Azure - Initial Azure Subscription Configuration
Azure - Initial Azure Subscription Configuration
A number of changes are made to each Azure account to:
- Increase compliance to the Departmental IT Security Baseline
- Allow Public Cloud to support the account.
Those changes, while not enforced after account creation, are documented below.
Default region
Central US
Central US should be used as the default region/location for operations that do not need a specific region.
Access control (IAM)
Members of the Public Cloud Security Team are added to the Security Manager role.
Security Center
The Azure Security Center is enabled with the following configuration:
- Data collection: On
- Prevention policy:
- System updates: On
- OS vulnerabilities: On
- Endpoint protection: On
- Disk encryption: On
- Network security groups: On
- Web application firewall: On
- Next generation firewall: On
- Vulnerability Assessment: On
- SQL auditing & Threat detection: On
- SQL Encryption: On
- Email notifications
- Security contact emails
- Phone number
- Send me emails about alerts: On
- Send email also to subscription owners: On
- Pricing Tier: Standard - Free Trial
- $15.00/node/month
- Free for the first ~90 days
- Node == VM (additional resources may be counted as nodes in the future)
Resource Group: qualysforazure
The qualysforazure resource group is required for Qualys Vulnerability Assessment for Azure to function.
Resource Group: securitydata
The securitydata resource group is required for the Azure Security Center to function.
If you have any questions, feedback or ideas please Contact Us
Commonly Referenced Docs:
UW Madison Public Cloud Team Events Online Learning Classes for Cloud Vendors What Data Elements are allowed in the Public Cloud