Azure Security Collation

This repository is a collation of resources related to various components of Azure Security broken down into categories.

Table of Contents:

• Azure Security Collation
  • Service Security Grab-Bag
  • Reference and Learning Content
    • General Azure Security
    • Sentinel
    • Microsoft Defender for Cloud
    • Identity
    • App/Dev
    • Data, AI, and IoT
    • Infrastructure
    • Cryptography
    • Compliance
    • Misc
• Contributing

Service Security Grab Bag

• Azure Services Security Grab Bag List

The grab bag pages are designed to be a quick reference of security considerations for the various Azure Services.

Reference and Learning Content

General Azure Security

• Microsoft Security Documentation
• Microsoft Security Technical Content Library
• Azure Security Benchmark Documentation
• Security Start Here - Architecture & Design
• End-to-End Security in Azure
• Security in the Microsoft Cloud Adoption Framework
• Azure Well Architected Framework - Security Pillar
• Zero Trust "RaMP" (Rapid Modernization Plan)
• Azure security best practices and patterns
• The Azure Security Architect Map
• Microsoft Cybersecurity Reference Architectures
• Azure Security top 10 best practices
• Secure DevOps Kit for Azure
• Chief Information Security Officer (CISO) Workshop Training
• How Microsoft Implemented a Zero Trust Security Model
• Microsoft Security, Compliance and Identity Community
• Microsoft Security Community Youtube
• All the Microsoft Ninja Training I Know About

Sentinel

• Microsoft Sentinel Academy
• Making Sentinel Work for you (whitepaper)
• Become a Microsoft Sentinel Ninja: The Complete level 400 training
• Best Practices for designing a Microsoft Sentinel or Azure Defender for Cloud Workspace
• Microsoft Sentinel Workbooks 101
• Microsoft Sentinel Design Diagram
• How to use Microsoft Sentinel for Incident Response, Orchestration, and Automation
• Protecting your Github assets with Microsoft Sentinel
• Advanced multistage attack detection in Microsoft Sentinel (fusion)
• Learning with the Microsoft Sentinel Training Lab
• Sentinel To-Go: A Lab w/ Prerecorded Data & Custom Logs Pipe via ARM Template
• MITRE ATT&CK Framework Reference for Sentinel
• Detecting malware kill chains with Defender & Microsoft Sentinel
• Joint forces - MS Sentinel and the MITRE framework
• Azure Sentinel Side-by-Side with Splunk
• Sentinel All-in-One v2
• Optimizing Azure Monitor Log Analytics Costs

Microsoft Defender for Cloud

• Become a Microsoft Defender for Cloud Ninja
• Microsoft Defender for Cloud Labs
• Mind Map Azure Defender Threat Protection
• Microsoft Defender for Cloud - Coverage Dashboard
• Protect your Google Cloud workloads with Microsoft Defender for Cloud
• How to Effectively Perform a Microsoft Defender for Cloud PoC
• Defender for Cloud Data Flows

Identity

• Microsoft Defender for Identity Ninja Training
• Your Pa$$word doesn't matter
• Azure Identities and Roles Governance Dashboard At Your Fingertips
• What's the difference between a personal Microsoft account and a work or school account?
• Demystifying Service Principals – Managed Identities
• Helping protect against AS-REP Roasting with Microsoft Defender for Identity
• Manage emergency access accounts in Azure AD
• SAML vs. OAuth2 vs. OpenID Connect
• Passwordless authentication is now GA
• Passwordless authentication options for Azure Active Directory
• Recommendations and best practices for Azure Active Directory B2C
• Implementing Azure Privileged Identity Management (PIM)
• What is, and how to use Azure B2C Custom Policies?
• Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
• Enterprise App & Service Principal KeyCredential Assessment

App/Dev

• Serverless Functions Security
• Azure API Management – What’s what in OAuth2 related settings?
• Access Management: Securing APIs using OAuth2.0
• Innovation Security
• DevSecOps Controls
• Microservices Governance
• Secure DevOps Kit for Azure
• Azure Security for Cloud-Native Apps E-Book
• Securing Enterprise DevOps Environments - E-Book
• Manage DecSecOps Posture & Governance with Defender for DevOps

Data, AI, and IoT

• Azure data security and encryption best practices
• Playbook for addressing common security requirements with Azure SQL Database and Azure SQL Managed Instance
• Security in Azure Cosmos DB - overview
• Azure IoT Security
• Microsoft Defender for IoT Ninja Training
• What is Azure Sphere Security Service?
• Hunting for secrets in Azure Data Factory Pipelines
• AI Risk Assessment
• Six Security Considerations for Machine Learning Solutions

Infrastructure

• Azure Network Security Ninja Training
• Azure Network Security Tech Community
• Interactive Guide - Security with Azure Firewall and DDOS
• Tutorial Overview: Azure Web Application Firewall Security Protection and Detection Lab
• Best practices for defending Azure Virtual Machines
• Detections for Azure Firewall in Azure Sentinel
• Parsing Azure Firewall Logs in Microsoft Sentinel
• Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix
• Securing our approach to domain fronting within Azure
• Azure App Service Private Link Integration with Azure Front Door Premium
• Detecting Identity Attacks in Kubernetes
• Microsoft Networking Academy Youtube
• PaloAlto NGFW, F5 WAF, and DDos - Azure Architectural Patterns
• Azure Networking is not like your on-prem network
• Azure WAF Turning for Web Applications
• WAF Comparison Project
• Taxonomy of Azure PaaS Service Networking

Cryptography

• Azure encryption overview
• Azure Double Encryption
• Azure Data encryption models
• Key Vault Managed HSM
• Azure Key Vault security
• Azure Payment HSM
• Authentication in Azure Key Vault

Compliance

• Azure Compliance Lists
• Azure Compliance Offerings
• Azure Global Compliance Map
• Azure Service Compliance Offers
• National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) in Azure
• Mapping to NIST CSF and ISO 27001
• Data Residency in Azure
• (Microsoft Compliance) Food and Drug Administration CFR Title 21 Part 11
• (Microsoft Compliance) HIPPA & HITECH
• (Microsoft Compliance) Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)
• Microsoft GxP Cloud Guidelines (Blog)
• Microsoft Azure GxP Guidelines(Whitepaper)
• (Microsoft Compliance) Good Clinical, Laboratory, and Manufacturing Practices (GxP)
• NIST SP 1800-8 Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
• CIS Benchmark for Azure
• NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations
• NIST SP 800-171 Rev. 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Misc

• Microsoft Incident Response Overview
• Incident Response Reference Guide
• Azure Architecture Center
• MITRE ATT&CK
• MITRE ATT&CK Cloud Matrix
• MITRE D3FEND
• Mark's List
• Cloud Security Alliance Guidance for Critical Areas of Focus in Cloud Computing
• Cloud Security Alliance - Cloud Threat Modeling
• NIST 800-144 Guidelines on Security and Privacy in Public Cloud Computing
• Azure Storm Spotter
• Florian Roth (Neo23x0)
• Mark's List
• Introducing BloodHound 4.0: The Azure Update

Contributing

This is a public resource, PRs and issues welcome!