jeorg-cloud-test-drives - Azure

Azure documentation

Security in Azure

1. Secure the perimeter layer Azure DDoS Protection, Azure Firewall

2. Secure the network layer Segmentation, Deny by default, inbout/outbound restrictions, secure connectivity

3. Combine services Network security groups and Azure Firewall, Azure Application Gateway, Web application firewall, Azure Firewall

Azure AD

Provides

1. Authentication
2. Single sign-on
3. Application management
4. Device management

Helps secure

1. SaaS
2. Internal Apps
3. Internal Cloud Applications

Multi-Factor Authentication

1. Something the user knows
2. Something the user has
3. Something the user is

Conditional Access

1. Azure AD Premium P1 or P2 license
2. Identity Signals
3. MFA
4. Approval
5. Managed Devices
6. Blocks access from unknown and unexpectted locations

Governance

Locking types

CanNotDelete, ReadOnly

Auto mechanisms

1. Azure Blueprints

Policy Definitions

1. Allowed virtual machine SKUs
2. Allowed locations
3. MFA should be enabled on accounts with write permissions on your subscription
4. CORS should not allow every resource to access your web applications
5. System updates should be installed on your machines

Policy Initiatives

1. Monitor unencrypted SQL Database in Security Center
2. Monitor OS vulnerabilities in Security Center
3. Monitor missing Endpoint Protection in Security Center

Compliance

List

1. Criminal Justice Information Service
2. Cloud Security Alliance STAR Certification
3. European Union Model Clauses
4. Health Insurance Portability and Accountability Act
5. International Organization of Standards/International Electrotechnical Commission 27018
6. Multi-Tier Cloud Security Singapore
7. Service Organization Controls 1, 2, and 3
8. National Institute of Standards and Technology Cybersecurity Framework
9. United Kingdom Government G-Cloud

Resources

• AZ-900