Azure – The Azure Security team has developed a Power BI Dashboard

The team in charge of Azure Security Center has developed a Power Bi dashboard to help you track your Secure Score evolution. It also includes backlog of actions to be performed.

You will have 2 setup options:

  • Edit a Power BI template with Power BI desktop
  • Use a Power BI application

Prepare your Azure environment for use with Secure Score dashboard

Then you will need to deploy a playbook to get Secure Score data (Get-SecureScoreData); you can deploy from here

After logging on your Azure portal, define the subscription and resource group for the deployment


The playbook will gather the Secure Data (including recommendations) every 24 hours.

The playbook consist of:

  • 1 Logic App – Get-SecureScoreData
  • 1 Log Analytics – SecureScoreData-<unique identifier>
  • 1 API Connection – azureloganalyticsdatacollector-Get-SecureScoreData
  • 1 workbook – <unique identifier> (SecureScoreWorkbook)


You will need to gather Log Analytics workspace ID created above by accessing the Azure portal and search for Log Analytics


Once you have identified the Log Analytics access the Overview tab to get the workspace ID


Then you need to assign Reader access to either the subscription(s) (recommended) and/or resource groups you want to include in the report to the Logic App created above (Get-SecureScoreData)


Then you can go back to the Logic App to manually trigger the first run


The initial run will take about 15 s; you can check the result if all steps have been executed successfully


Use the Power BI template

You need of course a Power BI account to be able to use it –  a Pro license is required if you want to open it as an application.

You will need to use the latest version of Power BI Desktop – version 2.83.5894.961 (available here

You can get the template from

Now you can open the Power BI template file to edit it; you will be asked to provide the Workspace ID gathered above


It will then start loading the data and request you to authenticate with an account with permission to access the workspace; use the Organizational Account authentication option and use the OAuth2 method

image_thumb3  image_thumb4  image_thumb[6]

Then you have some data starting to be displayed


You can now publish it to your Power BI service for reading access.

Use the Power BI Application

You will need to allow to Install templates app not listed in AppSource; to do it connect with an administrator account to your PowerBI and access the Admin portal to update the Tenant Settings

image_thumb[8]  image_thumb[9]

Now you can install the Secure Score reporting app using this link

You will be asked to confirm the application install

image_thumb[10]  image_thumb[11]  image_thumb[12]

The Secure Score app is now installed


You can now connect to your Azure tenant by using the Connect your data option


There enter the Log Analytics workspace ID created during the Azure preparation steps

image_thumb[15]  image_thumb[16]

Then you need to use your organizational account; you can define whatever privacy level you want


Then the Power BI application is refreshing the data; it may take up to 10 minutes to complete


Once completed, you can access the Report using the ReportsSecure score report navigation