Skip to content

Commit

Permalink
Review changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aboli-msft
Aboli-msft committed Jan 22, 2023
1 parent 7c4e17c commit 72c7d55
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 5 deletions.
9 changes: 5 additions & 4 deletions 04-Addressing control failure/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
> The Azure Tenant Security Solution (AzTS) was created by the Core Services Engineering & Operations (CSEO) division at Microsoft, to help accelerate Microsoft IT's adoption of Azure. We have shared AzTS and its documentation with the community to provide guidance for rapidly scanning, deploying and operationalizing cloud resources, across the different stages of DevOps, while maintaining controls on security and governance.
<br>AzTS is not an official Microsoft product – rather an attempt to share Microsoft CSEO's best practices with the community.
<br>
# Addressing control failure

## On this page:
Expand All @@ -9,17 +10,17 @@

## Overview

The AzTS solution provides a UI-based tool that can be used by dev-engineers to perform on-demand scans to verify fixes sooner, check reasons for control failures and view the latest scan results. This tool leverages your current subscription permissions to show you subscriptions that you have the ability to request scans for.
The AzTS solution provides a UI-based tool that can be used by dev-engineers to perform on-demand scans to verify fixes sooner, check reasons for control failures and view the latest scan results. This tool leverages your current subscription permissions to show you subscriptions for which you are authorized to request scan.

To check reason about control failure, you can refer Status Reason column in AzTS UI.
![StatusReason](../Images/04_AddressingControlFailure_StausReason.png)

Based on Status reason, you can update resource configurations to remediate control faiures.
If you want to refer control logic details, please refer control spcs [here](../Control%20coverage/README.md/#azure-services-supported-by-azts). You can find details about Paased, Failed or other status reasons and recommendations(Azure portal based or PowerShell based) from here. Please follow recommendation steps to remediate failing controls.
Based on Status reason, you can update resource configurations to remediate control failures.
If you want to refer control logic details, please refer control specs [here](../Control%20coverage/README.md/#azure-services-supported-by-azts). You can find details about Passed, Failed or other status reasons and recommendations(Azure portal based or PowerShell based) from the same link. Please follow recommendation steps to remediate failing controls.

There are below options available to remediate resources in bulk:
1. PowerShell based bulk remediation scripts:
Please refer more details [here](../Scripts/RemediationScripts/Readme.md/#overview).

2. Remediation by downloading scripts using AzTS UI:
You can download remediation scripts specific to failing resources and controls and run later.More details can be found [here](/04-Addressing%20control%20failure/RemediationThroughScriptsUsingUI.md/#autoremediation).
You can download remediation scripts specific to failing resources and controls and run later. More details can be found [here](/04-Addressing%20control%20failure/RemediationThroughScriptsUsingUI.md/#autoremediation).
8 changes: 7 additions & 1 deletion 04-Addressing control failure/RemediationThroughScriptsUsingUI.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
> The Azure Tenant Security Solution (AzTS) was created by the Core Services Engineering & Operations (CSEO) division at Microsoft, to help accelerate Microsoft IT's adoption of Azure. We have shared AzTS and its documentation with the community to provide guidance for rapidly scanning, deploying and operationalizing cloud resources, across the different stages of DevOps, while maintaining controls on security and governance.
<br>AzTS is not an official Microsoft product – rather an attempt to share Microsoft CSEO's best practices with the community.
<br>
# AutoRemediation
This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned below:
This feature is not enabled by default. Default AzTS UI with AutoRemediation feature off :

![UIWithAutoRediationDisabled](../Images/04_DefaultUIWithAutoRemediationDisabled.png)

If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned below:

- Open the [Azure portal](https://portal.azure.com/).
- Navigate to AzTS host subscription -> AzTS host resource group.
Expand All @@ -15,6 +20,7 @@ This feature is not enabled by default. If you have not enabled this feature in
- Add **true** as the value of the appsetting.
- Add **UIConfigurations__RemediationFeatureConfiguration__IsEnabled** as the Name of the appsetting.
- Add **true** as the value of the appsetting.
![AddConfig](../Images/04_AddCofigForAutoRemediation.png)

Save these settings. This will restart AzTS API app service.
Next time, when you open AzTS UI, you will see Remediation Mode as a toggle.
Expand Down
Binary file added Images/04_AddCofigForAutoRemediation.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Images/04_AddressingControlFailure_StausReason.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Images/04_DefaultUIWithAutoRemediationDisabled.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 72c7d55

Please sign in to comment.