Top / Microsoft Azure / Azure Security Center / Auto Provisioning

Azure Security Center Auto Provisioning

This page shows how to write Terraform and Azure Resource Manager for Security Center Auto Provisioning and write them securely.

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_security_center_auto_provisioning (Terraform)

The Auto Provisioning in Security Center can be configured in Terraform with the resource name azurerm_security_center_auto_provisioning. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

cloudquery/cq-provider-azure

azure_security_auto_provisioning_settings.tf#L1

resource "azurerm_security_center_auto_provisioning" "auto_provisioning_setting" {
  auto_provision = "On"

Find out how to use this setting securely with Shisho Cloud

iacsecurity/tool-compare

main.tf#L18

resource "azurerm_security_center_auto_provisioning" "example" {
  auto_provision = "Off"
}

Find out how to use this setting securely with Shisho Cloud

mennaammar/spoke-landingzone-vnet

main.tf#L53

resource "azurerm_security_center_auto_provisioning" "main" {
  count          = var.enable_security_center_auto_provisioning == "On" ? 1 : 0
  auto_provision = var.enable_security_center_auto_provisioning
}

Find out how to use this setting securely with Shisho Cloud

kumarvna/terraform-azurerm-security-center

main.tf#L53

resource "azurerm_security_center_auto_provisioning" "main" {
  count          = var.enable_security_center_auto_provisioning == "On" ? 1 : 0
  auto_provision = var.enable_security_center_auto_provisioning
}

Find out how to use this setting securely with Shisho Cloud

murali198/azure-terraform

main.tf#L71

resource "azurerm_security_center_auto_provisioning" "sec_cen_auto_prov" {
  count          = var.sec_cen_auto_prov_enable == "On" ? 1 : 0
  auto_provision = var.sec_cen_auto_prov_enable
}

Find out how to use this setting securely with Shisho Cloud

pranav03singh/tf-security_center

main.tf#L88

resource "azurerm_security_center_auto_provisioning" "main" {
  count          = var.enable_security_center_auto_provisioning == "On" ? 1 : 0
  auto_provision = var.enable_security_center_auto_provisioning
}

Find out how to use this setting securely with Shisho Cloud

indeni/cloudrail-knowledge

main.tf#L6

resource "azurerm_security_center_auto_provisioning" "example" {
  auto_provision = "On"
}

Find out how to use this setting securely with Shisho Cloud

indeni/cloudrail-knowledge

main.tf#L6

resource "azurerm_security_center_auto_provisioning" "example" {
  auto_provision = "On"
}

Find out how to use this setting securely with Shisho Cloud

indeni/cloudrail-knowledge

main.tf#L6

resource "azurerm_security_center_auto_provisioning" "example" {
  auto_provision = "Off"
}

Find out how to use this setting securely with Shisho Cloud

indeni/cloudrail-knowledge

main.tf#L18

resource "azurerm_security_center_auto_provisioning" "example" {
  auto_provision = "On"
}

Find out how to use this setting securely with Shisho Cloud

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

auto_provision required - string
id optional computed - string
timeouts single block
- create optional - string
- delete optional - string
- read optional - string
- update optional - string

>> from Terraform Registry

Explanation in Terraform Registry

Enables or disables the Security Center Auto Provisioning feature for the subscription
NOTE: There is no resource name required, it will always be "default"

>> from Terraform Registry

Tips: Best Practices for The Other Azure Security Center Resources

In addition to the azurerm_security_center_contact, Azure Security Center has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

azurerm_security_center_contact

Ensure to enable alert notifications

It is better to configure at least one valid contact for the security center. Microsoft will inform you directly in the event of a security incident using emails.

azurerm_security_center_subscription_pricing

Ensure to enable alert notifications

It is better to enable Azure Defender, which is a cloud workload protection service for App Services. In addition, It is also able to analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP.

Review your Azure Security Center settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Security/autoProvisioningSettings (Azure Resource Manager)

The autoProvisioningSettings in Microsoft.Security can be configured in Azure Resource Manager with the resource name Microsoft.Security/autoProvisioningSettings. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

digitc1/AzLandingZonePublic

definition-securityCenterAutoProvisioning.json#L13

      "type": "Microsoft.Security/autoProvisioningSettings",
      "deploymentScope": "subscription",
      "existenceScope": "subscription",
      "roleDefinitionIds": [
        "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
        "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

Sakariye2333/Sakariye2333

policy.json#L33

     "type": "Microsoft.Security/autoProvisioningSettings",
     "deploymentScope": "Subscription",
     "roleDefinitionIds": [
      "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
     ],
     "existenceCondition": {

tianderturpijn/ASC

AscEnableAutoProvision.json#L37

                  "type": "Microsoft.Security/autoProvisioningSettings",
                  "apiVersion": "2017-08-01-preview",
                  "name": "default",
                  "properties": {
                    "autoProvision": "On"
                  }

yuncmsft/swagger