Azure Security Services

Table of Content

• Security Concepts
  • Zero-Trust Model
  • Threat Modeling
• Identity & Access Management
  • Identity Providers (IdP)
  • Azure Active Directory (AAD)
  • Role Based Access Control (RBAC)
• Secret Management
  • Azure Key Vault
• Network Security
  • Network Security Groups (NSG)
  • Azure Firewall
  • Azure DDoS Protection
  • Azure Web Application Firewall (WAF)
• Governance Management
  • Azure Resource Locks
  • Azure Blueprints
  • Azure Policy
  • Azure Defender for Cloud
  • Data Loss Prevention (DLP)
• Azure Encryption
  • Azure Disk Encryption (ADE)
  • Transparent Data Encryption (TDE)
  • Blob Storage Security

Azure Bastion

Intermediate hardened instance that can be used to connect to target via SSH or RDP
It will provision a web-based RDP client or SSH Tunnel

Some devices cannot run RDP (Google Chromebook) so only way to connect to VM
When we create Azure Bastion that has to be added to a subnet in our VNet called AzureBastionSubnet with at least a size of /27
With Bastion we can connect to a VM without an Public IP Address

Azure Sentinel

Cloud-native SIEM and SOAR
Uses Log Analytics Workspace to log storage
Workbooks: Provides a flexible canvas for data analysis and creation of rich visual reports

Capacity Reservation: Fixed fee based on selected tier
Pas-As-You-Go: Billed per GB for the volume of data ingested for analysis

Microsoft Endpoint Manager

Microsoft Intune and Configuration Manager merged into a single service

Microsoft Intune: Used for managing security of Mobile devices
Configuration Manager: Used for managing desktops, servers and laptops
Device Identity Management