Security Center Recommendations (Upgrades for now).

Question

Background -

Fairly new to the Azure environment, but we have installed the monitoring agent on some of our on premise boxes, and security center has started giving us recommendations. Some of these recommendations are system updates that should be installed, which we have been forwarding on to our IT operations team.

I have been working with the workflow + logic application to try and setup a email alert (just testing if I can get the email working) which works, except for the fact it's firing about 3k emails a day.

Question - Is anyone using the Azure Security Center for notifications that patches are needed for their on premise systems? I'm hoping once I nail that down, to be able to use something similar for the Security configurations as well.

I would love to hear how you are using it, or perhaps Azure Security Center is not yet there?

Answer 1

Hello Red000 , 

Security center does have some recommendation which you can use to create a logic app to send notification emails , similar to what you have already setup . You can use similar workflow automation . There are two settings related to whether updates and patches are installed on your monitored system or not as shown below. 

You require to be using the Security center standard tier for your Machines you want to protect with Azure Security center . Also you can create a workflow automation by clicking add workflow automation. 

This will bring you a side pane from the right side and you can fill the details as needed and associate it with an existing Logic app or create a new logic app . 

In the above section you will need to select Security Center recommendations in the Select security center data types and within the recommendation you need to select the following two as shown above. 

The logic App name field will list all the existing logic apps within your subscription which you have rights on. Once you click on View Logic App . The following shows the logic app settings. 

I would suggest you to go through the workflow automation to automate responses to alerts and recommendation. We also have a course on the new Microsoft Learn platform on how to resolve security threat with Azure Security center . I would suggest you to go through the links to understand more. And I am sure you can use it to get notifications for necessary patches. In case the information provided helps you , please do mark it as answer. If you have any other queries , please let us know and we will be happy to help . 

Hope this helps. Also I wanted to let you know that we have created a new QnA platform for Azure products and we encourage you to check it out . In the coming month we will be making these forums read only as we migrate from MSDN to QnA .

Thank you. 

---

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!