Security Baseline tools in Azure
The Security Baseline discipline is one of the Five Disciplines of Cloud Governance. This discipline focuses on ways of establishing policies that protect the network, assets, and most importantly the data that will reside on a cloud provider's solution. Within the Five Disciplines of Cloud Governance, the Security Baseline discipline involves classification of the digital estate and data. It also involves documentation of risks, business tolerance, and mitigation strategies associated with the security of data, assets, and networks. From a technical perspective, this discipline also includes involvement in decisions regarding encryption, network requirements, hybrid identity strategies, and tools to automate enforcement of security policies across resource groups. The following list of Azure tools can help mature the policies and processes that support this discipline.
|Tool||Azure portal and Azure Resource Manager||Azure Key Vault||Azure AD||Azure Policy||Microsoft Defender for Cloud||Azure Monitor|
|Apply access controls to resources and resource creation||Yes||No||Yes||No||No||No|
|Secure virtual networks||Yes||No||No||Yes||No||No|
|Encrypt virtual drives||No||Yes||No||No||No||No|
|Encrypt PaaS storage and databases||No||Yes||No||No||No||No|
|Manage hybrid identity services||No||No||Yes||No||No||No|
|Restrict allowed types of resource||No||No||No||Yes||No||No|
|Enforce geo-regional restrictions||No||No||No||Yes||No||No|
|Monitor security health of networks and resources||No||No||No||No||Yes||Yes|
|Detect malicious activity||No||No||No||No||Yes||Yes|
|Preemptively detect vulnerabilities||No||No||No||No||Yes||No|
|Configure backup and disaster recovery||Yes||No||No||No||No||No|
For a complete list of Azure security tools and services, see Security services and technologies available on Azure.
Customers commonly use third-party tools to enable Security Baseline discipline activities. For more information, see the article integrate security solutions in Microsoft Defender for Cloud.
In addition to security tools, Compliance Management in Microsoft 365 provides extensive guidance, reports, and related documentation that can help you perform risk assessments as part of your migration planning process.