The securitydata Azure resource group

Most of the times companies have rules in place for managing their Azure environment. The main rules that should be in place are “Azure Policies” and naming conventions. Naming convention should be used to easily identify Azure resources and making consistency within the Azure Portal. These naming convention could then also be written up into policies to make sure everyone is being compliant.

To get started with the naming conventions you can take a look at the following article of Microsoft:

Resource Group naming convention

Most of the time (depending on the subscription setup) I use the following naming convention for the resource groups:


With this naming convention I can easily identify the resource group and also know for which environment it is. In a project we used the Azure Security Advisor and saw a resource group named “securitydata” appearing with a storage account in it. To comply with the rules we deleted the resource group and saw it appearing a few hours later.


Removing the securitydata resource group

Because the group kept appearing we looked into another option. The security advisor uses the storage account for saving data it found during the data collection. If you look at the data collection blade of the security advisor you see that there are two options:

  • Use workspaces created by Security Center (default).
  • Use another workspace

Data Collection

The first option makes use of the storage account and the second one is bound to a “OMS” workspace. We already had a OMS workspace within our subscription so we bound the data collection to that workspace. If you do not have a OMS workspace you can easily created (it is also a free service depending on the abilities you use).

To get everything in place follow the below steps:

  1. Create a Log Analytics service (OMS) if you don’t have one.  Make sure that you apply the naming convention rule Winking smile.
  2. Navigate to the Security Advisor.

Security Advisor

  1. Within the Security Advisor blade click on “Security Policy”.

Security Advisor Blade

  1. Click on the subscription for which you want to collect data.


  1. On the data collection blade, bind the security advisor data collection to your OMS workspace.

Bind to OMS workspace

  1. Save the changes
  2. In the “Pricing tier” blade check if the correct tier is selected.
  3. When done delete the “securitydata” resource group.

Related Posts

The new Azure certification paths from Microsoft Recently, Microsoft released new certifications and the corresponding learning paths. These certifications are more focused on job profiles. Microsof...
AKS (Kubernetes) and no connection could be made because the target machine acti... A client of my had an error while connecting to different resources within their Kubernetes cluster in Azure (AKS). Kubectl error On the kubectl com...
Kubernetes (AKS) attached to Azure Storage (Files) Kubernetes (AKS) can be used for many situations. For a client we needed to make files available trough a Kubernetes Pod. The files needed to be share...
Azure Managed Service Identity and Local Development Instead of storing user credentials of an external system in a configuration file, you should store them in the Azure Key Vault. Before MSI (Managed S...
Listing Azure Services within a CSV file In some situations you will look into a current Azure Environment and the setup/governance of it and need to migrate or move resources around. The ...
Restricting access to your Azure Web Application As you may know almost everything that is deployed to Azure is publicly available. As with Azure SQL Database you do not have a firewall available for...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.