What is it?
Azure Security Center provides insight on the current security posture within your Azure subscriptions, and it provides guidance on how to improve that score.
How does it work?
The core feature is called Secure Score, which is displayed as an overall percentage that can be drilled down into for the underlying scores.
The overall score is calculated as a ratio between the total number of resources and those resources that are declared as healthy. Secure Score looks at both IaaS and PaaS resources within Azure.
Microsoft provide a set of built-in initiatives to provide guidance for different regulatory compliance needs e.g. ISO 27001, PCI DSS, UK OFFICIAL.
By default, Microsoft assign the Azure Security Benchmark initiative to all subscriptions. The Azure Security Benchmark is based on controls from the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST), and this initiative is curated by Microsoft.
How do you improve your score?
Alongside the overall score the different recommendations to follow that will improve your overall score.
The recommendations are broken down under each control and a potential score increase is provided for following each recommendation. Within each recommendation the remediation steps are provided. In some cases, these steps can be carried automatically, and some require will manual intervention.