Azure Security Information – What We’ve Done, Where We’re Going

Last year (2015) was a big year for Azure Security. We released a number of new security capabilities such as Azure Disk Encryption, Azure Key Vault, SQL Transparent Data Encryption (TDE) and Column Level Encryption (CLE), Storage Client-side Encryption, and more. On the product/service side we introduced the public preview of Azure Security Center. The year passed like a whirlwind and the pace of change in Azure kept us all on our toes.

It’s hard to keep up with these changes, and with new information coming in all the time, it’s even more difficult to find the new information. The Azure Security Team blog is here to help you with finding the information you need. Let’s take a look at what the Azure Security team together with our partners have published last year to help you keep up to date.

White Papers and Articles

Azure security is a BIG topic. We had to decide where to start, so we spent some time trying to figure out what was the most important to you. Then we created new Azure Security content to meet your needs, or update existing content based on your demand to fresh information.

Here’s what you got:

• Microsoft Azure security and audit log management
• Best practices for software updates on Microsoft Azure IaaS
• A Practical Guide to Designing Secure Health Solutions using Microsoft Azure
• Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Getting started with Microsoft Azure security
• Security Best Practices for using Azure Multi-Factor Authentication with Azure AD accounts
• Azure Active Directory Hybrid Identity Design Considerations
• Azure Disk Encryption for Windows and Linux IaaS VMs
• Securing Privileged Access

This is just the beginning of our Azure security content push. We’ve got a lot more in store for you in 2016, which we’ll go over at the end of this post.

Azure Security Center Docs

Azure Security Center is our pride and joy. This service went into public preview in November 2015 and continues to evolve functionality and features. Of course, in order for you to get the most out of your Azure Security Center experience, you need to have some good docs to support you.

Here’s what we provided you (and more to come):

• Introduction to Azure Security Center
• Getting started with Azure Security Center
• Azure Security Center Frequently Asked Questions
• Settings Security Policies in Azure Security Center
• Implementing security recommendations in Azure Security Center
• Security health monitoring in Azure Security Center
• Managing and responding to security alerts in Azure Security Center

Azure Security Community and Support

Community is a really big deal for us and we want to make sure we know what you need to be successful with security in Azure. We’ll work hard to try and answer every question you have, as well as listen to your ideas about changes in existing features and new features. Here’s where you can go to ask questions and provide input:

• Azure Security Team blog – that’s where you are now! You can use the comments box at the bottom of each article. We get an email notification when you ask a question – and we’ll answer it ASAP.
• Azure Security Center MSDN forum – you can ask questions about problems you have with Azure Security Center, or just start a discussion on the forum. The Azure Security Engineering team is watching this forum and we’ll do our best to get you the answers you need
• Azure Disk Encryption MSDN forum – similar to the Azure Security Center forum, in this forum you can do the same for issues and ideas you have with Azure Disk Encryption.
• Azure Key Vault MSDN forum – again, ask your questions and start a conversation about Azure Key Vault.
•  Microsoft MVP Program – Azure Security is now integrated with the Microsoft Most Valuable Professional (MVP) program, with a new contribution area of Azure Security. We work with MVPs to help them help others answer questions on Azure Security.

Azure Security Team Blog

We picked up the pace in the last half of 2015 and published an impressive pile of blog posts to help you keep up with Azure Security. Here’s the list:

• Best Practices to protect your Azure deployment against “cloud drive-by” attacks
• Azure Active Directory's Access and Usage Reports
• Certificate Management in Azure: Do's and Don'ts
• Multi-factor Authentication Cloud Security Controls
• Security Considerations and Best Practices for Azure Resource Manager
• Pen Testing Your Applications in Microsoft Azure
• Microsoft Azure Storage Client-Side Encryption Goes into General Availability
• How I learned to stop worrying and love the cloud: Azure Forensics for the Security Responder
• Check out the New Public Preview of Converged Microsoft Account and Azure Active Directory Programming Model
• SQL Server Connector for Azure Key Vault Public Preview Refresh Now Available
• A Practical Guide to Designing Secure Health Solutions Using Microsoft Azure
• Security logging and analysis options in Azure
• Securing Remote Access to Azure Virtual Machines over the Internet
• Tim Rains on Encrypting Data at Rest in Microsoft Cloud Services
• Azure Security News Catch Up
• Rights Management – the “Last Mile” of Data Security
• David Cross on Microsoft Data Protection–Gartner Security and Risk Management Summit
• Secure the Cloud with Azure Security Center
• AzureCon 2015 - A Lap Around Azure Security with David Cross
• Free Azure Security Training
• New Azure SQL Database Security Capabilities Now Available
• Microsoft Cloud Security Training–Security in a Cloud Enabled World
• An Insider’s Look at the Security of Microsoft Azure – Assume the Breach!
• Security and Compliance Sessions at AzureCon 2015
• Microsoft MVPs Drill Down on Azure Security and More at MVP Global Summit 2015
• Getting Started with Azure Security
• Azure Disk Encryption for Linux and Windows Virtual Machines-Public Preview Now Available
• Explore Azure Disk Encryption with Azure Powershell
• Explore Azure Disk Encryption with Azure PowerShell – Part 2
• Get the sample app to test and demo Azure storage client-side encryption using the Azure SDK
• Microsoft Trust Center–One Microsoft in Action
• Azure Security Center now in Public Preview

What’s Next

While prediction is difficult, especially about the future, that doesn’t prevent us from making plans. Of course, with cloud security, things change quickly, so we don’t want to plan too far in advance because we want to be ready to respond to what you need as quickly as possible. That said, here’s what we thinking about in the near term:

• Updating the Azure Network Security White Paper
• Creating a new paper on what you can do to reduce your DDoS risk
• Creating a new paper on how machine learning is used to help secure your Azure deployments
• Creating a new location on Azure.com that is dedicated to Azure security information so that you can quickly find the information you need to optimize your security posture
• Updating a number of current white papers so that they accurately reflect Azure’s current security features and capabilities
• Transferring a number of white papers that are currently only available in Word or PDF format to Azure.com so that they are easily scan-able and accessible over the web
• Creating a Channel 9 Azure Security site where we can share videos on all things that are Azure Security and give you video demonstrations of the security technologies we share with you on this blog.

MOST IMPORANT OF ALL – we want to know what you need to be successful with Azure Security. We won’t know unless you tell us, so let us know! Just post your request at the bottom of this blog post. Or, if you want to keep it private, just email me.

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Comments

• Anonymous
  January 31, 2016
  The comment has been removed

• Anonymous
  January 31, 2016
  Hi Aaron - I understand your situation and we are working to make this a better experience. I can't say at this time when and how, but know that this is something that matter to us. Thanks! -Tom

• Anonymous
  February 22, 2016
  Firstly I would like to thank you for this article, in my opinion is see channel 9 will be useful in this matter, also we need virtual academy to be more effective in this matter. Thanks in advance, Mahmoud Hanafi

• Anonymous
  February 22, 2016
  Hi Mahmoud - Thanks! We're moving forward on the Channel 9 idea. MVA is a good idea too. They do take longer to put together, but MVAs are very useful. -Tom.