WA and CE changes wrt regulatory complliance

Ultrabook5000 · Feb 4, 2021 · aaba96e · aaba96e
1 parent 663710a
commit aaba96e
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 31 deletions.
diff --git a/...nter/media/release-notes/regulatory-compliance-triggers-workflow-automation.png b/...nter/media/release-notes/regulatory-compliance-triggers-workflow-automation.png
diff --git a/...er/media/security-center-compliance-dashboard/export-compliance-data-report.png b/...er/media/security-center-compliance-dashboard/export-compliance-data-report.png
diff --git a/.../media/security-center-compliance-dashboard/export-compliance-data-snapshot.png b/.../media/security-center-compliance-dashboard/export-compliance-data-snapshot.png
diff --git a/...er/media/security-center-compliance-dashboard/export-compliance-data-stream.png b/...er/media/security-center-compliance-dashboard/export-compliance-data-stream.png
diff --git a/articles/security-center/release-notes.md b/articles/security-center/release-notes.md
@@ -10,7 +10,7 @@ ms.devlang: na
 ms.topic: reference
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 02/03/2021
+ms.date: 02/04/2021
 ms.author: memildin
 
 ---
@@ -34,6 +34,7 @@ Updates in February include:
 - [Kubernetes workload protection recommendations released for General Availability (GA)](#kubernetes-workload-protection-recommendations-released-for-general-availability-ga)
 - [Direct link to policy from recommendation details page](#direct-link-to-policy-from-recommendation-details-page)
 - [SQL data classification recommendation no longer affects your secure score](#sql-data-classification-recommendation-no-longer-affects-your-secure-score)
+- [Workflow automations can be triggered by changes to regulatory compliance assessments (preview)](#workflow-automations-can-be-triggered-by-changes-to-regulatory-compliance-assessments-preview)
 
 ### Kubernetes workload protection recommendations released for General Availability (GA)
 
@@ -59,16 +60,22 @@ When you're reviewing the details of a recommendation, it's often helpful to be
 
 Use this link to view the policy definition and review the evaluation logic. 
 
-If you're reviewing the list of recommendations on our [Security recommendations reference guide](recommendations-reference.md), you'll also see these links to the policy definition pages:
+If you're reviewing the list of recommendations on our [Security recommendations reference guide](recommendations-reference.md), you'll also see links to the policy definition pages:
 
-:::image type="content" source="media/release-notes/view-policy-definition-from-documentation.png" alt-text="Accessing the Azure Policy page for a specific policy directly from the Azure Security Center recommendations reference page":::
+:::image type="content" source="media/release-notes/view-policy-definition-from-documentation.png" alt-text="Accessing the Azure Policy page for a specific policy directly from the Azure Security Center recommendations reference page" lightbox="media/release-notes/view-policy-definition-from-documentation.png":::
 
 
 ### SQL data classification recommendation no longer affects your secure score
 
 The recommendation **Sensitive data in your SQL databases should be classified** no longer affects your secure score. This is the only recommendation in the **Apply data classification** security control, so that control now has a secure score value of 0.
 
 
+### Workflow automations can be triggered by changes to regulatory compliance assessments (preview)
+
+We've added a third data type to the trigger options for your workflow automations: changes to regulatory compliance assessments.
+
+:::image type="content" source="media/release-notes/regulatory-compliance-triggers-workflow-automation.png" alt-text="Using changes to regulatory compliance assessments to trigger a workflow automation" lightbox="media/release-notes/regulatory-compliance-triggers-workflow-automation.png":::
+
 
 ## January 2021
 
@@ -107,7 +114,7 @@ Existing recommendations are unaffected and as the benchmark grows, changes will
 To learn more, see the following pages:
 
 - [Learn more about Azure Security Benchmark](../security/benchmarks/introduction.md)
-- [Customizing the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md)
+- [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md)
 
 ### Vulnerability assessment for on-premise and multi-cloud machines is released for General Availability (GA)
 
@@ -157,7 +164,7 @@ Subdomain takeovers are a common, high-severity threat for organizations. A subd
 
 Subdomain takeovers enable threat actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.
 
-Azure Defender for App Service now detects dangling DNS entries when an App Service website is decommissioned. This is the moment at which the DNS entry is pointing at a non-existent resource and your website is vulnerable to a subdomain takeover. These protections are available whether your domains are managed with Azure DNS or an external domain registrar and applies to both App Service on Windows and App Service on Linux.
+Azure Defender for App Service now detects dangling DNS entries when an App Service website is decommissioned. This is the moment at which the DNS entry is pointing at a non-existent resource, and your website is vulnerable to a subdomain takeover. These protections are available whether your domains are managed with Azure DNS or an external domain registrar and applies to both App Service on Windows and App Service on Linux.
 
 Learn more:
 
@@ -496,7 +503,7 @@ Related links:
 
 The NIST SP 800-171 R2 standard is now available as a built-in initiative for use with Azure Security Center's regulatory compliance dashboard. The mappings for the controls are described in [Details of the NIST SP 800-171 R2 Regulatory Compliance built-in initiative](../governance/policy/samples/nist-sp-800-171-r2.md). 
 
-To apply the standard to your subscriptions and continuously monitor your compliance status, use the instructions in [Customizing the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
+To apply the standard to your subscriptions and continuously monitor your compliance status, use the instructions in [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md).
 
 :::image type="content" source="media/release-notes/nist-sp-800-171-r2-standard.png" alt-text="The NIST SP 800 171 R2 standard in Security Center's regulatory compliance dashboard":::
 

diff --git a/articles/security-center/security-center-compliance-dashboard.md b/articles/security-center/security-center-compliance-dashboard.md
@@ -11,25 +11,27 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 01/28/2021
+ms.date: 02/04/2021
 ms.author: memildin
 
 ---
 # Tutorial: Improve your regulatory compliance
 
 Azure Security Center helps streamline the process for meeting regulatory compliance requirements, using the **regulatory compliance dashboard**. 
 
-Security Center performs continuous assessments of your hybrid cloud environment to analyze the risk factors according to the controls and best practices in the standards applied to your subscriptions. The dashboard reflects the status of your compliance with these standards. 
+Security Center continuously assesses your hybrid cloud environment to analyze the risk factors according to the controls and best practices in the standards applied to your subscriptions. The dashboard reflects the status of your compliance with these standards. 
 
-When you enable Security Center on an Azure subscription it is automatically assigned the [Azure Security Benchmark](../security/benchmarks/introduction.md). This widely respected benchmark builds on the controls from the [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/azure/) and the [National Institute of Standards and Technology (NIST)](https://www.nist.gov/) with a focus on cloud-centric security.
+When you enable Security Center on an Azure subscription, it is automatically assigned the [Azure Security Benchmark](../security/benchmarks/introduction.md). This widely respected benchmark builds on the controls from the [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/azure/) and the [National Institute of Standards and Technology (NIST)](https://www.nist.gov/) with a focus on cloud-centric security.
 
-In the regulatory compliance dashboard, you can see the status of all the assessments within your environment in the context of a particular standard or regulation. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves.
+The regulatory compliance dashboard shows the status of all the assessments within your environment for your chosen standards and regulations. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves.
 
 In this tutorial you'll learn how to:
 
 > [!div class="checklist"]
 > * Evaluate your regulatory compliance using the regulatory compliance dashboard
 > * Improve your compliance posture by taking action on recommendations
+> * Setup alerts on changes to your compliance posture
+> * Export your compliance data as a continuous stream and as weekly snapshots
 
 If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin.
 
@@ -44,11 +46,11 @@ To step through the features covered in this tutorial:
 
 The regulatory compliance dashboard shows your selected compliance standards with all their requirements, where supported requirements are mapped to applicable security assessments. The status of these assessments reflects your compliance with the standard.
 
-Use the regulatory compliance dashboard to help focus your attention on the gaps in compliance with the standards and regulations that matter to you. This focused view also enables you to continuously monitor your compliance over time within dynamic cloud and hybrid environments.
+Use the regulatory compliance dashboard to help focus your attention on the gaps in compliance with your chosen standards and regulations. This focused view also enables you to continuously monitor your compliance over time within dynamic cloud and hybrid environments.
 
 1. From Security Center's menu, select **Regulatory compliance**.
 
-    At the top of the screen is a dashboard with an overview of your compliance status with the set of supported compliance regulations. You can see your overall compliance score, and the number of passing vs. failing assessments associated with each standard.
+    At the top of the screen is a dashboard with an overview of your compliance status with the set of supported compliance regulations. You'll see your overall compliance score, and the number of passing vs. failing assessments associated with each standard.
 
     :::image type="content" source="./media/security-center-compliance-dashboard/compliance-dashboard.png" alt-text="Regulatory compliance dashboard" lightbox="./media/security-center-compliance-dashboard/compliance-dashboard.png":::
 
@@ -64,37 +66,66 @@ Use the regulatory compliance dashboard to help focus your attention on the gaps
 
 ## Improve your compliance posture
 
-Given the information in the regulatory compliance dashboard, you can improve your compliance posture by resolving recommendations directly within the dashboard.
+Using the information in the regulatory compliance dashboard, improve your compliance posture by resolving recommendations directly within the dashboard.
 
 1.  Click through any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps that should be followed to resolve the issue.
 
-1.  You can select a particular resource to view more details and resolve the recommendation for that resource. <br>For example, in the **Azure CIS 1.1.0** standard, you can select the recommendation **Disk encryption should be applied on virtual machines**.
+1.  Select a particular resource to view more details and resolve the recommendation for that resource. <br>For example, in the **Azure CIS 1.1.0** standard, select the recommendation **Disk encryption should be applied on virtual machines**.
 
     :::image type="content" source="./media/security-center-compliance-dashboard/sample-recommendation.png" alt-text="Selecting a recommendation from a standard leads directly to the recommendation details page":::
 
-1. In this example, when you select **Take action** from the recommendation details page, you arrive in the Azure Virtual Machine pages of the Azure portal, where you can open the **Security** tab and enable encryption:
+1. In this example, when you select **Take action** from the recommendation details page, you arrive in the Azure Virtual Machine pages of the Azure portal, where you can enable encryption from the **Security** tab:
 
     :::image type="content" source="./media/security-center-compliance-dashboard/encrypting-vm-disks.png" alt-text="Take action button on the recommendation details page leads to the remediation options":::
 
     For more information about how to apply recommendations, see [Implementing security recommendations in Azure Security Center](security-center-recommendations.md).
 
-1.  After you take action to resolve recommendations, you will see the impact in the compliance dashboard report because your compliance score improves.
+1.  After you take action to resolve recommendations, you'll see the impact in the compliance dashboard report because your compliance score improves.
 
     > [!NOTE]
     > Assessments run approximately every 12 hours, so you will see the impact on your compliance data only after the next run of the relevant assessment.
 
+
+## Export your compliance status data
+
+If you want to track your compliance status with other monitoring tools in your environment, Security Center includes an export mechanism to make this straightforward. Configure **continuous export** to send select data to an Azure Event Hub or a Log Analytics workspace.
+
+Use continuous export data to an Azure Event Hub or a Log Analytics workspace:
+
+- Export all regulatory compliance data in a **continuous stream**:
+
+    :::image type="content" source="media/security-center-compliance-dashboard/export-compliance-data-stream.png" alt-text="Continuously export a stream of regulatory compliance data" lightbox="media/security-center-compliance-dashboard/export-compliance-data-stream.png":::
+
+- Export **weekly snapshots** of your regulatory compliance data:
+
+    :::image type="content" source="media/security-center-compliance-dashboard/export-compliance-data-snapshot.png" alt-text="Continuously export a weekly snapshot of regulatory compliance data" lightbox="media/security-center-compliance-dashboard/export-compliance-data-snapshot.png":::
+
+You can also export a **PDF/CSV report** of your compliance data directly from the regulatory compliance dashboard:
+
+:::image type="content" source="media/security-center-compliance-dashboard/export-compliance-data-report.png" alt-text="Export your regulatory compliance data as a PDF or CSV report" lightbox="media/security-center-compliance-dashboard/export-compliance-data-report.png":::
+
+Learn more in [continuously export Security Center data](continuous-export.md).
+
+
+## Run workflow automations when there are changes to your compliance
+
+Security Center's workflow automation feature can trigger Logic Apps whenever one of your regulatory compliance assessments change state.
+
+For example, you might want Security Center to email a specific user when a compliance assessment fails. You'll need to create the logic app (using [Azure Logic Apps](../logic-apps/logic-apps-overview.md)) first and then setup the trigger in a new workflow automation as explained in [Automate responses to Security Center triggers](workflow-automation.md).
+
+:::image type="content" source="media/release-notes/regulatory-compliance-triggers-workflow-automation.png" alt-text="Using changes to regulatory compliance assessments to trigger a workflow automation" lightbox="media/release-notes/regulatory-compliance-triggers-workflow-automation.png":::
+
 ## Next steps
 
 In this tutorial, you learned about using Security Center’s regulatory compliance dashboard to:
 
--   View and monitor your compliance posture, relative to the standards and regulations that are important to you.
--   Improve your compliance status by resolving relevant recommendations and watching the compliance score improve.
+- View and monitor your compliance posture regarding the standards and regulations that are important to you.
+- Improve your compliance status by resolving relevant recommendations and watching the compliance score improve.
 
-The regulatory compliance dashboard can greatly simplify the compliance process, and significantly cut the time required for gathering compliance evidence for your Azure and hybrid environment.
+The regulatory compliance dashboard can greatly simplify the compliance process, and significantly cut the time required for gathering compliance evidence for your Azure, hybrid, and multi-cloud environment.
 
-To learn more, see these related articles:
+To learn more, see these related pages:
 
--   [Update to dynamic compliance packages in your regulatory compliance dashboard (Preview)](update-regulatory-compliance-packages.md) - Learn about this preview feature which allows you to update the standards shown in your regulatory compliance dashboard to the new *dynamic* packages. You can also the same preview feature to add new compliance packages and monitor your compliance with additional standards. 
--   [Security health monitoring in Azure Security Center](security-center-monitoring.md) - Learn how to monitor the health of your Azure resources.
--   [Managing security recommendations in Azure Security Center](security-center-recommendations.md) - Learn how to use recommendations in Azure Security Center to help protect your Azure resources.
--   [Improve your Secure Score in Azure Security Center](secure-score-security-controls.md) - Learn how to prioritize vulnerabilities and security recommendations to most improve your security posture.
+- [Customize the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md) - Learn how to select which standards appear in your regulatory compliance dashboard. 
+- [Security health monitoring in Azure Security Center](security-center-monitoring.md) - Learn how to monitor the health of your Azure resources.
+- [Managing security recommendations in Azure Security Center](security-center-recommendations.md) - Learn how to use recommendations in Azure Security Center to help protect your Azure resources.
diff --git a/articles/security-center/update-regulatory-compliance-packages.md b/articles/security-center/update-regulatory-compliance-packages.md
@@ -11,11 +11,11 @@ ms.devlang: na
 ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 01/24/2021
+ms.date: 02/04/2021
 ms.author: memildin
 
 ---
-# Customizing the set of standards in your regulatory compliance dashboard
+# Customize the set of standards in your regulatory compliance dashboard
 
 Azure Security Center continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks. The **regulatory compliance dashboard** provides insights into your compliance posture based on how you're meeting specific compliance requirements.
 
@@ -118,5 +118,5 @@ In this article, you learned how to **add compliance standards** to monitor your
 For related material, see the following pages:
 
 - [Azure Security Benchmark](../security/benchmarks/introduction.md)
-- [Security center regulatory compliance dashboard](security-center-compliance-dashboard.md)
+- [Security center regulatory compliance dashboard](security-center-compliance-dashboard.md) - Learn how to track and export your regulatory compliance data with Security Center and external tools
 - [Working with security policies](tutorial-security-policy.md)