Azure - Initial Azure Subscription Configuration
A number of changes are made to each Azure account to:
- Increase compliance to the Departmental IT Security Baseline
- Allow Public Cloud to support the account.
Those changes, while not enforced after account creation, are documented below.
Central US should be used as the default region/location for operations that do not need a specific region.
Access control (IAM)
Members of the Public Cloud Security Team are added to the Security Manager role.
The Azure Security Center is enabled with the following configuration:
- Data collection: On
- Prevention policy:
- System updates: On
- OS vulnerabilities: On
- Endpoint protection: On
- Disk encryption: On
- Network security groups: On
- Web application firewall: On
- Next generation firewall: On
- Vulnerability Assessment: On
- SQL auditing & Threat detection: On
- SQL Encryption: On
- Email notifications
- Security contact emails
- Phone number
- Send me emails about alerts: On
- Send email also to subscription owners: On
- Pricing Tier: Standard - Free Trial
- Free for the first ~90 days
- Node == VM (additional resources may be counted as nodes in the future)
Resource Group: qualysforazure
The qualysforazure resource group is required for Qualys Vulnerability Assessment for Azure to function.
Resource Group: securitydata
The securitydata resource group is required for the Azure Security Center to function.