6 Security

Understanding Azure security fundamental concepts including defense in depth, shared responsibility and zero-trust approach
Creating new identities in Azure Active Directory
Improving your security posture using Microsoft Defender for Cloud
Enabling multi-factor authentication for Azure Active Directory

Every aspect of Azure involves security. After all, we are trusting someone else with all our data, processing, transfers and top-secret business logic. Luckily, Azure is designed and built from the ground up with security as a top priority, which means we can trust it, right?

This chapter focuses on that built-in security, all the things that you get for free when you use the cloud services that Azure offers. However, we will also dive into the parts that you can control, configure, and, of course, mess up. As security is in a sense another foundational part of Azure, this chapter won’t be delving into each product and how to make it the most secure for your project or application. Instead, we focus on the security concepts that run through all the products like a shining vein of titanium-plated armor and secures your architectural wonders.

6.1 A secure foundation

6.1.1 Defense in depth

6.2 Shared responsibility model

6.2.1 On-premises

6.2.2 IaaS

6.2.3 PaaS

6.2.4 SaaS

6.2.5 Compliance and data classification

6.2.6 Leveraging cloud-enabled security

6.3 The Zero Trust approach and Azure AD

6.4 Microsoft Defender for Cloud

6.4.1 Security recommendations

6.4.2 Secure score

6.4.3 Security alerts

6.5 Multi-Factor Authentication

6.5.1 Passwordless

6.6 Role Based Access Control

6.6.1 Security Principal

6.6.2 Role definition

6.6.3 Scope

6.7 Summary