Key Takeaways
- Entra ID is the identity foundation
- Conditional Access enforces Zero Trust
- Defender for Cloud provides CSPM
- Sentinel is cloud-native SIEM
Contents
1. Azure Security Overview
Microsoft Azure provides comprehensive security services integrated across identity, infrastructure, data, and applications. The Microsoft security stack offers tight integration for enterprises already using M365.
2. Entra ID (Azure AD) Security
Identity Security
- MFA: Require for all users (use Authenticator app)
- Passwordless: FIDO2 keys, Windows Hello
- PIM: Privileged Identity Management for JIT access
- Identity Protection: Risk-based sign-in policies
- Access Reviews: Regular entitlement audits
3. Conditional Access Policies
# Conditional Access examples:
# 1. Require MFA for all cloud apps
# 2. Block legacy authentication
# 3. Require compliant device for sensitive apps
# 4. Block access from risky sign-ins
# 5. Require approved client apps
# Named locations:
# - Define trusted networks (office IPs)
# - Require MFA from untrusted locations
# Session controls:
# - Sign-in frequency
# - Persistent browser session
# - App-enforced restrictions4. Microsoft Defender Suite
- Defender for Cloud: CSPM + CWPP
- Defender for Endpoint: EDR
- Defender for Identity: AD threat detection
- Defender for Office 365: Email security
- Defender for Cloud Apps: CASB
5. Microsoft Sentinel
# Sentinel capabilities:
# - Cloud-native SIEM
# - SOAR with playbooks (Logic Apps)
# - Data connectors (200+)
# - Analytics rules
# - Workbooks for visualization
# Key connectors:
# - Azure Activity
# - Entra ID sign-ins
# - Office 365
# - Defender products
# - Third-party sources6. Azure Network Security
- NSG: Network Security Groups (stateful filtering)
- Azure Firewall: Managed firewall service
- DDoS Protection: Standard or Basic tier
- Private Link: Private access to PaaS services
- WAF: Web Application Firewall on App Gateway
7. Data Protection
- ✅ Enable Storage encryption (Microsoft or customer keys)
- ✅ Use Private Endpoints for storage
- ✅ Enable soft delete and versioning
- ✅ Configure access control (RBAC + ACLs)
- ✅ Enable threat protection on storage
8. Azure Security Checklist
- ☐ MFA enabled for all users
- ☐ Conditional Access policies deployed
- ☐ Legacy authentication blocked
- ☐ PIM enabled for admin roles
- ☐ Defender for Cloud enabled
- ☐ Sentinel deployed for SIEM
- ☐ Resource locks on critical resources
- ☐ Activity logs exported
FAQ
Where do I start with Azure security?
Start with identity: enable MFA for everyone, deploy Conditional Access policies, and block legacy authentication. Then enable Defender for Cloud to assess your security posture.