|
| 1 | +--- |
| 2 | +title: Resource impact from Azure security incidents |
| 3 | +description: This article details where to find information from Azure Service Health about how Azure security incidents might affect your resources. |
| 4 | +ms.topic: conceptual |
| 5 | +ms.date: 3/3/2023 |
| 6 | +--- |
| 7 | + |
| 8 | +# Impacted Resource Support for Security Incidents |
| 9 | + |
| 10 | +In support of the experience of viewing affected resources, Service Health has enabled a new feature to: |
| 11 | + |
| 12 | +- Display resources that are confirmed to be impacted by a security incident. |
| 13 | +- Resource Health status of both confirmed and potentially impacted resources showing the availability of the resource. |
| 14 | +- Enabling role-based access control (RBAC) for viewing security incident impacted resource information. |
| 15 | + |
| 16 | +This article details what is communicated to users and where they can view information about their impacted resources. |
| 17 | + |
| 18 | +>[!Note] |
| 19 | +>This feature will be rolled out in phases. Initially, only selected subscription-level customers will get the experience. The rollout will gradually expand to 100 percent of subscription customers. It will go live for tenant-level customers in the future. |
| 20 | +
|
| 21 | +## Role Based Access (RBAC) For Security Incident Resource Impact |
| 22 | + |
| 23 | +[Azure role-based access control (Azure RBAC)](https://learn.microsoft.com/azure/role-based-access-control/overview) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Given the sensitive nature of security incidents, role-based access is leveraged to limit the audience of their impacted resource information. Users authorized with the following roles can view security impacted resource information: |
| 24 | + |
| 25 | +**Subscription level** |
| 26 | +- Subscription Owner |
| 27 | +- Subscription Admin |
| 28 | +- Service Health Security Reader (New custom role) |
| 29 | + |
| 30 | +**Tenant level** |
| 31 | +- Security Admin/Security Reader |
| 32 | +- Global Admin/Tenant Admin |
| 33 | +- Azure Service Health Privacy reader (New custom role) |
| 34 | + |
| 35 | +## Viewing Impacted Resources for Security Incidents on the Service Health Portal |
| 36 | + |
| 37 | +In the Azure portal, the Impacted Resources tab under Service Health > Security Advisories displays resources that are affected by a security incident. The following example of the Impacted Resources tab shows an incident with confirmed affected resources. |
| 38 | + |
| 39 | +Service Health provides the below information to users whose resources are impacted by a security incident: |
| 40 | + |
| 41 | +|Column |Description | |
| 42 | +|---------|---------| |
| 43 | +|**Resource Name**|This will be the resource name of the resource. It will be text only for security impacted resources| |
| 44 | +|**Resource Type**|Type of affected resource (for example, virtual machine)| |
| 45 | +|**Location**|Location that contains the affected resource| |
| 46 | +|**Subscription ID**|Unique ID for the subscription that contains the affected resource| |
| 47 | +|**Subscription Name**|Subscription name for the subscription that contains the affected resource| |
| 48 | +|**Tenant Name**|Unique ID for the tenant that contains the impacted resource| |
| 49 | +|**Tenant ID**|Unique ID for the tenant that contains the affected resource| |
| 50 | + |
| 51 | +## Accessing Impacted Resources programmatically via an API: |
| 52 | + |
| 53 | +Security incident impacted resource information can be retrieved programmatically using Events API. To access the list of resources impacted by a Security incident, the following endpoints can be used by users authorized with the above-mentioned roles. |
| 54 | + |
| 55 | +**Subscription:** [Operation: POST](https://management.azure.com/subscriptions/4970d23e-ed41-4670-9c19-02a1d2808ff9/providers/microsoft.resourcehealth/events/3N8Z-DD8/listSecurityAdvisoryImpactedResources?api-version=2022-10-01) |
| 56 | + |
| 57 | +**Tenant:** [Operation: POST](https://management.azure.com/providers/microsoft.resourcehealth/events/3N8Z-DD8/listSecurityAdvisoryImpactedResources?api-version=2022-10-01) |
| 58 | + |
| 59 | +## Next steps |
| 60 | +- [Introduction to the Azure Service Health dashboard](service-health-overview.md) |
| 61 | +- [Introduction to Azure Resource Health](resource-health-overview.md) |
| 62 | +- [Frequently asked questions about Azure Resource Health](resource-health-faq.yml) |
0 commit comments