Azure Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with network security group (NSG) rule recommendations for your internet-facing virtual machines. This is called adaptive network hardening, and it's in public preview. It helps you secure connections to and from the public internet (made by workloads running in the public cloud), which are one of the most common attack surfaces.
It can be hard to know which NSG rules should be in place to make sure that Azure workloads are available only to required source ranges. These new recommendations in Security Center help you configure your network access policies and limit your exposure to attacks. Security Center uses machine learning to fully automate this process, including an automated enforcement mechanism. These recommendations also use Microsoft’s extensive threat intelligence reports to make sure that known malicious actors are blocked.
To view these recommendations, in the Security Center portal, select Networking and then Adaptive network hardening.
The network map in Azure Security Center now supports virtual network peering. Directly from the network map, you can view allowed traffic flows between peered virtual networks and deep dive into the connections and entities.
In Azure Security Center, adaptive application control in audit mode is now available for Azure Linux VMs. This whitelisting solution is also available for non-Azure Windows and Linux VMs and servers that are connected to Security Center.
In addition, you can now rename groups of virtual machine and server clusters in Security Center. They're still automatically named group1, group2, and so on. But you can then edit them to provide a more meaningful name to your machine cluster groups, to help you better represent those application control policy groups.
The new Azure Security Center regulatory compliance dashboard is in public preview. It helps streamline the process for meeting regulatory compliance requirements by providing insights into your compliance posture. The information provided is based on continuous assessments of your Azure environment.
To support your business needs and to provide compliance reports to auditors and executives, you can use the Download now link to generate a .pdf file that provides the overall status for each regulatory standard you select.
In Azure Security Center, the number for secure score impact represents how much your overall secure score will improve if you follow recommendations. This number changed for several recommendations, as part of the continuous improvement effort for Azure Security Center. The change might affect your overall secure score.
Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with NSG rule recommendations for your internet facing virtual machines. This helps you better configure your network access policies and limit your exposure to attacks.
We are extending adaptive application controls in Azure Security Center to include Linux VMs and servers/VMs external to Azure (Windows and Linux) in audit mode. This means that Azure Security Center will identify applications running on your servers which are not in compliance with the Azure Security Center generated whitelisting rules and will audit those violations.