This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 35%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Hi
My customer wants me to check security breaches in his Azure tenant. He has one subscription and many resource groups. Many resources are inside the resource group.
How to start and what things should I check?
For example; if I will start with subscription, I will check how many users have global administrator and contributor roles.
Resource groups: I will check the resource group lock.
So how to check which resource can be compromised or unprotected?
If you have done this kind of work before and have a document. Please share with me. Thanks
Regards
HD
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi,
The question you are asking is very general so it can only be answered that way. If you want to protect your resources Azure offers two options - Defender for Cloud and Microsoft Sentinel. They offer different security features depending on what you want to achieve. They will generate additional cost if enabled. You are free to use also any third party security tools/services if they fit more to your needs.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.