You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/security-center-identity-access.md
+21-53Lines changed: 21 additions & 53 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,82 +11,50 @@ ms.devlang: na
11
11
ms.topic: conceptual
12
12
ms.tgt_pltfrm: na
13
13
ms.workload: na
14
-
ms.date: 12/19/2019
14
+
ms.date: 03/06/2020
15
15
ms.author: memildin
16
16
---
17
+
17
18
# Monitor identity and access
18
-
When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls to harden and protect your resources.
19
19
20
-
This article explains the **Identity and Access** page of the resource security section of Azure Security Center.
20
+
> [!TIP]
21
+
> From March 2020, Azure Security Center's identity and access recommendations are included in all subscriptions on the free pricing tier. If you have subscriptions on the free tier, their Secure Score will be affected as they were not previously assessed for their identity and access security.
21
22
22
-
For a full list of the recommendations you might see on this page, see [Identity and Access recommendations](recommendations-reference.md#recs-identity).
23
+
When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed controls to harden and protect your resources.
23
24
24
-
Identity should be the control plane for your enterprise, and protecting identities should be your top priority. The security perimeter has evolved from a network perimeter to an identity perimeter. Security becomes less about defending your network and more about defending your data, as well as managing the security of your apps and users. Nowadays, with more data and more apps moving to the cloud, identity becomes the new perimeter.
25
+
The security perimeter has evolved from a network perimeter to an identity perimeter. Security becomes less about defending your network and more about defending your data, as well as managing the security of your apps and users. Nowadays, with more data and more apps moving to the cloud, identity becomes the new perimeter.
25
26
26
-
By monitoring identity activities, you can take proactive actions before an incident takes place or reactive actions to stop an attack attempt. The Identity & Access dashboard provides you with recommendations such as:
27
+
By monitoring identity activities, you can take proactive actions before an incident takes place or reactive actions to stop an attack attempt. Examples of recommendations you might see on the **Identity and access** resource security section of Azure Security Center include:
27
28
28
-
- Enable MFA for privileged accounts on your subscription
29
-
- Remove external accounts with write permissions from your subscription
30
-
- Remove privileged external accounts from your subscription
29
+
- MFA should be enabled on accounts with owner permissions on your subscription
30
+
- A maximum of 3 owners should be designated for your subscription
31
+
- Deprecated accounts should be removed from your subscription
32
+
- External accounts with read permissions should be removed from your subscription
33
+
34
+
For a full list of the recommendations you might see here, see [Identity and Access recommendations](recommendations-reference.md#recs-identity).
31
35
32
36
> [!NOTE]
33
37
> If your subscription has more than 600 accounts, Security Center is unable to run the Identity recommendations against your subscription. Recommendations that are not run are listed under "unavailable assessments" below.
34
38
Security Center is unable to run the Identity recommendations against a Cloud Solution Provider (CSP) partner's admin agents.
35
39
>
36
40
37
-
## Monitor identity and access
38
-
39
-
Open the list of identified Identity and Access issues by selecting **Identity & access** from the Security Center sidebar (under **Resources**), or from the overview page.
40
-
41
-
Under **Identity & Access**, there are two tabs:
42
-
43
-
-**Overview**: recommendations identified by Security Center.
44
-
-**Subscriptions**: list of your subscriptions and current security state of each.
Under **Overview**, there is a list of recommendations. The first column lists the recommendation. The second column shows the total number of subscriptions that are affected by that recommendation. The third column shows the severity of the issue.
50
41
51
-
1. Select a recommendation. The recommendations window opens and displays:
42
+
All of the identity and access recommendations are available within two security controls in the **Recommendations** page:
52
43
53
-
- Description of the recommendation
54
-
- List of unhealthy and healthy subscriptions
55
-
- List of resources that are unscanned due to a failed assessment or the resource is under a subscription running on the Free tier and is not assessed
58
48
59
-
1. Select a subscription in the list for additional detail.
60
49
61
-
### Subscriptions section
62
-
Under **Subscriptions**, there is a list of subscriptions. The first column lists the subscriptions. The second column shows the total number of recommendations for each subscription. The third column shows the severities of the issues.
Enabling MFA requires [Azure Active Directory (AD) tenant permissions](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).
65
53
66
-
1. Select a subscription. A summary view opens with three tabs:
54
+
- If you have a premium edition of AD, enable MFA using using [conditional access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview).
67
55
68
-
-**Recommendations**: based on assessments performed by Security Center that failed.
69
-
-**Passed assessments**: list of assessments performed by Security Center that passed.
70
-
-**Unavailable assessments**: list of assessments that failed to run due to an error or because the subscription has more than 600 accounts.
56
+
- Users of AD free edition can enable **security defaults** in Azure Active Directory as described in the [AD documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) but the Security Center recommendation to enable MFA will still appear.
71
57
72
-
Under **Recommendations** is a list of the recommendations for the selected subscription and severity of each recommendation.
73
-
74
-
[](./media/security-center-identity-access/recommendations.png#lightbox)
75
-
76
-
1. Select a recommendation for a description of the recommendation, a list of unhealthy and healthy subscriptions, and a list of unscanned resources.
77
-
78
-
[](./media/security-center-identity-access/designate.png#lightbox)
79
-
80
-
Under **Passed assessments** is a list of passed assessments. Severity of these assessments is always green.
1. Select a passed assessment from the list for a description of the assessment and a list of healthy subscriptions. There is a tab for unhealthy subscriptions that lists all the subscriptions that failed.
> If you created a Conditional Access policy that necessitates MFA but has exclusions set, the Security Center MFA recommendation assessment considers the policy non-compliant, because it enables some users to sign in to Azure without MFA.
90
58
91
59
## Next steps
92
60
To learn more about recommendations that apply to other Azure resource types, see the following articles:
0 commit comments