{"id":1809,"library":"azure-mgmt-security","title":"Azure Security Center Management Client Library","description":"The Azure Security Center Management Client Library for Python provides the necessary tools to interact with Microsoft Defender for Cloud (formerly Azure Security Center). It allows for programmatically managing security policies, alerts, and other security-related resources within Azure. The current stable version is 7.0.0. Azure SDKs typically follow a regular release cadence, with minor updates several times a year and major versions released as needed for significant breaking changes or new API versions.","status":"active","version":"7.0.0","language":"en","source_language":"en","source_url":"https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/security/azure-mgmt-security","tags":["Azure","Management","Security","Cloud","Microsoft"],"install":[{"cmd":"pip install azure-mgmt-security azure-identity","lang":"bash","label":"Install stable version with authentication library"}],"dependencies":[{"reason":"Required for modern Azure Active Directory token authentication with DefaultAzureCredential.","package":"azure-identity"},{"reason":"Core library for Azure SDKs, providing shared primitives, exceptions, and `LROPoller` for long-running operations.","package":"azure-core"}],"imports":[{"symbol":"SecurityCenter","correct":"from azure.mgmt.security import SecurityCenter"},{"note":"The credential system was revamped in v1.0.0b1 (leading to v7.0.0 stable). Older credential types like AADTokenCredentials are no longer supported; use `azure-identity` classes instead.","wrong":"from msrestazure.azure_active_directory import AADTokenCredentials","symbol":"DefaultAzureCredential","correct":"from azure.identity import DefaultAzureCredential"}],"quickstart":{"code":"import os\nfrom azure.identity import DefaultAzureCredential\nfrom azure.mgmt.security import SecurityCenter\n\n# Set your Azure Subscription ID as an environment variable, e.g., AZURE_SUBSCRIPTION_ID\nsubscription_id = os.environ.get(\"AZURE_SUBSCRIPTION_ID\", \"YOUR_SUBSCRIPTION_ID\")\n\nif subscription_id == \"YOUR_SUBSCRIPTION_ID\":\n    print(\"Please set the AZURE_SUBSCRIPTION_ID environment variable.\")\n    exit(1)\n\ntry:\n    # Authenticate using DefaultAzureCredential\n    # This credential chain will attempt to authenticate in various environments\n    # (e.g., environment variables, managed identity, Azure CLI, Visual Studio Code)\n    credential = DefaultAzureCredential()\n\n    # Create a SecurityCenterManagementClient\n    security_client = SecurityCenter(credential=credential, subscription_id=subscription_id)\n\n    # Example: List security policies for a subscription\n    print(f\"Listing security policies for subscription: {subscription_id}\")\n    policies = security_client.security_policies.list()\n\n    for policy in policies:\n        print(f\"  Policy Name: {policy.name}, Type: {policy.policy_type}\")\n\n    print(\"\\nListing alerts (first few, if any):\")\n    alerts_iterator = security_client.alerts.list()\n    first_five_alerts = []\n    for i, alert in enumerate(alerts_iterator):\n        if i >= 5:\n            break\n        first_five_alerts.append(alert)\n        print(f\"  Alert: {alert.name}, State: {alert.status}, Severity: {alert.severity}\")\n    if not first_five_alerts:\n        print(\"  No alerts found.\")\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n    print(\"Ensure you have set AZURE_SUBSCRIPTION_ID and configured authentication (e.g., via Azure CLI 'az login').\")","lang":"python","description":"This quickstart demonstrates how to authenticate with Azure using `DefaultAzureCredential` and create an instance of the `SecurityCenter` client. It then lists the security policies and the first few alerts associated with the specified Azure subscription. Ensure your `AZURE_SUBSCRIPTION_ID` environment variable is set and you are authenticated to Azure (e.g., via `az login` for local development)."},"warnings":[{"fix":"Migrate authentication to use classes from `azure-identity` (e.g., `DefaultAzureCredential`). The client constructor now takes a `credential` parameter.","message":"The credential system has been completely revamped in version 7.0.0 and subsequent versions. Older `azure.common.credentials` or `msrestazure.azure_active_directory` instances are no longer supported. The `credentials` parameter for the client constructor has been renamed to `credential`.","severity":"breaking","affected_versions":">=1.0.0b1, >=7.0.0"},{"fix":"Update long-running operation calls to use the `begin_` prefix and handle `azure.core.polling.LROPoller`. Catch `azure.core.exceptions.HttpResponseError` for API-related exceptions.","message":"Operations that previously returned `msrest.polling.LROPoller` now return `azure.core.polling.LROPoller` and are prefixed with `begin_` (e.g., `operation.create()` becomes `operation.begin_create()`). The `CloudError` exception has been removed, and most exceptions are now `azure.core.exceptions.HttpResponseError`.","severity":"breaking","affected_versions":">=1.0.0b1, >=7.0.0"},{"fix":"Ensure `AZURE_SUBSCRIPTION_ID` and other necessary authentication environment variables are correctly set for non-managed identity scenarios. For local development, ensure you are logged in via `az login`.","message":"The Azure SDK for Python leverages `DefaultAzureCredential` for authentication, which relies on environment variables (e.g., `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`) or other configured contexts (Managed Identity, Azure CLI login, VS Code login). Incorrect or missing environment variable configuration is a common pitfall.","severity":"gotcha","affected_versions":"All versions using `azure-identity`"},{"fix":"When initializing the client, consider passing the `api_version` keyword argument with a specific version string, e.g., `SecurityCenter(credential, subscription_id, api_version='2022-05-01')`.","message":"Azure management libraries support multiple API versions. While the package defaults to the latest API version available on public Azure, for production environments, it's recommended to explicitly pin to a specific `api-version` to ensure consistency and prevent unexpected breaking changes from new service updates.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}