Azure Security Overview

Mohammed Ibrahim
Cloud Solutions Architect
 Mohammed Ibrahim
About the speaker Cloud Solutions Architect – Apps &
Infra
Agenda Introductions to Security
Challenges facing most organization
Azure AD security features
Introduction to Microsoft Defender for cloud
Azure Networking Security
Q& A
Break
Live Demo
 Smart cities
Vehicles

Sensors

Energy systems
Marketplaces

Equipment Partners
Expanding digital
t estate
Security Operations Team

Citizens
Customers

Supply chains
On-premises

Manufacturers Mobile devices

The era of flux and transformation

Adaptable attackers Disparate security tools Overwhelming noise

Attacks traverse laterally Security tools are increasingly It’s harder than ever to
across silos and perimeters complex, and poorly integrated find the signal in the noise
into the DevOps cycle

©Microsoft Corporation Azure

Azure is the only cloud platform built by a security vendor
Microsoft operates a $10B security business

More than 650,000 Microsoft employs In 2020, 9 billion Microsoft processes

customers and 90 of +8,500 security experts malware threats were over 24 trillion signals
the Fortune 100 trust and committed $20B blocked on endpoints by every 24 hours
Microsoft SCI solutions in security investment Microsoft 365 Defender
over the next 5 years

©Microsoft Corporation Azure

Azure security is…
Built-in
Simplified and streamlined security,
built directly into Azure
• All cloud resources, all layers
of architecture
• Native controls for DevOps, scalable
experiences for SecOps
• Broad policy support & actionable
best practices
©Microsoft Corporation
Modern
Protect, detect, and respond
with AI and cloud scale
• Reduces false positives with AI
trained on trillions of signals
• Streamlines common tasks
with automation
• Scale quickly and optimize costs
with the cloud
Holistic
Secures your entire organization
and works with what you have
• Unified visibility, centrally managed
• Security across hybrid resources
• Multi-cloud posture management and
threat protection with EASM and XDR
Azure
The result? An empowered team

Centralized visibility
and control

Better context informed

Faster by TI, filtered by AI
development cycles

Security by design,
Security and efficiency, Automation to
always up-to-date from development to do more with less
security response
©Microsoft Corporation Azure
Modernize and save money–Forrester TEI studies available
Microsoft Defender for Cloud
219% ROI over 3 years with a payback period
of less than 6 months.
Reduces the risk of a cloud security breach by
up to 25%
Reduces time to threat mitigation by 50%
Reduces the cost of third-party security tools
and services from consolidation by over
$200,000 annually
©Microsoft Corporation
Microsoft Sentinel
201% ROI over 3 years with a payback period
of less than 6 months
48% reduction in costs compared to legacy
SIEM, saving on licensing, storage and
infrastructure costs
79% reduction in false positives
80% reduction in the people time associated
with investigation
67% decrease in time to deploy compared to
legacy on-premises SIEMs
Azure
Microsoft Security: industry leader across different categories

Security analytics Enterprise email Endpoint security Unified endpoint

Access Cloud access Enterprise information
platform security software as a service management
management security brokers archiving

Unstructured data Cloud security Identity as Extended detection

security platforms gateways a service and response (XDR)
Endpoint protection Unified endpoint
platforms management 1. The Forrester Wave™: Security Analytics Platforms, Q4 2020, Joseph Blankenship, Claire O'Malley, December 2020
2. The Forrester Wave™: Enterprise Email Security Q2 2021 Joseph Blankenship, Claire O'Malley, April 2021
3. The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021, Chris Sherman, May 2021
4. The Forrester Wave™: Unified Endpoint Management, Q4 2019, Andrew Hewitt, November 2021
*Gartner “Magic Quadrant for Access Management,” by Henrique Teixeira, Abhyuday Data, Michael Kelley, November 2021 5. The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021, Heidi Shey, May 2021
*Gartner “Magic Quadrant for Cloud Access Security Brokers,” by Craig Lawson, Steve Riley, October 2020 6. The Forrester Wave™: Cloud Security Gateways, Q2 2021, Andras Cser, May 2021
*Gartner “Magic Quadrant for Enterprise Information Archiving,” by Michael Hoech, Jeff Vogel, October 2020 7. The Forrester Wave: Identity As A Service (IDaaS) For Enterprise, Q3 2021” Sean Ryan, August 2021
8. The Forrester New Wave™: Extended Detection And Response (XDR), Q4 2021, Allie Mellen, October 2021
*Gartner “Magic Quadrant for Endpoint Protection Platforms,” by Paul Webber, Rob Smith, Prateek Bhajanka, Mark Harris, Peter Firstbrook, May 2021
*Gartner “Magic Quadrant for Unified Endpoint Management,” by Dan Wilson, Chris Silva, Tom Cipolla, August 2021 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call
on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™.
These graphics were published by Gartner, Inc. as part of larger research documents and should be evaluated in the context of the entire documents. The Gartner documents are available upon Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the
highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims The Forrester New Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester New Wave™ is a graphical representation of
all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service Forrester’s call on a market. Forrester does not endorse any vendor, product, or service depicted in the Forrester New Wave™. Information is based on best available resources. Opinions reflect judgment at
mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. the time and are subject to change.

©Microsoft Corporation Azure

Customer success stories across industries

©Microsoft Corporation Azure

A secure foundation at global scale

Each physical datacenter

protected with world-class, Over 200 Secured with cutting-edge
multi-layered protection datacenters operational security
across Restricted access
the planet 24x7 monitoring
Global security experts

Global cloud infrastructure

with custom hardware and
network protection

©Microsoft Corporation Azure

Technology
Defense in depth

Identity Security Threat Apps Data Network

& access management protection security security security
Role based Cloud security Dependency DDoS
SIEM Encryption
access posture management management protection

Multi-factor Policy and Extended Detection Code Confidential

Firewall
authentication governance and Response (XDR) security computing

Central identity Regulatory External Attack Surface Key Web app

Auditing
management compliance Management (EASM) management firewall

Identity Unified security VM & cloud native Certificate Data masking Private
protection management asset protection management & erasure connections

Privileged identity Hybrid and Information protection NetSec policy

Antimalware
management multi-cloud & governance management

IoT Security

Microsoft + Partners
©Microsoft Corporation Azure
Azure security technology and services
Protect Azure and your entire multi-cloud environment with built-in security, powered by AI
Identity and access management Threat protection Apps & data security Network security

Azure Active Directory Microsoft Sentinel Azure confidential computing Azure Firewall
Your universal platform to manage Intelligent security analytics for your Protect your data and code while in Cloud-native firewall to protect
and secure all your users and data entire enterprise use in the cloud Azure virtual networks

RiskIQ EASM Azure Key Vault  Azure Firewall Manager

Discover and monitor for your Safeguard cryptographic keys and Central network security
global attack surface other secrets policy management

RiskIQ threat intelligence Azure attestation Azure Web Application Firewall

Adversary-threat insights relevant Store and process confidential data Protect web/mobile apps and APIs
to your external attack surface with confidence from common web vulnerabilities
Security posture management

Microsoft Defender for Cloud Microsoft Defender for Cloud Azure dedicated HSM Azure Front Door
Security posture management for Built-in threat protection for Your hardware security module (HSM) Fast, reliable and secure cloud
your multicloud environments multicloud and hybrid workloads in the cloud CDN with threat protection

Microsoft Defender for IoT GitHub Azure DDoS protection

Agentless asset discovery, Build secure apps rights from the start Always-on monitoring to protect
vulnerability management, and against DDoS attacks
threat detection for IoT/OT devices

Azure Bastion
Private and fully managed RDP
and SSH access to your VMs

©Microsoft Corporation Azure

For sale in “bad neighborhoods” on the internet
Attacker for hire (per job)
$250 per job (and up)

Ransomware kits
$66 upfront
(or 30% of the profit / affiliate model)

Compromised PCs/devices
PC: $0.13 to $0.89
Mobile: $0.82 to $2.78

Spearphishing for hire

$100 to $1,000
(per successful account takeover)
Attackers
Stolen passwords
$0.97 per 1,000 (average)
(Bulk: $150 for 400M)

Denial of service
$766.67 per month
©Microsoft Corporation Azure
 Technolog
y
Azure built-in controls

Identity Security Threat Apps & data Network

and access posture protection security security
management management

Defense in depth

©Microsoft Corporation Azure

Unified identity management
Manage all your identities and access to all your applications across your hybrid environment

Employees

SaaS apps

Frontline workers
Azure Active
Directory
Cloud-hosted apps

Customers

Partners On-premises and web apps

HR user Active
data Directory
©Microsoft Corporation Azure
Role-based access controls
Extend fine-grained access management to cloud resources

Principal Role Scope

User Built In Management Group
Group Owner Subscription
Service principal Contributor Resource Group
Managed identity Reader Virtual Machines
… Database
Security Reader

Custom
Support Ticket Reader

©Microsoft Corporation Azure

Privileged identity management
Discover, restrict, and monitor privileged identity access

• Enforce on-demand, just-in-time administrative access when needed

• Ensure policies are met with alerts, audit reports and access reviews

• Manage admins access in Azure AD and also in Azure RBAC

User Administrator Administrator User

privileges
expire after a
specified interval

©Microsoft Corporation Azure

Provide just-in-time and just-enough access
Reduce the likelihood of a data breach by 45 percent Microsoft Cloud

Azure AD Conditions Controls

ADFS 171TB
MSA ID (Microsoft
Account Identity)
Google ID Employee and partner Allow/block
users and roles access
Microsoft Cloud App Security
Android
Machine
3 Limited
iOS Trusted and learning
access
compliant devices Session
MacOS Risk

Windows
Real time Require
Evaluation Cloud SaaS apps
MFA
Engine and APIs
Geo-location
Physical and
virtual location Effective
Corporate network Policies policy Force
Password
reset

Client apps and Block legacy

Browser apps auth method authentication
Client apps On-premises, web,
and mobile apps

©Microsoft Corporation Azure

Source: Forrester Consulting, “The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory,” August 2020, commissioned by Microsoft.
Multi-factor authentication
Verify user identities with strong authentication

Including passwordless technology

Microsoft Windows FIDO2 Biometrics

Authenticator Hello Security key

We support a broad Multi-factor

range of multi-factor Push Soft Hard SMS, authentication prevents
notification tokens OTP tokens OTP Voice
authentication options 99.9% of identity attacks

©Microsoft Corporation Azure

Microsoft Information Protection
Discovering and Managing Data is Challenging

88% >80% #1
of organizations no of corporate data is Protecting and
longer have confidence “dark” – it’s not governing sensitive
to detect and prevent classified, protected or data is biggest
loss of sensitive data¹ governed² concern in complying
with regulations

1. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018

2. IBM. Future of Cognitive Computing. November 2015
3. Microsoft GDPR research, 2017
Comprehensive Set of Capabilities
CONDITIONAL ACCESS
AZURE INFORMATION PROTECTION
Control access to files based on policy, such as identity, machine
Classify, label & protect files – beyond Office 365, configuration, geo location
including on-premises & hybrid

MICROSOFT CLOUD APP SECURITY

OFFICE APPS
Visibility into 15k+ cloud apps, data access & usage,
potential abuse Protect sensitive information while working in Excel, Word,
PowerPoint, Outlook

OFFICE 365 DATA LOSS PREVENTION

MICROSOFT SHAREPOINT & GROUPS
Prevent data loss across Exchange Online, SharePoint Online,
OneDrive for Business INFORMATION Protect files in libraries and lists
PROTECTION
OFFICE 365 MESSAGE ENCRYPTION AZURE SECURITY CENTER INFORMATION PROTECTION

Send encrypted emails in Office 365 to anyone inside

Disco ve r | Classify | Pr o t ect | M on it o r Classify & label sensitive structured data in Azure SQL, SQL
or outside of the company Server and other Azure repositories

WINDOWS INFORMATION PROTECTION

SDK FOR PARTNER ECOSYSTEM & ISVs
Separate personal vs. work data on Windows 10 devices, prevent
Enable ISVs to consume labels, apply protection
work data from traveling to non-work locations

OFFICE 365 ADVANCED DATA

GOVERNANCE ADOBE PDFs
Natively view and protect PDFs on Adobe Acrobat Reader
Apply retention and deletion policies to sensitive and
important data in Office 365
Microsoft Information Protection
Protection and govern your data – wherever it lives

Discover Classify Protect Monitor

Scan & detect sensitive data Classify and label data based Apply protection actions, Reporting, alerts, remediation
based on policy on sensitivity including encryption, access
restrictions

Across

Devices Apps Cloud services On-premises

How RMS work
Azure
RMS

Galactic Empire Confidential – You cannot copy, Galactic Empire Confidential – You cannot copy,
print or export this information in unprotected print or export this information in unprotected
form to droids of any class. form to droids of any class.

User certificates Use License

Publishing
License +
keys
Microsoft Confidential
 Technolog
y
Azure built-in controls

Identity Security Threat Apps & data Network

and access posture protection security security
management management

Defense in depth

©Microsoft Corporation Azure

Security posture management
with secure score
Evaluated categories
• Gain insights into the security state of your
cloud workloads across Azure and AWS

• Address security vulnerabilities with

Access Compute SQL server Network App
prioritized recommendations

• Improve your secure score and overall +7% +2% +1% +3% +2%
security posture in minutes

• Speed up regulatory compliance Secure score impact

• Granular control of secure score

50%
Secure
score

©Microsoft Corporation Azure

The security dashboard

• Unified resource view

All your cloud resources in one place:
Azure, AWS, on premises and other clouds
Focused views for security posture,
compliance, and workload protection

• Clear & simple view

Identify all your security related stats
at a glance

• Emphasis on visibility & clear KPIs

©Microsoft Corporation Azure

Removed dependencies on AWS Security hub, native integration into the environment and recommendations
Compliance assessment and management

• Demonstrate compliance status, based on

continuous assessments of your Azure and AWS
resources

• Monitor GCP resources

• Azure Security Benchmark monitoring enabled

by default

• Mapped to the MITRE ATT&CK® framework

• Support for common industry and regulatory

standards, as well as custom requirements

• Overview and reports of your compliance status

©Microsoft Corporation Azure

 Technolog
y
Azure built-in controls

Identity Security Threat Apps & data Network

and access posture protection security security
management management

Defense in depth

©Microsoft Corporation Azure

Stay ahead of attackers with a unified SecOps experience
SIEM
Microsoft Sentinel
Cloud native, any data, any entity

Microsoft 365 Defender Microsoft Defender for Cloud

Secure your end user environment Secure your infrastructure

XDR
©Microsoft Corporation Azure
Gain insights across your
SIEM
entire enterprise
First cloud-native SIEM on a major cloud
Multi-cloud Microsoft Sentinel Partnerships
Cloud native, any data, any entity
platform, with over 9,000 customers

• Collect security data at cloud scale and

TI AI
integrate with your existing tools

• Leverage AI to detect emergent threats,

reducing false positives by 79% over
three years1
Visibility Automation
• Respond rapidly with built-in
orchestration and automation

Attack surface
intelligence

1: Commissioned study-The Total Economic Impact™ of Microsoft Azure Sentinel, 

conducted by Forrester Consulting, 2020

©Microsoft Corporation Azure

Harness the scale
of cloud-native SIEM

 Eliminate infrastructure setup or maintenance

 Put no limits to compute or storage resources

and scale at will

 Collect and analyze data across your entire

organization at cloud scale

 Pay only for what you use—resulting in

a SIEM 48% less expensive than traditional SIEMs*

*Forrester Consulting, Total Economic Impact™ of Microsoft Sentinel, 2020

Multicloud & hybrid protection

On-prem

Azure Arc

Native CWP tools

Security posture
Secure score Asset management Regulatory compliance
& compliance

Server protection Threat detection Vulnerability Assessment

Automation &
Automation SIEM integration Export
management at scale
©Microsoft Corporation Azure
 Technolog
y
Azure built-in controls

Identity Security Threat Apps & data Network

and access posture protection security security
management management

Defense in depth

©Microsoft Corporation Azure

Azure confidential computing (ACC)
Protect data in use for added security and to enable secure multi-party computation

Existing encryption ACC

“ To meet the security and privacy expectations of millions

of people every day, we utilize Azure confidential computing
Data at rest Data in transit Data in use

”
to provide scalable, secure environments for our services.
Signal puts users first, and Azure helps us stay at the forefront
of data protection with confidential computing.
Protect against

Jim O'Leary
VP of Engineering
Malicious Hackers Third parties
privileged admins exploiting bugs in accessing data without
or insiders the Hypervisor/OS customer consent

©Microsoft Corporation Azure

Build secure apps from the start
Implement integrated DevSecOps for secure development and deployment of applications

• Deploy secure code across clouds–Azure, AWS, Google

Cloud, and others
Supply
• Helps reduce security effort, increase development chain
speed, and improve application security

• Focus on actionable and high priority security issues Code

within the developer workflow

• Have peace of mind with enforced security and Development

compliance policies lifecycle

• Provide central visibility to security admins through

Microsoft Defender for Cloud integration

Shift-left with secure DevOps

©Microsoft Corporation Azure

 Technolog
y
Azure built-in controls

Identity Security Threat Apps & data Network

and access posture protection security security
management management

Defense in depth

©Microsoft Corporation Azure

Network Segmentation with Azure Networking

Subscription Virtual Network Network Security Azure Firewall

Group

A logical isolation of An isolated and highly Enforce and control Create and enforce
environment for all secure environment to network traffic security connectivity policies
resources run your virtual rules that allow or deny using application and
machines and inbound/outbound network level filtering
applications traffic rules
Secure your network infrastructure and application delivery
Reduce risk of security breach by 30 percent

Azure network security

Secure network infrastructure Secure application delivery

Azure Azure DDoS Azure Azure Web Azure

Firewall protection Bastion App Firewall Front Door

Segmentation Intelligent Traffic Private

controls threat protection encryption access

Defense in depth protection

©Microsoft Corporation Source Forrester Consulting, “The Total Economic Impact™Azure

of Microsoft Azure Network Security.” May 2021, commissioned by Microsoft.
 Azure Bastion
Seamless developer zero trust access for rdp/ssh
without requiring full network access or public IP
Private IP
Port: 3389/22
How service works “AzureBastionSubnet”
Azure VM
• Azure Bastion is configured for a
Virtual Network Remote Protocol
(RDP, SSH, et al)

• User connects to the Azure Portal

using any HTML5 browser SSL Azure VM

• Select the workload to RDP/SSH

SSL
• Single-click RDP/SSH session inside
the browser 443, Internet Azure VM
Azure Azure Bastion
• No Public IP required on the Azure VM Portal Target VM Subnet(s)
AzureBastionSubnet
• No agent required
Customer’s Virtual Network
 Azure DDoS Protection Standard
Cloud scale DDoS protection for Virtual Networks in Azure

1 2 3 4 5

Azure global Adaptive Attack analytics DDoS Rapid SLA guarantee and
network tuning and metrics Response (DRR) cost protection

Public Internet Internet

Azure
Public IP 1 Public IP 2

Spoke Central VNET Spoke DDoS Protection

Standard
VNET Inbound /
VNET
Inbound
Outbound

Azure DDoS

Web Application 1

Adaptive
Azure Firewall Azure WAF Tuning Web Application 2
Engine

©Microsoft Corporation Azure

Azure Firewall
Cloud native stateful Firewall as a service
User configuration Microsoft Threat Intelligence
L3-L7 connectivity policies Known malicious IPs and FQDNs

A first among public cloud providers Spoke 1

Central governance of all traffic flows

Threat intel, NAT,
Built-in high availability and auto scale Central VNet network and
application traffic
Network and application traffic filtering filtering rules
allows inbound/
outbound access
Centralized policy across VNets and subscriptions

Complete VNET protection

Spoke 2
Filter Outbound, Inbound, Spoke-Spoke and Hybrid Azure Firewall Traffic is denied
Connections traffic (VPN and ExpressRoute) by default

Centralized logging
Archive logs to a storage account, stream events to Azure to on-prem
your Event Hub, or send them to Log Analytics or Security traffic filtering

Integration and Event Management (SIEM) system of choice

Best for Azure Spoke VNets

DevOps integration, FQDN Tags, Service Tags, Integration
with ASE, Backup and other Azure services On-premises
 Azure Web Application Firewall
Protect from common application vulnerabilities

Unified WAF experience

Protect your web apps at network edge with Azure Front VM/VMSS
door or in region with Application Gateway

SQLi/XSS attack
Cloud native protection
Highly available, scalable, customizable, easy to deploy and WAF
Azure App
manage. Pay only for what you use Service
Valid request
Best Practice OWASP Top 10
Build apps robust to common threats by default.
Azure Kubernetes
Crawler/Scraper L7 LB Service
Microsoft Threat Intelligence
Protect apps against bad actors / bots using our vast threat
intelligence dataset
On-Premises
Newly added good/bad/unknown classifications to WAF at
Edge Application Gateway & WAF

©Microsoft Corporation Azure

Key actions for all Azure customers:

Turn on Azure Turn on Azure Turn on WAF and Turn on

Secure Score Defender for all DDoS Protection Azure Firewall for
Gain insight into the cloud workloads for every website every subscription
security state of your
cloud workloads Protect your Protect your web Protect your
workloads with built-in applications from Azure virtual
threat protection malicious attacks network resources

©Microsoft Corporation Azure

© Copyright Microsoft Corporation. All rights reserved.