Monthly updates for Security Center: November 2019
Azure Disk Encryption enables you to encrypt your Azure Virtual Machine disks with your keys safeguarded in Azure Key Vault.
Customer Lockbox provides customers the capability to control Azure support engineers' access to workloads that contain customer data This expanded support now provides customers control over access to their data for a larger set of Azure offerings.
With the Microsoft Security Code Analysis extension, you can infuse security analysis tools including Credential Scanner, BinSkim, and others into your Azure DevOps continuous integration and delivery (CI/CD) pipelines.
Azure Key Vault is an essential service for protecting data and improving performance of cloud applications by offering the ability to centrally manage keys, secrets, cryptographic keys and policies in the cloud.
You can now view detected malware across storage accounts using Azure Security Center.
Today we are introducing a new capability in Security Center that allows customers to create automation configurations leveraging Azure Logic Apps and to create policies that will automatically trigger them based on specific ASC findings such as Recommendations or Alerts.
With the many tasks that a user is given as part of Secure Score, the ability to effectively remediate issues across a large fleet can become challenging. In order to simplify remediation of security misconfigurations and to be able to quickly remediate recommendations on a bulk of resources and improve your secure score you can use Quick Fix.
The Regulatory Compliance dashboard provides insights into your compliance posture based on Security Center assessments. The dashboard shows how your environment complies with controls and requirements designated by specific regulatory standards and industry benchmarks and provides prescriptive recommendations for how to address these requirements.
Azure Security Center can now scan container images in Azure Container Registry for vulnerabilities. The image scanning works by parsing the container image file, then checking to see whether there are any known vulnerabilities (powered by Qualys).
Security Center is expanding its support in the container space to one of the fastest growing services in Azure - Azure Kubernetes Service.
Applications that are installed in virtual machines could often have vulnerabilities that could lead to a breach of the virtual machine. We are announcing that the Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee.
To support Security Center’s fast growth in the marketplace and meet our customers’ demands around threat protection, cloud security posture and enterprise scale deployment and automation, our team delivered on many new capabilities, as well as worked with some new partners that are part of the Microsoft Intelligent Security Association.
Azure Security Center now supports custom policies (in preview). Our customers have been wanting to extend their current security assessments coverage in Security Center with their own security assessments based on policies that they create in Azure Policy. With support for custom policies, this is now possible.
In order to enable enterprise level scenarios on top of Security Center, it’s now possible to consume Security Center alerts and recommendations in additional places except the Azure portal or API.
Windows Admin Center is a management portal for Windows Servers who are not deployed in Azure offering them several Azure management capabilities such as backup and system updates. We have recently added an ability to onboard these non-Azure servers to be protected by ASC directly from the Windows Admin Center experience.
The Microsoft Cloud Adoption Framework for Azure is proven guidance to accelerate your cloud adoption journey. It’s a collection of tools, guidance, and best practices to help shape your cloud strategy and achieve the desired business goals.