Azure Security Overview
Securing your cloud environment is paramount. Azure provides a comprehensive suite of tools and services designed to protect your applications, data, and infrastructure. This documentation guides you through the key security pillars and services available within the Azure platform.
Identity and Access Management
Controlling who can access what resources is the foundation of cloud security. Azure offers robust solutions for managing identities and enforcing access policies.
Azure Active Directory (Azure AD)
Azure AD is Microsoft's cloud-based identity and access management service. It enables users to sign in and access resources, such as applications hosted either on-premises or in the cloud.
Role-Based Access Control (RBAC)
RBAC helps you manage access to Azure resources. By assigning roles to users, groups, or service principals, you can grant or deny access to specific actions on specific resources.
Multi-Factor Authentication (MFA)
MFA adds an extra layer of security to your sign-in process. It requires users to provide two or more verification factors to gain access to a resource.
Network Security
Protecting your virtual networks and resources from unauthorized access and threats is crucial. Azure provides various network security services.
Network Security Groups (NSGs)
NSGs act as a virtual firewall for your network interfaces and subnets. They allow you to filter network traffic to and from Azure resources in an Azure virtual network.
Azure Firewall
Azure Firewall is a managed, cloud-native network security service that protects your Azure Virtual Network resources. It's a stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
Virtual Network Security
Azure Virtual Networks (VNets) provide a fundamental building block for your private network in Azure. Security features for VNets include IP addressing, routing, and network security groups.
Data Protection
Azure offers features to protect your data at rest and in transit, ensuring its confidentiality and integrity.
Encryption
Azure encrypts data both at rest (e.g., in storage accounts, databases) and in transit (e.g., over TLS/SSL).
Azure Key Vault
Azure Key Vault is a cloud service for securely storing and accessing secrets, such as API keys, passwords, certificates, and cryptographic keys.
Backup and Recovery
Azure Backup provides a cloud-based solution for backing up your data and recovering it in the event of a disaster.
Threat Detection and Response
Proactively identify and respond to threats targeting your cloud resources.
Azure Security Center
Azure Security Center (now part of Microsoft Defender for Cloud) provides unified security management and advanced threat protection across your hybrid cloud workloads.
Azure Sentinel
Azure Sentinel is a scalable, cloud-native solution that enables analytics and threat intelligence to provide a security information event management (SIEM) and security orchestration, automation, and response (SOAR) solution.
Compliance and Governance
Azure helps you meet your regulatory compliance obligations through various tools and certifications. Services like Azure Policy and Azure Blueprints aid in enforcing organizational standards and managing compliance.