Azure Security Benchmark
Solution: AzureSecurityBenchmark
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.3 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-06-17 |
| Last Updated | 2026-04-14 |
| Solution Folder | AzureSecurityBenchmark |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (92%) |
The Azure Security Benchmark v3 Solution is designed to enable Cloud Architects, Security Engineers, and Governance Risk Compliance Professionals to gain situational awareness for cloud security posture and hardening. Benchmark recommendations provide a starting point for selecting specific security configuration settings and facilitate risk reduction. The Azure Security Benchmark includes a collection of high-impact security recommendations for improving posture. This workbook provides visibility and situational awareness for security capabilities delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 18 table(s) from its content items:
| Table | Used By Content |
|---|---|
AADManagedIdentitySignInLogs |
Workbooks |
AADNonInteractiveUserSignInLogs |
Workbooks |
AADServicePrincipalSignInLogs |
Workbooks |
AADUserRiskEvents |
Workbooks |
AuditLogs |
Workbooks |
AzureActivity |
Workbooks |
AzureDevOpsAuditing |
Workbooks |
AzureDiagnostics |
Workbooks |
Event |
Workbooks |
GitHubAuditLogPolling_CL |
Workbooks |
InformationProtectionLogs_CL |
Workbooks |
ProtectionStatus |
Workbooks |
SecurityBaseline |
Workbooks |
SecurityEvent |
Workbooks |
SecurityNestedRecommendation |
Workbooks |
SecurityRecommendation |
Analytics |
SecurityRegulatoryCompliance |
Analytics, Workbooks |
SigninLogs |
Workbooks |
Internal Tables
The following 4 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
BehaviorAnalytics |
Workbooks |
IdentityInfo |
Workbooks |
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
Content Items
This solution includes 5 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 3 |
| Analytic Rules | 1 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Azure Security Benchmark Posture Changed | Medium | Discovery | SecurityRecommendationSecurityRegulatoryCompliance |
Workbooks
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Create Jira Issue | This playbook will open a Jira Issue when a new incident is opened in Microsoft Sentinel. | - |
| Create-AzureDevOpsTask | This playbook will create the Azure DevOps task filled with the Microsoft Sentinel incident details. | - |
| Notify-GovernanceComplianceTeam | This Security Orchestration, Automation, & Response (SOAR) capability is designed for configuration ... | - |
Additional Documentation
📄 Source: AzureSecurityBenchmark/README.md
Overview
Microsoft Sentinel: Azure Security Benchmark Solution
The Azure Security Benchmark v3 Solution is designed to enable Cloud Architects, Security Engineers, and Governance Risk Compliance Professionals to gain situational awareness for cloud security posture and hardening. Benchmark recommendations provide a starting point for selecting specific security configuration settings and facilitate risk reduction. The Azure Security Benchmark includes a collection of high-impact security recommendations for improving posture. This workbook provides visibility and situational awareness for security capabilities delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation.
Try on Portal
You can deploy the workbook by clicking on the buttons below:
Getting Started
[Content truncated...]
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.4 | 13-04-2026 | Updated Azure Security Benchmark label and queries. |
| 3.0.3 | 10-09-2025 | Removed the network map from the workbook. |
| 3.0.2 | 12-04-2024 | Updated Entity Mappings |
| 3.0.1 | 24-01-2023 | Updated the solution to fix Analytic Rules deployment issue |
| 3.0.0 | 28-11-2023 | Changes for rebranding from Azure Active Directory to Microsoft Entra ID & MS 365 Defender to MS Defender XDR |
| 3.0.0 | 28-11-2023 | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID & MS 365 Defender to MS Defender XDR |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊