Book Image

Mastering Azure Security - Second Edition

By : Mustafa Toroman, Tom Janetscheck
Book Image

Mastering Azure Security - Second Edition

By: Mustafa Toroman, Tom Janetscheck

Overview of this book

Security is integrated into every cloud, but this makes users put their guard down as they take cloud security for granted. Although the cloud provides higher security, keeping their resources secure is one of the biggest challenges many organizations face as threats are constantly evolving. Microsoft Azure offers a shared responsibility model that can address any challenge with the right approach. Revised to cover product updates up to early 2022, this book will help you explore a variety of services and features from Microsoft Azure that can help you overcome challenges in cloud security. You'll start by learning the most important security concepts in Azure, their implementation, and then advance to understanding how to keep resources secure. The book will guide you through the tools available for monitoring Azure security and enforcing security and governance the right way. You'll also explore tools to detect threats before they can do any real damage and those that use machine learning and AI to analyze your security logs and detect anomalies. By the end of this cloud security book, you'll have understood cybersecurity in the cloud and be able to design secure solutions in Microsoft Azure.

Related Content you might be interested in

Current Title:

Small book image
Mastering Azure Security - Second Edition
Mustafa Toroman | Tom Janetscheck
Apr, 2022 | 320 pages
Small book image
Microsoft Defender for Cloud Cookbook
Sasha Kranjac
Jul, 2022 | 314 pages
Small book image
Microsoft Azure Security Technologies Certification and Beyond
David Okeyode
Nov, 2021 | 526 pages
Small book image
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900
Dwayne Natwick
May, 2022 | 404 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Identity and Governance
Section 1: Identity and Governance
Free Chapter
2
Chapter 1: An Introduction to Azure Security
Chapter 1: An Introduction to Azure Security
Exploring the shared responsibility model
Physical security
Azure network
Azure infrastructure availability
Azure infrastructure integrity
Azure infrastructure monitoring
Understanding Azure security foundations
Summary
Questions
3
Chapter 2: Governance and Security
Chapter 2: Governance and Security
Understanding governance in Azure
Using common sense to avoid mistakes
Using management locks
Using management groups for governance
Understanding Azure Policy
Defining Azure blueprints
Azure Resource Graph
Summary
Questions
4
Chapter 3: Managing Cloud Identities
Chapter 3: Managing Cloud Identities
Exploring passwords and passphrases
Understanding MFA
Introducing security defaults
Using Conditional Access
Introducing Azure AD Identity Protection
Understanding role-based access control
Protecting admin accounts with Azure AD PIM
Hybrid authentication and Single Sign-On
Understanding passwordless authentication
Licensing considerations
Summary
Questions
5
Section 2: Cloud Infrastructure Security
Section 2: Cloud Infrastructure Security
6
Chapter 4: Azure Network Security
Chapter 4: Azure Network Security
Understanding Azure Virtual Network
Private endpoints
Considering other VNet security options
Summary
Questions
7
Chapter 5: Azure Key Vault
Chapter 5: Azure Key Vault
Understanding Azure Key Vault
Understanding service-to-service authentication
Using Azure Key Vault in deployment scenarios
Summary
Questions
8
Chapter 6: Data Security
Chapter 6: Data Security
Technical requirements
Understanding Azure Storage
Understanding Azure virtual machine disks
Working on Azure SQL Database
Summary
Questions
9
Section 3: Security Management
Section 3: Security Management
10
Chapter 7: Microsoft Defender for Cloud
Chapter 7: Microsoft Defender for Cloud
Introducing Microsoft Defender for Cloud
Cloud Security Posture Management with Defender for Cloud
Custom policies and (regulatory) compliance
Cloud workload protection and multi-cloud capabilities
Automating security
Summary
Questions
11
Chapter 8: Microsoft Sentinel
Chapter 8: Microsoft Sentinel
Introduction to SIEM
Getting started with Microsoft Sentinel
Microsoft Sentinel automation
Creating workbooks
Summary
Questions
12
Chapter 9: Security Best Practices
Chapter 9: Security Best Practices
Log Analytics design considerations
Understanding Azure SQL Database security features
Security in Azure App Service
Storage account access keys
Summary
Questions
13
Assessments
Assessments
Chapter 1 – An Introduction to Azure Security
Chapter 2 – Governance and Security
Chapter 3 – Managing Cloud Identities
Chapter 4 – Azure Network Security
Chapter 5 – Azure Key Vault
Chapter 6 – Data Security
Chapter 7 – Microsoft Defender for Cloud
Chapter 8 – Microsoft Sentinel
Chapter 9 – Security Best Practices
Why subscribe?
14
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Azure infrastructure availability

Azure is designed, built, and operated to deliver highly available and reliable infrastructure. Improvements are constantly implemented to increase availability and reliability, along with efficiency and scalability. Delivery of a more secure and trusted cloud is always a priority.

Uninterruptible power supplies and vast banks of batteries ensure that the flow of electricity stays uninterrupted in case of short-term power disruptions. In the case of long-term power disruptions, emergency generators can provide backup power for days. Emergency power generators are used in cases of extended power outages or planned maintenance. In cases of natural disasters, when the external power supply is unavailable for long periods, each Azure data center has fuel reserves on-site.

Robust and high-speed, fiber optic networks connect data centers to major hubs. It's important that, along with connections through major hubs, data centers are connected directly. Everything is distributed into nodes, which host workloads closer to users to reduce latency, provide geo-redundancy, and increase resiliency.

Data in Azure can be placed in two separate regions: primary and secondary regions. A customer can choose where the primary and secondary regions will be. The secondary region is a backup site. In each region, primary and secondary, Azure keeps three healthy copies of your data at all times. This means that six copies of the data are available at any time. If any data copy becomes unavailable at any time, it's immediately declared invalid, a new copy is created, and the old one is destroyed.

Microsoft ensures high availability and reliability through constant monitoring, incident response, and service support. Each Azure data center operates 24/7/365 to ensure that everything is running, and all services are available at all times. Of course, available at all times is a goal that, ultimately, is impossible to reach. Many circumstances can impact uptime, and sometimes it's impossible to control all of them. Realistically, the aim is to achieve the best possible Service Level Agreement (SLA) so as to ensure that potential downtime is limited as far as possible. The SLA can vary based on a number of factors and is different per service and configuration. If we take into account all the factors we can control, the best SLA we can achieve would be 99.99%, also known as four nines.

Closely connected to infrastructure availability is infrastructure integrity. Integrity affects the availability terms of deployment, where all steps must be verified from different perspectives. New deployments must not cause any downtime or affect existing services in any way.

Previous Section
End of Section 5
Next Section