Create A Security Automation for a Recommendation

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Visualize

This template deploys an Azure Security Center Automation for a specific Azure Security Center's recommendation. Automation is an Azure Resource which triggers a Logic App.

Overview and deployed resources

This is an overview of the solution

The following resources are deployed as part of the solution

Microsoft.Logic Resource provider

The Microsoft.Logic Resource provider is used to create an empty triggerable Logic App.

  • Logic App: An Empty triggerable Logic App

Microsoft.Security Resource provider

The Microsoft.Security Resource provider (Azure Security Center) is where the Automation which will trigger the logic app will be created.

  • Automation: The Automation which will trigger the empty Logic App, upon receiving a specific Azure Security Center recommendation. In the example specified we have used the following recommendation (assessment) with the Guid : "4fb67663-9ab9-475d-b026-8c544cced439". This recommendation is for "Install endpoint protection solution on Linux virtual machines".

We found this Guid by using Azure Security Center assessment meta data API. The API is listed in:


Users need to be registered to both Microsoft.Logic and Microsoft.Security resource providers to run this.

Deployment steps

You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.


Solution notes

Tags: Security, Security Center, LogicApps, Automations, Microsoft.Security/automations, Microsoft.Logic/workflows, request, object, string