How to change policies in Security Center packages


Overview

This article describes actions that a customer must make to change policies (exemptions) included in the Security Center package. They must be enabled/disabled in separated exemptions because standard initiatives, assignments, and exemptions used by Sitecore might be changed or replaced at any time due to updates.

How to hide some recommendations provided in the Sitecore package

The recommendation is to use the "Azure Security Benchmark" initiative. To change the exemptions:

  1.  Open Policy Portal (Exemptions) to check if it has already been presented.
  2. Usually, it looks like "%Subscription name% - Sitecore Azure Security Benchmark". Potentially, it may have different names.
    Note: Don’t change the exemptions with the prefix "Sitecore exempt for". They are used for the Sitecore package.

  3. If the exemption is not presented, click it to open.
    Note: If you cannot find the exemption, open Policy Portal (Assigments) >> click "Sitecore Azure Security Benchmark" >> press "Create Exemption".

  4. Fill out the description: specify the author and the reason for creating an exemption.
  5. Switch to the Policies tab.
  6. Enable the required policies to exempt them and click "Review + Save", then "Save".
  7. The changes will be applied in 24-48 hours.

How to show some recommendations not provided in the Sitecore package

The recommendation is to use the "Azure Security Benchmark" initiative. To add an additional assignment and change its exemptions:

  1.  Open Policy Portal (Exemptions) to check if it has already been presented.
  2. Usually, it looks like "%Subscription name% - Azure Security Benchmark". Potentially, it might have different names.
    Note: Do not change the exemptions with the prefix "Sitecore exempt for", because it is used for the Sitecore package.

  3. If the exemption is not presented, click it to open.
    Note: If you cannot find the exemption, open Policy Portal (Assigments), then click "Assign Initiative ":
    • Initiative definition – "Azure Security Benchmark"
    • Assignment name – use proposed value
    • Policy enforcement – Disabled

  4. Click "Review + create", then "Create".
  5. Open the "Azure Security Benchmark" assignment and click "Create Exemption".
  6. Fill out the description: specify the author and the reason for creating an exemption.
  7. Switch to the Policies tab.
  8. Enable the policies to exempt them and click "Review + save", then "Save".
    Note: Put in exemptions everything you want to hide because Sitecore exemptions will NOT be applied to this assignment.
  9. The changes will be applied in 24-48 hours.