book

Azure Security

Name: Azure Security
Author: Bojan Magusic
ISBN: 9781633438811

by Bojan Magusic

January 2024

Intermediate to advanced

336 pages

9h 32m

English

Manning Publications

Read now

Unlock full access

Inside front cover
Azure Security
Copyright
dedication
contents
Front matter
prefaceacknowledgmentsabout this bookWho should read this bookHow this book is organized: A road mapAbout the codeliveBook discussion forumabout the authorabout the cover illustration
Part 1. First steps
1 About Azure security
1.1 Cybersecurity as an infinite game1.2 Shared responsibility model1.3 Azure security services1.4 The threat landscape1.5 Cloud security challenges1.6 Digital medievalism1.7 The zero trust security model1.8 Defense in depth1.8.1 Securing identities1.8.2 Securing infrastructure and networking resources1.8.3 Securing applications and data1.8.4 Heroes and villains in this bookSummary
2 Securing identities in Azure: The four pillars of identity and Azure Active Directory
2.1 Four pillars of identity2.1.1 What is Azure Active Directory?2.1.2 What is an identity?2.1.3 Azure AD user identities in action2.1.4 Azure AD service principals in action2.1.5 Managed identity in Azure AD2.1.6 Managed identity in action2.2 Authentication2.2.1 Azure AD as an IAM service2.2.2 Importance of multifactor authentication2.2.3 Azure MFA2.2.4 Security defaults in Azure AD2.2.5 Identity protection2.2.6 Identity protection in action2.2.7 Conditional access in Azure AD2.2.8 Conditional access in action2.3 Authorization2.3.1 Azure role-based access control2.3.2 How does Azure RBAC work?2.3.3 Role assignment2.3.4 Azure role-based access control in action2.4 Custom roles2.5 Custom roles in action2.6 Identity governance2.6.1 Privileged identity management2.6.2 PIM in action2.6.3 Access reviews2.7 Answers to exercisesExercise 2.1Exercise 2.2Exercise 2.3Exercise 2.4Exercise 2.5Exercise 2.6Summary
Part 2. Securing Azure resources

3 Implementing network security in Azure: Firewall, WAF, and DDoS protection
3.1 Azure network security3.1.1 The importance of network segmentation3.1.2 Positive security model3.2 Azure Firewall3.2.1 Azure Firewall Standard vs. Premium3.2.2 Azure Firewall Standard in action3.2.3 Creating an Azure Firewall instance3.2.4 Routing traffic to Azure Firewall3.2.5 Routing to direct traffic3.2.6 Associating a route table to a subnet3.2.7 Allowing Azure Firewall traffic3.2.8 Azure Firewall Premium3.2.9 Azure Firewall policy3.2.10 Azure Firewall Manager3.3 Azure Web Application Firewall3.3.1 Azure WAF on Azure Application Gateway in action3.3.2 Azure WAF on Azure Front Door in action3.3.3 Tuning Azure WAF3.4 Mitigating DDoS attacks3.4.1 DDoS Protection in Azure3.4.2 Creating an Azure DDoS Protection plan3.5 Answers to exercisesExercise 3.1Summary
4 Securing compute resources in Azure: Azure Bastion, Kubernetes, and Azure App Service
4.1 Azure compute resources4.2 Azure Bastion4.2.1 Basic vs. Standard SKU4.2.2 Azure Bastion in action4.2.3 Connecting to Azure Bastion using your browser and Azure portal4.2.4 Connecting to Azure Bastion using the native RDP or SSH client4.3 Securing Kubernetes clusters4.3.1 What are containers?4.3.2 What is a container registry?4.3.3 What is Kubernetes?4.3.4 How does Kubernetes work?4.3.5 Managed vs. unmanaged Kubernetes4.4 What makes container security different?4.4.1 Typical challenges when securing Kubernetes clusters4.4.2 Securing Azure Kubernetes Service and Azure Container Registry4.4.3 Security monitoring for Azure Kubernetes Service and Azure Container Registry4.5 Securing Azure App Service4.5.1 Authentication and authorization4.5.2 Access restrictions4.5.3 Subdomain takeover4.5.4 OS and application-stack patching4.6 Answers to exercisesExercise 4.1Exercise 4.2Exercise 4.3Summary
5 Securing data in Azure Storage accounts: Azure Key Vault
5.1 Securing storage accounts5.1.1 Azure Storage firewall5.1.2 Authorizing control plane operations5.1.3 Authorizing data plane operations5.1.4 SSE5.1.5 Encryption key management5.1.6 Encryption using a customer-managed key5.1.7 Encryption using a customer-managed key in action5.1.8 Encryption scopes5.1.9 Infrastructure encryption5.2 Securing Azure Key Vault5.2.1 Authorizing control plane operations5.2.2 Authorizing data plane operations5.2.3 Azure Key Vault firewallSummary
6 Implementing good security hygiene: Microsoft Defender for Cloud and Defender CSPM
6.1 Microsoft Defender for Cloud6.2 Cloud security posture management6.2.1 Onboarding your subscriptions to Defender for Cloud6.2.2 Recommendations6.2.3 Secure score6.2.4 Free vs. paid security posture management capabilities in Microsoft Defender for Cloud6.3 Cloud security graph6.3.1 Attack paths6.3.2 Cloud security explorer6.3.3 Agentless scanning for machines6.4 Security governance6.4.1 Manually assigning owners and due dates6.4.2 When should you use a grace period?6.4.3 Programmatically assigning owners and due dates6.5 Regulatory compliance6.5.1 Regulatory compliance in action6.5.2 Adding a built-in standard6.6 Answers to exercisesExercise 6.1Exercise 6.2Summary
7 Security monitoring for Azure resources: Microsoft Defender for Cloud plans
7.1 Cloud workload protection7.2 Microsoft Defender for Cloud plans7.2.1 Microsoft Defender for Servers7.2.2 Microsoft Defender for Containers7.2.3 Microsoft Defender for App Service7.2.4 Microsoft Defender for Storage7.2.5 Microsoft Defender for Databases7.2.6 Microsoft Defender for Key Vault7.2.7 Microsoft Defender for Resource Manager7.2.8 Microsoft Defender for DNS7.2.9 Email notifications7.3 Security alerts7.3.1 Security alerts in action7.3.2 Investigating security alerts7.4 Workflow automation7.4.1 Workflow automation in action7.5 Exporting data7.5.1 Continuous export7.5.2 Continuous export in action7.6 Workbooks7.6.1 Using workbooks7.6.2 Workbooks in action7.7 Answers to exercisesExercise 7.1Exercise 7.2Exercise 7.3Summary
Part 3. Going further
8 Security operations and response: Microsoft Sentinel
8.1 Security Information and Event Management8.2 Microsoft Sentinel8.2.1 Microsoft Sentinel capabilities8.2.2 Enabling Microsoft Sentinel8.3 Data collection8.3.1 What data should go in a SIEM?8.3.2 Data connectors8.3.3 Data connectors in action8.3.4 Content hub8.4 Analytics rules8.4.1 Microsoft security rules8.4.2 Microsoft security rules in action8.4.3 Scheduled rules8.4.4 Scheduled rules in action8.5 Incidents8.6 User and entity behavior analytics8.6.1 When to use UEBA8.6.2 User and entity behavior analytics in action8.7 Security orchestration, automation, and response8.8 Automation rules8.8.1 Automation elements and trigger events8.8.2 Automation rules in action8.9 Answers to ExercisesExercise 8.1Exercise 8.2Exercise 8.3Summary
9 Audit and log data: Azure Monitor
9.1 Understanding different log types in Azure9.1.1 Azure tenant logs9.1.2 Azure subscriptions9.1.3 Azure resources9.1.4 Operating system9.2 Azure Monitor9.3 Diagnostic settings9.3.1 Diagnostic settings in action9.4 Data collection rules9.4.1 Data collection rules in action9.5 Alert rules9.5.1 Types of alerts9.5.2 Alert rules in action9.6 Answers to exercisesExercise 9.1Exercise 9.2Exercise 9.3Summary
10 Importance of governance: Azure Policy and Azure Blueprints
10.1 What is Azure Policy?10.2 Getting started with Azure Policy10.2.1 Azure Policy in action10.2.2 Scope10.2.3 Policy effects10.3 Custom policies10.4 Centralized security policy management10.5 Azure Blueprints10.6 Answers to exercisesExercise 10.1Exercise 10.2Summary
11 DevSecOps: Microsoft Defender for DevOps
11.1 Developing code more securely11.2 What is shifting security left?11.3 Infrastructure as code11.3.1 Infrastructure as code in action11.3.2 Who is responsible for fixing vulnerabilities in code?11.4 Microsoft Defender for DevOps11.4.1 Unified DevOps posture visibility11.4.2 Microsoft Security DevOps application11.4.3 GitHub Advanced Security11.4.4 Microsoft Security DevOps for GitHub in action11.4.5 IaC scanning in GitHub11.4.6 Microsoft Security DevOps for Azure DevOps in action11.4.7 IaC scanning in ADO11.4.8 Secrets scanning11.4.9 Code-to-cloud contextualization11.5 Cybersecurity as an infinite game11.6 Answers to exercisesExercise 11.1Exercise 11.2Summary
Appendix. Setting up Azure CLI on your machine
A.1 Setting up Azure CLI on WindowsA.2 Setting up Azure CLI on LinuxA.3 Setting up Azure CLI on macOS
index
Inside back cover

Content preview from Azure Security

9 Audit and log data: Azure Monitor

This chapter covers

Understanding different log types in Azure
Azure Monitor
Diagnostic settings
Data collection rules
Alert rules

As you learned in chapter 8, it’s important to have relevant data sources when detecting threats and investigating incidents. Relevant data sources provide the breadth and depth of data needed to detect potentially malicious activities and signs of compromise. However, relevant data sources can contain data that is both useful and, well, not really useful for your security operations.

To ensure you have the right data from the relevant data sources, it’s important to understand the different log types that are available in Azure. These log types help you determine what data you ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mastering Azure Security - Second Edition

Publisher Resources

ISBN: 9781633438811Publisher Support Publisher Website

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Azure Security

by Bojan Magusic

9 Audit and log data: Azure Monitor

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.