升级到标准层以增强安全性Upgrade to standard tier for enhanced security

Azure 安全中心为 Azure、本地和其他云中运行的工作负载提供统一的安全管理和高级威胁防护功能。Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. 它可以提供针对混合云工作负载的可见性和可控性、可减小在威胁下的曝光面的积极防御功能以及有助于随时响应快速演变的网络攻击的智能检测功能。It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.

定价层Pricing tiers

安全中心分两个层提供:Security Center is offered in two tiers:

  • 首次在 Azure 门户中访问 Azure 安全中心仪表板时,或者通过 API 以编程方式启用后,免费层就会在所有 Azure 订阅上启用。The Free tier is enabled on all your Azure subscriptions when you visit the Azure Security Center dashboard in the Azure portal for the first time, or if enabled programmatically via API. 免费层提供安全策略、持续的安全评估和切实可行的安全建议来帮助你保护 Azure 资源。The free tier provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.

  • 标准层将免费层的功能扩展到私有云和其他公有云中运行的工作负载,并在混合云工作负载中提供了统一的安全管理和威胁防护。The Standard tier extends the capabilities of the free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. 标准层还增加了威胁防护功能,它使用内置行为分析和机器学习识别攻击和零时差漏洞,并使用访问和应用程序控制减小网络攻击和恶意软件的曝光面,此外还有更多其他操作。The standard tier also adds threat protection capabilities, which use built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. 此外,标准层还添加了适用于虚拟机的漏洞扫描功能。In addition, standard tier adds vulnerability scanning for your virtual machines. 可以免费试用标准层。You can try the standard tier for free. 安全中心标准支持 Azure 资源,包括 VM、虚拟机规模集、应用服务、SQL Server 和存储帐户。Security Center standard supports Azure resources including VMs, Virtual machine scale sets, App Service, SQL servers, and Storage accounts. 如果你使用 Azure 安全中心标准层,则可以根据资源类型选择不再支持。If you have Azure Security Center standard, you can opt out of support based on resource type.

大多数针对 VM 的免费层安全评估以及许多标准层安全警报都需要安装 Log Analytics 代理。Most of the free tier security assessments for VMs, as well many of the standard tier security alerts, require the installation of the Log Analytics agent. 在安全中心启用自动预配即可在 Azure VM 上自动部署代理。You can enable auto provisioning on Security Center to automatically deploy the agent on your Azure VMs.

免费试用标准层 30 天Try standard tier free for 30 days

标准层在前 30 天免费。The standard tier is free for the first 30 days. 30 天后,如果选择继续使用服务,会自动开始收取使用费用。At the end of 30 days, should you choose to continue using the service, we will automatically start charging for usage.

可将整个 Azure 订阅升级到标准层,这样此订阅中的所有资源都将继承此层。You can upgrade an entire Azure subscription to the standard tier, which is inherited by all resources within the subscription.

要获取标准层,请执行以下操作:To get the standard tier:

  1. 在“安全中心”主菜单上选择“定价和设置”。Select Pricing & settings on the Security Center main menu.
  2. 选择要升级到标准层的订阅。Select the subscription that you want to upgrade to standard.
  3. 选择“定价层”。Select Pricing tier.
  4. 选择“标准层”以进行升级。Select Standard to upgrade.
  5. 单击“保存” 。Click Save.

安全中心定价Security Center Pricing


要启用包括威胁防护功能在内的所有安全中心功能,必须将标准定价层应用到包含适用工作负载的订阅。To enable all Security Center features including threat protection capabilities, you must apply the standard pricing tier to the subscription containing the applicable workloads. 配置工作区定价不会为 Azure 资源启用实时 VM 访问、自适应应用程序控件和网络检测功能。Configuring pricing for a workspace does not enable just-in-time VM access, adaptive application controls, and network detections for Azure resources.

可以在订阅级别或资源级别为 Azure 存储帐户启用威胁防护。You can enable threat protection for Azure Storage accounts at either the subscription level or resource level. 可以在订阅级别或资源级别为 Azure SQL 数据库 SQL Server 启用威胁防护。You can enable threat protection for Azure SQL Database SQL servers at either the subscription level or resource level. 只能在资源级别为 Azure Database for MariaDB/MySQL/PostgreSQL 启用威胁防护。You can enable threat protection for Azure Database for MariaDB/ MySQL/ PostgreSQL at the resource level only.

为什么要升级到标准层?Why upgrade to standard?

安全中心可为混合云工作负载提供增强的安全和威胁防护功能,其中包括:Security Center offers enhanced security and threat protection for your hybrid cloud workloads, including:

  • 混合安全性 - 在所有本地和云工作负荷上获得统一的安全视图。Hybrid security - Get a unified view of security across all of your on-premises and cloud workloads. 应用安全策略并持续评估混合云工作负载的安全性,确保符合安全标准。Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. 收集、搜索并分析来自多个源(包括防火墙和其他合作伙伴解决方案)的安全数据。Collect, search, and analyze security data from multiple sources, including firewalls and other partner solutions.
  • 安全警报 - 使用高级分析和 Microsoft Intelligent Security Graph,来压制不断演变的网络攻击。Security alerts - Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. 利用内置行为分析和机器学习来识别攻击和零时差攻击。Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. 监视网络、计算机和云服务是否出现有即将来袭的攻击和攻破后活动。Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. 使用交互工具和上下文威胁智能简化调查。Streamline investigation with interactive tools and contextual threat intelligence.
  • 虚拟机的漏洞扫描 - 轻松地向所有虚拟机部署一个一个扫描程序,提供行业内的出色漏洞管理解决方案。Vulnerability scanning for virtual machines - Easily deploy a scanner to all of your virtual machines that provides the industry's most advanced solution for vulnerability management. 直接在安全中心内查看、调查和修复扫描到的漏洞。View, investigate, and remediate the findings directly within Security Center.
  • 访问和应用程序控件 - 通过应用适合特定工作负载且由机器学习提供支持的允许列表建议,阻止恶意软件和其他不需要的应用程序。Access and application controls - Block malware and other unwanted applications by applying machine learning powered whitelisting recommendations adapted to your specific workloads. 实时减小网络受攻击面,控制对 Azure VM 上的管理端口的访问。Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs. 这会显著减小在暴力和其他网络攻击下的曝光面。This drastically reduces exposure to brute force and other network attacks.
  • 容器安全功能 - 获得在容器化环境中进行漏洞管理和实时威胁保护的好处。Container security features - Benefit from vulnerability management and real-time threat protection on your containerized environments. 启用容器注册表资源时,启用所有功能可能需要长达 12 小时的时间。When enabling the container registries resource, it may take up to 12hrs until all the features are enabled. 根据推送到已连接注册表的唯一容器映像的数量收费。Charges are based on the number of unique container images pushed to your connected registry. 扫描映像一次后,将不再对其收费,除非再次对其进行了修改和推送。After an image has been scanned once, it will not be charged for again unless it's modified and pushed once more.

后续步骤Next steps

本文介绍了安全中心定价。In this article, you were introduced to pricing for Security Center. 若要详细了解标准层的增强安全性和高级威胁防护功能,请参阅:To learn more about the standard tier's enhanced security and advanced threat protection, see: