With the new Security Center pricing tier options per resource type, customers have asked us how to configure these at the (Root) Management Group scope so that any new (or existing) subscription will be automatically configured for the Standard pricing tier, allowing Security Center to automatically protect your resources.
As you may know, we have recently added Storage accounts protection in Security Center:
The most efficient way to achieve that objective is to leverage Azure Policy.
With the new Azure Policy aliases for Security Center you can author Azure Policy definitions for each of the 4 resource types.
To get you going, I've written 4 Azure Policy definitions which you can add to 1 single initiative to either enforce it on new subscriptions, or to set it on existing subscriptions.
The Azure Policy definition (deployIfNotExists) for setting the Standard pricing tier for Storage Accounts looks like this:
Add the 4 policy definitions for each bundle pricing tier:
Once you have added the 4 Policy definitions, you can add them to 1 single initiative:
Finally we assign the Initiative:
It will take around 30 minutes for a new assignment to become active:
After a while we can see the compliance state for the Initiative:
Clicking on one of the definitions shows us why it is not compliant. From here we can "remediate":
Remediation is in progress and then done:
The 4 Policy definitions (deployIfNotExists) for the bundle resources can be found here.
Updated Nov 29, 2021
Version 4.0
Tiander Turpijn
Microsoft
Microsoft
