यह ब्राउज़र अब समर्थित नहीं है.
नवीनतम सुविधाओं, सुरक्षा अपडेट और तकनीकी सहायता का लाभ लेने के लिए Microsoft Edge में अपग्रेड करें.
This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Center for SAP solutions. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Center for SAP solutions.
You can monitor this security baseline and its recommendations using Microsoft Defender for Cloud. Azure Policy definitions will be listed in the Regulatory Compliance section of the Microsoft Defender for Cloud portal page.
When a feature has relevant Azure Policy Definitions, they are listed in this baseline to help you measure compliance with the Microsoft cloud security benchmark controls and recommendations. Some recommendations may require a paid Microsoft Defender plan to enable certain security scenarios.
नोट
Features not applicable to Azure Center for SAP solutions have been excluded. To see how Azure Center for SAP solutions completely maps to the Microsoft cloud security benchmark, see the full Azure Center for SAP solutions security baseline mapping file.
The security profile summarizes high-impact behaviors of Azure Center for SAP solutions, which may result in increased security considerations.
| Service Behavior Attribute | Value |
|---|---|
| Product Category | Compute, Integration, Storage |
| Customer can access HOST / OS | No Access |
| Service can be deployed into customer's virtual network | True |
| Stores customer content at rest | False |
For more information, see the Microsoft cloud security benchmark: Network security.
Description: Service supports deployment into customer's private Virtual Network (VNet). Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Feature notes: The Virtual Instance of SAP Solution (VIS) infrastructure is deployed into the customer's virtual network, either through Azure Center for SAP Solutions or independently of the service.
For more information, please visit: Prepare network for infrastructure deployment.
Configuration Guidance: This feature is not supported to secure this service.
Description: Service network traffic respects Network Security Groups rule assignment on its subnets. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Feature notes: The Virtual Instance of SAP Solution (VIS) infrastructure is deployed into the customer's virtual network with networking resources including the network security group. These resources are deployed either through Azure Center for SAP Solutions or independently of the service.
For more information, please visit: Prepare network for infrastructure deployment.
Configuration Guidance: This feature is not supported to secure this service.
Description: Service supports disabling public network access either through using service-level IP ACL filtering rule (not NSG or Azure Firewall) or using a 'Disable Public Network Access' toggle switch. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Configuration Guidance: This feature is not supported to secure this service.
For more information, see the Microsoft cloud security benchmark: Identity management.
Description: Data plane actions support authentication using managed identities. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Feature notes: Though authentication to Azure Center for SAP Solutions using a managed identity is not supported, the service does require a managed identity to deploy the underlying infrastructure used by the service.
For more information, please visit: Deploy S/4HANA infrastructure with Azure Center for SAP solutions.
Configuration Guidance: This feature is not supported to secure this service.
Description: Data plane supports native use of Azure Key Vault for credential and secrets store. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| True | True | Microsoft |
Configuration Guidance: No additional configurations are required as this is enabled on a default deployment.
Reference: Azure Center for SAP Solutions - Deployment - Prepare network for deployment
For more information, see the Microsoft cloud security benchmark: Asset management.
Description: Service configurations can be monitored and enforced via Azure Policy. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Configuration Guidance: This feature is not supported to secure this service.
For more information, see the Microsoft cloud security benchmark: Logging and threat detection.
Description: Service has an offering-specific Microsoft Defender solution to monitor and alert on security issues. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Feature notes: The underlying infrastructure of the SAP workload consist of compute, storage and network resources on Azure. Underlying resources like VMs and storage accounts support Microsoft Defender for Cloud.
Configuration Guidance: This feature is not supported to secure this service.
Description: Service produces resource logs that can provide enhanced service-specific metrics and logging. The customer can configure these resource logs and send them to their own data sink like a storage account or log analytics workspace. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Configuration Guidance: This feature is not supported to secure this service.
For more information, see the Microsoft cloud security benchmark: Backup and recovery.
Description: The service can be backed up by the Azure Backup service. Learn more.
| Supported | Enabled By Default | Configuration Responsibility |
|---|---|---|
| False | Not Applicable | Not Applicable |
Feature notes: For VMs deployed from Azure Center for SAP Solution, customers can create backups for their Azure VMs using the Azure Backup service.
Configuration Guidance: This feature is not supported to secure this service.
प्रशिक्षण
मॉड्यूल
This module covers considerations for backup, security, licensing, and support of SAP HANA on Azure (Large Instances). Prepare for Exam AZ-120 Planning and Administering Microsoft Azure for SAP Workloads.
Certification
Microsoft प्रमाणित: Azure for SAP Workloads विशेषता - Certifications
Azure संसाधनों का लाभ उठाते समय Microsoft Azure पर SAP समाधान की योजना, माइग्रेशन और संचालन प्रदर्शित करें.
दस्तावेज़ीकरण
Azure Center for SAP solutions demo
Full demo video of the Azure Center for SAP solutions Chapters 00:00 - Introduction 00:25 - Deploy New SAP System: Infrastructure 02:24 - Deploy New SAP System: Install SAP Software 03:02 - Register Existing SAP System 03:56 - Monitoring and Start/Stop 05:27 - SAP System Quality Checks 07:07 - Cost Analysis 07:33 - Foundation for Innovation with Advanced Search 08:17 - Deploy and Manage through CLI and APIs Recommended resources SAP on Azure