Enhanced management baseline in Azure
The first three cloud management disciplines describe a management baseline. The preceding articles in this guide outline a minimum viable product (MVP) for cloud management services, which is referred to as a management baseline. This article outlines a few common improvements to the baseline.
The purpose of a management baseline is to create a consistent offering that provides a minimum level of business commitment for all supported workloads. With this baseline of common, repeatable management offerings, the team can deliver highly optimized operational management with minimal deviation.
However, you might need a greater commitment to the business beyond the standard offering. The following image and list show three ways to go beyond the management baseline.
- Enhanced management baseline:
- Add enhancements to the management baseline, when most workloads in the portfolio have a shared requirement.
- Improved business commitments using additional cloud-native operations tools and processes.
- Baseline enhancements should have no impact on the architecture of specific workloads.
- Workload operations:
- Largest per-workload operations investment.
- Highest degree of resiliency.
- Suggested for the approximately 20 percent of workloads that drive business value.
- Typically reserved for high-criticality or mission-critical workloads.
- Platform operations:
- Operations investment is spread across many workloads.
- Resiliency improvements affect all workloads that use the defined platform.
- Suggested for the approximately 20 percent of platforms that have highest criticality.
- Typically reserved for medium-criticality to high-criticality workloads.
Both workload operations and platform operations require changes to design and architecture principles. Those changes can take time and might result in increased operating expenses. To reduce the number of workloads that require such investments, an enhanced management baseline can provide enough of an improvement to the business commitment.
This table outlines a few processes, tools, and potential effects common in customers' enhanced management baselines:
Discipline | Process | Tool | Potential impact | Learn more |
---|---|---|---|---|
Inventory and visibility | Service change tracking | Azure Resource Graph | Greater visibility into changes to Azure services might help detect negative effects sooner or remediate faster. | Overview of Azure Resource Graph |
Inventory and visibility | Visualize Data | Microsoft Sentinel | Instant visualization and analysis of data | Sentinel visualize collected data |
Inventory and visibility | IT Service Management (ITSM) integration | IT Service Management Connector | Automated ITSM connection creates awareness sooner. | IT Service Management Connector (ITSMC) |
Operational compliance | Operations automation | Azure Automation | Automate operational compliance for faster and more accurate response to change. | See the following sections |
Operational compliance | Zero trust | Microsoft Sentinel | Zero Trust workbook uses the full breadth of Microsoft security offerings | Sentinel Zero trust Workbook |
Operational compliance | Performance automation | Azure Automation | Automate operational compliance with performance expectations to resolve common resource specific scaling or sizing issues. | See the following sections |
Operational compliance | Multicloud operations | Azure Automation Hybrid Runbook Worker | Automate operations across multiple clouds. | Hybrid Runbook Worker overview |
Operational compliance | Guest automation | Desired State Configuration (DSC) | Code-based configuration of guest operating systems to reduce errors and configuration drift. | DSC overview |
Protect and recover | Breach notification | Microsoft Defender for Cloud | Extend protection to include security-breach recovery triggers. | See the following sections |
Protect and recover | Threat Hunting | Microsoft Sentinel | Built in hunting queries that help you detect and protect against malicious activity | Sentinel Threat Hunting |
Azure Automation
Azure Automation provides a centralized system for the management of automated controls. In Azure Automation, you can run simple remediation, scale, and optimization processes in response to environmental metrics. These processes reduce the overhead associated with manual incident processing.
Most importantly, automated remediation can be delivered in near-real-time, significantly reducing interruptions to business processes. A study of the most common business interruptions identifies activities within your environment that could be automated.
Runbooks
The basic unit of code for delivering automated remediation is a runbook. Runbooks contain the instructions for remediating or recovering from an incident.
To create or manage runbooks:
- Sign in to the Azure portal
- Go to Azure Automation.
- Select Automation accounts and choose one of the listed accounts.
- Go to Process automation, select Runbooks to open the list of runbooks.
- With the options presented, you can create or manage runbooks, schedules, and other automated remediation functionality.
Microsoft Defender for Cloud
Microsoft Defender for Cloud also plays an important part in your protect-and-recover strategy. It can help you monitor the security of your machines, networks, storage, data services, and applications.
Microsoft Defender for Cloud provides advanced threat detection by using machine learning and behavioral analytics to help identify active threats targeting your Azure resources. It also provides threat protection that blocks malware and other unwanted code, and it reduces the surface area exposed to brute force and other network attacks.
When Microsoft Defender for Cloud identifies a threat, it triggers a security alert with steps you need for responding to an attack. It also provides a report with information about the detected threat.
Microsoft Defender for Cloud is offered in two tiers: Free and Standard. Features like security recommendations are available in the Free tier. The Standard tier provides additional protection like advanced threat detection and protection across hybrid cloud workloads.
Action
Try Standard tier for free for your first 30 days
After you enable and configure security policies for a subscription's resources, you can view the security state of your resources and any issues on the Prevention pane. You can also view a list of those issues on the Recommendations tile.
To explore Microsoft Defender for Cloud, go to the Azure portal.
Learn more
To learn more, see Microsoft Defender for Cloud documentation.
Microsoft Sentinel
Microsoft Sentinel is a cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution that plays a role, not only in your Enhanced management baseline in Azure but also in the Enhanced Baseline, Platform Operations and Workload Operations.
Microsoft Sentinel allows you to Collect Data, Detect Threats, Investigate Incidents, and Respond using Automation. Upon enabling the solution the ability to connect and collect data from Azure, On-premises, or any other cloud provider becomes available. There are over a hundred Data Connectors available including Office 365 Audit Logs, Azure Activity Logs, Cisco Umbrella, Trend Micro TippingPoint, Sophos Cloud Optix, VMware ESXi, and many others that simplify your integration into Sentinel from existing investments.
Microsoft Sentinel can be enabled at no additional cost on an Azure Monitor Log Analytics workspace for the first 31-days. See more Microsoft Sentinel Pricing.
Learn more about Microsoft Sentinel
To explore Microsoft Sentinel, go to the Azure portal
To learn more, see Microsoft Sentinel documentation.
Want to become a Microsoft Sentinel Ninja, see Microsoft Sentinel Ninja Training