The team in charge of Azure Security Center has developed a Power Bi dashboard to help you track your Secure Score evolution. It also includes backlog of actions to be performed.
You will have 2 setup options:
- Edit a Power BI template with Power BI desktop
- Use a Power BI application
Prepare your Azure environment for use with Secure Score dashboard
Then you will need to deploy a playbook to get Secure Score data (Get-SecureScoreData); you can deploy from here https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Security-Center%2Fmaster%2FSecure%2520Score%2FGet-SecureScoreData%2Fazuredeploy.json)
After logging on your Azure portal, define the subscription and resource group for the deployment
The playbook will gather the Secure Data (including recommendations) every 24 hours.
The playbook consist of:
- 1 Logic App – Get-SecureScoreData
- 1 Log Analytics – SecureScoreData-<unique identifier>
- 1 API Connection – azureloganalyticsdatacollector-Get-SecureScoreData
- 1 workbook – <unique identifier> (SecureScoreWorkbook)
You will need to gather Log Analytics workspace ID created above by accessing the Azure portal and search for Log Analytics
Once you have identified the Log Analytics access the Overview tab to get the workspace ID
Then you need to assign Reader access to either the subscription(s) (recommended) and/or resource groups you want to include in the report to the Logic App created above (Get-SecureScoreData)
Then you can go back to the Logic App to manually trigger the first run
The initial run will take about 15 s; you can check the result if all steps have been executed successfully
Use the Power BI template
You need of course a Power BI account to be able to use it – a Pro license is required if you want to open it as an application.
You will need to use the latest version of Power BI Desktop – version 2.83.5894.961 (available here https://aka.ms/pbiSingleInstaller)
You can get the template from https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score/PowerBI-SecureScoreReport
Now you can open the Power BI template file to edit it; you will be asked to provide the Workspace ID gathered above
It will then start loading the data and request you to authenticate with an account with permission to access the workspace; use the Organizational Account authentication option and use the OAuth2 method
Then you have some data starting to be displayed
You can now publish it to your Power BI service for reading access.
Use the Power BI Application
You will need to allow to Install templates app not listed in AppSource; to do it connect with an administrator account to your PowerBI https://app.powerbi.com/ and access the Admin portal to update the Tenant Settings
Now you can install the Secure Score reporting app using this link https://app.powerbi.com/Redirect?action=InstallApp&appId=0c3bbb94-36cc-4153-a5c2-b63181a17166&packageKey=14ec9028-3513-4a1c-aed1-83a01ecfc975qTsHacSHROKH9oDSq9Co9Ln72xYehlJKmEvIYPIxbz8&ownerId=72f988bf-86f1-41af-91ab-2d7cd011db47&buildVersion=12
You will be asked to confirm the application install
The Secure Score app is now installed
You can now connect to your Azure tenant by using the Connect your data option
There enter the Log Analytics workspace ID created during the Azure preparation steps
Then you need to use your organizational account; you can define whatever privacy level you want
Then the Power BI application is refreshing the data; it may take up to 10 minutes to complete
Once completed, you can access the Report using the ReportsSecure score report navigation