Security Control: Penetration Tests and Red Team Exercises
Note
The most up-to-date Azure Security Benchmark is available here.
Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.
11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings
Azure ID | CIS IDs | Responsibility |
---|---|---|
11.1 | 20.1, 20.2, 20.3, 20.4, 20.5, 20.6, 20.7, 20.8 | Shared |
Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies. Use Microsoft's strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications.
Next steps
- Return to the Azure Security Benchmark overview