15. Service Catalog
Service Option Controls
Geographic Limits
Resource Locks
Tagging
Lifecycle & Automation
Archiving
Notifications
Dashboard
Integrations
To Do
17. {
"if" : {
<condition> | <logical operator>
},
"then" : {
"effect" : "deny | audit | append"
}
}
Logical Operator Syntax
Not "not" : {<condition or operator >}
And
"allOf" : [ {<condition or operator >},{<condition or
operator >}]
Or
"anyOf" : [ {<condition or operator >},{<condition or
operator >}]
Condition Name Syntax
Equals "equals" : "<value>"
Like "like" : "<value>"
Contains "contains" : "<value>"
In "in" : [ "<value1>","<value2>" ]
ContainsKey "containsKey" : "<keyName>"
Exists "exists" : "<bool>"
18. • CanNotDelete: athorized users can still read and modify a resource, but
they can't delete it.
• ReadOnly*: Authorized users can read from a resource, but they can't
delete it or perform any actions on it. The permission on the resource is
restricted to the Reader role.
• Subscription
• Resource Group
• Resource
20. Azure Security Center
Enable security
at cloud speed
Gain visibility
and control
Detect cyber
threats
Integrate partner
solutions
21. Provides a unified view of security across all your Azure subscriptions
Makes it easy to understand your security posture, including vulnerabilities and
threats detected
Integrates security event logging and monitoring, including events from partners
APIs, SIEM connector and Power BI dashboards make it easy to access, integrate,
and analyze security information using existing tools
Gain visibility and control
22. Access security data
in near real-time
from your Security
Information and
Event Management
(SIEM) Export Logs
Log
Analytics/
SIEM
Azure
Diagnostics
Azure
Storage
Rehydrate:
“Forwarded Events”
Flat files (IIS Logs)
CEF formatted logs
Azure Log
Integration
Standard Log
Connector
(ArcSigt, Splunk, etc)
Azure APIs
23. Enable agility with security
Tailors security recommendations based on the
security policy defined for the subscription or
resource group
Guides users through the process of remediating
security vulnerabilities
Enables rapidly deployment of security services
and appliances from Microsoft and partners (firewalls,
endpoint protection, and more)
29. Monitoring your environments
Hot path
Enables real-time service feedback loop
Example usage: service availability alerts
(60s ingestion latency)
Warm Path
Enables diagnostics capabilities
Example usage: Service degraded alerts, Informational alerts
(5m ingestion latency)
Cold Path
System & Audit Logging
Example usage: Statistics and reporting
Governance, broadly speaking, can be defined as providing the oversight to ensure that any change to the environment neither causes any degradation of function nor adds any new risks.
But different people have very different perspectives on what is involved
Technical, Business, Security, Scalability
Conditional Access
These are conditions that you can include in a conditional access policy:
Group membership. Control a user's access based on membership in a group.
Location. Use the location of the user to trigger multi-factor authentication, and use block controls when a user is not on a trusted network.
Device platform. Use the device platform, such as iOS, Android, Windows Mobile, or Windows, as a condition for applying policy.
Device-enabled. Device state, whether enabled or disabled, is validated during device policy evaluation. If you disable a lost or stolen device in the directory, it can no longer satisfy policy requirements.
Sign-in and user risk. You can use Azure AD Identity Protection for conditional access risk policies. Conditional access risk policies help give your organization advance protection based on risk events and unusual sign-in activities.
There are a few key differences between policy and role-based access control, but the first thing to understand is that policies and RBAC work together. To use policies, you must be authenticated through RBAC. Unlike RBAC, policy is a default allow and explicit deny system.
RBAC focuses on the actions a user can perform at different scopes. For example, a particular user is added to the contributor role for a resource group at the desired scope, so the user can make changes to that resource group.
Policy focuses on resource actions at various scopes. For example, through policies, you can control the types of resources that can be provisioned or restrict the locations in which the resources can be provisioned.
Basically, a policy contains the following elements:
Condition/Logical operators: a set of conditions that can be manipulated through a set of logical operators.
Effect: what happens when the condition is satisfied – either deny or audit. An audit effect emits a warning event service log. For example, an administrator can create a policy that causes an audit event if anyone creates a large VM. The administrator can review the logs later.
Policies and RBAC
Work together
Must be authenticated via RBAC to use policies
RBAC is default deny, policies are default allow
RBAC concerned with actions user can perform at a scope
Policies focuses on resource actions and rules
Policies Defined as JSON documents
Policy supports three types of effect - deny, audit, and append.
Deny generates an event in the audit log and fails the request
Audit generates an event in audit log but does not fail the request
Append adds the defined set of fields to the request
For append, you must provide the following details:
Applying ReadOnly can lead to unexpected results because some operations that seem like read operations actually require additional actions. For example, placing a ReadOnly lock on a storage account prevents all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations. For another example, placing a ReadOnly lock on an App Service resource prevents Visual Studio Server Explorer from displaying files for the resource because that interaction requires write access.
Gain visibility and control
Get a central view of the security state of all your Azure resources. At a glance, you could verify that the appropriate security controls are in place. And, you could quickly identify any resources that require attention.
Enable secure DevOps
Say ‘Yes’ to agility by enabling DevOps with policy-driven recommendations that guide resource owners through the process of implementing required controls – taking the guesswork out of cloud security.
Stay ahead of threats
Stay ahead of current and emerging threats with an integrated and analytics-driven approach. Detect actual threats earlier and reduce false alarms.
Set security policies for subscriptions and resource groups
Monitor the security state of resources – quickly identify vulnerabilities
Gain insight into the security state of subscriptions in Power BI
Prioritized recommendations take the guesswork out of security for resource owners