Based on the security policies that are enabled, Security Center provides a set of security recommendations as needed. 

Assess resource security by reviewing the recommendations made. Generally, starting with virtual machines and applications. To do this, browse to the Security Center dashboard. Ensure overview opens and then click compute and apps under resource security hygiene. From this overview tab, you can review all recommendations by severity with anything in red being high severity. While some recommendations can be remediated directly from Security Center, other recommendations have only guidelines to apply the remediation such as the missing disc encryption recommendation. You can see here it offers remediation steps and instructions.

Click through each recommendation to see how each issue can be remediated. To dig down further into the recommendations, you can browse each of these tabs here along the top. Clicking on VMs and computers reveals recommendations that are specific to virtual machines and computers while the VM scale sets tab reveals recommendations for any scale sets within your subscription. 

As you can see here, you can do the same for cloud services, app services, containers and compute resources. The compute resources tab reveals recommendations for things like event hubs, automation accounts, service busts and other compute resources. After addressing all recommendations for compute and apps, move onto networking by clicking networking under the resource security hygiene section. 

As was the case with compute and apps, the networking recommendations page defaults to the overview page. This page presents you with a clickable network topology map that shows risky resources in the subscription. You are also presented with information on adaptive network hardening. When you click the adaptive network hardening tile, you're presented with information about overly permissive network security groups as well as network security rules along with recommendations for hardening them. 

Going back out to the overview page allows you to click the VNet tab to see recommendations that are specific to individual virtual networks. After remediating outstanding network issues, move onto IoT hubs and resources and then onto data and storage. The data and storage page contains recommendations revolving around auditing for Azure SQL servers and databases, storage accounts, write as cache, Data Lake analytics and Data Lake store. Obviously, if these workloads don't exist in your environment, you won't see any recommendations for them. 

Just like the other resource recommendations, some data and storage recommendations will provide integrated remediation options while some other recommendations will not. Continue working through each recommendation and remediate them as you progress until all outstanding issues are resolved. 

In this demonstration, you learned about the assessment of your workloads with Security Center. You learned how to assess security for compute, apps, networking, scale sets, SQL, storage, IoT and application resources.