Track your Secure Score over time in Azure
In Azure, you have something called Microsoft Defender for Cloud, and it comes with the Secure Score.
Check out the official docs for what Secure Score is:
- Secure score in Microsoft Defender for Cloud (Microsoft Docs)
In this post, I will explain how you can measure and track your secure score over time using the continuous export functionality together with built-in workbooks.
I know of three main secure score measurements in the Microsoft cloud landscape.
- Microsoft Defender for Cloud Secure Score. This score is what I'm talking about today.
- Microsoft 365 Defender secure score
- Identity Secure Score
Why track your secure score?
Determining whether you are increasing or decreasing your security posture can be an excellent way to shift focus when needed. I try to watch the secure score for many Azure subscriptions I have across my tenants.
Using the secure score is not a measure of success or failure but rather an indicator of improving things. The score fluctuates as new recommendations become available, such as deploying new resources.
I particularly like to see how the overall posture changes with new resources or issues. The workbooks I explore further down in this post have an excellent change tracking mechanism that lets you know, for each recommendation, if you're introducing more issues or if you are fixing them.
Enable tracking of your secure score
Seeing the timeline of your secure score can be done using a workbook in Microsoft Defender for Cloud. However, we need to configure "Continuous export" for our subscription to get any data to show up.
More specifically, the "Secure score" section of the continuous export capability should be ticked and sent either to "Event hub" or to a "Log Analytics workspace". I'm a big fan of Log Analytics, and therefore I am opting to send the data there.
Here's how you enable it:
- Go to Microsoft Defender for Cloud in the Azure Portal.
- Click on "Environment settings".
- Click on the Subscription for which you want to enable the export.
- Click "Continuous export" in the left-side menu.
- Configure what you want to export, and click Save.
In my case, I want to export the secure score, security recommendations, security alerts, and the status of my regulatory compliance. The critical part here is to enable the "Secure score" export, as this later powers the workbook we'll explore.
When configuring the export, it takes a few moments before the data is populated into the Log Analytics workspace or your Event hub if that was your selection for data export.
To allow the data to populate, I have let this export run for a few days for one of my subscriptions, and now I can revisit and explore what the workbooks look like with the data being populated.
Track the secure score using workbooks.
Great. Data has been ingested, and you are now ready to look.
In the Microsoft Defender for Cloud "Workbooks" section, you will find the option to review some relevant workbooks.
- Secure Score Over Time
- Compliance Over Time
I also chose to export the compliance data to work with the Compliance Over Time workbook in the continuous export settings.
When data has started to ingest, the workbook populates. The system has had the export enabled for a few days in the below picture. I will update this picture as we get to 7 days, and eventually 30 days to depict how that can look.
There you have it—an easy way to keep track of our secure score over time and see what has changed. Staying ahead is being smart.
Enjoy.