Add custom Azure Policy to Azure Security Center Recommendation

You know that Azure Security Center recommendation is powered by Azure Policy and you can disable recommendation that may not be applicable to your environment. Along with that, you can even add a custom Azure Policy into Azure Security Center recommendation so you can have a single pan of glass for your security posture in a one-stop shop.

In this article, let’s see how to add a custom Azure Policy to Azure Security Center Recommendation

Create sample policy and initiative

In this article, let’s create a custom Azure Policy to audit all storage accounts that don’t enable secure transfer (HttpsOnly).

{
    "properties": {
        "mode": "All",
        "parameters": {},
        "displayName": "Audit https traffic only for storage account",
        "description": "Audit https traffic only for storage account",
        "policyRule": {
            "if": {
                "allOf": [
                    {
                        "field": "type",
                        "equals": "Microsoft.Storage/storageAccounts"
                    },
                    {
                        "not": {
                            "field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
                            "equals": "true"
                        }
                    }
                ]
            },
            "then": {
                "effect": "audit"
            }
        }
    }
}

Once you have done policy definition let’s assign it against your subscription for testing purpose as well as creating some storage accounts that don’t enable Secure transfer.

Now you need to create a policy initiative because Azure Security Center doesn’t allow you to add each individual policy to its recommendation set. You don’t need multiple policies in an initiative but you do need one.

Add a custom policy to ASC Recommendation

Now go to Azure Security Center > Regulatory compliance > Manage compliance policies

Select a subscription you want to add a custom policy initiative to. Scroll down to the bottom of the page and click Add a custom initiative.

You will see a newly created custom initiative. Click Add and follow instruction to add this initiative to the existing Azure Security Center recommendation (aka ASC Initiative).

Wait for like 30 minutes and go back to Azure Security Center Recommendation page you will notice all policies under the new initiative are shown.

Once you click on the recommendation you can see all non-compliant resources

This entry was posted in Governance & Compliance and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *