Are you compliant? Use Azure Security Center to make sure that you are!

The fact that Azure has been certified according to 70+ different standards makes little to no difference if you as a customer have no idea how to configure your environment to be compliant. If you need help there are blueprints available.

With the new functionality now in preview you can easily see if your Azure deployment is in line with the certification you’re striving for.

The overview page shows you directly how your deployment aligns with various standards. In my case I’m passing 11 out of 16 checks for PCI DSS 3.2. If I need to process credit card data I’d be dead in the water, but now I can quickly see what I’ve missed for example.

Azure Security Center overview – click “Regulatory Compliance overview (preview) in the middle column

Looking closer at our security posture at the moment I’ve drilled down a bit further, in this case selecting “Azure CIS” as the regulation I’d like to compare to. We can see a number of red areas where we obviously aren’t compliant. At this moment in time it doesn’t matter if you work in IT or not, if you see this you can easily figure out that you’re not.

An overview of how the security posture looks compared to “Azure CIS”. Not that good considering it’s all red…

The last step is to drill down into the areas that are red. This gives us detailed instructions on how to remediate the things we’re failing at. In the picture below we can see that we’ll need to enable disk encryption.

Applying disk encryption seems like a good idea, doesn’t it? Clicking the link will take you to the page giving you detailed instructions on how to do it.

This feature in the Security Center will be improved over time and will (probably) let you filter on the compliance standards you want to see, hence not checking the ones you don’t really care about.

You can find all the documention on Azure Security Center over at https://docs.microsoft.com/en-us/azure/security-center

How are you using Security Center today? Let me know in the comments!

Simplifying your life using the AZ-modules in powershell

As of December 2018 there’s a new kid in town helping you out with Azure. The old AzureRM modules will be replaced by the AZ modules to keep consistent with Core and Cloud Shell. The module will also keep your management / development environments consistent over Windows / Linux / Mac, hopefully making you a lot more efficient.

Installing the AZ modules

First step is actually uninstalling the AzureRM modules. Leaving you feeling all naked without any possibility to remotely manage Azure. But it’ll just be a few seconds if you’re quick enough.

Run Uninstall-AzureRM as Administrator and wait for it to complete. Once done you’ll run Install-Module Az and it’ll install the new modules.

If you have old scripts and don’t feel like rewrite them you can enable aliases for the old commands running Enable-AzureRmAlias. 

That’s it, you’re all updated and running the latest and greatest! To read more about the changes, check out GitHub!