Security

Security is foundational for Azure. Take advantage of multi-layered security provided by Microsoft across physical data centers, infrastructure, and operations in Azure. Gain from the state-of-art security delivered in Azure data centers globally. Rely on a cloud that is built with customized hardware, has security controls integrated into the hardware and firmware components, and added protections against threats such as DDoS.

Benefit from a team of more than 3,500 global cybersecurity experts that work together to help safeguard your business assets and data in Azure.

Protect your workloads quickly with built-in controls and services in Azure across identity, data, networking, and apps. Get continuous protection with deeper insights from Azure Security Center. Extend protections to hybrid environments and easily integrate partner solutions in Azure.

Azure Identity Management and access control security

Azure identity management and access control security focus on below security practices:

  • Treat identity as the primary security perimeter
  • Centralize identity management
  • Manage connected tenants
  • Enable single sign-on
  • Turn on Conditional Access
  • Plan for routine security improvements
  • Enable password management
  • Enforce multi-factor verification for users
  • Use role-based access control
  • Lower exposure of privileged accounts
  • Control locations where resources are located
  • Use Azure AD for storage authentication

Azure Network Security

Virtual machines connected to an Azure virtual network can connect to devices on the same virtual network, different virtual networks, the internet, or your own on-premises networks.

  • As you plan your network and the security of your network, we recommend that you centralize:
    Management of core network functions like ExpressRoute, virtual network and subnet provisioning, and IP addressing.
  • Governance of network security elements, such as network virtual appliance functions like ExpressRoute, virtual network and subnet provisioning, and IP addressing.

Azure data security and encryption
To help protect data in the cloud, you need to account for the possible states in which your data can occur, and what controls are available for that state. Best practices for Azure data security and encryption-related to the following data states:

  • At rest: This includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk.
  • In transit: When data is being transferred between components, locations, or programs, it’s in transit. Examples are transferred over the network, across a service bus (from on-premises to cloud and vice-versa, including hybrid connections such as ExpressRoute), or during an input/output process.