Azure Security Cmdlets Reference

The Azure Security PowerShell module (az.security) has 87 cmdlets for Azure Security Center. Allows managing and monitoring the security posture of your resources.

For networking cmdlets, see Azure Powershell: Networking Cmdlets Reference.
(Updated 12/07/2022)

Cmdlet	Description
Get-AzAlertsSuppressionRule	Gets alerts suppression rules.
Remove-AzAlertsSuppressionRule	Deletes an alerts suppression rule.
Set-AzAlertsSuppressionRule	Create or update an alerts suppression rule.
New-AzAlertsSuppressionRuleScope	Helper cmdlet to create PSIScopeElement.
Get-AzAllowedConnection	Used to display allowed traffic between resources for the subscription
Get-AzDeviceSecurityGroup	Get device security group (IoT Hub security)
Remove-AzDeviceSecurityGroup	Delete device security group
Set-AzDeviceSecurityGroup	Create or update device security group
New-AzDeviceSecurityGroupAllowlistCustomAlertRuleObject	Create new allow list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupDenylistCustomAlertRuleObject	Create new deny list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupThresholdCustomAlertRuleObject	Create new threshold custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupTimeWindowRuleObject	Create new time window rule for device security group (IoT Security)
Get-AzDiscoveredSecuritySolution	Gets security solutions that were discovered by Azure Security Center
Get-AzExternalSecuritySolution	Get external security solution
Get-AzIotSecurityAnalytics	Get IoT security analytics
Disable-AzIotSecurityAnalyticsAggregatedAlert	Dismiss Iot aggregated alert
Get-AzIotSecurityAnalyticsAggregatedAlert	Get IoT security aggregated alert
Get-AzIotSecurityAnalyticsAggregatedRecommendation	Get IoT security aggregated recommendation
Get-AzIotSecuritySolution	Get IoT security solution
Remove-AzIotSecuritySolution	Delete IoT security solution
Set-AzIotSecuritySolution	Create or update IoT security solution
Update-AzIotSecuritySolution	Update one or more of the following properties in IoT security solution: tags, recommendation configuration, user defined resources
New-AzIotSecuritySolutionRecommendationConfigurationObject	Create new recommendation configuration for iot security solution
New-AzIotSecuritySolutionUserDefinedResourcesObject	Create new user defined resources for iot security solution
Get-AzJitNetworkAccessPolicy	Gets the JIT network access policies
Remove-AzJitNetworkAccessPolicy	Deletes a JIT network access policy.
Set-AzJitNetworkAccessPolicy	Updates JIT network access policy.
Start-AzJitNetworkAccessPolicy	Invokes a temporary network access request.
Get-AzRegulatoryComplianceAssessment	Gets regulatory compliance assessments
Get-AzRegulatoryComplianceControl	Gets regulatory compliance controls
Get-AzRegulatoryComplianceStandard	Gets regulatory compliance standards
Get-AzSecurityAdaptiveApplicationControl	Gets a list of application control VM/server groups for the subscription.
Get-AzSecurityAdaptiveApplicationControlGroup	Gets an application control VM/server group.
Add-AzSecurityAdaptiveNetworkHardening	Enforces the given rules on the NSG(s) listed in the request
Get-AzSecurityAdaptiveNetworkHardening	Gets a list of Adaptive Network Hardenings resources in scope of an extended resource.
Disable-AzSecurityAdvancedThreatProtection	Disables the advanced threat protection policy for a storage / cosmosDB account.
Enable-AzSecurityAdvancedThreatProtection	Enables the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAdvancedThreatProtection	Gets the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAlert	Gets security alerts that were detected by Azure Security Center
Set-AzSecurityAlert	Updates a security alert state.
Get-AzSecurityAssessment	Gets security assessments and their results on a subscription
Remove-AzSecurityAssessment	Deletes a security assessment result from a subscription.
Set-AzSecurityAssessment	Create or update a security assessment result on a resource
Get-AzSecurityAssessmentMetadata	Gets security assessments types and metadta in a subscription.
Remove-AzSecurityAssessmentMetadata	Deletes a security assessment metadata from a subscription.
Set-AzSecurityAssessmentMetadata	Creates or updates a security assessment type.
Confirm-AzSecurityAutomation	Validates the security automation model before create or update. Any validation errors are returned to the client
Get-AzSecurityAutomation	Gets security automations
New-AzSecurityAutomation	Creates new security automation
Remove-AzSecurityAutomation	Deletes security automation
New-AzSecurityAutomationActionObject	Creates new security automation action object
New-AzSecurityAutomationRuleObject	Creates security automation rule object
New-AzSecurityAutomationRuleSetObject	Creates security automation rule set object
New-AzSecurityAutomationScopeObject	Creates security automation scope object
New-AzSecurityAutomationSourceObject	Creates security automation source object
Get-AzSecurityAutoProvisioningSetting	Gets the security automatic provisioning settings
Set-AzSecurityAutoProvisioningSetting	Updates automatic provisioning setting
Get-AzSecurityCompliance	Get the security compliance of a subscription over time
Get-AzSecurityContact	Gets security contacts that were configured on this subscription
Remove-AzSecurityContact	Deletes a security contact.
Set-AzSecurityContact	Updates a security contact for a subscription.
Get-AzSecurityLocation	Gets the location where Azure Security Center will automatically save data for the specific subscription
Get-AzSecurityPricing	Gets the Azure Defender plans for a subscription in Azure Security Center.
Set-AzSecurityPricing	Enables or disables Azure Defender plans for a subscription in Azure Security Center.
Get-AzSecuritySecureScore	Gets security secure scores and their results on a subscription
Get-AzSecuritySecureScoreControl	Gets security secure score controls and their results on a subscription
Get-AzSecuritySecureScoreControlDefinition	Gets security secure score control definitions on a subscription
Get-AzSecuritySetting	Get security settings in Azure Security Center
Set-AzSecuritySetting	Update a security setting in Azure Security Center
Get-AzSecuritySolution	Get Security Solutions
Get-AzSecuritySolutionsReferenceData	Get Security Solutions Reference Data
Add-AzSecuritySqlVulnerabilityAssessmentBaseline	Add SQL vulnerability assessment baseline.
Get-AzSecuritySqlVulnerabilityAssessmentBaseline	Get SQL vulnerability assessment baseline.
Remove-AzSecuritySqlVulnerabilityAssessmentBaseline	Removes SQL vulnerability assessment baseline.
Set-AzSecuritySqlVulnerabilityAssessmentBaseline	Sets new SQL vulnerability assessment baseline on a specific database discards old baseline if any exists.
Get-AzSecuritySqlVulnerabilityAssessmentScanRecord	Gets SQL vulnerability assessment scan summary.
Get-AzSecuritySqlVulnerabilityAssessmentScanResult	Gets SQL vulnerability assessment scan results.
Get-AzSecuritySubAssessment	Gets sub assessments results in a subscription.
Get-AzSecurityTask	Gets the security tasks that Azure Security Center recommends you to do in order to strengthen your security posture.
Get-AzSecurityTopology	Gets a list of Security Topologies on a subscription
Get-AzSecurityWorkspaceSetting	Gets the configured security workspace settings on a subscription.
Remove-AzSecurityWorkspaceSetting	Deletes the security workspace setting for this subscription.
Set-AzSecurityWorkspaceSetting	Updates the workspace settings for the subscription.
Get-AzSqlInformationProtectionPolicy	Retrieves the effective tenant SQL information protection policy.
Set-AzSqlInformationProtectionPolicy	Sets the effective tenant SQL information protection policy.
Get-AzRegulatoryComplianceAssessment	Gets regulatory compliance assessments
New-AzSecurityAutomation	Creates new security automation