Security initiative assignment not properly shown in portal for management groups and subscriptions

Goor, Mark van 1 Reputation point
2020-12-09T14:53:03.78+00:00

Hi, I have been struggling with assigning the security initiative to management group level. There seems to be an issue in the portal on the security center.
By default, we have the ASC initiative assigned to all subscriptions. I added the initiative in the portal through policies to a management group above the subscription level. When then looking in the portal, on the subscription level it is shown as 'assigned (2)' (security center -> security policy). Then I deleted the individual assignments on through azure policies (in the portal). When checking the individual subscriptions on initiative assignments, I can see that the ASC-defaults have been removed and only the initiative exists on the management group level. However, in the Security Center -> Security Policy part it still keeps at 'assigned (2)', where it should show as 'assigned (inherited)'. I also double checked using powershell, and found no ASC-assignment on the subscription level.
Any suggestions on how to resolve this?

Thanks,
Mark

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
828 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,262 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Goor, Mark van 1 Reputation point
    2020-12-14T11:15:58.36+00:00

    Hi,

    Thanks for picking this up! I can actually tell you that the issue has resolved itself (or someone changed something on the background of Azure). I can now see the proper assignments, after leaving the assignments rest for about a week.

    FYI what I did and for visibility the issue I was seeeing:
    I followed the generic available information on applying the Azure Security Center policies.
    Specifically this is described in:
    https://techcommunity.microsoft.com/t5/azure-security-center/centralized-policy-management-in-azure-security-center-using/ba-p/1276331
    More generic: https://learn.microsoft.com/en-us/azure/security-center/onboard-management-group

    See the attached screenprints: this is how the applied polices/initiatives showed in the Azure Security Center
    47962-image.png

    You can close this item now as it is resolved. But may be good to verify this in a more broad way.
    Best regards,
    Mark