Microsoft Adds Custom Cloud Assessments to Azure Security Center

Azure customers can now add their own rules to Azure Security Center's OS assessments for cloud instances.

cloud security

Azure Security Center, Microsoft cloud-based security platform for customer instances, now supports custom assessments, allowing users to tailor the system to their needs.

In its standard form, Azure Security Center uses a set of over 150 rules that are used to harden an operating system, spanning firewalls, password policies and other factors that contribute to the system software's security posture.

Azure instances that stray from these rules trigger a security recommendation, alerting users that their virtual machines are vulnerable to attack, unauthorized access and other malicious activities that can lead to a data breach or service disruption.

On Jan. 16, Miri Landau, a senior program manager at Microsoft Azure Security Center, announced the preview of a new customization feature that offers users more leeway in how the feature reports potential vulnerabilities.

With the custom security configuration capabilities, users can now enable or disable specific rules or make changes to a specific setting within a rule, such as setting a password expiration time of 60 days versus 30 days, Landau stated in a blog post. Users can also add entirely new rules based on currently supported rule types.

After making any necessary changes—a process that includes downloading a configuration file and uploading a modified version—the new rule set is applied within 24 hours, or the time it takes the service to deliver a new assessment. A brief walkthrough is available in Landau's post.

Azure SQL Compatibility Level Bump

On the Azure cloud database front, Microsoft announced that compatibility level 140 is now the default for new SQL databases that users spin up on Azure.

Compatibility levels denote the feature and capability sets a database supports. For example, level 140 includes support for a number of query processor enhancements and a handful of adaptive query processing features, as noted in this online support document.

Compatibility level 140, which as been in public preview since July 2017, is already being used in more than half a million Azure SQL databases, according to Microsoft principal program manager Joseph Sack in a separate Jan. 16 announcement.

But don't expect Microsoft to upgrade database compatibility levels for existing databases.

"This is up to customers to do at their own discretion," Sack stated. It's a prudent move considering that applications may not be certified for compatibility level 140. “We highly recommend customers plan on moving to the latest compatibility level in order to leverage the latest improvements."

Guidance on setting lower compatibility levels for new databases, or upgrading an existing one to level 140, is available here.

Expanded Azure Analysis Services Footprint

Microsoft has also extended the reach of Azure Analysis Services. Based on the analytics engine used by SQL Server Analysis Services, the offering allows organizations with a short supply of data scientists to create analytical models that can be used with their business intelligence tools.

According to a Jan. 15 announcement by Microsoft senior program manager Christian Wade, the service is available in four additional Azure regions in the U.S., including Azure Government cloud data centers Arizona and Texas, West U.S. 2 and East U.S. 

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...