Azure operational security overview
Updated: Nov 8, 2022
About Alif : Alif empowers Microsoft MSP-CSP partners to provide exceptional IT services to their clients to ensure that the partners reduce their costs and focus on their business. We provide white-labelled managed services for technologies like Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Security, SharePoint, Power Platform, SQL, Azure DevOps and a lot more. Our headquarter is in Pune, India whereas we work with over 50 partners across the globe that trust us with their client delivery.
Azure operational security refers to the services, controls, and features available to users for protecting their data, applications, and other assets in Microsoft Azure. It's a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft. These capabilities include the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Azure management services
Microsoft Azure Monitor logs is a cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. Its core functionality is provided by the following services that run in Azure. Azure includes multiple services that help you manage and protect your on-premises and cloud infrastructure. Each service provides a specific management function. You can combine services to achieve different management scenarios.
Azure Monitor collects data from managed sources into central data stores. This data can include events, performance data, or custom data provided through the API. After the data is collected, it's available for alerting, analysis, and export.
You can consolidate data from a variety of sources and combine data from your Azure services with your existing on-premises environment. Azure Monitor logs also clearly separates the collection of the data from the action taken on that data, so that all actions are available to all kinds of data.
Azure Automation provides a way for you to automate the manual, long-running, error-prone, and frequently repeated tasks that are commonly performed in a cloud and enterprise environment. It saves time and increases the reliability of administrative tasks. It even schedules these tasks to be automatically performed at regular intervals. You can automate processes by using runbooks or automate configuration management by using Desired State Configuration.
Azure Backup is the Azure-based service that you can use to back up (or protect) and restore your data in the Microsoft Cloud. Azure Backup replaces your existing on-premises or off-site backup solution with a cloud-based solution that's reliable, secure, and cost-competitive.
Azure Backup offers components that you download and deploy on the appropriate computer or server, or in the cloud. The component, or agent, that you deploy depends on what you want to protect. All Azure Backup components (whether you're protecting data on-premises or in the cloud) can be used to back up data to an Azure Recovery Services vault in Azure.
Azure Site Recovery provides business continuity by orchestrating the replication of on-premises virtual and physical machines to Azure, or to a secondary site. If your primary site is unavailable, you fail over to the secondary location so that users can keep working. You fail back when systems return to working order. Use Microsoft Defender for Cloud to perform more intelligent and effective threat detection.
Azure Active Directory
Azure Active Directory (Azure AD) is a comprehensive identity service that:
Enables identity and access management (IAM) as a cloud service.
Provides central access management, single sign-on (SSO), and reporting.
Supports integrated access management for thousands of applications in the Azure Marketplace, including Salesforce, Google Apps, Box, and Concur.
Azure AD also includes a full suite of identity management capabilities, including these:
With Azure Active Directory, all applications that you publish for your partners and customers (business or consumer) have the same identity and access management capabilities. This enables you to significantly reduce your operational costs.
Microsoft Defender for Cloud
Microsoft Defender for Cloud helps you prevent, detect, and respond to threats with increased visibility into (and control over) the security of your Azure resources. It provides integrated security monitoring and policy management across your subscriptions. It helps detect threats that might otherwise go unnoticed, and it works with a broad ecosystem of security solutions.
Safeguard virtual machine (VM) data in Azure by providing visibility into your virtual machine’s security settings and monitoring for threats. Defender for Cloud can monitor your virtual machines for:
Operating system security settings with the recommended configuration rules.
System security and critical updates that are missing.
Endpoint protection recommendations.
Disk encryption validation.
Defender for Cloud assesses the configuration of your resources to identify security issues and vulnerabilities. In Defender for Cloud, you see information related to a resource only when you're assigned the role of owner, contributor, or reader for the subscription or resource group that a resource belongs to.
Azure Network Watcher
The end-to-end network can have complex configurations and interactions between resources. The result is complex scenarios that need scenario-based monitoring through Azure Network Watcher.
Network Watcher simplifies monitoring and diagnosing of your Azure network. You can use the diagnostic and visualization tools in Network Watcher to:
Take remote packet captures on an Azure virtual machine.
Gain insights into your network traffic by using flow logs.
Diagnose Azure VPN Gateway and connections.
Network Watcher currently has the following capabilities:
Topology: Provides a view of the various interconnections and associations between network resources in a resource group.
Variable packet capture: Captures packet data in and out of a virtual machine. Advanced filtering options and fine-tuned controls, such as the ability to set time and size limitations, provide versatility. The packet data can be stored in a blob store or on the local disk in .cap format.
IP flow verify: Checks if a packet is allowed or denied based on 5-tuple packet parameters for flow information (destination IP, source IP, destination port, source port, and protocol). If a security group denies the packet, the rule and group that denied the packet are returned.
Next hop: Determines the next hop for packets being routed in the Azure network fabric, so you can diagnose any misconfigured user-defined routes.
Security group view: Gets the effective and applied security rules that are applied on a VM.
NSG flow logs for network security groups: Enable you to capture logs related to traffic that is allowed or denied by the security rules in the group. The flow is defined by 5-tuple information: source IP, destination IP, source port, destination port, and protocol.
Virtual network gateway and connection troubleshooting: Provides the ability to troubleshoot virtual network gateways and connections.
Network subscription limits: Enables you to view network resource usage against limits.
Diagnostic logs: Provides a single pane to enable or disable diagnostic logs for network resources in a resource group.
Standardized and Compliant Deployments
Azure Blueprints enable cloud architects and central information technology groups to define a repeatable set of Azure resources that implement and adhere to an organization's standards, patterns, and requirements. This makes it possible for DevOps teams to rapidly build and stand up new environments and trust that they're building them with infrastructure that maintains organizational compliance. Blueprints provide a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
Azure Resource Manager templates
DevOps enables teams to deliver more secure, higher-quality solutions faster and more cheaply. Customers expect a dynamic and reliable experience when consuming software and services. Teams must rapidly iterate on software updates and measure the impact of the updates. They must respond quickly with new development iterations to address issues or provide more value.
Cloud platforms such as Microsoft Azure have removed traditional bottlenecks and helped commoditize infrastructure. Software reigns in every business as the key differentiator and factor in business outcomes. No organization, developer, or IT worker can or should avoid the DevOps movement.
Mature DevOps practitioners adopt several of the following practices. These practices involve people to form strategies based on the business scenarios. Tooling can help automate the various practices.
Agile planning and project management techniques are used to plan and isolate work into sprints, manage team capacity, and help teams quickly adapt to changing business needs.
Version control, usually with Git, enables teams located anywhere in the world to share source and integrate with software development tools to automate the release pipeline.
Continuous integration drives the ongoing merging and testing of code, which leads to finding defects early. Other benefits include less time wasted on fighting merge issues and rapid feedback for development teams.
Continuous delivery of software solutions to production and testing environments helps organizations quickly fix bugs and respond to ever-changing business requirements.
Monitoring of running applications--including production environments for application health, as well as customer usage--helps organizations form a hypothesis and quickly validate or disprove strategies. Rich data is captured and stored in various logging formats.
Infrastructure as Code (IaC) is a practice that enables the automation and validation of creation and teardown of networks and virtual machines to help with delivering secure, stable application hosting platforms.
Microservices architecture is used to isolate business use cases into small reusable services. This architecture enables scalability and efficiency.