Security implementations in azure

Anshal 1,966 Reputation points
2022-09-03T06:29:04.453+00:00

Hi friends there are so many tools in azure for security implementation it is much confusing what to use when and how security is implemented explain me please the different security implementation with scenarios

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
686 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,215 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,002 questions
0 comments No comments
{count} votes

Accepted answer
  1. David Broggy 5,686 Reputation points MVP
    2022-09-04T18:57:37.497+00:00

    Hi Anshan

    Here are some getting -started suggestions:

    Consider your security feature limitations based on if you have an E3 or E5 License (plus the various P1 and P2 licenses)

    Start with an EDR - Defender for Endpoint - deploy this to both your workstations and servers.

    • Learn Intune - this will allow you to configure policy and provide strong controls for your workstations
    • Configure ASR - Attack Surface Reduction - this can be done through Intune for your workstations and using powershell for your servers.

    Enable Defender for Cloud - if you don't have this tell your boss your company really really really needs a CSPM - if you're a pure Microsoft shop then this is the way to go.
    Install Azure Arc on all your servers - this will extend the capabilities of Defender for Cloud to your servers. - no special licensing needed.

    Enable and configure Microsoft Sentinel - no special licensing needed.

    • Enable all relevant Microsoft data connectors and then branch out to 3rd party log sources.
    • Enable the medium and high analytic rules for each of your data connectors and then look for new ideas for interesting analytic rules.

    Enable and configure Defender for Cloud

    Enable and configure Defender for Identity (atp.portal.azure.com) - required E5 license

    I've posted many of the security feature links for azure and o365 on my blog site:
    o365

    Another tip: run the Zero Trust Assessment to get more ideas:
    maturity-model-assessment-tool

    And then: TEST, TEST TEST.

    And then: Attack Simulations, Pen tests, deception rules (honey token users, honeypots with alerts in Sentinel), reports for ananomalous behaviour, UEBA, threat intelligence feeds - no end of fun!

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JimmySalian-2011 41,926 Reputation points
    2022-09-03T08:30:10.09+00:00

    Hi Anshal,

    The best place to start is with the MS articles and here it is to understand the basic structure archectitecture wise and patterns you can implement Security Protocols as per the requirements.

    best-practices-and-patterns

    Best on the scenarios and requirements you can deploy tools and Microsoft Defender, Sentinel are all the tools available to explore.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments