General and Network Security Features
Security features
Security Center: Dashboard that analyses apps and network and makes recommendations. Free and paid tiersKey vault: Central, secure repository for your secrets, certificates and keysSentinel: Centralizes log files from various resources. Analyze and detect threatsDedicated hosts: Hardware that is dedicated to you and ONLY you. Multiple VMs can be deployed into that hardwareInformation Protection(AIP): Apply labels to emails and documentsAdvanced Threat Protection(ATP)- Monitor profile user behavior and activities
- E.g., on the weekend, outside of the office someone is trying to access
- Identify suspicious activities and advanced attacks
Network Security
-
Firewall -
Protect from Cross site Scripting (XSS) attacks
-
DDoS and API Management are not part of firewall
-
Network security group(NSG) -
Inbound NSG rules protect a destination IP address and port
- Rules can be specified also by role (RBAC)
- All virtual network subnets should use NSG
-
User defined route -
Force traffic through a firewall, or over a corporate network
-
Security layers - Defense in depth
-
Data - Data in VM, database, SaaS app, etc
Application- Security by design (of the application)
- API management
Compute- Updated VMs (Windows updates), endpoint protection
Network- NSG
- Use of subnets
- Deny by default
Perimeter- DDoS
- Firewalls
Identity & access- Azure AD
- SSO & MFA
Physical- Door locks
- Key cards
