emind%2C%20you%26nbsp%3B%3C%2FSPAN%3Eneed%20to%20assign%20the%20%E2%80%9C%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Frole-based-access-control%2Fbuilt-in-roles%23log-analytics-reader%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ELog%20Analytics%20Reader%3C%2FA%3E%E2%80%9D%20role%20in%20this%20%3CSPAN%3ELog%20Analytics%20%3C%2FSPAN%3Eworkspace%20to%20a%3CSPAN%3En%3C%2FSPAN%3E%20%3CSPAN%3EAzure%20Active%20Directory%20%3C%2FSPAN%3Egroup%20(recommended%20way)%20or%20individuals%20we%20wanted%20to%20share%20our%20workbook%20with.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure3.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309013i6D335005D19FB254%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure3.jpg%22%20alt%3D%22figure3.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20If%20you%20have%20multiple%20subscriptions%20exporting%20data%20to%20different%20workspaces%20and%20you%20want%20to%20give%20your%20recipients%20access%20to%20all%20this%20data%2C%20you%20will%20need%20to%20repeat%20this%20process%20for%20all%20those%20workspaces.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20the%20%E2%80%9C%3CEM%3ESystem%20Updates%3C%2FEM%3E%E2%80%9D%20and%20%E2%80%9C%3CEM%3EVulnerability%20Assessment%20findings%3C%2FEM%3E%E2%80%9D%20workbooks%3CSPAN%3E%2C%20%3C%2FSPAN%3Eyou%20need%20to%20grant%20the%20recipients%20permissions%20to%20query%20Azure%20Resource%20Graph.%20This%20can%20be%20done%20at%20the%20subscription%20or%20management%20group%20level%20(if%20you%20want%20similar%20experience%20across%20multiple%20subscriptions).%20The%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Froles%2Fpermissions-reference%23security-reader%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESecurity%20Reader%3C%2FA%3E%20role%20grants%20the%20holder%20the%20ability%20to%20read%20data%20used%20by%20these%20two%20workbooks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure4.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309014iD59A3762DB5C77E7%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure4.jpg%22%20alt%3D%22figure4.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20The%20Security%20Reader%20role%20assigned%20at%20the%20subscription%20level%20grants%20read%20access%20to%20all%20Log%20Analytics%20workspaces%20in%20this%20subscription.%20%3CSPAN%3EI%3C%2FSPAN%3Ef%20you%20want%20to%20delegate%20access%20to%20all%20workbooks%20in%20ASC%2C%20assigning%20someone%20this%20role%20will%20be%20just%20enough.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20we%20are%20ready%20to%20let%20our%20target%20audience%20know%20how%20to%20access%20the%20reports%2Fworkbooks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%E2%80%99s%20use%20the%20%E2%80%9C%3CEM%3ESecure%20Score%20over%20time%3C%2FEM%3E%E2%80%9D%20workbook%20as%20an%20example%2C%20but%20the%20sharing%20process%20is%20the%20same%20for%20all%20of%20them.%20All%20you%20need%20to%20do%20is%20to%20click%20the%20%22Copy%20link%22%20button%20and%20either%20%E2%80%9CShare%20link%20via%20email%E2%80%9D%20to%20let%20recipients%20know%20that%20they%20now%20have%20access%20to%20this%20report%20or%20copy%2Fpaste%20the%20link%20and%20share%20it%20using%20other%20ways%2C%20it%E2%80%99s%20up%20to%20you.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure2.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309005iEFF61849D8397A0C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure2.jpg%22%20alt%3D%22figure2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20they%20get%20authenticated%20by%20Azure%20AD%2C%20they%20should%20be%20able%20to%20access%20the%20workbooks.%20Notice%20that%20the%20workbooks%20open%20as%20a%20separate%20blade%20not%20as%20part%20of%20the%20ASC%20dashboard.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure5.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309015i23ABB2B550F4978C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure5.jpg%22%20alt%3D%22figure5.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22figure6.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309016i4949B01544541B54%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22figure6.jpg%22%20alt%3D%22figure6.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReference%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fvisualize%2Fworkbooks-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Monitor%20Workbooks%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcustom-dashboards-azure-workbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECreate%20rich%2C%20interactive%20reports%20of%20Security%20Center%20data%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcontinuous-export%3Ftabs%3Dazure-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EContinuously%20export%20Security%20Center%20data%3C%2FA%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EP.S.%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FASCNewsSubscribe%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESubscribe%3C%2FA%3E%20to%20our%20Azure%20Security%20Center%20and%20Azure%20Defender%20Newsletter%20to%20keep%20up%20to%20date%20on%20helpful%20tips%20and%20new%20releases%20and%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FASCTechCommunity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ejoin%3C%2FA%3E%20our%26nbsp%3BTech%20Community%26nbsp%3Bwhere%20you%20can%20be%20one%20of%20the%20first%20to%20hear%20the%20latest%20Azure%20Security%20Center%20news%2C%20announcements%20and%20get%20your%20questions%20answered%20by%20Azure%20Security%20experts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMany%20thanks%20to%20my%20friends%20and%20colleagues%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124214%22%20target%3D%22_blank%22%3E%40Yuri%20Diogenes%3C%2FA%3E%2C%20Future%20Kortor%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F754905%22%20target%3D%22_blank%22%3E%40fkortor%3C%2FA%3E)%2C%20and%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F7427%22%20target%3D%22_blank%22%3E%40Lior%20Arviv%3C%2FA%3E%26nbsp%3Bfor%20reviewing%20the%20article.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2666440%22%20slang%3D%22en-US%22%3E%3CP%3EAzure%20workbooks%20are%20a%20great%20way%20of%20analyzing%20and%20visualizing%20various%20data%20in%20Azure.%20Azure%20Security%20Center%20provides%20several%20built-in%20workbooks%20to%20track%20your%20company%E2%80%99s%20security%20posture%2C%20e.g.%20Secure%20Score%20or%20Regulatory%20compliance.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22teaser.jpg%22%20style%3D%22width%3A%20410px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309080i13107196AF73FF14%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22teaser.jpg%22%20alt%3D%22teaser.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2666440%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Security%20Center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWorkbooks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Sep 08 2021 01:57 PM
Updated by: