Azurecloud~5 mins

Security recommendations and score in Azure - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Security recommendations and score help you find and fix security problems in your cloud resources. They show how safe your setup is and suggest ways to improve it.

When you want to check if your cloud resources follow security best practices.

When you need to find weak spots in your Azure environment before attackers do.

When you want to improve your security by following clear, actionable advice.

When you want to track your security progress over time with a score.

When you need to report security status to your team or manager.

Commands

This command lists all security assessments for your Azure subscriptions, showing their names, current status, and the resource they apply to. It helps you see what security checks are active.

Terminal

az security assessment list --query '[].{Name:name, Status:status.code, Resource:resourceDetails.id}'

Expected OutputExpected

[{"Name":"Enable MFA on accounts","Status":"Healthy","Resource":"/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM"},{"Name":"Use secure transfer for storage accounts","Status":"Unhealthy","Resource":"/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorage"}]

→

--query - Filters and formats the output to show only important fields.

This command shows compliance assessments, which check if your resources meet specific security standards. It helps you understand your compliance status.

Terminal

az security regulatory-compliance-assessment list --query '[].{Name:name, Status:status.code}'

Expected OutputExpected

[{"Name":"PCI DSS 3.2.1","Status":"Passed"},{"Name":"ISO 27001","Status":"Failed"}]

→

--query - Simplifies output to show only the name and status of each compliance assessment.

This command displays your current security score, which is a number showing how well your Azure environment follows security best practices.

Terminal

az security score show

Expected OutputExpected

{"score":75,"maxScore":100,"percentage":75,"categoryScores":[{"categoryName":"Identity","score":80},{"categoryName":"Data","score":70},{"categoryName":"Network","score":75}]}

Key Concept

If you remember nothing else from this pattern, remember: security recommendations show what to fix, and the security score shows how safe your cloud is overall.

Common Mistakes

Ignoring the security recommendations and not acting on them.

This leaves your cloud resources vulnerable to attacks and compliance failures.

Regularly review and fix the recommendations to improve your security score.

Running commands without specifying the right subscription or permissions.

You might see no results or incomplete data, missing important security issues.

Make sure you are logged in with the right account and have selected the correct subscription using 'az account set --subscription <subscription-id>'.

Summary

Use 'az security assessment list' to see current security checks and their status.

Use 'az security regulatory-compliance-assessment list' to check compliance with standards.

Use 'az security score show' to get an overall security score for your Azure environment.