Security Control: Penetration Tests and Red Team Exercises


The most up-to-date Azure Security Benchmark is available here.

Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.

11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings

Azure ID CIS IDs Responsibility
11.1 20.1, 20.2, 20.3, 20.4, 20.5, 20.6, 20.7, 20.8 Shared

Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies. Use Microsoft's strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications.

Next steps