Microsoft Azure provides robust security services. Learn to configure Defender for Cloud, Azure Sentinel, and Entra ID (formerly Azure AD).
Microsoft Defender for Cloud
- Enable for all subscriptions
- Review Secure Score regularly
- Enable enhanced security features
- Configure workload protections
Azure Sentinel (SIEM)
// KQL - Detect failed sign-ins
SigninLogs
| where ResultType != "0"
| summarize FailedCount = count() by UserPrincipalName, IPAddress
| where FailedCount > 5
| order by FailedCount desc
// KQL - Unusual location sign-in
SigninLogs
| where ResultType == "0"
| summarize Locations = dcount(Location) by UserPrincipalName
| where Locations > 3Entra ID Security
- Enable Security Defaults or Conditional Access
- Require MFA for all users
- Enable Identity Protection
- Review risky sign-ins and users
- Implement Privileged Identity Management (PIM)
Network Security
# Azure CLI - Create NSG rule
az network nsg rule create \
--resource-group MyRG \
--nsg-name MyNSG \
--name DenyAllInbound \
--priority 4096 \
--access Deny \
--direction Inbound \
--source-address-prefixes '*'Quick Wins
- Enable Azure Security Center Standard
- Enable diagnostic logging to Log Analytics
- Use Azure Key Vault for secrets
- Enable Just-in-Time VM access
December 2024