Open In App

Microsoft Azure – Find Security Score by Controls in Azure Subscriptions

Last Updated : 31 Mar, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisite: Azure

In this article, we will show you how to find the security score for the specific azure subscription and also for all subscriptions by subscriptionId using the KQL resource graph query. In order to read resources in Azure using KQL (Kusto Query Language) one should have at least read access on the select subscriptions or “Azure Resource Graph Data Reader” role in the management group.

Steps to Find Security Score

Step 1: Log in to Azure Portal

Step 2: Access the Azure Resource Graph Explorer from azure global search to run the KQL queries.

Step 3: Now run the following KQL (Kusto Query Language) resource graph query to find the security score for subscription in Azure. This query uses the ‘SecurityResources’ table, which contains security-related information for resources in Azure. 

SecurityResources
| where type == 'microsoft.security/securescores/securescorecontrols'
| extend SecureControl = properties.displayName, 
unhealthy = properties.unhealthyResourceCount, 
currentscore = properties.score.current, 
maxscore = properties.score.max, subscriptionId
| project SecureControl , unhealthy, currentscore, maxscore, subscriptionId
| where subscriptionId == "<subscriptionId>"
// use this to filter multiple subscriptions
// | where subscriptionId == "<subscriptionId-01>" or "<subscriptionId-02>"

this query returns the table with columns SecureControl, unhealthy, currentscore, maxscore, subscriptionId for a given subscription.

output

 

Use the following KQL (Kusto Query Language) resource graph query to find the security score by subscription in Azure.

SecurityResources
| where type == 'microsoft.security/securescores/securescorecontrols'
| extend SecureControl = properties.displayName, 
unhealthy = properties.unhealthyResourceCount, 
currentscore = properties.score.current, 
maxscore = properties.score.max, subscriptionId
| project SecureControl , unhealthy, currentscore, maxscore, subscriptionId

this query returns the table with columns SecureControl, unhealthy, currentscore, maxscore, subscriptionId from all the active subscriptions.

output

 


Like Article
Suggest improvement
Previous
Microsoft Azure - Using the Azure Activity Log
Next
Vendor Lock-in in Cloud Computing
Share your thoughts in the comments

Similar Reads

Microsoft Azure - VM CPU Utilisation Across Subscriptions with Range
Microsoft Azure - Application Security with Azure Active Directory
Microsoft Azure - Security Capabilities and Tasks of Azure SQL
Microsoft Azure - Security in Azure SQL
Microsoft Azure - Get Azure VM Properties using Azure PowerShell
Microsoft Azure - RDP to Azure Virtual Machines using Azure Bastion
Microsoft Azure - Configure Azure SQL with Azure CLI
Microsoft Azure - Get CPU Utilization Data of a Azure VM in Azure Portal
Microsoft Azure - Archive Azure VM to Azure Storage Account
Microsoft Azure - Check Status of Azure VM using Azure PowerShell
author
jaysurya9
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox