Azure – You can now define automation workflow on Azure Security Center (preview)

By now you should already know Azure Security Center (ASC), the unified one-stop shop security management for Azure, providing you details about your security posture and potential improvements.

Well, you can now define automation workflow (in preview) to automate actions based on detection alerts or security center recommendations.

Automation workflow uses Logic App to execute actions you will define so the potential activities are endless Smile

To start using it, logon to your Azure portal ( and reach out the Security Center blade


Then access the Workflow automation blade available in the Overview section


Then you can create (or edit existing automation flow once you have created some) workflow automation


When creating an automation workflow you define:

  • A name
  • The subscription with which it will be associated
  • A resource group where the automation workflow will be saved
  • The trigger conditions:
    • either Threat detection alerts or security center recommendations as data types
    • the value to trigger the action; either text if using threat detections or recommendations type when using the ASC recommendations
  • the action, which is the logic app; if you don’t have yet created logic app, you will be able to do so from the automation wizard


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies