Configure Security Center bundle pricing with Azure Policy
Published Apr 08 2019 02:55 AM 6,702 Views

With the new Security Center pricing tier options per resource type, customers have asked us how to configure these at the (Root) Management Group scope so that any new (or existing) subscription will be automatically configured for the Standard pricing tier, allowing Security Center to automatically protect your resources.


As you may know, we have recently added Storage accounts protection in Security Center:



The most efficient way to achieve that objective is to leverage Azure Policy.

With the new Azure Policy aliases for Security Center you can author Azure Policy definitions for each of the 4 resource types.

To get you going, I've written 4 Azure Policy definitions which you can add to 1 single initiative to either enforce it on new subscriptions, or to set it on existing subscriptions.


The Azure Policy definition (deployIfNotExists) for setting the Standard pricing tier for Storage Accounts looks like this:



Add the 4 policy definitions for each bundle pricing tier:



Once you have added the 4 Policy definitions, you can add them to 1 single initiative:


Finally we assign the Initiative:



It will take around 30 minutes for a new assignment to become active:

Compliance - Not Started.png


After a while we can see the compliance state for the Initiative:

Compliance - Non-compliant.png

Clicking on one of the definitions shows us why it is not compliant. From here we can "remediate":

StorageAccounts - Non-compliant.png


Remediation is in progress and then done:

StorageAccounts - remediate in progress.pngStorageAccounts - remediate success.png

The 4 Policy definitions (deployIfNotExists) for the bundle resources can be found here.

1 Comment
Version history
Last update:
‎Nov 29 2021 12:07 PM
Updated by: