Home
%3CLINGO-SUB%20id%3D%22lingo-sub-461308%22%20slang%3D%22en-US%22%3EUsing%20Azure%20Security%20Center%20Secure%20Score%20to%20Strength%20your%20Security%20Posture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-461308%22%20slang%3D%22en-US%22%3E%3CP%3EOnce%20Security%20Center%20Standard%20tier%20is%20enabled%20in%20your%20subscription%2C%20you%20will%20see%20a%20series%20of%20security%20recommendations%20that%20are%20directly%20correlated%20with%20your%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-secure-score%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esecure%20score%3C%2FA%3E.%20The%20secure%20score%20is%20the%20accumulation%20of%20all%20recommendations%20scores%20that%20are%20relevant%20for%20your%20workloads.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20317px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109101i5B70C73F2D29BD7B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig1.PNG%22%20title%3D%22Fig1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20means%20that%20each%20subscription%20may%20have%20a%20completely%20different%20total%20value%20(accumulation%20score)%2C%20since%20it%20will%20vary%20according%20to%20the%20number%20of%20workloads%20that%20you%20have%20on%20each%20subscription%20and%20their%20current%20secure%20state.%20To%20drive%20your%20secure%20score%20up%2C%20you%20need%20to%20address%20each%20individual%20recommendation%2C%20as%20each%20recommendation%20has%20a%20direct%20impact%20in%20your%20secure%20score.%20Under%20the%20%3CEM%3ERecommendations%3C%2FEM%3E%20blade%2C%20you%20can%20see%20a%20list%20of%20all%20recommendations%20organized%20by%20secure%20score%20impact%2C%20which%20can%20be%20used%20to%20prioritize%20which%20one%20you%20should%20address%20first%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20933px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109102i41EEFBC61C78C48D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig2.PNG%22%20title%3D%22Fig2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20you%20click%20on%20each%20individual%20recommendation%20you%20will%20see%20its%20description%2C%20some%20additional%20information%20about%20the%20recommended%20score%2C%20the%20threats%20that%20it%20is%20addressing%2C%20and%20the%20steps%20to%20remediate.%26nbsp%3B%20Security%20Center%20typically%20scans%20for%20new%20data%20every%20hour%2C%20and%20refreshes%20the%20recommendations%20accordingly%2C%20which%20means%20that%20once%20you%20remediate%20a%20specific%20recommendation%2C%20the%20recommendation%20won%E2%80%99t%20disappear%20immediately%20from%20the%20dashboard%2C%20only%20on%20the%20next%20refresh.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EFine%20tuning%20your%20recommendations%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EIn%20some%20circumstances%2C%20you%20may%20identify%20that%20a%20particular%20recommendation%20is%20not%20applicable%20for%20your%20environment.%20Sometimes%20this%20happens%20because%20you%20are%20already%20using%20a%20security%20countermeasure%20that%20it%20was%20not%20taken%20in%20consideration%20by%20Security%20Center.%20For%20example%2C%20if%20you%20are%20using%20a%20third-party%20MFA%20solution%2C%20Security%20Center%20will%20still%20trigger%20the%20MFA%20recommendation%2C%20since%20it%20is%20not%20aware%20that%20there%20is%20a%20countermeasure%20in%20place.%20If%20this%20is%20the%20case%2C%20you%20should%20disable%20the%20security%20assessment%20that%20triggers%20this%20recommendation%20to%20avoid%20having%20a%20negative%20impact%20in%20your%20secure%20score%20(since%20you%20will%20never%20remediate%20this%20recommendation)%2C%20and%20also%20to%20stop%20receiving%20this%20recommendation%20(which%20in%20this%20case%20can%20be%20considered%20as%20a%20false%20positive%20for%20your%20environment).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhile%20fine%20tuning%20your%20assessments%20is%20something%20that%20you%20may%20need%20to%20do%20in%20order%20to%20adequate%20with%20your%20organization%E2%80%99s%20needs%2C%20make%20sure%20to%20document%20the%20rationale%20behind%20disabling%20each%20assessment.%20From%20the%20change%20control%20and%20governance%20perspective%2C%20it%20is%20critical%20to%20track%20changes%20and%20the%20reasons%20behind%20those%20policy%20changes.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20fine%20tune%20your%20recommendations%2C%20you%20will%20need%20to%20disable%20the%20security%20assessment%20that%20triggers%20the%20recommendation.%20Follow%20the%20steps%20below%20to%20do%20that%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20Open%20%3CEM%3ESecurity%20Center%3C%2FEM%3E%20dashboard.%3C%2FP%3E%0A%3CP%3E2.%20On%20the%20left%20navigation%20pane%2C%20click%20%3CEM%3ESecurity%20Policy%3C%2FEM%3E.%3C%2FP%3E%0A%3CP%3E3.%20Click%20on%20the%20subscription%20that%20has%20the%20policy%20that%20you%20want%20to%20change%20it%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20847px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109104i6F0F590E12994D92%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig3.PNG%22%20title%3D%22Fig3.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E4.%20When%20the%20%3CEM%3ESecurity%20policy%3C%2FEM%3E%20blade%20opens%2C%20click%20the%20hyperlink%20for%20the%20Azure%20Policy%2C%20as%20shown%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20820px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109105i59CE38E61C20FD32%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig4.PNG%22%20title%3D%22Fig4.PNG%22%20%2F%3E%3C%2FSPAN%3E5.%20In%20the%20%3CEM%3EEdit%20Initiative%20Assignment%3C%2FEM%3E%20blade%2C%20search%20for%20the%20assessment%20that%20you%20want%20to%20disable%2C%20click%20the%20drop-down%20list%20and%20select%20%3CEM%3EDisabled%3C%2FEM%3E%2C%20as%20shown%20in%20the%20example%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20781px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109110iD1EF35E7AC23367C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig7.PNG%22%20title%3D%22Fig7.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E6.%26nbsp%3BAt%20the%20bottom%20of%20this%20blade%2C%20click%20%3CEM%3ESave%3C%2FEM%3E.%3C%2FP%3E%0A%3CP%3E7.%26nbsp%3BWait%20until%20you%20see%20the%20notification%20that%20the%20update%20was%20successfully%20committed%2C%20as%20shown%20in%20the%20sample%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20384px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F109109iA897140BCAC9D7E0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Fig6.PNG%22%20title%3D%22Fig6.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-461308%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Once Security Center Standard tier is enabled in your subscription, you will see a series of security recommendations that are directly correlated with your secure score. The secure score is the accumulation of all recommendations scores that are relevant for your workloads.

 

Fig1.PNG

 

This means that each subscription may have a completely different total value (accumulation score), since it will vary according to the number of workloads that you have on each subscription and their current secure state. To drive your secure score up, you need to address each individual recommendation, as each recommendation has a direct impact in your secure score. Under the Recommendations blade, you can see a list of all recommendations organized by secure score impact, which can be used to prioritize which one you should address first:

 

Fig2.PNG

 

When you click on each individual recommendation you will see its description, some additional information about the recommended score, the threats that it is addressing, and the steps to remediate.  Security Center typically scans for new data every hour, and refreshes the recommendations accordingly, which means that once you remediate a specific recommendation, the recommendation won’t disappear immediately from the dashboard, only on the next refresh.

 

Fine tuning your recommendations

In some circumstances, you may identify that a particular recommendation is not applicable for your environment. Sometimes this happens because you are already using a security countermeasure that it was not taken in consideration by Security Center. For example, if you are using a third-party MFA solution, Security Center will still trigger the MFA recommendation, since it is not aware that there is a countermeasure in place. If this is the case, you should disable the security assessment that triggers this recommendation to avoid having a negative impact in your secure score (since you will never remediate this recommendation), and also to stop receiving this recommendation (which in this case can be considered as a false positive for your environment).

 

While fine tuning your assessments is something that you may need to do in order to adequate with your organization’s needs, make sure to document the rationale behind disabling each assessment. From the change control and governance perspective, it is critical to track changes and the reasons behind those policy changes.

 

To fine tune your recommendations, you will need to disable the security assessment that triggers the recommendation. Follow the steps below to do that:

 

1. Open Security Center dashboard.

2. On the left navigation pane, click Security Policy.

3. Click on the subscription that has the policy that you want to change it:

 

Fig3.PNG

 

4. When the Security policy blade opens, click the hyperlink for the Azure Policy, as shown below:

 

Fig4.PNG5. In the Edit Initiative Assignment blade, search for the assessment that you want to disable, click the drop-down list and select Disabled, as shown in the example below:

 

Fig7.PNG

 

6. At the bottom of this blade, click Save.

7. Wait until you see the notification that the update was successfully committed, as shown in the sample below:

 

Fig6.PNG