Microsoft Azure Security Technologies (AZ-500)

Which action is required to create custom alert rules in Azure Security Center after creating an Azure subscription?

• A. You should create an Azure Log Analytics workspace.
• B. You should create a DLP policy.
• C. You should make sure that Azure AD Identity Protection is removed.
• D. You should make sure that Security Center has the necessary tier configured.

The correct answer is: You should make sure that Azure AD Identity Protection is removed.

Creating custom alert rules in Azure Security Center primarily involves setting up the right environment to analyze and respond to security threats effectively. The action necessary for this process is to ensure that Security Center has the appropriate tier configured. Azure Security Center operates in different tiers, namely Free and Standard, with the Standard tier providing enhanced capabilities, including advanced threat protection, the ability to create custom alert rules, and additional security management features. To set up custom alert rules, users must upgrade to the Standard tier because custom rules are not available in the Free tier. This tier provides greater functionality to monitor and respond to security incidents, making it essential for organizations seeking to implement tailored security measures in Azure. While creating an Azure Log Analytics workspace can enhance data exploration and analysis, particularly when it comes to querying logs and analytics data, it is not a direct requirement for creating custom alert rules in Azure Security Center itself. Similarly, DLP policies and the management of Azure AD Identity Protection do not pertain to the creation of custom alert rules within the context of Azure Security Center's operational capabilities.