Azure Security Cmdlets Reference

The Azure Security PowerShell module ( has 87 cmdlets for Azure Security Center. Allows managing and monitoring the security posture of your resources.

For networking cmdlets, see Azure Powershell: Networking Cmdlets Reference.
(Updated 12/07/2022)

Cmdlet Description
Get-AzAlertsSuppressionRule Gets alerts suppression rules.
Remove-AzAlertsSuppressionRule Deletes an alerts suppression rule.
Set-AzAlertsSuppressionRule Create or update an alerts suppression rule.
New-AzAlertsSuppressionRuleScope Helper cmdlet to create PSIScopeElement.
Get-AzAllowedConnection Used to display allowed traffic between resources for the subscription
Get-AzDeviceSecurityGroup Get device security group (IoT Hub security)
Remove-AzDeviceSecurityGroup Delete device security group
Set-AzDeviceSecurityGroup Create or update device security group
New-AzDeviceSecurityGroupAllowlistCustomAlertRuleObject Create new allow list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupDenylistCustomAlertRuleObject Create new deny list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupThresholdCustomAlertRuleObject Create new threshold custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupTimeWindowRuleObject Create new time window rule for device security group (IoT Security)
Get-AzDiscoveredSecuritySolution Gets security solutions that were discovered by Azure Security Center
Get-AzExternalSecuritySolution Get external security solution
Get-AzIotSecurityAnalytics Get IoT security analytics
Disable-AzIotSecurityAnalyticsAggregatedAlert Dismiss Iot aggregated alert
Get-AzIotSecurityAnalyticsAggregatedAlert Get IoT security aggregated alert
Get-AzIotSecurityAnalyticsAggregatedRecommendation Get IoT security aggregated recommendation
Get-AzIotSecuritySolution Get IoT security solution
Remove-AzIotSecuritySolution Delete IoT security solution
Set-AzIotSecuritySolution Create or update IoT security solution
Update-AzIotSecuritySolution Update one or more of the following properties in IoT security solution: tags, recommendation configuration, user defined resources
New-AzIotSecuritySolutionRecommendationConfigurationObject Create new recommendation configuration for iot security solution
New-AzIotSecuritySolutionUserDefinedResourcesObject Create new user defined resources for iot security solution
Get-AzJitNetworkAccessPolicy Gets the JIT network access policies
Remove-AzJitNetworkAccessPolicy Deletes a JIT network access policy.
Set-AzJitNetworkAccessPolicy Updates JIT network access policy.
Start-AzJitNetworkAccessPolicy Invokes a temporary network access request.
Get-AzRegulatoryComplianceAssessment Gets regulatory compliance assessments
Get-AzRegulatoryComplianceControl Gets regulatory compliance controls
Get-AzRegulatoryComplianceStandard Gets regulatory compliance standards
Get-AzSecurityAdaptiveApplicationControl Gets a list of application control VM/server groups for the subscription.
Get-AzSecurityAdaptiveApplicationControlGroup Gets an application control VM/server group.
Add-AzSecurityAdaptiveNetworkHardening Enforces the given rules on the NSG(s) listed in the request
Get-AzSecurityAdaptiveNetworkHardening Gets a list of Adaptive Network Hardenings resources in scope of an extended resource.
Disable-AzSecurityAdvancedThreatProtection Disables the advanced threat protection policy for a storage / cosmosDB account.
Enable-AzSecurityAdvancedThreatProtection Enables the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAdvancedThreatProtection Gets the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAlert Gets security alerts that were detected by Azure Security Center
Set-AzSecurityAlert Updates a security alert state.
Get-AzSecurityAssessment Gets security assessments and their results on a subscription
Remove-AzSecurityAssessment Deletes a security assessment result from a subscription.
Set-AzSecurityAssessment Create or update a security assessment result on a resource
Get-AzSecurityAssessmentMetadata Gets security assessments types and metadta in a subscription.
Remove-AzSecurityAssessmentMetadata Deletes a security assessment metadata from a subscription.
Set-AzSecurityAssessmentMetadata Creates or updates a security assessment type.
Confirm-AzSecurityAutomation Validates the security automation model before create or update. Any validation errors are returned to the client
Get-AzSecurityAutomation Gets security automations
New-AzSecurityAutomation Creates new security automation
Remove-AzSecurityAutomation Deletes security automation
New-AzSecurityAutomationActionObject Creates new security automation action object
New-AzSecurityAutomationRuleObject Creates security automation rule object
New-AzSecurityAutomationRuleSetObject Creates security automation rule set object
New-AzSecurityAutomationScopeObject Creates security automation scope object
New-AzSecurityAutomationSourceObject Creates security automation source object
Get-AzSecurityAutoProvisioningSetting Gets the security automatic provisioning settings
Set-AzSecurityAutoProvisioningSetting Updates automatic provisioning setting
Get-AzSecurityCompliance Get the security compliance of a subscription over time
Get-AzSecurityContact Gets security contacts that were configured on this subscription
Remove-AzSecurityContact Deletes a security contact.
Set-AzSecurityContact Updates a security contact for a subscription.
Get-AzSecurityLocation Gets the location where Azure Security Center will automatically save data for the specific subscription
Get-AzSecurityPricing Gets the Azure Defender plans for a subscription in Azure Security Center.
Set-AzSecurityPricing Enables or disables Azure Defender plans for a subscription in Azure Security Center.
Get-AzSecuritySecureScore Gets security secure scores and their results on a subscription
Get-AzSecuritySecureScoreControl Gets security secure score controls and their results on a subscription
Get-AzSecuritySecureScoreControlDefinition Gets security secure score control definitions on a subscription
Get-AzSecuritySetting Get security settings in Azure Security Center
Set-AzSecuritySetting Update a security setting in Azure Security Center
Get-AzSecuritySolution Get Security Solutions
Get-AzSecuritySolutionsReferenceData Get Security Solutions Reference Data
Add-AzSecuritySqlVulnerabilityAssessmentBaseline Add SQL vulnerability assessment baseline.
Get-AzSecuritySqlVulnerabilityAssessmentBaseline Get SQL vulnerability assessment baseline.
Remove-AzSecuritySqlVulnerabilityAssessmentBaseline Removes SQL vulnerability assessment baseline.
Set-AzSecuritySqlVulnerabilityAssessmentBaseline Sets new SQL vulnerability assessment baseline on a specific database discards old baseline if any exists.
Get-AzSecuritySqlVulnerabilityAssessmentScanRecord Gets SQL vulnerability assessment scan summary.
Get-AzSecuritySqlVulnerabilityAssessmentScanResult Gets SQL vulnerability assessment scan results.
Get-AzSecuritySubAssessment Gets sub assessments results in a subscription.
Get-AzSecurityTask Gets the security tasks that Azure Security Center recommends you to do in order to strengthen your security posture.
Get-AzSecurityTopology Gets a list of Security Topologies on a subscription
Get-AzSecurityWorkspaceSetting Gets the configured security workspace settings on a subscription.
Remove-AzSecurityWorkspaceSetting Deletes the security workspace setting for this subscription.
Set-AzSecurityWorkspaceSetting Updates the workspace settings for the subscription.
Get-AzSqlInformationProtectionPolicy Retrieves the effective tenant SQL information protection policy.
Set-AzSqlInformationProtectionPolicy Sets the effective tenant SQL information protection policy.
Get-AzRegulatoryComplianceAssessment Gets regulatory compliance assessments
New-AzSecurityAutomation Creates new security automation