The securitydata Azure resource group

Most of the times companies have rules in place for managing their Azure environment. The main rules that should be in place are “Azure Policies” and naming conventions. Naming convention should be used to easily identify Azure resources and making consistency within the Azure Portal. These naming convention could then also be written up into policies to make sure everyone is being compliant.

To get started with the naming conventions you can take a look at the following article of Microsoft:

Resource Group naming convention

Most of the time (depending on the subscription setup) I use the following naming convention for the resource groups:

<environment>-rg-<shortname>

With this naming convention I can easily identify the resource group and also know for which environment it is. In a project we used the Azure Security Advisor and saw a resource group named “securitydata” appearing with a storage account in it. To comply with the rules we deleted the resource group and saw it appearing a few hours later.

 

Removing the securitydata resource group

Because the group kept appearing we looked into another option. The security advisor uses the storage account for saving data it found during the data collection. If you look at the data collection blade of the security advisor you see that there are two options:

  • Use workspaces created by Security Center (default).
  • Use another workspace

Data Collection

The first option makes use of the storage account and the second one is bound to a “OMS” workspace. We already had a OMS workspace within our subscription so we bound the data collection to that workspace. If you do not have a OMS workspace you can easily created (it is also a free service depending on the abilities you use).

To get everything in place follow the below steps:

  1. Create a Log Analytics service (OMS) if you don’t have one.  Make sure that you apply the naming convention rule Winking smile.
  2. Navigate to the Security Advisor.

Security Advisor

  1. Within the Security Advisor blade click on “Security Policy”.

Security Advisor Blade

  1. Click on the subscription for which you want to collect data.

clip_image001[14]

  1. On the data collection blade, bind the security advisor data collection to your OMS workspace.

Bind to OMS workspace

  1. Save the changes
  2. In the “Pricing tier” blade check if the correct tier is selected.
  3. When done delete the “securitydata” resource group.

Related Posts

Point to Site VPN Client won’t install To connect an Azure App Service to a on-premise database you can make use of different solutions. Two of those solutions are: Hybrid Connection ...
Invoke Azure Function in your Visual Studio Team Services CI/CD pipeline A utility task is available for Visual Studio Team Services (VSTS) to invoke an http triggered Azure function. The ability to invoke a Function from y...
VSTS Extension for Azure Role Based Access Control Today I published an extension for Visual Studio Team Services (VSTS) that gives you the ability to add and remove role based access assignments in Az...
Listing Azure Services within a CSV file In some situations you will look into a current Azure Environment and the setup/governance of it and need to migrate or move resources around. The ...
Azure Event Grid with Custom Events As of yesterday (16-8-2017) the public preview of Azure Event Grid is live. Azure Event Grid is a fully managed event routing service. Azure Event Gri...
Removing the Classis Hybrid Connections from Azure (Azure BizTalk Service) As you know the classic hybrid connections that are build upon Azure BizTalk Services are deprecated. These connection will have to be replaced by the...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.