Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
390 questions
Hi Anshan
Here are some getting -started suggestions:
Consider your security feature limitations based on if you have an E3 or E5 License (plus the various P1 and P2 licenses)
Start with an EDR - Defender for Endpoint - deploy this to both your workstations and servers.
- Learn Intune - this will allow you to configure policy and provide strong controls for your workstations
- Configure ASR - Attack Surface Reduction - this can be done through Intune for your workstations and using powershell for your servers.
Enable Defender for Cloud - if you don't have this tell your boss your company really really really needs a CSPM - if you're a pure Microsoft shop then this is the way to go.
Install Azure Arc on all your servers - this will extend the capabilities of Defender for Cloud to your servers. - no special licensing needed.
Enable and configure Microsoft Sentinel - no special licensing needed.
- Enable all relevant Microsoft data connectors and then branch out to 3rd party log sources.
- Enable the medium and high analytic rules for each of your data connectors and then look for new ideas for interesting analytic rules.
Enable and configure Defender for Cloud
Enable and configure Defender for Identity (atp.portal.azure.com) - required E5 license
I've posted many of the security feature links for azure and o365 on my blog site:
o365
Another tip: run the Zero Trust Assessment to get more ideas:
maturity-model-assessment-tool
And then: TEST, TEST TEST.
And then: Attack Simulations, Pen tests, deception rules (honey token users, honeypots with alerts in Sentinel), reports for ananomalous behaviour, UEBA, threat intelligence feeds - no end of fun!
