HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
This PDF will be accessible from your Account page after purchase and requires PDF reading software, such as Acrobat® Reader®.
The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
Implement maximum control, security, and compliance processes in Azure cloud environments In Microsoft Azure Security Infrastructure, three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure with Microsoft’s integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement–so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve.
Three Microsoft Azure experts show you how to:
• Understand cloud security boundaries and responsibilities
• Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection
• Explore Azure’s defense-in-depth security architecture
• Use Azure network security patterns and best practices
• Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security
• Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information
• Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite
• Effectively model threats and plan protection for IoT systems
• Use Azure security tools for operations, incident response, and forensic investigation
Chapter 1 Cloud security
Cloud security considerations
Compliance
Risk management
Identity and access management
Operational security
Endpoint protection
Data protection
Shared responsibility
Cloud computing
Distributed responsibility in public cloud computing
Assume breach and isolation
Azure security architecture
Azure design principles
Chapter 2 Identity protection in Azure
Authentication and authorization
Azure hierarchy
Role-Based Access Control
On-premises integration
Azure AD Connect
Federation
Suspicious activity identification
Identity protection
User risk policy
Sign-in risk policy
Notification enabling
Vulnerabilities
Multi-Factor Authentication
Azure Multi-Factor Authentication implementation
Azure Multi-Factor Authentication option configuration
Chapter 3 Azure network security
Anatomy of Azure networking
Virtual network infrastructure
Network access control
Routing tables
Remote access (Azure gateway/point-to-site VPN/
RDP/Remote PowerShell/SSH)
Cross-premises connectivity
Network availability
Network logging
Public name resolution
Network security appliances
Reverse proxy
Azure Network Security best practices
Subnet your networks based on security zones
Use Network Security Groups carefully
Use site-to-site VPN to connect Azure Virtual Networks
Configure host-based firewalls on IaaS virtual machines
Configure User Defined Routes to control traffic
Require forced tunneling
Deploy virtual network security appliances
Create perimeter networks for Internet-facing devices
Use ExpressRoute
Optimize uptime and performance
Disable management protocols to virtual machines
Enable Azure Security Center
Extend your datacenter into Azure
Chapter 4 Data and storage security
Virtual machine encryption
Azure Disk Encryption
Storage encryption
File share wire encryption
Hybrid data encryption
Authentication
Wire security
Data at rest
Rights management
Database security
Azure SQL Firewall
SQL Always Encrypted
Row-level security
Transparent data encryption
Cell-level encryption
Dynamic data masking
Chapter 5 Virtual machine protection with Antimalware
Understanding the Antimalware solution
Antimalware deployment
Antimalware deployment to an existing VM
Antimalware deployment to a new VM
Antimalware removal
Chapter 6 Key management in Azure with Key Vault
Key Vault overview
App configuration for Key Vault
Key Vault event monitoring
Chapter 7 Azure resource management security
Azure Security Center overview
Detection capabilities
Onboard resources in Azure Security Center
Apply recommendations
Resource security health
Respond to security incidents
Chapter 8 Internet of Things security
Anatomy of the IoT
Things of the world, unite
Sensors, sensors everywhere
Big data just got bigger: TMI
Artificial intelligence to the rescue
IoT security challenges
IoT: Insecure by design
Ramifications of an insecure IoT
IoT threat modeling
Windows 10 IoT and Azure IoT
Windows 10 IoT editions
Azure IoT Suite and secure Azure IoT infrastructure
Chapter 9 Hybrid environment monitoring
Operations Management Suite Security and Audit solution overview
Log Analytics configuration
Windows Agent installation
Resource monitoring using OMS Security and Audit solution
Security state monitoring
Identity and access control
Alerts and threats
Chapter 10 Operations and management in the cloud
Scenario
Design considerations
Azure Security Center for operations
Azure Security Center for incident response
Azure Security Center for forensics investigation
Index
About the authors