[New post] Microsoft Azure Security and Privacy Concepts

Purandaran posted: " Azure Active DirectoryRole Based Access ControlAzure Security and ComplianceAzure Security MonitoringAzure identity servicesAzure AD Access controlRole based access control Azure GovernanceAzure policies and blueprints Security NetworksNetwork s" Respond to this post by replying above this line New post on Technology Microsoft Azure Security and Privacy Concepts by Purandaran Azure Active Directory Role Based Access Control Azure Security and Compliance Azure Security MonitoringAzure identity services Azure AD Access control Role based access control Azure Governance Azure policies and blueprints Security Networks Network security groups, firewalls and routing Reporting and compliance Standards, data protection and monitoring Authentication or Authorization? A user logs in with a password A user can create virtual machines A user proves she is a memeber of your staff A user uses the thumb print scanner on her laptop A user is given access to some files A user is allowed access to a building Comparing Active directory versions: Azure AD: User and computer registration Does not provide group policies No trust relationships Application management Active Directory Domain Services: User and computer registration Provides group policies Can create trusts Application and device management and deployment Keberos and NTLM support Schema management Hierarchical directory service Azure AD Domain Services is a PaaS offering provide by Microsoft Azure Role: Owner Contributor Reader Azure Tags: Key/Value pairs assigned to resources Organizations should have a tagging policy enfored by azure policies Tags can be used: To enforce security requirements To control costs To deploy software Azure Policy? Azure policy is a collection of rules Each policy is assigned to a scope such as an Azure subscription Using Azure policy means that resources will remain complaint with corporate standards User Azure policy Policy definition Policy assignment Policy parameters Home->Policy - Definitions->Definitions Home->Policy - Definitions->Allowed virtual machine SKUs Azure Blueprints: Blueprints are a way of orchestrating the deployment of resource templates and artifacts Blueprints maintain a relationship with the deployed resources Blueprits include Azure plicy and initiatives as well as artificats such as roles Using Blueprints Blueprint definition Blueprint publishing Blueprint assignment Home->Blueprints - Getting started Network Security Groups: Attached to subnets or network cards Each NSG can be linked to multiple resources NSGs are stateful NSGs properties include Name Priority Source or destination Protocol Direction Application Security Groups: Allows us to reference a group of resources Used as a source or destination in network security groups Network security groups are still required Working with application security groups Create the application security group Link the group to resources Use the group when working with network security groups N-Tier applications: Each tier would have its own application security groups DMZ: Resources in your DMZ would be added to their own application security groups Automation: When automating deployments include application security groups Azure FireWall: Azure managed stateful firewall service Protects access to virtual networks Highly available Features include Thread intelligence Ourbound and inbound NAT support Integration with Azure Monitor Network traffic filtering rules Unrestricted scalability Azure DDoS Protection: DDoS mitigation for network and applications Always-on monitoring Application layer protection Integration with Azure monitor Feature offered: Multi-layered protection Attack analytics Scale and elasticity Protection against unplanned costs Azure DDoS service Tiers: Basic: Active traffic monitoring and always on detection Availability Guarantee Backed by an SLA Free Standard: Everything offered by the basic tier Real time Metrics Post attack reports Access to DDoS experts during and active attack Security Information and event management (SIEM) integration Monthly fee and usage based Azure Security Options: Azure firewall Azure DDoS Protection Azure Web application firewall Network securith groups Forced tunneling Marketplace devices Azure Monitor: Collect, analyze and act on telemetry Azure or non-premises Troubleshooting and performance monitoring Data collected by Azure monitor Metrics Logs Azure Service Health: Notifies you about service status Reports incidents and planned maintenance Azure service health offers Personalized dashoards Configurable alerts Guidance and support Azure Advanced Threat Protection: Monitor and analyze user activity Identifies suspicious activity and events Works with your on-premises Active Directory Azure Key Valut: Centralize the storage of application secrets Uses FIPS 140-2 level validated HSMs Enable logging to monitor houw and when secrets are being used Enables centralized adminstration of secrets Azure Key Vault Recommendations: Use seperate key vault for each application or environment Take regular backups of your key vault Turn on logging and set up alerts Compliance Standards: HIPAA PCI GDPR FedRAMP ISO 27001 Azure Compliance: Global Compliance: More than 90 compliance offerings Industry compliance: Over 35 industry specific offerings Blueprints: Deploy compliant environments Proof: Access to 3rd party reports Azure security center: Unify security management This free site is ad-supported. Learn more ​ Purandaran | July 17, 2021 at 5:14 pm | Tags: Azure | Categories: Uncategorized | URL: https://wp.me/pc9Gn4-jO Comment    See all comments    Like Unsubscribe to no longer receive posts from Technology. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://hanitechnology.wordpress.com/2021/07/17/microsoft-azure-security-and-privacy-concepts/ Thanks for flying with WordPress.com