Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Check for Azure Advisor Recommendations

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Mixed (depending on recommendation's severity)
Rule ID: Advisor-001

Ensure that all Microsoft Azure Advisor recommendations (i.e. best practices) found within your Azure account are implemented in order to optimize your cloud deployments, increase security, and reduce costs. The Advisor service analyzes your Azure cloud configurations and resource usage telemetry to provide personalized and actionable recommendations that can help you optimize your cloud resources for security, reliability and high availability, operational excellence, performance efficiency, and cost.

The Azure Advisor recommendations are divided into five categories:

Security – implemented to detect threats and vulnerabilities that can lead to different types of security breaches.

Reliability – used to improve and maintain the reliability and continuity of your production and mission-critical applications.

Performance – implemented to improve the speed and load time of your cloud applications.

Operational Excellence – used to help you achieve workflow efficiency, improve resource manageability, and enforce deployment best practices.

Cost – implemented to optimize and reduce your overall Azure cloud spending.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security
Reliability
Performance
efficiency
Cost
optimisation
Operational
excellence

With Microsoft Azure Advisor service you can analyze your Azure cloud environment and get proactive, actionable, and personalized best practice recommendations, improve performance and reliability for your resources, close security gaps, and identify opportunities to reduce your Azure spending.

Note: For example, this conformity rule demonstrates how to examine and implement an Azure Advisor recommendation for reliability and high availability. The selected recommendation, named "Enable Soft Delete", endorses the use of Soft Delete feature for your Azure Storage accounts, in order to save and recover blob data after accidental overwrite or deletion.

Audit

To find and examine Advisor recommendations within your Azure account, perform the following operations:

Using Azure Portal

01 Sign in to Azure Management Portal.

02 Navigate to Azure Advisor blade at https://portal.azure.com/#blade/Microsoft_Azure_Expert/AdvisorMenuBlade.

03 In the navigation panel, click Overview to access the panel with the Advisor recommendations generated for your Azure cloud account.

04 On the Overview panel, select the subscription that you want to examine from the All subscriptions dropdown menu. Select All types and Active to display active recommendations for all the resource types available in the selected subscription.

05 Click on the name of the category that you want to access, and select the recommendation that you want to examine, available in that category.

06 Analyze the selected Azure Advisor recommendation by checking the following attributes:

  1. Description – a concise, yet readable description of the potential issue.
  2. General Information – the level of user impact after implementing the suggested remediation steps and the level of the implementation effort set for the recommended remediation/resolution process.
  3. Remediation steps – manual step-by-step instructions on how to implement the selected Azure Advisor recommendation in order to fix the potential issue.
  4. Affected resources – the identifier(s)/name(s) of the impacted Azure cloud resource(s).

07 Follow the instructions outlined at the previous step, available in the Remediation steps area, to implement the recommended fix (see Remediation/Resolution section).

08 Repeat steps no. 5 – 7 for each Advisor recommendation found within the selected Azure subscription.

09 Repeat steps no. 4 – 8 for each subscription available in your Microsoft Azure cloud account.

Using Azure CLI and PowerShell

01 Run account list command (Windows/macOS/Linux) using custom query filters to list the ID(s) of the cloud subscription(s) available within your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
  "abcdabcd-1234-abcd-1234-abcdabcdabcd",
  "abcd1234-abcd-1234-abcd-abcd1234abcd",
]

03 Run advisor recommendation list command (Windows/macOS/Linux) using the ID of the Azure cloud subscription that you want to examine as identifier parameter, to describe each Microsoft Azure Advisor recommendation generated for the selected subscription. Include the --refresh parameter to retrieve the latest recommendations available: 

az advisor recommendation list
	--subscription "abcdabcd-1234-abcd-1234-abcdabcdabcd"
	--refresh

04 The command output should return the requested recommendation information in JSON format: 

[
  {
    "category": "HighAvailability",
    "extendedProperties": {
      "assessmentKey": "abcd1234-abcd-1234-abcd-abcd1234abcd",
      "score": "50"
    },
    "id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Advisor/recommendations/abcdabcd-abcd-abcd-abcd-abcdabcdabcd",
    "impact": "High",
    "impactedField": "Microsoft.Subscriptions/subscriptions",
    "impactedValue": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
    "lastUpdated": "2020-06-02T15:10:46.164346+00:00",
    "metadata": null,
    "name": "abcdabcd-abcd-abcd-abcd-abcdabcdabcd",
    "recommendationTypeId": "abcd1234-abcd-1234-abcd-abcd1234abcd",
    "risk": null,
    "shortDescription": {
      "problem": "Enable Soft Delete",
      "solution": "Use soft delete on your Azure Storage Account to save and recover data after accidental overwrite or deletion"
    },
    "suppressionIds": null,
    "type": "Microsoft.Advisor/recommendations"
  },

  ..

  {
    "category": "Security",
    "extendedProperties": {
      "assessmentKey": "abcd1234-1234-1234-1234-abcd1234abcd",
      "score": "50"
    },
    "id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/providers/Microsoft.Advisor/recommendations/abcdabcd-abcd-abcd-abcd-abcdabcdabcd",
    "impact": "High",
    "impactedField": "Microsoft.Subscriptions/subscriptions",
    "impactedValue": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
    "lastUpdated": "2020-06-02T15:10:46.164346+00:00",
    "metadata": null,
    "name": "abcdabcd-abcd-abcd-abcd-abcdabcdabcd",
    "recommendationTypeId": "abcd1234-1234-1234-1234-abcd1234abcd",
    "risk": null,
    "shortDescription": {
      "problem": "MFA should be enabled on accounts with owner permissions on your subscription",
      "solution": "MFA should be enabled on accounts with owner permissions on your subscription"
    },
    "suppressionIds": null,
    "type": "Microsoft.Advisor/recommendations"
  }
]

05 Analyze the information returned for the selected Azure Advisor recommendation, by checking the following attributes:

  1. "shortDescription" – a concise description of the potential issue and the summary of the solution used to implement the selected Azure Advisor recommendation.
  2. "category" – the recommendation category (i.e. Security, HighAvailability, Performance, OperationalExcellence and Cost).
  3. "impact" – the severity level of the selected recommendation.
  4. "impactedField" – the type of the impacted Azure cloud resource.
  5. "impactedValue" – the identifier/name of the impacted Azure resource.

06 Based on the information found at the previous steps, follow the instructions outlined in the Remediation/Resolution section to implement the recommended fix.

07 Repeat step no. 3 – 6 for each Advisor recommendation available in the selected Azure subscription.

08 Repeat steps no. 3 – 7 for each subscription created within your Microsoft Azure cloud account.

Remediation / Resolution

To implement the selected Microsoft Azure Advisor recommendation (i.e. enable Soft Delete feature to save and recover blob data after accidental overwrite or deletion), perform the following operations:

Using Azure Portal

01 Sign in to Azure Management Portal.

02 Navigate to Azure Storage accounts blade at https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Storage%2FStorageAccounts.

03 On the Storage accounts page, select the Azure subscription that you want to access from the Subscription filter box.

04 Click on the name of the Azure Storage account that you want to reconfigure.

05 In the navigation panel, under Blob service, click Data Protection to access the Soft Delete feature configuration settings.

06 On the Data Protection page, perform the following operations:

  1. Select Enabled under Blob soft delete to enable the Soft Delete data protection feature for the selected storage account.
  2. For the Retention policies, enter the optimal data retention period in the Retain for (days) box. The retention period represents the amount of time that soft deleted data is stored and available for recovery.
  3. Click Save to apply the configuration changes. Once the selected recommendation is successfully implemented, it can take up to a day for the Microsoft Azure Advisor service to recognize it.

07 If required, repeat steps no. 4 – 6 to implement the specified Advisor recommendation for other storage accounts available in the selected Azure subscription.

08 Repeat steps no. 3 – 7 for each subscription created within your Microsoft Azure cloud account.

Using Azure CLI and PowerShell

01 Run storage account list command (Windows/macOS/Linux) using custom query filters to describe the identifier of each storage account available in the selected Azure subscription: 

az storage account list
	--subscription "abcdabcd-1234-abcd-1234-abcdabcdabcd"
	--query '[*].name'

02 The command output should return the requested storage account names: 

[
  "abcd1234abcd1234abcd1234",
  "abcdabcdabcd123412341234"
]

03 Run storage blob service-properties delete-policy update command (Windows/macOS/Linux) using the name of the storage account that you want to reconfigure as identifier parameter, to enable the Soft Delete feature for the selected Azure Storage account and configure it to retain soft deleted data for a sufficient number of days (in this case 30 days): 

az storage blob service-properties delete-policy update
	--account-name abcd1234abcd1234abcd1234
	--enable true
	--days-retained 30

04 The command output should return the configuration metadata for the storage blob service-properties delete-policy update command request: 

{
  "enabled": true,
  "days": 30
}

05 If required, repeat step no. 3 and 4 to implement the specified Advisor recommendation for other storage accounts created for the selected Azure subscription.

06 Repeat steps no. 1 – 5 for each subscription available in your Microsoft Azure cloud account.

References

Publication date Jul 29, 2020

Related Advisor rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Check for Azure Advisor Recommendations

Risk Level: