Reputation: 1
Trying to disable Azure Security Center recommendations with policies
In the ASC score recommendations, I'm trying to disable the following control. Meaning, that the security score of that control will not appear in the overall score:
Disk encryption should be applied on virtual machines
Pic - Security Center recommendation
- I have root level policy from the Azure management (default Security Centre policy) which has the above 'Disk encryption...' policy set to enabled.
- I created custom policy initiative->policies-> Policy: 'Disk encryption should be applied on virtual machines' -> Disabled.
- tried both: custom and built-in. (they are both the same)
In the Azure Policy UI compliance - Compliant.
However, in the Azure Security Center (ASC), still no change for the above recommendation. There are few VMs without disk encryption.
So my question, with these steps, can I increase the Security Centre score by disabling the checks for this encryption control? and can my custom policy initiative override the existing Tenant Root Group policy?
- My initiative policy assignment is on a single subscription within the same root management tenant.
Thanks,
Upvotes: 0
Views: 654
Answers (1)
Reputation: 1
solution: changing default ASC recommendations can be done with high level permissions on the azure policies.
Upvotes: 0
Related Questions
- Policy change not reflecting immediately
- Deactivate advanced data security
- Resource was disallowed by policy
- Disable a Azure API Managment policy in the operation scope which is set in the product scope
- Can't delete Azure Policy assignment using Azure CLI
- Azure Custom Policy: Resource Must Not Have Unknown Tag - How?
- Azure Information Protection - Error: Policy is Missing
- Azure Policy Assignment - Exclude Resource Type(s)
- Azure policy deployment using visual studio
- Azure B2C disable Sign up of a SignUpAndSignIn policy