New book: Microsoft Azure Security Infrastructure

We’re pleased to announce the availability of Microsoft Azure Security Infrastructure (ISBN 9781509303571), by Yuri Diogenes, Dr. Thomas Shinder, and Debra Littlejohn Shinder.

Below you’ll find an overview of the book; the Foreword, written by Mark Russinovich, CTO, Microsoft Azure; and the Introduction to the book. Enjoy!

Purchase from these online retailers:

Microsoft Press Store
Barnes & Noble
Independent booksellers – Shop local

Implement maximum control, security, and compliance processes in Azure cloud environments

In Microsoft Azure Security Infrastructure, three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure with Microsoft’s integrated tools, prebuilt templates, and managed services—and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement—so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve.

Three Microsoft Azure experts show you how to:

  • Understand cloud security boundaries and responsibilities
  • Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection
  • Explore Azure’s defense-in-depth security architecture
  • Use Azure network security patterns and best practices
  • Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security
  • Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  • Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information
  • Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite
  • Effectively model threats and plan protection for IoT systems
  • Use Azure security tools for operations, incident response, and forensic investigation


Security is a critical requirement of any software system, but in today’s world of diverse, skilled, and motivated attackers, it’s more important than ever. In the past, security efforts focused on creating the strongest possible wall to keep attackers out. Security professionals considered the Internet hostile, and treated their own company or organization’s systems as the trusted inner core, making relatively modest investments in segregating different environments and visibility into the interactions between different components. Now, the security world has adopted an “assume breach” mindset that treats perimeter networks as just one aspect of the protective pillar in a three-pillar approach that also includes detection and response. Attackers can and will penetrate the strongest defenses, and they can enter the network from inside. The perimeter is gone, and security architectures and investments are continuing to shift to address the new reality.

At the same time that the changing threat landscape is reshaping the approach to security, people have embarked on shifting their compute and data from infrastructure they deploy and maintain to that hosted by hyper-scale public cloud service providers. Infrastructure as a service (IaaS) and platform as a service (PaaS) dramatically increase agility by offering on-demand, elastic, and scalable compute and data. IT professionals and application developers can focus on their core mission: delivering compliant, standardized services to their organizations in the case of the former, and quickly delivering new features and functionality to the business and its customers in the latter.

You’re reading this book because your organization is considering or has begun adopting public cloud services. You likely have already recognized that the introduction of the cloud provider into your network architecture creates new challenges. Whereas in your on-premises networks you use firewall appliances and physical routing rules to segregate environments and monitor traffic, the public cloud exposes virtualized networks, software load balancers, and application gateways, along with abstractions such as network security groups, that take their place. In some cases, the cloud offers services that give you insight and control that’s either impossible or hard to achieve on-premises, making it easier to deliver high levels of security. The terminology, tools, and techniques are different, and creating secure and resilient “assume breach” cloud and hybrid systems requires a deep understanding of what’s available and how to best apply it.

This book will serve as your trusted guide as you create and move applications and data to Microsoft Azure. The first step to implementing security in the cloud is knowing what the platform does for you and what your responsibility is, which is different depending on whether you’re using IaaS, PaaS, or finished software services like Microsoft Office 365. After describing the differences, Yuri, Tom and Deb then move on to cover everything from identity and access control, to how to create a cloud network for your virtual machines, to how to more securely connect the cloud to your on-premises networks. You’ll also learn how to manage keys and certificates, how to encrypt data at rest and in transit, how the Azure Security Center vulnerability and threat reporting can show you where you can improve security, and how Azure Security Center even walks you through doing so. Finally, the cloud and Internet of Things (IoT) are synergistic technologies, and if you’re building an IoT solution on Azure, you’ll benefit from the practical advice and tips on pitfalls to avoid.

The advent of the cloud requires new skills and knowledge, and those skills and knowledge will mean not only that you can more effectively help your organization use the cloud, but that you won’t be left behind in this technology shift. With this book, you’ll be confident that you have an end-to-end view of considerations, options, and even details of how to deploy and manage more secure applications on Azure.

— Mark Russinovich
CTO, Microsoft Azure
July 2016


Regardless of your title, if you’re responsible for designing, configuring, implementing, or managing secure solutions in Microsoft Azure, then this book is for you. If you’re a member of a team responsible for architecting, designing, implementing, and managing secure solutions in Azure, this book will help you understand what your team needs to know. If you’re responsible for managing a consulting firm that is implementing secure solutions in Azure, you should read this book. And if you just want to learn more about Azure security to improve your skill set or aid in a job search, this book will help you understand Azure security services and technologies and how to best use them to better secure an Azure environment.

This book includes conceptual information, design considerations, deployment scenarios, best practices, technology surveys, and how-to content, which will provide you with a wide view of what Azure has to offer in terms of security. In addition, numerous links to supplemental information are included to speed your learning process.

This book is a “must read” for anyone who is interested in Azure security. The authors assume that you have a working knowledge of cloud computing basics and core Azure concepts, but they do not expect you to be an Azure or PowerShell expert. They assume that you have enterprise IT experience and are comfortable in a datacenter. If you need more detailed information about how to implement the Azure security services and technologies discussed in this book, be sure to check out the references to excellent how-to articles on

About the authors

YURI DIOGENES is a Senior Content Developer on the CSI Enterprise Mobility and Security Team, focusing on enterprise mobility solutions, Azure Security Center, and OMS Security. Previously, Yuri worked at Microsoft as a writer for the Windows Security team and as a Support Escalation Engineer for the CSS Forefront team. He has a Master of Science degree in Cybersecurity Intelligence and Forensics from Utica College and an MBA from FGF in Brazil, and he holds several industry certifications. He is co-author of Enterprise Mobility Suite—Managing BYOD and Company-Owned Devices (Microsoft Press, 2015), Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion (Microsoft Press, 2010), and three other Forefront titles from Microsoft Press.

DR. THOMAS SHINDER is a program manager in Azure Security Engineering and a 20-year veteran in IT security. Tom is best known for his work with ISA Server and TMG, publishing nine books on those topics. He was also the leading voice at After joining Microsoft in 2009, Tom spent time on the UAG DirectAccess team and then took a 3-year vacation from security to be a cloud infrastructure specialist and architect. He’s now back where he belongs in security, and spends a good deal of time hugging his Azure Security Center console and hiding his secrets in Azure Key Vault.

DEBRA LITTLEJOHN SHINDER, MCSE, is a former police officer and police academy instructor who is self-employed as a technol­ogy consultant, trainer, and writer, specializing in network and cloud security. She has authored a number of books, including Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, 2002) and Computer Networking Essentials (Cisco Press, 2001). She has co-authored more than 20 additional books and worked as a tech editor, developmental editor, and contributor to more than 15 books. Deb is a lead author for and, and a long-time contributor to the GFI Software blog and other technology publications, with more than 1,500 published articles in print magazines and on websites. Deb focuses on Microsoft products, and has been awarded the Microsoft MVP (Most Valuable Professional) award in the field of enterprise security for 14 years in a row. She lives and works in the Dallas-Fort Worth area and has taught law enforcement, computer networking, and security courses at Eastfield College in Mesquite, Texas. She currently sits on the advisory board of the Eastfield Criminal Justice Training Center Police Academy.