In a recent tweet-streak I was clearly overjoyed by the announcement of the Azure Security Center being available as a Preview Feature in Azure. If you want to see where all the fuss is about, during the upcoming small holidays for New Year, you can enable this preview feature here.
Today I decided to take some of the recommendations and actually do something with them. The Azure Security Center (can we abbreviate this to MASC?) advised me to enable Network Security Groups on all of the subnets of my Virtual Network in Azure, which I did.
Another thing it recommended me to do, was to deploy anti-malware on all of my Azure VM. (Yes, I currently only have one ;-)) This was so amazingly simple I couldn’t resist to share it with you…
After activating the feature inside the “New” or “Ibiza” portal, it will do some inventory on your subscription and return some advice. It will advise you to install anti-malware on your VM’s in Azure. Your actual implementation of this advice depends on business-case, use and lifecycle of the VM, etc. Since this blog covers the installation of antimalware through the Security Center, let’s put all of those difficult things aside and lets just see how to do this already…
In the Azure Security Center select the VM’s section and drill down on the alert on Anti-Malware not present.
This will show you a list of all VM’s in this state, in my case the only VM I currently host in Azure. In this view you will find a button “Install on x VMs” that will open another blade to your right.
This blade will let you choose between a third party option and the Microsoft antimalware functionality and, after choosing the Microsoft solution, let you define which file extensions, locations or processes to exclude from your antimalware engine/scans.
When pressing “OK”, you’ll have started the deployment of antimalware to those virtual machines in an easy and straightforward flow.
All is good? Well for this subscription it now seems good, but where can we find the installation in the Virtual Machines blade? When you browse to “Extensions”, you’ll find the Azure IaaS antimalware extension successfully installed.
I think more and more functionality will be brought into the Azure Security Center in the near future, so your Compliance department can have a full overview of the security status of your part of the Azure Cloud.
If you have any questions or feedback, leave a comment below or drop me an email.