User Profile
yoavfrancis
Former Employee
Joined Mar 31, 2019
User Widgets
Recent Discussions
Re: GraphQL Exporter shows Security Pricing as NULL for whole subscription
The SKU field is always null. Please see the properties.pricingTier field for the Azure Security center pricing tier for each subscription and resource type. The standard tier allows for receiving security alerts for the relevant resource type in Security Center. Recommendations to improve your security posture are part of the free tier. Thanks, Yoav Francis, Azure Security CenterRe: azue security center pricing for on-premise systems
Hi MatthiasLannoy, Azure Security Center (ASC) charges on-prem/Non-Azure servers just like Virtual machines - 0.02$/hour for running servers. We are updating our public pricing page to properly reflect that. Do not that in order to fully protect on-prem servers, you need to: 1. Install the Microsoft Monitoring agent 2. Configure the agent to report to the desired workspace. 3. Make sure that that both the workspace and its parent subscription are on ASC standard tier These steps are streamlined via a built-in experience in ASC: head to 'Compute & Apps' in the main menu, and then select the 'Add Computers' command: You'll then be presented with an experience to onboard your Non-Azure servers. Thanks, Yoav Francis, Azure Security CenterRe: Workspace reconfiguration via ARM or Powershell?
nathanmitten Apologies for the delay. Set-AzSecurityWorkspaceSetting controls in which workspace to save the data, in case auto provisioning was enabled (with Set-AzSecurityAutoProvisioningStatus). In case you're using auto provisioning with managed workspaces ('default' workspaces), no need to call Set-AzSecurityWorkspaceSetting at all. Neither of the above PowerShell cmdlets take care of reconnecting the VMs in case you move from auto provisioning on default workspace to auto provisioning on a central workspace. In order to reconnect the VMs you'll need to explicitly make a POST call to the URI I mentioned in my last post: https://management.azure.com/subscriptions/SUBSCRIPTION_ID/providers/Microsoft.Security/workspaceSettings/default/connect?api-version=2017-08-01-preview Thanks, YoavRe: WorkFlow Automation
Hi , Apologies for the inconvenience. Could you kindly provide your subscription ID to allow us to better investigate (you can send it in a private message)? In addition I’ll encourage you to open a support ticket to get this better tracked. Thanks, Yoav Francis, Azure Security CenterRe: Workspace reconfiguration via ARM or Powershell?
Hi nathanmitten, Thanks for reaching out. If your subscriptions are currently using Security Center's managed workspaces (default workspaces) and you'd like to change them to report to a workspace of your own, you can reconfigure your existing VMs to report to this new workspace programmatically by using REST API: HTTP Method: POST URI: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/workspaceSettings/default/connect?api-version=2017-08-01-preview Request Body: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName} Reconfiguration of the agents may take up to 12 hours. Alternatively you can see the same in the ASC Portal experience: Pricing & Settings -> Select subscription -> Data collection -> switch from default workspaces to a workspace of your own. You'll then see the following confirmation dialog (Of course this method is applicable only in case you want to alter a few subscriptions and not dozens) We plan to add this to our API documentation in the near future as this specific functionality is missing from it, along with adding this to our PowerShell snippet. If your VMs currently report to your own workspace (whether the Microsoft Monitoring agent was provisioned manually on your VMs or with ASC's automatic provisioning), you'll have to reconfigure the Microsoft Monitoring agent to the new workspace manually. ASC can't do this automatically for you since it did not necessarily provision the agent and the actual reporting to the (user) workspace may have served needs besides ASC - thus this can't be done automatically. Reconfiguration in this case can be done in multiple ways, but this depend on how the Microsoft Monitoring Agent was installed (as an Azure Extension or as a Direct Agent installation) and on the OS. Please consult the relevant docs in such a case to find your appropriate scenario: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent Please reach out if you have any further questions or required clarifications. Thanks, Yoav Francis, Senior Product Manager, Azure Security CenterRe: Trigger Logic App does not list any Logic Apps
Thanks WouterStinkens for reaching out. This is a known issue in the experience where Logic Apps with the trigger mentioned in the docs won't be shown in the selector, as you have experienced: The selector currently shows only logic apps with the legacy trigger: We plan to fix this with priority so Logic Apps with any supporting trigger will be shown in the selector. The 2nd trigger mentioned above is a legacy trigger that will still be supported going forward, but do refrain from using it as it will not be maintained going forward and it is not supported in workflow automation scenarios. Apologies for the inconvenience and I'll reply on this thread when issue is resolved, Yoav Francis, Senior Program Manager Azure Security Center
