Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Mastering Azure Security
Mastering Azure Security

Mastering Azure Security: Keeping your Microsoft Azure workloads safe , Second Edition

Arrow left icon
Profile Icon Toroman Profile Icon Janetscheck
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (2 Ratings)
Paperback Apr 2022 320 pages 2nd Edition
eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Toroman Profile Icon Janetscheck
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (2 Ratings)
Paperback Apr 2022 320 pages 2nd Edition
eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Mastering Azure Security

Chapter 1: An Introduction to Azure Security

When cloud computing comes up in a conversation, security is, very often, the main topic. When data leaves local data centers, many wonder what happens to it. We are used to having complete control over everything, from physical servers, networks, and hypervisors, to applications and data. Then, all of a sudden, we are supposed to transfer much of that to someone else. It's natural to feel a little tension and distrust at the beginning, but, if we dig deep, we'll see that cloud computing can offer us more security than we could ever achieve on our own.

Microsoft Azure is a cloud computing service provided through Microsoft-managed data centers dispersed around the world. Azure data centers are built to top industry standards and comply with all the relevant certification authorities, such as ISO/IEC 27001:2013 and NIST SP 800-53, to name a couple. These standards guarantee that Microsoft Azure is built to provide security and reliability.

In this chapter, we'll learn about Azure security concepts and how security is structured in Microsoft Azure data centers, using the following topics:

  • Exploring the shared responsibility model
  • Physical security
  • Azure network
  • Azure infrastructure availability
  • Azure infrastructure integrity
  • Azure infrastructure monitoring
  • Understanding Azure security foundations

Exploring the shared responsibility model

While Microsoft Azure is very secure, the responsibility for building a secure environment doesn't rest with Microsoft alone. Its shared responsibility model divides responsibility between Microsoft and its customers.

Before we can discuss which party looks after which aspect of security, we need to first discuss cloud service models. There are three basic models:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

These models differ in terms of what is controlled by Microsoft and the customer. A general breakdown can be seen in the following diagram:

Figure 1.1 – Basic cloud service models

Figure 1.1 – Basic cloud service models

Let's look at these services in a little more detail.

On-premises

In an on-premises environment, we, as users, take care of everything: the network, physical servers, storage, and so on. We need to set up virtualization stacks (if used), configure and maintain servers, install and maintain software, manage databases, and so on. Most importantly, all aspects of security are our responsibility: physical security, network security, host and OS security, and application security for all application software running on our servers.

IaaS

With IaaS, Microsoft takes over some of the responsibilities. We only take care of data, runtime, applications, and some aspects of security, which we'll discuss a little later on.

An example of an IaaS product in Microsoft Azure is Azure Virtual Machines (VM).

PaaS

PaaS gives Microsoft even more responsibility. We only take care of our applications. However, this still means looking after a part of the security. Some examples of PaaS in Microsoft Azure are Azure SQL Database and web apps.

SaaS

SaaS gives a large amount of control away, and we manage very little, including some aspects of security. In Microsoft's ecosystem, a popular example of SaaS is Office 365; however, we will not discuss this in this book.

Now that we have a basic understanding of shared responsibility, let's understand how responsibility for security is allocated.

Division of security in the shared responsibility model

The shared responsibility model divides security into three zones:

  • Always controlled by the customer
  • Always controlled by Microsoft
  • Varies by service type

Irrespective of the cloud service model, customers will always retain the following security responsibilities:

  • Data governance and rights management
  • Endpoint protection
  • Account and access management

Similarly, Microsoft always handles the following, in terms of security, for any of its cloud service models:

  • Physical data center
  • Physical network
  • Physical hosts

Finally, there are a few security responsibilities that are allocated based on the cloud service model:

  • Identity and directory infrastructure
  • Applications
  • Network
  • Operating system

The distribution of responsibility, based on different cloud service models, is shown in the following diagram:

Figure 1.2 – The distribution of responsibility between the customer and service provider for different cloud service models (image courtesy of Microsoft, License: MIT)

Figure 1.2 – The distribution of responsibility between the customer and service provider for different cloud service models (image courtesy of Microsoft, License: MIT)

Now that we know how security is divided, let's move on to one specific aspect of it: the physical security that Microsoft manages. This section is important as we won't discuss it in much detail in the chapters to come.

Physical security

Everything starts with physical security. No matter what we do to protect our data from attacks coming from outside of our network, it would all be in vain if someone was to walk into data centers or server rooms and take away disks from our servers. Microsoft takes physical security very seriously in order to reduce the risk of unauthorized access to data and data center resources.

Azure data centers can be accessed only through strictly defined access points. A facility's perimeter is safeguarded by tall fences made of steel and concrete. To enter Azure data centers, a person needs to go through at least two checkpoints: first to enter the facility perimeter, and second to enter the building. Both checkpoints are staffed by professional and trained security personnel. In addition to the access points, security personnel patrol the facility's perimeter. The facility and its buildings are covered by video surveillance, which is monitored by security personnel.

After entering the building, two-factor authentication with biometrics is required to gain access to the inside of the data center. If their identity is validated, a person can access only approved parts of the data center. Approval, besides defining areas that can be accessed, also defines periods that can be spent inside these areas. It also strictly defines whether a person can access these areas alone or needs to be accompanied by someone.

Before accessing each area inside the data center, a mandatory metal detector check is performed. To prevent unauthorized data leaving or entering the data center, only approved devices are allowed. Additionally, all server racks are monitored from the front and back using video surveillance. When leaving a data center area, an additional metal detector screening is required. This helps Microsoft make sure that nothing that can compromise its data's security is brought in or removed from the data center without authorization.

A review of physical security is conducted periodically for all facilities. This aims to satisfy all security requirements at all times.

After equipment reaches the end of its life, it is disposed of securely, with rigorous data and hardware disposal policies. During the disposal process, Microsoft personnel ensure that data is not available to untrusted parties. All data devices are either wiped (if possible) or physically destroyed in order to render the recovery of any information impossible.

All Microsoft Azure data centers are designed, built, and operated in a way that satisfies top industry standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2, to name a few. In many cases, specific region or country standards are followed as well, such as Australia IRAP, UK GCloud, and Singapore MTCS.

As an added precaution, all data inside any Microsoft Azure data center is encrypted at rest. Even if someone managed to get their hands on disks with customers' data, which is virtually impossible with all the security measures, it would take an enormous effort (both from a financial and time perspective) to decrypt any of the data.

But in the cloud era, network security is equally, if not more, important than physical security. Most services are accessed over the internet, and even isolated services depend on the network layer. So, next, we need to take a look at Azure network architecture.

Azure network

Networking in Azure can be separated into two parts: managed by Microsoft and managed by us. In this section, we will discuss the part of networking managed by Microsoft. It's important to understand the architecture, reliability, and security setup of this part to provide more context once we move to parts of network security that we need to manage.

As with Azure data centers generally, the Azure network follows industry standards with three distinct models/layers:

  • Core
  • Distribution
  • Access

All three models use distinct hardware to completely separate all the layers. The core layer uses data center routers, the distribution layer uses access routers and L2 aggregation (this layer separates L3 routing from L2 switching), and the access layer uses L2 switches.

Azure network architecture includes two levels of L2 switches:

  • First level: Aggregates traffic
  • Second level: Loops to incorporate redundancy

This approach allows for more flexibility and better port scaling. Another benefit of this approach is that L2 and L3 are wholly separated, which allows for the use of distinct hardware for each layer in the network. Distinct hardware minimizes the chances of a fault in one layer affecting another one. The use of trunks allows for resource sharing for better connectivity. The network inside an Azure data center is distributed into clusters for better control, scaling, and fault tolerance.

In terms of network topology, Azure data centers contain the following elements:

  • Edge network: An edge network represents a separation point between the Microsoft network and other networks (such as the internet or corporate networks). It is responsible for providing internet connectivity and ExpressRoute peering into Azure (covered in Chapter 4, Azure Network Security).
  • Wide area network: The wide area network is Microsoft's intelligent backbone. It covers the entire globe and provides connectivity between Azure regions.
  • Regional gateways network: A regional gateway is a point of aggregation for Azure regions and applies to all data centers within the region. It provides connectivity between data centers within the Azure region and enables connectivity with other regions.
  • Data center network: A data center network enables connectivity between data centers and enables communication between servers within the data center. The data center network is based on a modified version of the Clos network. The Clos network uses the principle of multistage circuit-switching. The network is separated into three stages – ingress, middle, and egress. Each stage contains multiple switches and uses an r-way shuffle between stages. When a call is made, it enters the ingress switch and from there it can be routed to any available middle switch, and from the middle switch to any available egress switch. As the number of devices (switches) in use is huge, it minimizes the chance of hardware failure. All devices are situated at different locations with independent power and cooling, so an environmental failure has a minimal impact as well.

Azure networking is built upon highly redundant infrastructure in each Azure data center. Implemented redundancy is need plus one (N+1) or better, with full failover features within, and between, Azure data centers. Full failover tolerance ensures constant network and service availability. From the outside, Azure data centers are connected by dedicated, high-bandwidth network circuits redundantly that connect properties with over 1,200 Internet Service Providers (ISPs) on a global level. Edge capacity across the network is over 2,000 Gbps, which presents an enormous network potential.

Distributed Denial of Service (DDoS) is becoming a huge issue in terms of service availability. As the number of cloud services increases, DDoS attacks become more targeted and sophisticated. With the help of geographical distribution and quick detection, Microsoft can help you mitigate these DDoS attacks and minimize the impact. Let's take a look at this in more detail.

Azure infrastructure availability

Azure is designed, built, and operated to deliver highly available and reliable infrastructure. Improvements are constantly implemented to increase availability and reliability, along with efficiency and scalability. Delivery of a more secure and trusted cloud is always a priority.

Uninterruptible power supplies and vast banks of batteries ensure that the flow of electricity stays uninterrupted in case of short-term power disruptions. In the case of long-term power disruptions, emergency generators can provide backup power for days. Emergency power generators are used in cases of extended power outages or planned maintenance. In cases of natural disasters, when the external power supply is unavailable for long periods, each Azure data center has fuel reserves on-site.

Robust and high-speed, fiber optic networks connect data centers to major hubs. It's important that, along with connections through major hubs, data centers are connected directly. Everything is distributed into nodes, which host workloads closer to users to reduce latency, provide geo-redundancy, and increase resiliency.

Data in Azure can be placed in two separate regions: primary and secondary regions. A customer can choose where the primary and secondary regions will be. The secondary region is a backup site. In each region, primary and secondary, Azure keeps three healthy copies of your data at all times. This means that six copies of the data are available at any time. If any data copy becomes unavailable at any time, it's immediately declared invalid, a new copy is created, and the old one is destroyed.

Microsoft ensures high availability and reliability through constant monitoring, incident response, and service support. Each Azure data center operates 24/7/365 to ensure that everything is running, and all services are available at all times. Of course, available at all times is a goal that, ultimately, is impossible to reach. Many circumstances can impact uptime, and sometimes it's impossible to control all of them. Realistically, the aim is to achieve the best possible Service Level Agreement (SLA) so as to ensure that potential downtime is limited as far as possible. The SLA can vary based on a number of factors and is different per service and configuration. If we take into account all the factors we can control, the best SLA we can achieve would be 99.99%, also known as four nines.

Closely connected to infrastructure availability is infrastructure integrity. Integrity affects the availability terms of deployment, where all steps must be verified from different perspectives. New deployments must not cause any downtime or affect existing services in any way.

Azure infrastructure integrity

All software components installed in the Azure environment are custom built. This, of course, refers to software installed and managed by Microsoft as part of Azure Service Fabric. Custom software is built using Microsoft's Security Development Lifecycle (SDL) process, including operating system images and SQL databases. All software deployment is conducted as part of the strictly defined change management and release management process. All nodes and fabric controllers use customized versions of Windows Server 2019. The installation of any unauthorized software is not allowed.

VMs running in Azure are grouped into clusters. Each cluster contains around 1,000 VMs. All VMs are managed by the Fabric Controller (FC). The FC is scaled out and redundant. Each FC is responsible for the life cycle management of applications running in its own cluster. This includes the provisioning and monitoring of hardware in that cluster. If any server fails, the FC automatically rebuilds a new instance of that server.

Each Azure software component undergoes a build process (as part of the release management process) that includes virus scans using endpoint protection anti-virus tools. As each software component undergoes this process, nothing goes to production without a clean-virus scan. During the release management process, all components go through a build process. During this process, an anti-virus scan is performed. Each virus scan creates a log in the build directory and, if any issues are detected, the process for this component is frozen. Any software components for which the issue is detected undergo inspection by Microsoft security teams in order to detect the exact issue.

Azure is a closed and locked-down environment. All nodes and guest VMs have their default Windows administrator account disabled. No user accounts are created directly on any of the nodes or guest VMs as well. Administrators from Azure support can connect to them only with proper authorization to perform maintenance tasks and emergency repairs.

With all precautions taken to provide maximum availability and security, incidents may occur from time to time. To detect these issues and mitigate them as soon as possible, Microsoft implemented monitoring and incident management.

Azure infrastructure monitoring

All hardware, software, and network devices in Azure data centers are constantly reviewed and updated. Reviews and updates are performed mandatorily at least once a year, but additional reviews and updates are performed as needed. Any changes (to hardware, software, or the network) must go through the release management process and need to be developed, tested, and approved in development and test environments prior to release to production. In this process, all changes must be reviewed and approved by the Azure security and compliance team.

All Azure data centers use integrated deployment systems for the distribution and installation of security updates for all software provided by Microsoft. If third-party software is used, the customer or software manufacturer is responsible for security updates, depending on how the software is provided and used. For example, if third-party software is installed using Azure Marketplace, the manufacturer is responsible for providing updates. If the software is manually installed, then it depends on the specific software. For Microsoft software, a special team within Microsoft, named Microsoft Security Response Center, is responsible for monitoring and identifying any security incident 24/7/365. Furthermore, any incident must be resolved in the shortest possible time frame.

Vulnerability scanning is performed across the Azure infrastructure (servers, databases, and network) at least once every quarter. If there is a specific issue or incident, vulnerability scanning is performed more often. Microsoft performs penetration tests, but also hires independent consultants to perform penetration tests. This ensures that nothing goes undetected. Any security issues are addressed immediately in order to increase security and stop any exploit when the issue is detected.

In case of any security issue, Microsoft has incident management in place. In the event that Microsoft is aware of a security issue, it takes the following action:

  1. The customer is notified of the incident.
  2. An immediate investigation is started to provide detailed information regarding the security incident.
  3. Steps are taken to mitigate the effects and minimize the damage of the security incident.

Incident management is clearly defined in order to manage, escalate, and resolve all security incidents promptly.

Understanding Azure security foundations

Overall, we can see that with Microsoft Azure, the cloud can be very secure. But it's very important to understand the shared responsibility model as well. Just putting applications and data into the cloud doesn't make it secure. Microsoft provides certain parts of security and ensures that physical and network security is in place. Customers must assume part of the responsibility and ensure that the right measures are taken on their side as well.

For example, let's say we place our database and application in Microsoft Azure, but our application is vulnerable to SQL injection (still a very common data breach method). Can we blame Microsoft if our data is breached?

Let's be more extreme and say we publicly exposed the endpoint and forgot to put in place any kind of authentication. Is this Microsoft's responsibility?

If we look at the level of physical and network security that Microsoft provides in Azure data centers, not many organizations can say that they have the same level in their local data centers. More often than not, physical security is totally neglected. Server rooms are not secure, access is not controlled, and many times there is not even a dedicated server room, but just server racks in some corner or corridor. Even when a server room is under lock and key, no change of management is in place, and no one controls or reviews who is entering the server room and why. On the other hand, Microsoft implements top-level security in its data centers. Everything is under constant surveillance, and every access needs to be approved and reviewed. Even if something is missed, everything is still encrypted and additionally secured. In my experience, this is again something that most organizations don't bother with.

Similar things can be said about network security. In most organizations, almost all network security is gone after the firewall. Networks are usually unsegmented, no traffic control is in place inside the network, and so on. Routing and traffic forwarding are basic or non-existent. Microsoft Azure again addresses these problems very well and helps us have secure networks for our resources.

But even with all the components of security that Microsoft takes care of, this is only the beginning. Using Microsoft Azure, we can achieve better physical and network security than we could in local data centers, and we can concentrate on other things.

The shared responsibility model has different responsibilities for different cloud service models, and it's sometimes unclear what needs to be done. Luckily, even if it's not Microsoft's responsibility to address these parts of security, there are many security services available in Azure. Many of Azure's services have the single purpose of addressing security and helping us protect our data and resources in Azure data centers. Again, it does not stop there. Most of Azure's services have some sort of security features built-in, even when these services are not security-related. Microsoft takes security very seriously and enables us to secure our resources with many different tools.

The tools available vary from tools that help us to increase security by simply enabling a number of options, to tools that have lots of configuration options that help us design security, to tools that monitor our Azure resources and give us security recommendations that we need to implement. Some Azure tools use machine learning to help us detect security incidents in real time, or even before they happen.

This book will cover all aspects of Microsoft Azure security, from governance and identity, to network and data protection, to advanced tools. The final goal is to understand cloud security, to learn how to combine different tools to maximize security, and finally, to master Azure security!

Summary

The most important lesson in this chapter is to understand the shared responsibility model in Azure. Microsoft takes care of some parts of security, especially in terms of physical security, but we need to take care of the rest.

With Azure networking, integrity, availability, and monitoring, we don't have any influence and can't change anything (at least in the sections we discussed here). However, they are important to understand as we can apply a lot of things in the parts of security that we can manage. They will also provide more context and help us to better understand the complete security setup in Azure.

In the next chapter, we will move on to identity, which is one of the most important pillars of security. In Azure, identity is even more important, as most services are managed and accessible over the internet. Therefore, we need to take additional steps to make identity and access secure and bulletproof.

Questions

As we conclude, here is a list of questions for you to test your knowledge regarding this chapter's material. You will find the answers in the Assessments section of the Appendix:

  1. Whose responsibility is security in the cloud?

A. User's

B. Cloud provider's

C. Responsibility is shared

  1. According to the shared responsibility model, who is responsible for the security of physical hosts?

A. User

B. Cloud provider

C. Both

  1. According to the shared responsibility model, who is responsible for the physical network?

A. User

B. Cloud provider

C. Depends on the service model

  1. According to the shared responsibility model, who is responsible for network controls?

A. User

B. Cloud provider

C. Depends on the service model

  1. According to the shared responsibility model, who is responsible for data governance?

A. User

B. Cloud provider

C. Depends on the service model

  1. Which architecture is used for Azure networking?

A. DLA

B. Quantum 10 (Q10)

C. Both, but DLA is replacing Q10

D. Both, but Q10 is replacing DLA

  1. In case of a security incident, what is the first step?

A. Immediate investigation

B. Mitigation

C. Customer is notified

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Learn how to secure your Azure cloud workloads across applications and networks
  • Protect your Azure infrastructure from cyber attacks
  • Discover tips and techniques for implementing, deploying, and maintaining secure cloud services using best practices

Description

Security is integrated into every cloud, but this makes users put their guard down as they take cloud security for granted. Although the cloud provides higher security, keeping their resources secure is one of the biggest challenges many organizations face as threats are constantly evolving. Microsoft Azure offers a shared responsibility model that can address any challenge with the right approach. Revised to cover product updates up to early 2022, this book will help you explore a variety of services and features from Microsoft Azure that can help you overcome challenges in cloud security. You'll start by learning the most important security concepts in Azure, their implementation, and then advance to understanding how to keep resources secure. The book will guide you through the tools available for monitoring Azure security and enforcing security and governance the right way. You'll also explore tools to detect threats before they can do any real damage and those that use machine learning and AI to analyze your security logs and detect anomalies. By the end of this cloud security book, you'll have understood cybersecurity in the cloud and be able to design secure solutions in Microsoft Azure.

Who is this book for?

This book is for Azure cloud professionals, Azure architects, and security professionals looking to implement secure cloud services using Azure Security Centre and other Azure security features. A solid understanding of fundamental security concepts and prior exposure to the Azure cloud will help you understand the key concepts covered in the book more effectively.

What you will learn

  • Become well-versed with cloud security concepts
  • Get the hang of managing cloud identities
  • Understand the zero-trust approach
  • Adopt the Azure security cloud infrastructure
  • Protect and encrypt your data
  • Grasp Azure network security concepts
  • Discover how to keep cloud resources secure
  • Implement cloud governance with security policies and rules

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 28, 2022
Length: 320 pages
Edition : 2nd
Language : English
ISBN-13 : 9781803238555
Category :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Apr 28, 2022
Length: 320 pages
Edition : 2nd
Language : English
ISBN-13 : 9781803238555
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 115.97
Mastering Windows Security and Hardening
€41.99
Mastering Azure Security
€36.99
Microsoft Sentinel in Action
€36.99
Total 115.97 Stars icon
Banner background image

Table of Contents

14 Chapters
Section 1: Identity and Governance Chevron down icon Chevron up icon
Chapter 1: An Introduction to Azure Security Chevron down icon Chevron up icon
Chapter 2: Governance and Security Chevron down icon Chevron up icon
Chapter 3: Managing Cloud Identities Chevron down icon Chevron up icon
Section 2: Cloud Infrastructure Security Chevron down icon Chevron up icon
Chapter 4: Azure Network Security Chevron down icon Chevron up icon
Chapter 5: Azure Key Vault Chevron down icon Chevron up icon
Chapter 6: Data Security Chevron down icon Chevron up icon
Section 3: Security Management Chevron down icon Chevron up icon
Chapter 7: Microsoft Defender for Cloud Chevron down icon Chevron up icon
Chapter 8: Microsoft Sentinel Chevron down icon Chevron up icon
Chapter 9: Security Best Practices Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(2 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Mike Jun 10, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Book introduces you to cloud security and guides you through different areas, from identity to network security. It finishes with some advanced things like Defender and Sentinel. As cloud changes rapidly, I love that it focuses on principle of security, but at the same time it provides lots of hands-on. Would recommend both for beginners and advanced IT professionals.
Amazon Verified review Amazon
Sasha (Sasa) Kranjac Jun 21, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book covers three main security topics in Azure: identity and governance, cloud infrastructure security, and security management. It starts with an introduction to Azure security, governance, and cloud identities. While these topics seem “too fundamental” at first, they are not, but necessary to start with a solid security foundation in Azure.I’m glad to see that multi-factor authentication, authentication and Azure AD PIM, as important topics, authors have introduced at the beginning of the book. Most important topics (well, everything is important in security, isn’t it? 😊) make second part, where vital topics are concisely described, along with practical examples.Finally, security monitoring and security management are equally important – Microsoft Defender for Cloud and Microsoft Sentinel are practically explained, where security best practices as a valuable addition rounds up the last chapter. Whether you are beginning with security in Azure, or want to broaden your security horizons, this book will provide valuable information.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.