Azure Cloud Architect
This course explores many security-related services and technologies that are available in Microsoft Azure, including Microsoft Defender for Cloud (formerly Azure Security Center), Azure Key Vault, and Microsoft Sentinel.
Hi there. Welcome to General Azure Security. In this lesson, we’re going to look at the many security-related services and technologies that are available in Microsoft Azure. We’ll take a look at Azure Security Center, Azure Key Vault, and Azure Monitor logs.
Azure Security Center is a unified infrastructure security management system. It’s used to improve the security of not only Azure resources, but also of your data centers. Security Center provides advanced threat protection for workloads in the cloud and for on-prem workloads by providing you with tools that you can use to harden your network and to secure your services.
Organizations will typically use Azure Security Center to address common security challenges, including things like workloads that are constantly changing and sophisticated security threats.
Quickly changing workloads, for example, present unique security challenges because it can be difficult to ensure that, despite the constant changes, these workloads remain compliant with your security standards and that they follow security best practices.
Regardless of where your workloads are hosted – whether in the cloud or on-prem, security threats are becoming more and more sophisticated. That being the case, you need to ensure that you are effectively securing your public cloud workloads. This is because anything in the public cloud is directly or indirectly Internet-facing. Because of this, these workloads can leave you open to attacks if you don't follow security best practices.
Azure Security Center helps address these challenges by assessing your environment for you. These assessments help you better understand the status and security of your resources. Security Center will then make recommendations that you can follow to better secure those resources.
Azure Key Vault is a cloud solution that allows organizations to centrally store and manage secrets, keys, and certificates.
By leveraging Azure Key Vault, an organization can not only securely store things like tokens, passwords, and certificates, but it can also tightly control access to them.
Azure Key Vault can also be used as a Key Management solution because of how easy it makes it to create and control encryption keys that are used to encrypt your data.
You can also use Azure Key Vault to provision, manage, and deploy public and private TLS and SSL certificates that you plan to use with Azure and with internal connected resources.
I should also mention that you can use Key Vault to store secrets that are backed by Hardware Security Modules, or HSMs. They can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.
Accessing an Azure Key Vault requires proper authentication and authorization. The authentication, which establishes the identity of the user or app, is performed by Azure Active Directory. Authorization, which determines the operations that the user or app is allowed to perform, is typically handled via role-based access control or via a Key Vault access policy.
It's also important to note that Azure Key Vault is designed in such a way that Microsoft cannot, and does not, see or extract your data.
Azure Monitor collects data that you can use to monitor your environment. This data fits into one of two fundamental types. They include Metrics and Logs. Since this course focuses on security, we’ll key in on the log data that Azure Monitor collects, rather than the metrics data.
The Logs in Azure Monitor can be used to perform complex analysis across data that’s collected from many different sources. However, it important to understand the difference between Azure Monitor Logs and different sources of log data in Azure.
Let’s take subscription-level events in Azure, for example. These types of events are written to an activity log, which can be viewed from the Azure Monitor menu. While most Azure resources will record detailed operational information resource logs that can be forwarded to different locations, Azure Monitor Logs is actually a log data platform. This log data platform collects resource and activity logs, along with other monitoring data that can be analyzed to provide information on all resources across your entire environment.
Events are one of the more common types of log entry collected by Azure Monitor. Such events are typically created by applications or services that you are running – and they usually provide information that indicates when a specific resource was created or modified, or when an error was detected in an application.
The table on your screen shows the different ways that you can use Azure Monitor Logs.
You can use Log Analytics to write log queries, and the Data Explorer analysis engine to interactively analyze the data. The Application Insights analytics console in the Azure portal can also be used to write log queries. Using Application Insights, you can interactively analyze the log data.
You can visualize your Azure Monitor Logs by rendering the data as tables or charts and pinning them to your Azure dashboard. You can also create workbooks that combine several sets of data into a single report. There are many other ways to visualize your data as well.
You can even configure log alert rules that can either send out notifications or perform automated actions whenever a query produces results that match a defined result.
You can access log query results using multiple tools, including the Azure CLI and PowerShell. You can even access them from a custom application using REST API.
Azure Monitor Logs can also be used to build workflows. To do this, you could retrieve the log data and copy it to an external location, using Logic Apps.
Azure Sentinel is a cloud-based security information event management solution that provides intelligent security analytics and threat intelligence across the enterprise. It’s an all-in-one solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel provides you with a 30,000-foot view of the enterprise while helping you identify and mitigate even the most sophisticated attacks. It’s intelligence helps you deal with the never-ending stream of alerts.
Using Azure Sentinel, you can collect data on all users, devices, applications, and infrastructure – whether they reside on-prem or in other clouds. The service can even detect threats that were previously considered undetectable while minimizing false positives through the use of Microsoft's analytics and threat intelligence.
By leveraging artificial intelligence, Azure Sentinel allows you to investigate threats and to actively hunt for suspicious activities at scale. Its built-in orchestration and automation of common tasks allows you to respond quickly to incidents.
Azure Sentinel incorporates existing Azure technologies, like Logic Apps, Log Analytics, and AI. This brings robust investigation and detection capabilities to organizations that deploy Azure Sentinel.
To onboard Azure Sentinel, you need to first connect it to your existing data sources. Sentinel comes with numerous connectors right out of the box, including connectors for Microsoft solutions like Microsoft Threat Protection, Microsoft 365, Azure AD, and more.
After connecting to your data sources, you can begin monitoring your data via Azure Sentinel’s integration with Azure Monitor Workbooks.
Azure Sentinel offers automation and orchestration solutions that can handle new technologies and even the newest threats that emerge.
Azure Sentinel’s investigation tools help you determine the scope of potential security threats while helping you find the root causes of them.
The hunting search-and-query tools that Azure Sentinel provides allow you to proactively hunt for security threats across your data sources before an alert is ever triggered.
The Sentinel community even offers community-provided workbooks, playbooks, and hunting queries that you can use in your own environment.
To read more about Azure Sentinel, visit the URL that you see on your screen:
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.