Ensure that standard pricing tier is selected

azure_security_center_standard_pricing

Severity

low

Vendor

Azure

Resource

App Service Authentication

Description

Azure Security Center collects events from Azure or log analytics agents and correlates them in a security analytics engine, to provide you with tailored recommendations (hardening tasks). Strengthening your security posture can be achieved by implementing these recommendations.

The Azure Security Center uses a built-in Azure Policy initiative in audit-only mode (the Azure Security Benchmark) as well as Azure Monitor logs and other Azure security solutions like Microsoft Cloud App Security.

The free pricing tier of the Azure Security Center is enabled by default on all Azure subscriptions, once you visit the Azure Security Center in the portal for the first time (or activate it via the API). Then it will automatically discover and onboard Azure resources, including PaaS services in Azure (Service Fabric, SQL Database etc). And you can include non-Azure resources via the Log Analytics agent and Azure Arc.

The standard pricing tier enables threat detection for networks and virtual machines and allows greater defense-in-depth. It provides threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center. Threat detection is provided by the Microsoft Security Response Center (MSRC).

Learn more at Azure Security Center.

Examples

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2018-06-01",
    "name": "VirtualMachines",
    "properties": {
      "pricingTier": "Free"
    }
  }]
}

Terraform

resource "azurerm_security_center_subscription_pricing" "free" {
  tier = "Free"
}

Mitigation / Fix

Buildtime

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2018-06-01",
    "name": "VirtualMachines",
    "properties": {
      "pricingTier": "Standard"
    }
  }]
}

Terraform

resource "azurerm_security_center_subscription_pricing" "free" {
  tier = "Standard" # Security costs $$$
}

Runtime

Azure Portal

To change the policy Log in to Azure Portal and then:

Navigate to Azure Security Center.
Select Security policy.
To alter the the security policy for a subscription, click Edit Settings.
In the Pricing tier select Standard.
Save.

CLI Command

To set the Pricing Tier to Standard, use the following command:

$ az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/default?api-version=2017-08-01-preview -d@"payload.json"'

Where payload.json contains the Request body json data, detailed below:

{
  "id": "/subscriptions/<Subscription Id>/providers/Microsoft.Security/pricings/default",
  "name": "default",
  "type": "Microsoft.Security/pricings",
  "properties": {
    "pricingTier": "Standard"
  }
}

See Get a token for utilities to access Azure.