Skip to Content

AZ-500: How Do You Change the Default Security Policy in Azure’s Free Tier?

By: Author Alex Lim

Posted on

Categories AZ-500

Home » Exam » AZ-500 » AZ-500: How Do You Change the Default Security Policy in Azure’s Free Tier?

Can You Disable Policy Checks in the Azure Security Center Free Tier?

Get a detailed answer for the AZ-500 exam on whether you can change the default policy and disable checks in the Azure Security Center free tier. Learn how Azure Policy controls security recommendations.

Question

The Free tier of Azure Security Center (ASC) allows you to change the default policy to disable checks that you wish to ignore.

A. FALSE
B. TRUE

Answer

B. TRUE

Explanation

The free tier of ASC does identify configurations that deviate from best practices for network resources, as well as storage, compute, and other services.

The statement is true because the security recommendations provided by the free tier of Microsoft Defender for Cloud (formerly Azure Security Center) are directly governed by Azure Policy. The free tier includes foundational Cloud Security Posture Management (CSPM), which assesses your resources against security best practices defined in the Azure Security Benchmark. This benchmark is implemented as a default Azure Policy initiative assigned to your subscriptions.

You have the ability to modify this policy assignment to align with your organization’s specific security requirements. To disable a particular security check or recommendation, you can perform the following actions:

  1. Navigate to the Azure Policy service in the Azure portal.
  2. Locate the policy initiative assigned by Defender for Cloud, which is typically the Azure Security Benchmark.
  3. Edit the assignment and find the specific policy that corresponds to the recommendation you wish to disable.
  4. Change the effect of that policy to “Disabled.”

Once a policy is disabled, Azure no longer evaluates your resources against that specific rule. Consequently, the corresponding recommendation will not be generated and will not appear in the Defender for Cloud recommendations list for the scope of that policy assignment. This capability to edit policy assignments is a fundamental feature of Azure Policy and is not restricted by the Defender for Cloud pricing tier, making it available in the free tier.

Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.