Azure Security Resources | aka.ms/Azure/Security

Here is a collection of documents, videos and guidance for making a more secure Azure environment for your resources in the cloud.

Azure Security

• Why and How Azure Infrastructure is Secure  4 part blog series...
  • 3 reasons why Azure’s infrastructure is secure
  • The 3 ways Azure improves your security
  • Azure’s layered approach to physical security
• Azure security best practices and patterns
• Azure Identity Management and access control security best practices
  • If you believe any passwords are secure at all, I challenge you to watch the first module of this aka.ms/Identity/Evolution.
    • It demonstrates from end to end just how easy a hacker can take control of your environment from a user with no admin rights at all!
• Azure Security technical overviews
• Azure Security Services and Technologies
• Download All Security documentation on Azure site
  • Or browse online at aka.ms/AzureSecInfo
• Security Management in Microsoft Azure
  • This is older but still good guidance!
• Security Tech Center - Security for IT Pros
• Azure Trust Center and all Certifications
  • Got certification requirements, questions?  This is the place to see what we cover.
• Microsoft Security Response Center The MSRC delivers experience, expertise, and dedication to drive Microsoft’s industry-leading, worldwide security response
  • Microsoft Security Intelligence Response Report
• The Cloud Security Mindset - thoughts from MS IT
• Azure Security Information – What We’ve Done, Where We’re Going
• Understanding Cyber crime whitepaper
• Azure Security Services and Technologies

Privileged Access Workstation

This is a collection of resources from security experts at Microsoft.  When going into Azure Government, customers go there for enhanced security provided by FedRAMP High standards that are supported.  When accessing such a secure environment, you don't want to add a weak link, so a secure (or privileged) access workstation should be considered to access Azure Government.

• Why use shielded VMs for your privileged access workstation (PAW) solution?
• How to deploy a VM template for PAW
• Developing your own PAW for cloud administration
• DISA STIG Requires Privilege Access Workstations (PAW) for Cloud Tenant Administration
• PAW host buildout
• Privileged Access Workstation(PAW)
• Trend Micro - Best Security Practices for Microsoft Azure: Locking Down Your Environment

Security Videos

• Develop an action plan for cybersecurity
• Microsoft Ignite 2017 Security Sessions
  • One of my favorite sessions from Stuart Kwan which every Azure Security and Administrator should watch Locking down access to the Azure Cloud using SSO, Roles Based Access Control, and Conditional Access
• Azure Security Videos on Channel 9
  • Another list for Azure security videos on Channel 9
• Azure Security on Microsoft Virtual Academy

Penetration Testing

I thought I'd give this a section by itself, as many customers ask me about what is done or what can they do.

• ms/Azure/Pen outlines the process

Tools & Scripts

• Secure DevOps Kit for Azure (AzSDK)
• Security Tools & Downloads for IT Pros

Networking Security

I get this request often "How do we keep networks secure in Azure?  Here are a couple of huge resources

• Simple High level overview - Networking Isolation
• How Microsoft builds its fast and reliable global network - you may ask yourself, what does this have to do with security? Read more about our Global Network, where all of our traffic traverses only our network between our data centers and between any Microsoft services around the world.
• Azure Networking Security - soup to nuts, everything that can be done!
• Microsoft Azure Network Security Whitepaper version 3 is now available
  • Much of this is really good and still applicable.  Anything that talks about "Cloud Services" though, refers to the older ASM deployment model and not ARM, so please disregard that, unless you have an older "classic" environment still.
• Microsoft Cloud Services and Network Security aka.ms/Azure/Dmz
  • The logic chart on this page can direct you to a specific example of the many security techniques available with the Azure platform - Excellent Flow chart.
• Microsoft Trust Center - Network Security
• Warning Uber Deep! Virtual Switch Platform for Host SDN in the Public Cloud
  • And also Hyper-V Network Virtualization Technical Details in Windows Server
• Azure DDoS Protection for virtual networks generally available

Just a quick start...more to come!

Comments

• Anonymous
  August 08, 2017
  And remember the best one of all! Https://aka.ms/AzureSecInfo
  • Anonymous
    March 24, 2018
    Thank you Mr. Shinder! I did have it in the list, but as the PDF Download. So I added your handy shortcut to browse online. Keep them coming!