Managing automatic provisioning of agents in Azure Security Center
In this post, I want to show you how to enable the automatic provisioning of agents in Azure Security Center. Although Microsoft recommends enabling this option, it is disabled by default. Enabling this option will allow us to have more efficient security coverage when performing the automatic installation of the necessary agents and extensions, both in existing resources and in future resources that we deploy in our subscription.
Prerequisites
- This tutorial assumes that you already have a Microsoft Azure account configured.
- The Az. Security module must be installed.
Azure PowerShell Workaround #
If you want to know how to install the PowerShell Azure module on your machine, check out this link.
The simplest way to get started is to sign in interactively at the command line.
Connect-AzAccount
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:
Get-AzSubscription
Set-AzContext -Subscription "<subscription ID>"
Once you set your default subscription, you’re ready to start.
Register the resource provider #
To register a resources provider in your Azure subscription, you should use the Register-AzResourceProvider cmdlet with the following syntax.
Register-AzResourceProvider -ProviderNamespace 'Microsoft.Security'
Check Auto-provisioning settings #
Using the Get-AzSecurityAutoProvisioningSetting cmdlet you can verify the current configuration of agents and extensions in your subscription.
Get-AzSecurityAutoProvisioningSetting `
| Select-Object Name, AutoProvision
Enable Auto-provisioning #
Once you have verified that it is disabled, you can enable it using the Set-AzSecurityAutoProvisioningSetting cmdlet with the following syntax.
Set-AzSecurityAutoProvisioningSetting `
-Name "default" `
-EnableAutoProvision
Disable Auto-provisioning #
if you want to leave this option with the default values. you should use the following command.
Set-AzSecurityAutoProvisioningSetting -Name "default"
Azure CLI Workaround #
In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link. Important: First, you need to set up a subscription to use in the current session.
az account list
az account set --subscription "Subscription Name"
Register the resource provider #
To register a resources provider in your Azure subscription, you should use the following command.
az provider register --namespace 'Microsoft.Security'
Check Auto-provisioning settings #
First, using the following command can check the current configuration of the agent in your subscription.
az security auto-provisioning-setting list -o table
Enable Auto-provisioning #
Once the verification is done, you can enable automatic provisioning using the following command.
az security auto-provisioning-setting update \
--name "default" \
--auto-provision "On" \
-o table
Disable Auto-provisioning #
If for any reason you want to disable this option, you should use the following command.
az security auto-provisioning-setting update \
--name "default" \
--auto-provision "Off"
Thanks for reading my post. I hope you find it useful.
In the next post about Azure Security Center, I will explain how to change the Azure Defender plans for your subscription.
If you want to know more about Security Center, check out this link