Azure Security Documentation

Introduction to Azure Security

Azure provides a comprehensive set of integrated security tools and services to help organizations protect their data, applications, and infrastructure in the cloud. Our security model is built on a foundation of trust, compliance, and robust controls.

Understanding the shared responsibility model is crucial. Microsoft is responsible for the security *of* the cloud, while you are responsible for security *in* the cloud. This documentation outlines how Azure services and features enable you to manage your security responsibilities effectively.

Key pillars of Azure security include:

  • Identity: Managing who has access to what resources.
  • Network: Protecting your virtual networks and resources from unauthorized access.
  • Data: Securing your data at rest and in transit.
  • Applications: Protecting your applications from vulnerabilities.
  • Infrastructure: Securing your virtual machines, containers, and other compute resources.
  • Threats: Detecting, investigating, and responding to threats.

Identity and Access Management

Azure Active Directory (Azure AD) is the cornerstone of identity management in Azure. It provides robust authentication and authorization capabilities to secure access to your cloud resources.

Key Services:

  • Azure Active Directory: Centralized identity and access management.
  • Azure AD Privileged Identity Management (PIM): Just-in-time (JIT) access for elevated permissions.
  • Multi-Factor Authentication (MFA): Adds an extra layer of security to sign-ins.
  • Role-Based Access Control (RBAC): Granular access management to Azure resources.

Explore Azure AD documentation for detailed guidance.

Network Security

Azure's robust networking infrastructure, combined with security services, helps protect your cloud network from a wide range of threats.

Key Services:

  • Azure Firewall: A managed, cloud-native network security service that protects your virtual network resources.
  • Network Security Groups (NSGs): Virtual firewalls that control inbound and outbound traffic to network interfaces and subnets.
  • Azure DDoS Protection: Protects your Azure resources from Distributed Denial of Service attacks.
  • Azure Private Link: Securely access Azure PaaS services over a private endpoint.
  • Web Application Firewall (WAF): Protects web applications from common exploits.

Learn more about Azure Firewall.

Data Protection

Securing your data is paramount. Azure offers a suite of tools to encrypt, protect, and manage access to your data.

Key Services:

  • Azure Key Vault: Securely store and manage secrets, keys, and certificates.
  • Encryption: Data is encrypted at rest (e.g., Azure Storage, Azure SQL Database) and in transit (TLS/SSL).
  • Azure Backup: Reliable backup and disaster recovery solutions.
  • Azure Information Protection: Classify, label, and protect your sensitive data.

Discover data encryption options in Azure.

Threat Protection

Azure provides intelligent security analytics to detect, investigate, and respond to threats across your cloud and on-premises environments.

Key Services:

  • Microsoft Defender for Cloud: Unified security management and advanced threat protection for your cloud workloads.
  • Microsoft Sentinel: Cloud-native SIEM and SOAR solution.
  • Azure Security Center: Provides security posture management and threat protection.

Get started with Microsoft Defender for Cloud.

Security Governance and Compliance

Azure helps you maintain a strong security posture and meet compliance requirements with built-in governance tools.

Key Services:

  • Azure Policy: Enforce organizational standards and assess compliance at scale.
  • Azure Blueprints: Define a repeatable set of Azure resources that implement and govern your organization's standards.
  • Compliance Offerings: Azure adheres to a wide range of international, regional, and industry-specific compliance standards.

Read about Azure Policy documentation.