When data collection is enabled, a data collection agent is automatically installed on each virtual machine in the Azure subscription that the policy applies to. More information on security policies in the Azure Security Center is available in this article: Setting security policies in Azure Security Center.
The Azure Security Center periodically analyses the security state of your Azure resources; the data collected from the virtual machines in your Azure subscription enables Azure Security Center to monitor the state of your Azure resources against the policy and provide you with recommendations for the areas that you specified in the policy. This alerted me to the fact that my virtual machine in Azure had two unprotected endpoints (PowerShell and Remote Desktop) and recommended that Access Control Lists for these ports be implemented (seen in the screen shot below). These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications.


The user experience can vary according to the policy settings that are configured in your enterprise. As blocking PUA in your enterprise is an explicit choice, it is best practice to do the necessary due diligence such as having a corporate policy or guidance that defines that potentially unwanted applications are not to be installed or downloaded in your corporate environment. With a corporate policy or guidance in place, it’s recommended to also sufficiently inform your end-users and your IT Helpdesk about the updated policy or guidance so that they are aware that potentially unwanted applications are not allowed in your corporate environment. Setting a security policy on your Azure subscription and enabling data collection (seen in the screenshot below) will define which security expert recommendations you want to see based on the data and analysis of the security configurations and events collected on your Azure resources. Clicking on Remote Desktop in the list gave me the opportunity to configure the Access Control List.


You decide where (which Azure region) the data collected on your Azure resources resides in order to maintain any data residency policies your organization might have. By informing your helpdesk about your new policy or guidance, they can resolve end-user questions.



I literally have no motivation to do anything
Become self employed courier
Fun exercise activities for couples
Change default browser windows 8.1