Azure Security Cmdlets Reference

The Azure Security PowerShell module (az.security) has 87 cmdlets for Azure Security Center. Allows managing and monitoring the security posture of your resources.

For networking cmdlets, see Azure Powershell: Networking Cmdlets Reference.
(Updated 12/07/2022)

Cmdlet Description
Get-AzAlertsSuppressionRule Gets alerts suppression rules.
Remove-AzAlertsSuppressionRule Deletes an alerts suppression rule.
Set-AzAlertsSuppressionRule Create or update an alerts suppression rule.
New-AzAlertsSuppressionRuleScope Helper cmdlet to create PSIScopeElement.
Get-AzAllowedConnection Used to display allowed traffic between resources for the subscription
Get-AzDeviceSecurityGroup Get device security group (IoT Hub security)
Remove-AzDeviceSecurityGroup Delete device security group
Set-AzDeviceSecurityGroup Create or update device security group
New-AzDeviceSecurityGroupAllowlistCustomAlertRuleObject Create new allow list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupDenylistCustomAlertRuleObject Create new deny list custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupThresholdCustomAlertRuleObject Create new threshold custom alert rule for device security group (IoT Security)
New-AzDeviceSecurityGroupTimeWindowRuleObject Create new time window rule for device security group (IoT Security)
Get-AzDiscoveredSecuritySolution Gets security solutions that were discovered by Azure Security Center
Get-AzExternalSecuritySolution Get external security solution
Get-AzIotSecurityAnalytics Get IoT security analytics
Disable-AzIotSecurityAnalyticsAggregatedAlert Dismiss Iot aggregated alert
Get-AzIotSecurityAnalyticsAggregatedAlert Get IoT security aggregated alert
Get-AzIotSecurityAnalyticsAggregatedRecommendation Get IoT security aggregated recommendation
Get-AzIotSecuritySolution Get IoT security solution
Remove-AzIotSecuritySolution Delete IoT security solution
Set-AzIotSecuritySolution Create or update IoT security solution
Update-AzIotSecuritySolution Update one or more of the following properties in IoT security solution: tags, recommendation configuration, user defined resources
New-AzIotSecuritySolutionRecommendationConfigurationObject Create new recommendation configuration for iot security solution
New-AzIotSecuritySolutionUserDefinedResourcesObject Create new user defined resources for iot security solution
Get-AzJitNetworkAccessPolicy Gets the JIT network access policies
Remove-AzJitNetworkAccessPolicy Deletes a JIT network access policy.
Set-AzJitNetworkAccessPolicy Updates JIT network access policy.
Start-AzJitNetworkAccessPolicy Invokes a temporary network access request.
Get-AzRegulatoryComplianceAssessment Gets regulatory compliance assessments
Get-AzRegulatoryComplianceControl Gets regulatory compliance controls
Get-AzRegulatoryComplianceStandard Gets regulatory compliance standards
Get-AzSecurityAdaptiveApplicationControl Gets a list of application control VM/server groups for the subscription.
Get-AzSecurityAdaptiveApplicationControlGroup Gets an application control VM/server group.
Add-AzSecurityAdaptiveNetworkHardening Enforces the given rules on the NSG(s) listed in the request
Get-AzSecurityAdaptiveNetworkHardening Gets a list of Adaptive Network Hardenings resources in scope of an extended resource.
Disable-AzSecurityAdvancedThreatProtection Disables the advanced threat protection policy for a storage / cosmosDB account.
Enable-AzSecurityAdvancedThreatProtection Enables the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAdvancedThreatProtection Gets the advanced threat protection policy for a storage / cosmosDB account.
Get-AzSecurityAlert Gets security alerts that were detected by Azure Security Center
Set-AzSecurityAlert Updates a security alert state.
Get-AzSecurityAssessment Gets security assessments and their results on a subscription
Remove-AzSecurityAssessment Deletes a security assessment result from a subscription.
Set-AzSecurityAssessment Create or update a security assessment result on a resource
Get-AzSecurityAssessmentMetadata Gets security assessments types and metadta in a subscription.
Remove-AzSecurityAssessmentMetadata Deletes a security assessment metadata from a subscription.
Set-AzSecurityAssessmentMetadata Creates or updates a security assessment type.
Confirm-AzSecurityAutomation Validates the security automation model before create or update. Any validation errors are returned to the client
Get-AzSecurityAutomation Gets security automations
New-AzSecurityAutomation Creates new security automation
Remove-AzSecurityAutomation Deletes security automation
New-AzSecurityAutomationActionObject Creates new security automation action object
New-AzSecurityAutomationRuleObject Creates security automation rule object
New-AzSecurityAutomationRuleSetObject Creates security automation rule set object
New-AzSecurityAutomationScopeObject Creates security automation scope object
New-AzSecurityAutomationSourceObject Creates security automation source object
Get-AzSecurityAutoProvisioningSetting Gets the security automatic provisioning settings
Set-AzSecurityAutoProvisioningSetting Updates automatic provisioning setting
Get-AzSecurityCompliance Get the security compliance of a subscription over time
Get-AzSecurityContact Gets security contacts that were configured on this subscription
Remove-AzSecurityContact Deletes a security contact.
Set-AzSecurityContact Updates a security contact for a subscription.
Get-AzSecurityLocation Gets the location where Azure Security Center will automatically save data for the specific subscription
Get-AzSecurityPricing Gets the Azure Defender plans for a subscription in Azure Security Center.
Set-AzSecurityPricing Enables or disables Azure Defender plans for a subscription in Azure Security Center.
Get-AzSecuritySecureScore Gets security secure scores and their results on a subscription
Get-AzSecuritySecureScoreControl Gets security secure score controls and their results on a subscription
Get-AzSecuritySecureScoreControlDefinition Gets security secure score control definitions on a subscription
Get-AzSecuritySetting Get security settings in Azure Security Center
Set-AzSecuritySetting Update a security setting in Azure Security Center
Get-AzSecuritySolution Get Security Solutions
Get-AzSecuritySolutionsReferenceData Get Security Solutions Reference Data
Add-AzSecuritySqlVulnerabilityAssessmentBaseline Add SQL vulnerability assessment baseline.
Get-AzSecuritySqlVulnerabilityAssessmentBaseline Get SQL vulnerability assessment baseline.
Remove-AzSecuritySqlVulnerabilityAssessmentBaseline Removes SQL vulnerability assessment baseline.
Set-AzSecuritySqlVulnerabilityAssessmentBaseline Sets new SQL vulnerability assessment baseline on a specific database discards old baseline if any exists.
Get-AzSecuritySqlVulnerabilityAssessmentScanRecord Gets SQL vulnerability assessment scan summary.
Get-AzSecuritySqlVulnerabilityAssessmentScanResult Gets SQL vulnerability assessment scan results.
Get-AzSecuritySubAssessment Gets sub assessments results in a subscription.
Get-AzSecurityTask Gets the security tasks that Azure Security Center recommends you to do in order to strengthen your security posture.
Get-AzSecurityTopology Gets a list of Security Topologies on a subscription
Get-AzSecurityWorkspaceSetting Gets the configured security workspace settings on a subscription.
Remove-AzSecurityWorkspaceSetting Deletes the security workspace setting for this subscription.
Set-AzSecurityWorkspaceSetting Updates the workspace settings for the subscription.
Get-AzSqlInformationProtectionPolicy Retrieves the effective tenant SQL information protection policy.
Set-AzSqlInformationProtectionPolicy Sets the effective tenant SQL information protection policy.
Get-AzRegulatoryComplianceAssessment Gets regulatory compliance assessments
New-AzSecurityAutomation Creates new security automation