One of the ‘Big 3’ cloud enterprise and hybrid infrastructure providers, Microsoft Azure is trusted by some 95% of Fortune 500 companies. The Azure platform supports a broad selection of technologies that millions of IT professionals and developers rely on – operating systems, programming languages, frameworks, devices, tools, and databases.
Azure’s infrastructure excels at helping businesses meet their security and compliance requirements, offering a wide collection of configurable security options. Azure customers can customize security to meet the unique security requirements of their deployments using a combination of tools and approaches. Here are six of these tools, that you may not be using:
1. Azure Active Directory Identity Protection
Active Directory Identify Protection enables Azure customer organizations to automatically detect and remediate identity-based risks. Using data from the portal, Identify Protection also investigates risks and can export data about risks it detects to third-party analysis tools. It can also pass data to other Azure security utilities like Conditional Access, or into the customer’s security information and event management platform (SIEM) for further policy-based investigation.
2. Azure Firewall
Offered in three SLA levels (Standard, Premium, and Basic), Azure Firewall is a cloud-native and intelligent service designed from the ground up to protect cloud workloads running in Azure. Azure Firewall offers both north-south and east-west traffic inspection, is fully stateful, and features both unrestricted cloud scalability and built-in high availability. The utility lets you configure network rules – including source address, protocol, destination port, and destination address – and application rules which include subnet-accessible FQDNs.
3. Azure Resource Locks
Sometimes admins need to lock a resource, resource group, or subscription to prevent other users from accidentally deleting or modifying critical assets.
Note that Resource Locks is not role-based access control (which Azure does offer via a different utility). Rather, Resource Locks applies restrictions across all users and roles – basically overriding any permissions a given user has. Depending on which type of lock is applied, Resource Locks prevents the removal or change of resources within an Azure tenant.
4. Azure Secure SQL Database Always Encrypted
Always Encrypted protects sensitive data at rest (like PII or credit card numbers) that is stored in Azure SQL Database. Delivering complete separation between data owners and those who can view data, as well as between those who access data and those who manage it, Always Encrypted lets Azure customers encrypt their sensitive data inside client applications, without even revealing encryption keys to the database engine. This ensures that even on-prem database admins, cloud database operators, or other high-privileged users can’t access sensitive data unless authorized – enabling delegation of on-prem database administration to third parties or reduction of security requirements for DBA staff.
5. Azure Key Vault
Centrally stored and protected by hardware security and industry-standard algorithms, Azure’s Key Vault service limits access to sensitive data like keys, connection strings, passwords, certificates, and more to authorized applications and users only. Key Vault helps Azure customers enhance performance and reduce cloud apps latency by enabling safe storage of cryptographic keys in the cloud, instead of on-prem. Without the expense of deploying dedicated HSMs, Key Vault is also able to quickly scales to meet each apps cryptographic needs and match peak demand.
6. Azure AD Multi-Factor Authentication
Azure MFA safeguards access to data and applications, while still keeping it simple for users. Like all Multi-Factor Authentication (MFA), Azure MFA works by requiring two or more authentication methods: something you know (like a password); something you have (like a phone or hardware key) or something you are (like a fingerprint or face scan). The exact form and configuration of secondary authentication are fully configurable by administrators, and the utility enables secure password reset, too.
Effective cloud security is crucial for both business continuity and regulatory compliance. By building in a rich assortment of mission-critical security tools, cloud vendors like Azure facilitate easier service uptake for new customers, and simpler expansion of service for existing customers. For both new and old customers, the security controls baked into Azure deliver rich functionality and peace of mind.
Interested in comparable features in AWS? Read our blog 8 AWS Security Tools and Features Everyone Should Know