Az.Security

Microsoft Azure PowerShell: Security cmdlets

Security

Add-AzSecurityAdaptiveNetworkHardening

Enforces the given rules on the NSG(s) listed in the request

Add-AzSecuritySqlVulnerabilityAssessmentBaseline

Add SQL vulnerability assessment baseline.

Confirm-AzSecurityAutomation

Validates the security automation model before create or update. Any validation errors are returned to the client

Disable-AzIotSecurityAnalyticsAggregatedAlert

Dismiss Iot aggregated alert

Disable-AzSecurityAdvancedThreatProtection

Disables the advanced threat protection policy for a storage / cosmosDB account.

Enable-AzSecurityAdvancedThreatProtection

Enables the advanced threat protection policy for a storage / cosmosDB account.

Get-AzAlertsSuppressionRule

Gets alerts suppression rules.

Get-AzAllowedConnection

Used to display allowed traffic between resources for the subscription

Get-AzDeviceSecurityGroup

Get device security group (IoT Hub security)

Get-AzDiscoveredSecuritySolution

Gets security solutions that were discovered by Azure Security Center

Get-AzExternalSecuritySolution

Get external security solution

Get-AzIotSecurityAnalytics

Get IoT security analytics

Get-AzIotSecurityAnalyticsAggregatedAlert

Get IoT security aggregated alert

Get-AzIotSecurityAnalyticsAggregatedRecommendation

Get IoT security aggregated recommendation

Get-AzIotSecuritySolution

Get IoT security solution

Get-AzJitNetworkAccessPolicy

Gets the JIT network access policies

Get-AzRegulatoryComplianceAssessment

Gets regulatory compliance assessments

Get-AzRegulatoryComplianceControl

Gets regulatory compliance controls

Get-AzRegulatoryComplianceStandard

Gets regulatory compliance standards

Get-AzSecurityAdaptiveApplicationControl

Gets a list of application control VM/server groups for the subscription.

Get-AzSecurityAdaptiveApplicationControlGroup

Gets an application control VM/server group.

Get-AzSecurityAdaptiveNetworkHardening

Gets a list of Adaptive Network Hardenings resources in scope of an extended resource.

Get-AzSecurityAdvancedThreatProtection

Gets the advanced threat protection policy for a storage / cosmosDB account.

Get-AzSecurityAlert

Gets security alerts that were detected by Azure Security Center

Get-AzSecurityApiCollection

Gets an Azure API Management API if it has been onboarded to Microsoft Defender for APIs. If an Azure API Management API is onboarded to Microsoft Defender for APIs, the system will monitor the operations within the Azure API Management API for intrusive behaviors and provide alerts for attacks that have been detected.

Get-AzSecurityAssessment

Gets security assessments and their results on a subscription

Get-AzSecurityAssessmentMetadata

Gets security assessments types and metadta in a subscription.

Get-AzSecurityAutomation

Gets security automations

Get-AzSecurityAutoProvisioningSetting

Gets the security automatic provisioning settings

Get-AzSecurityCompliance

Get the security compliance of a subscription over time

Get-AzSecurityConnector

Retrieves details of a specific security connector

Get-AzSecurityConnectorAzureDevOpsOrg

Returns a monitored Azure DevOps organization resource.

Get-AzSecurityConnectorAzureDevOpsOrgAvailable

Returns a list of all Azure DevOps organizations accessible by the user token consumed by the connector.

Get-AzSecurityConnectorAzureDevOpsProject

Returns a monitored Azure DevOps project resource.

Get-AzSecurityConnectorAzureDevOpsRepo

Returns a monitored Azure DevOps repository resource.

Get-AzSecurityConnectorDevOpsConfiguration

Gets a DevOps Configuration.

Get-AzSecurityConnectorGitHubOwner

Returns a monitored GitHub owner.

Get-AzSecurityConnectorGitHubOwnerAvailable

Returns a list of all GitHub owners accessible by the user token consumed by the connector.

Get-AzSecurityConnectorGitHubRepo

Returns a monitored GitHub repository.

Get-AzSecurityConnectorGitLabGroup

Returns a monitored GitLab Group resource for a given fully-qualified name.

Get-AzSecurityConnectorGitLabGroupAvailable

Returns a list of all GitLab groups accessible by the user token consumed by the connector.

Get-AzSecurityConnectorGitLabProject

Returns a monitored GitLab Project resource for a given fully-qualified group name and project name.

Get-AzSecurityConnectorGitLabSubgroup

Gets nested subgroups of given GitLab Group which are onboarded to the connector.

Get-AzSecurityContact

Gets security contacts that were configured on this subscription

Get-AzSecurityDefenderForStorage

Gets the Defender for Storage settings for the specified storage account.

Get-AzSecurityLocation

Gets the location where Azure Security Center will automatically save data for the specific subscription

Get-AzSecurityPricing

Gets the Azure Defender plans for a subscription in Azure Security Center.

Get-AzSecuritySecureScore

Gets security secure scores and their results on a subscription

Get-AzSecuritySecureScoreControl

Gets security secure score controls and their results on a subscription

Get-AzSecuritySecureScoreControlDefinition

Gets security secure score control definitions on a subscription

Get-AzSecuritySetting

Get security settings in Azure Security Center

Get-AzSecuritySolution

Get Security Solutions

Get-AzSecuritySolutionsReferenceData

Get Security Solutions Reference Data

Get-AzSecuritySqlVulnerabilityAssessmentBaseline

Get SQL vulnerability assessment baseline.

Get-AzSecuritySqlVulnerabilityAssessmentScanRecord

Gets SQL vulnerability assessment scan summary.

Get-AzSecuritySqlVulnerabilityAssessmentScanResult

Gets SQL vulnerability assessment scan results.

Get-AzSecuritySubAssessment

Gets sub assessments results in a subscription.

Get-AzSecurityTask

Gets the security tasks that Azure Security Center recommends you to do in order to strengthen your security posture.

Get-AzSecurityTopology

Gets a list of Security Topologies on a subscription

Get-AzSecurityWorkspaceSetting

Gets the configured security workspace settings on a subscription.

Get-AzSqlInformationProtectionPolicy

Retrieves the effective tenant SQL information protection policy.

Invoke-AzSecurityApiCollectionApimOffboard

Offboard an Azure API Management API from Microsoft Defender for APIs. The system will stop monitoring the operations within the Azure API Management API for intrusive behaviors.

Invoke-AzSecurityApiCollectionApimOnboard

Onboard an Azure API Management API to Microsoft Defender for APIs. The system will start monitoring the operations within the Azure Management API for intrusive behaviors and provide alerts for attacks that have been detected.

New-AzAlertsSuppressionRuleScope

Helper cmdlet to create PSIScopeElement.

New-AzDeviceSecurityGroupAllowlistCustomAlertRuleObject

Create new allow list custom alert rule for device security group (IoT Security)

New-AzDeviceSecurityGroupDenylistCustomAlertRuleObject

Create new deny list custom alert rule for device security group (IoT Security)

New-AzDeviceSecurityGroupThresholdCustomAlertRuleObject

Create new threshold custom alert rule for device security group (IoT Security)

New-AzDeviceSecurityGroupTimeWindowRuleObject

Create new time window rule for device security group (IoT Security)

New-AzIotSecuritySolutionRecommendationConfigurationObject

Create new recommendation configuration for iot security solution

New-AzIotSecuritySolutionUserDefinedResourcesObject

Create new user defined resources for iot security solution

New-AzSecurityAutomation

Creates new security automation

New-AzSecurityAutomationActionObject

Creates new security automation action object

New-AzSecurityAutomationRuleObject

Creates security automation rule object

New-AzSecurityAutomationRuleSetObject

Creates security automation rule set object

New-AzSecurityAutomationScopeObject

Creates security automation scope object

New-AzSecurityAutomationSourceObject

Creates security automation source object

New-AzSecurityAwsEnvironmentObject

Create an in-memory object for AwsEnvironment.

New-AzSecurityAwsOrganizationalDataMasterObject

Create an in-memory object for AwsOrganizationalDataMaster.

New-AzSecurityAwsOrganizationalDataMemberObject

Create an in-memory object for AwsOrganizationalDataMember.

New-AzSecurityAzureDevOpsScopeEnvironmentObject

Create an in-memory object for AzureDevOpsScopeEnvironment.

New-AzSecurityConnector

Create a security connector. If a security connector is already created and a subsequent request is issued for the same security connector id, then it will be updated.

New-AzSecurityConnectorActionableRemediationObject

Create an in-memory object for ActionableRemediation.

New-AzSecurityConnectorDevOpsConfiguration

Create a DevOps Configuration.

New-AzSecurityCspmMonitorAwsOfferingObject

Create an in-memory object for CspmMonitorAwsOffering.

New-AzSecurityCspmMonitorAzureDevOpsOfferingObject

Create an in-memory object for CspmMonitorAzureDevOpsOffering.

New-AzSecurityCspmMonitorGcpOfferingObject

Create an in-memory object for CspmMonitorGcpOffering.

New-AzSecurityCspmMonitorGithubOfferingObject

Create an in-memory object for CspmMonitorGithubOffering.

New-AzSecurityCspmMonitorGitLabOfferingObject

Create an in-memory object for CspmMonitorGitLabOffering.

New-AzSecurityDefenderCspmAwsOfferingObject

Create an in-memory object for DefenderCspmAwsOffering.

New-AzSecurityDefenderCspmGcpOfferingObject

Create an in-memory object for DefenderCspmGcpOffering.

New-AzSecurityDefenderForContainersAwsOfferingObject

Create an in-memory object for DefenderForContainersAwsOffering.

New-AzSecurityDefenderForContainersGcpOfferingObject

Create an in-memory object for DefenderForContainersGcpOffering.

New-AzSecurityDefenderForDatabasesAwsOfferingObject

Create an in-memory object for DefenderForDatabasesAwsOffering.

New-AzSecurityDefenderForDatabasesGcpOfferingObject

Create an in-memory object for DefenderForDatabasesGcpOffering.

New-AzSecurityDefenderForServersAwsOfferingObject

Create an in-memory object for DefenderForServersAwsOffering.

New-AzSecurityDefenderForServersGcpOfferingObject

Create an in-memory object for DefenderForServersGcpOffering.

New-AzSecurityGcpOrganizationalDataMemberObject

Create an in-memory object for GcpOrganizationalDataMember.

New-AzSecurityGcpOrganizationalDataOrganizationObject

Create an in-memory object for GcpOrganizationalDataOrganization.

New-AzSecurityGcpProjectEnvironmentObject

Create an in-memory object for GcpProjectEnvironment.

New-AzSecurityGitHubScopeEnvironmentObject

Create an in-memory object for GitHubScopeEnvironment.

New-AzSecurityGitLabScopeEnvironmentObject

Create an in-memory object for GitLabScopeEnvironment.

New-AzSecurityInformationProtectionAwsOfferingObject

Create an in-memory object for InformationProtectionAwsOffering.

Remove-AzAlertsSuppressionRule

Deletes an alerts suppression rule.

Remove-AzDeviceSecurityGroup

Delete device security group

Remove-AzIotSecuritySolution

Delete IoT security solution

Remove-AzJitNetworkAccessPolicy

Deletes a JIT network access policy.

Remove-AzSecurityAssessment

Deletes a security assessment result from a subscription.

Remove-AzSecurityAssessmentMetadata

Deletes a security assessment metadata from a subscription.

Remove-AzSecurityAutomation

Deletes security automation

Remove-AzSecurityConnector

Deletes a security connector.

Remove-AzSecurityConnectorDevOpsConfiguration

Deletes a DevOps Connector.

Remove-AzSecurityContact

Deletes a security contact.

Remove-AzSecuritySqlVulnerabilityAssessmentBaseline

Removes SQL vulnerability assessment baseline.

Remove-AzSecurityWorkspaceSetting

Deletes the security workspace setting for this subscription.

Set-AzAlertsSuppressionRule

Create or update an alerts suppression rule.

Set-AzDeviceSecurityGroup

Create or update device security group

Set-AzIotSecuritySolution

Create or update IoT security solution

Set-AzJitNetworkAccessPolicy

Updates JIT network access policy.

Set-AzSecurityAlert

Updates a security alert state.

Set-AzSecurityAssessment

Create or update a security assessment result on a resource

Set-AzSecurityAssessmentMetadata

Creates or updates a security assessment type.

Set-AzSecurityAutoProvisioningSetting

Updates automatic provisioning setting

Set-AzSecurityContact

Updates a security contact for a subscription.

Set-AzSecurityPricing

Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud.

Note

For CloudPosture (Defender Cloud Security Posture Management), the agentless extensions will not be enabled when using this command. To enable extensions, please use the Azure Policy definition or scripts in the Microsoft Defender for Cloud Community Repository.

Set-AzSecuritySetting

Update a security setting in Azure Security Center

Set-AzSecuritySqlVulnerabilityAssessmentBaseline

Sets new SQL vulnerability assessment baseline on a specific database discards old baseline if any exists.

Set-AzSecurityWorkspaceSetting

Updates the workspace settings for the subscription.

Set-AzSqlInformationProtectionPolicy

Sets the effective tenant SQL information protection policy.

Start-AzJitNetworkAccessPolicy

Invokes a temporary network access request.

Update-AzIotSecuritySolution

Update one or more of the following properties in IoT security solution: tags, recommendation configuration, user defined resources

Update-AzSecurityConnector

Update a security connector

Update-AzSecurityConnectorAzureDevOpsOrg

Update monitored Azure DevOps organization details.

Update-AzSecurityConnectorAzureDevOpsProject

Update a monitored Azure DevOps project resource.

Update-AzSecurityConnectorAzureDevOpsRepo

Update a monitored Azure DevOps repository resource.

Update-AzSecurityConnectorDevOpsConfiguration

Update a DevOps Configuration.

Update-AzSecurityDefenderForStorage

Update the Defender for Storage settings on a specified storage account.