Overall recommendations for Azure-based workloads
So far, we have gone into some of the overall principles when it comes to deploying virtual-machine-based workloads and how to protect them in Microsoft Azure. There are also some additional tips that I want to provide related to reducing the overall risk of someone compromising your Azure environments:
- Make sure to use least-privilege access. Consider using services such as Azure AD Privileged Identity Management or Azure AD entitlement management, or have routines in place to ensure that access is given on a per-need basis.
- Global Administrator access in Azure AD is separate from access to Azure subscriptions and resources. However, Global Admin also has the option to gain full access to the Azure environment by elevating themselves from the Azure AD portal, as you can read more about at https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin. So just ensure that you have limited global...
