Day 50: Azure Security Center – Protecting Your Infrastructure

Welcome to Day 50 of my 100-day DevOps and Azure Cloud challenge!

“Security is not a feature. It’s a mindset.”

In today's digital world, moving to the cloud is no longer a trend — it's a default.

But with great scalability comes great responsibility.

While Azure offers powerful services to build and deploy, security remains your first line of defense.

That’s where Azure Security Center (now part of Microsoft Defender for Cloud) becomes your cloud superhero.

What is Azure Security Center?

Azure Security Center (ASC) is a cloud-native security posture management (CSPM) and workload protection platform (CWPP).

It provides:

• Visibility into your cloud security posture
• Recommendations to fix weaknesses
• Threat protection for workloads in Azure, hybrid, and even multi-cloud environments like AWS & GCP

Think of it as a 24x7 security consultant + SIEM analyst watching your infrastructure, constantly asking:

• Are your VMs exposed?
• Are your storage accounts open to the internet?
• Is that new Kubernetes cluster properly configured?
• What’s the security score of your subscription?

It serves two main purposes:

1. Posture Management – Continuously assesses your resources to identify vulnerabilities and misconfigurations.
2. Threat Protection – Provides threat detection, alerts, and response actions using Microsoft Defender for Cloud capabilities.

Why Is It Important?

A DevOps team launches a Kubernetes app on Azure.

A month later, they find their Azure bill skyrocketed. After investigation, it turns out a VM was compromised via an open port — it was being used for crypto mining.

If they had ASC enabled with proper alerts, this could have been caught in minutes.

Lesson: Cloud gives you speed. Security Center gives you safe speed.

Core Components of Azure Security Center

Let’s break down the core building blocks to understand ASC deeply:

1. Security Posture Management

Azure Security Center continuously evaluates your security state through Secure Score.

Secure Score

• A numerical value (0-100%) representing your current security situation.
• Based on security controls, such as whether VMs have endpoint protection, storage is encrypted, NSGs are applied, etc.
• Helps prioritize and guide security improvements.

Real-time Example: You have 10 recommendations in your Security Center. 3 are high-severity, like enabling MFA, turning on encryption, and securing public IPs. Secure Score tells you how critical these are and how they impact your posture.

2. Threat Protection (Defender for Cloud)

This is where ASC gets proactive with integrated threat intelligence, anomaly detection, and incident correlation.

🔹 Microsoft Defender for Cloud

It includes Defender plans for:

• Virtual Machines: Detects suspicious activities like brute-force attacks or crypto mining.
• App Services: Alerts on malicious payloads or code injection.
• Storage Accounts: Detects unusual access patterns (e.g., from TOR nodes).
• Kubernetes (AKS): Looks for privilege escalations or misconfigurations in pods.
• SQL Databases: Spots SQL injection attempts.
• Key Vaults: Warns if secrets are being exfiltrated.

Note: Defender for Cloud is the enhanced version of Security Center — it adds deeper AI-powered threat detection and alerts.

3. Security Recommendations

Azure Security Center constantly scans resources and gives recommendations:

• Apply encryption at rest using Azure-managed keys or customer-managed keys.
• Install endpoint protection (e.g., Microsoft Defender or third-party AV).
• Enable Just-In-Time (JIT) access on VMs to reduce RDP/SSH attack surface.
• Disable public IPs where unnecessary.
• Apply NSGs and ASGs correctly.

These suggestions are actionable — a few clicks and you can fix them directly from the portal.

4. Just-In-Time (JIT) VM Access

Many attacks happen because RDP (port 3389) or SSH (port 22) is open 24x7.

JIT VM Access:

• Closes all access to these ports.
• Allows time-limited, IP-restricted access only when needed.
• Helps protect against port scanning, brute force, and zero-day exploits.

Real-time Scenario: An administrator wants to SSH into a VM. They request access via ASC, get approved for 1 hour, and the port auto-closes after that.

5. Compliance Standards and Regulatory Controls

Azure Security Center helps you align with industry and regulatory compliance:

• Built-in policies for:
• Custom initiatives can be created based on your company’s internal governance model.

Pro Tip: You can integrate this with Azure Policy for automated remediation.

6. Alerts and Incidents

ASC uses Azure Sentinel, Microsoft’s SIEM solution, for advanced investigation.

• Alerts: Specific signals that something unusual happened.
• Incidents: Correlated alerts that form an attack story.
• You can configure Logic Apps to auto-remediate issues or send notifications.

Example: If unusual login patterns are seen (e.g., a user logging in from Russia & India within minutes), an alert is triggered and can block access or notify security teams.

Real-World Use Cases

Use Case 1: Securing a Multi-Tier Web App

Let’s say your application stack runs:

• Frontend in Azure App Service
• Backend on Azure VMs
• Database in Azure SQL

With Azure Security Center:

• You receive a Secure Score for your overall setup
• You get alerts if any VM has open RDP/SSH ports
• It recommends adding firewall rules or NSGs for Azure SQL
• You can apply Just-in-Time access to VMs so no one leaves ports open permanently

Use Case 2: Governance Across Multiple Subscriptions

A large organization has 10 Azure subscriptions for various departments.

ASC provides:

• A centralized security policy
• Visibility across all environments
• Easy enforcement of rules like “No public IPs on storage accounts”
• Integrates with Azure Policy for compliance automation

Use Case 3: Protecting a Financial App on Azure

You’re running a financial services application with:

• 20 VMs, an AKS cluster, Azure SQL DBs, and Blob Storage.
• Sensitive PII data stored and processed.
• Regulatory obligations like GDPR and PCI-DSS.

How Azure Security Center helps:

• Posture Checks: Finds out-of-date systems and missing firewalls.
• Defender for SQL: Identifies suspicious query patterns or SQL injections.
• JIT Access: Ensures only DevOps with temporary access can RDP into VMs.
• Threat Protection: Detects a crypto-miner script dropped on a VM.
• Regulatory Dashboard: Shows PCI-DSS compliance progress in %.
• Automation: Logic App disables accounts with anomalous sign-ins.

How Azure Security Center Works Behind the Scenes

1. Collects telemetry from:
2. Applies analytics + threat intelligence
3. Maps findings to MITRE ATT&CK framework
4. Pushes real-time alerts to dashboards, APIs, and Sentinel

Integration Possibilities

• Azure Monitor / Log Analytics – For collecting and querying security logs.
• Azure Policy – For defining governance and enforcing compliance.
• Azure Sentinel – For deeper SIEM + SOAR capabilities.
• Microsoft Defender for Endpoint – For EDR across devices.
• Power BI or Custom Dashboards – For visualization of security metrics.

Best Practices for Using Azure Security Center

1. Enable Defender for all resource types to get full threat visibility.
2. Regularly review Secure Score and prioritize high-severity actions.
3. Enable JIT on all VMs with public IPs.
4. Tag resources for better filtering and group-wise recommendations.
5. Integrate with Sentinel for advanced detection and automation.
6. Review regulatory compliance blade monthly to catch drifts.
7. Educate teams on resolving recommendations, not just ignoring them.

Step-by-Step Demo Guide: Enabling and Using Azure Security Center

Step 1: Enable Microsoft Defender for Cloud

1. Log in to the Azure Portal: https://portal.azure.com
2. Go to "Microsoft Defender for Cloud" in the left menu.
3. Click "Environment Settings".
4. Choose your subscription.
5. Click "Enable all Defender plans" (for comprehensive protection).
6. Save the settings.

This enables protection across VMs, databases, storage, containers, Key Vault, etc.

Step 2: Review Secure Score and Recommendations

1. Go to Microsoft Defender for Cloud > Overview.
2. You'll see your Secure Score with a breakdown of security controls.
3. Click on each recommendation to view:

Aim to maintain your Secure Score above 75% for production workloads.

Step 3: Enable Just-In-Time (JIT) VM Access

1. Navigate to "Inventory" and filter for VMs.
2. Select a VM you want to secure.
3. Click "Enable JIT" under configuration.
4. Define access rules:

This protects your VM by only opening ports when explicitly requested.

Step 4: Implement Regulatory Compliance Policies

1. Go to "Regulatory Compliance" under Defender for Cloud.
2. Select frameworks like:
3. Review the control scores.
4. Apply any remediations directly from recommendations.

This helps you align with internal or external audit requirements.

Step 5: Set Up Alerts & Automated Response

1. Go to "Security Alerts".
2. View recent threats (e.g., brute-force attacks, suspicious scripts).
3. Click on an alert to analyze details.
4. Click "Automate response" to create a Logic App:

Helps build SOAR (Security Orchestration Automation and Response) workflows.

Step 6: Integrate with Azure Sentinel (Optional)

1. Go to Azure Sentinel > Add Workspace.
2. Connect the same Log Analytics Workspace used by Defender for Cloud.
3. Click Data Connectors > Microsoft Defender for Cloud > Connect.
4. Use Sentinel notebooks or analytics rules for advanced hunting.

Combines ASC’s intelligence with Sentinel’s SIEM power.

Architecture Diagram – Azure Security Center Integration

              +----------------------------+
              |    Azure Security Center   |
              |  (Microsoft Defender for Cloud) |
              +-------------+--------------+
                            |
                            v
    +---------------------------------------------------+
    |           Monitored Azure Resources               |
    | +-----------+  +-----------+  +---------------+   |
    | | Azure VMs |  | AKS Clusters| | Azure SQL DBs |   |
    | +-----------+  +-----------+  +---------------+   |
    | +------------+ +-------------+ +---------------+  |
    | | Blob Storage| | Key Vaults  | | App Services  |  |
    | +------------+ +-------------+ +---------------+  |
    +---------------------------------------------------+
                            |
                            v
+-----------------------------------------------------------+
|       Azure Monitor + Log Analytics + Defender Agents     |
+-----------------------------------------------------------+
                            |
                            v
+-------------------------+     +--------------------------+
| Security Analytics + AI | --> | Secure Score Dashboard   |
+-------------------------+     +--------------------------+
                            |
                            v
+--------------------------+    +---------------------------+
| Recommendations & Fixes |    | Compliance & Policy Mgmt  |
+--------------------------+    +---------------------------+
                            |
                            v
+---------------------+       +-------------------------+
| Alerts + Incidents  | <-->  | Azure Sentinel (SIEM)   |
+---------------------+       +-------------------------+

        

Azure Security Center is not just a monitoring tool, but a comprehensive security management platform. It:

• Enforces zero trust by controlling access.
• Detects real-time threats and remediates issues quickly.
• Helps maintain compliance and regulatory requirements.
• Integrates seamlessly with other Azure security services.

Key Features of Azure Security Center – Layman Analogies

Secure Score:

• Think of this like your credit score, but for cloud security.
• It rates how secure your Azure environment is (from 0 to 100). A low score?
• You’ve got security gaps to fix. A high score? You’re in a strong position, but there’s always room to improve.
• It’s the first place to look to assess your risk.

Security Recommendations

• Azure doesn’t just show problems — it suggests what to fix.
• It’s like going to the doctor and getting a clear, personalized prescription to improve your health.
• These recommendations tell you what’s wrong, why it matters, and how to fix it — from turning on MFA to closing unused ports.

Just-in-Time (JIT) VM Access

• Instead of keeping your VM ports (like SSH or RDP) open 24/7, JIT makes sure they are only opened when needed and for a limited time.
• Imagine your VM has a door that’s locked by default — you request a temporary key, and it locks back after use.
• This drastically reduces the attack surface.

Adaptive Application Controls

• Azure can learn what applications typically run on your VMs and flag any unapproved or malicious ones.
• It’s like a whitelist for your servers — only the apps you’ve approved are allowed in.
• Anything else triggers an alert. Great for preventing unauthorized scripts or programs.

File Integrity Monitoring (FIM)

• This feature watches critical system files and alerts you if someone changes, deletes, or replaces them.
• Imagine having a security camera on your front door — the moment someone tries to tamper with the lock, you get notified.

Threat Detection & Analytics

• Using built-in intelligence and integrations (like with Microsoft Defender), ASC can detect malware, brute force attempts, and suspicious behavior.
• It’s like having a 24/7 security guard and AI detective keeping an eye on your workloads.

Regulatory Compliance Dashboard

• ASC maps your current cloud setup against industry standards like ISO, CIS, NIST, and PCI-DSS.
• It’s like an audit assistant — showing you where you stand in terms of compliance and helping you get certified-ready with step-by-step fixes.

Integration with Microsoft Defender Plans

• ASC works seamlessly with Microsoft Defender for Servers, Kubernetes, SQL, App Services, and more — providing deep threat protection for individual workloads.
• It’s not just surface-level monitoring; it dives into each service and checks for signs of compromise.

Azure Security Center is not just a monitoring tool, but a comprehensive security management platform. It:

• Enforces zero trust by controlling access.
• Detects real-time threats and remediates issues quickly.
• Helps maintain compliance and regulatory requirements.
• Integrates seamlessly with other Azure security services.

What’s Next?

Day 51–60 Preview: Deploying a Real-World Microservices Application Using DevOps & Cloud

You’ve learned the building blocks.

Now it’s time to put everything together.

In the next 10 days, we’ll walk through deploying a production-grade microservices application using:

• CI/CD (GitHub Actions & Azure Pipelines)
• Containers (Docker & Kubernetes)
• Infrastructure (Terraform & Helm)
• Monitoring, scaling, security & cost optimization

Follow Shruthi Chikkela for More Updates!

If you enjoyed this content, be sure to follow me for more valuable insights, tips, and updates on DevOps, cloud computing, Azure, and more.

Stay connected and never miss an update!

🔹 Subscribe to my newsletter for regular updates and in-depth guides.