- [Instructor] Before we start working with Azure Security Center console, and all features within, we need to make sure that we have all prerequisites in place. First of all, we need to make sure that we have tenant level visibility. If you're working for the large organization, it is very likely that you have many Azure subscriptions registered in the Azure Active Directory tenant. To have full overview of all subscriptions, you need a role-based access control, RBAC, with sufficient permissions to be assigned on the root level management group. It is important to understand that Azure Active Directory and Azure subscription access and permissions are working a different way. There are some really great LinkedIn training courses that I recommend to watch. If you assign Azure AD admin permissions, you don't have direct access to Azure Subscriptions. Let's go and check how we can grant access to ourself at the root management level, where we can assign our back roles. First we have to go to Azure AD menu on the left-hand side, Azure Active Directory. If you don't see it, click on All services and type Azure Active Directory and favorite it to the main menu. Let's click on it. Now we are forwarded to the Overview window. Let's scroll down and under the Manage area we'll see the Properties item. Click on it, and now we are forwarded to the Directory properties. Scroll down, and in the very bottom there is an Access management for Azure resources area. You have to click on Yes and Save button, in order to grant yourself the required permissions to work with Azure Security Center and its resources. Now my global administrator account is added to my user access administrator role in the Azure role-based access control on the root level. After this step is complete, we have to assign ourself our back role. Let's click on the Management groups on the left-hand side. Click on the Tenant Root Group [details]. Click on the Access control, and Add role assignment button. Type security, and we have two options to choose from, Security Admin and Security Reader, in order to work with the Azure Security Center. Because we are going to do lots of changes, we are not be the only users, we choose the Security Admin role. Click on it, from the bottom you have to choose the user which you want to assign those permissions. Click on one of the users, and click Save. Now we have granted all the required permissions to work with Azure Security Center and its resources. Next step is to onboard your sources. First, when the new subscription is being provisioned, based on the security center plan, subscription is automatically added for monitoring. Second, there are resources that we can onboard manually. Let's go to the Security Center. Under the General area, let's click Getting Started, and let's choose Install Agents tab. Let's scroll down, and we have Install agents manually. We can download Install agents manually. The installation process is very straightforward. You can run executable on a VM, and provide the workspace ID and the key from the log analytics. When the agent is installed, it is shown as part of Extensions. If you click on the Virtual machines menu, and choose one of the VMs, on Extensions area you will see that MicrosoftMonitoringAgent has been installed successfully. That means that this agent is going to report to Azure Security Center full alerts and data.
Released
3/7/2019- Azure Policy in action
- Logging and monitoring
- Managing data
- Protecting SQL resources
- Protecting virtual machines, identity, and access
- File integrity monitoring
- Azure data and SQL security best practices
- Network security best practices
Share this video
Embed this video
Video: Prerequisites and onboarding resources