In this post, I want to show you how to enable automatic provisioning of agents in Azure Security Center. Although Microsoft recommends enabling this option, it is disabled by default. Enabling this option will allow us to have a more efficient security coverage when performing the automatic installation of the necessary agents and extensions, both in existing resources and in future resources that we deploy in our subscription.

Prerequisites

  • This tutorial assumes that you already have a Microsoft Azure account configured.
  • The Az. Security module must be installed.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Once you set your default subscription, you’re ready to start.

Register the resource provider

To register a resources provider in your Azure subscription, you should use the Register-AzResourceProvider cmdlet with the following syntax.

Check Auto-provisioning settings

Using the Get-AzSecurityAutoProvisioningSetting cmdlet you can verify the current configuration of agents and extensions in your subscription.

Get-AzSecurityAutoProvisioningSetting

Enable Auto-provisioning

Once you have verified that it is disabled, you can enable it using the Set-AzSecurityAutoProvisioningSetting cmdlet with the following syntax.

Set-AzSecurityAutoProvisioningSetting

Disable Auto-provisioning

if you want to leave this option with the default values. you should use the following command.

Azure CLI Workaround

In this case, we will use Azure Cloud Shell, a browser-based shell built into Azure Portal. This allows us to use the Azure command-line tools (Azure CLI and Azure PowerShell) directly from a browser. If you want to know more about Azure Cloud Shell, check out this link.

Important: First, you need to set a subscription to use in the current session.

Register the resource provider

To register a resources provider in your Azure subscription, you should use the following command.

Check Auto-provisioning settings

First, using the following command can check the current configuration of the agent in your subscription.

Security Center auto-provisioning

Enable Auto-provisioning

Once the verification is done, you can enable automatic provisioning using the following command.

Security Center auto-provisioning

Disable Auto-provisioning

If for any reason you want to disable this option, you should use the following command.

Thanks for reading my post. I hope you find it useful.

In the next post about Azure Security Center, I will explain how to change the Azure Defender plans for your subscription.

If you want to know more about Security Center, check out this link: https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction