Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Azure Security Center - Workflow Automation is now GA!


We are very excited to share that ‘ASC Workflow Automation’ is now generally available for all ASC customers! 


‘ASC Workflow Automation’ enables customers to trigger Azure Logic Apps workflows on Azure Security Center alerts and recommendations. This feature provides a wide variety of actions that can be triggered automatically upon any security event, to answer many SOAR scenarios (security orchestration, automation and response). A few examples of Workflows can be notifying relevant stakeholders, launching a change management process, applying specific remediation steps, quarantining a compromised machine and much more.


The feature can be centrally managed in scale by the following: 

1.       New Security Policies which easily enable enterprises to be compliant with any SOAR approach they would enforce within their enterprise security posture

2.       Template Deployments on Azure Gallery which ease the creation of common scenarios with ready-to-use templates.


How is it configured?


In the Azure portal, navigate to Security Center -> Workflow automation management blade


To add a new automation – click on the ‘+ Add workflow automation’ and fill in the relevant details, such as security event type, filters, and the target logic app to trigger. That’s it!

‘ASC Workflow automation’ will take care of triggering your workflow whenever a recommendation or alert is generated which matches the filter.

More advanced filtering capabilities are available via REST API or ARM Deployment.







What’s Next?

We are looking forward to adding new features such as supporting more security event types, as well as supporting scheduled workflows.


Official Documentation 


Blog Posts:

·         Enable JIT VM Access on Virtual Machine with Workflow Automation 

·         How to Isolate and Azure VM using ASC’s Workflow Automation 

·         The adventure of Automating Azure Security Center – Part 1 

·         Using Azure Security Center API for Workflow Automation 

·         Send ASC Recommendations to Azure Resource Stakeholders 

·         Azure – You Can Now Define Automation Workflow on Azure Security Center 


We would love to hear your feedback! 



1 Reply

Thank you @Cristhofer Munoz for sharing my blog, much appreciated!

All the best,