Microsoft Azure Security Infrastructure


Book Description

This is the eBook of the printed book and may not include any media, website access codes, or print supplements that may come packaged with the bound book. Implement maximum control, security, and compliance processes in Azure cloud environments In Microsoft Azure Security Infrastructure,1/e three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure with Microsoft’s integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement–so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve. Three Microsoft Azure experts show you how to: • Understand cloud security boundaries and responsibilities • Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection • Explore Azure’s defense-in-depth security architecture • Use Azure network security patterns and best practices • Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security • Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines • Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information • Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite • Effectively model threats and plan protection for IoT systems • Use Azure security tools for operations, incident response, and forensic investigation




Microsoft Azure Security Center


Book Description

Discover high-value Azure security insights, tips, and operational optimizations This book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder show how to apply Azure Security Center’s full spectrum of features and capabilities to address protection, detection, and response in key operational scenarios. You’ll learn how to secure any Azure workload, and optimize virtually all facets of modern security, from policies and identity to incident response and risk management. Whatever your role in Azure security, you’ll learn how to save hours, days, or even weeks by solving problems in most efficient, reliable ways possible. Two of Microsoft’s leading cloud security experts show how to: • Assess the impact of cloud and hybrid environments on security, compliance, operations, data protection, and risk management • Master a new security paradigm for a world without traditional perimeters • Gain visibility and control to secure compute, network, storage, and application workloads • Incorporate Azure Security Center into your security operations center • Integrate Azure Security Center with Azure AD Identity Protection Center and third-party solutions • Adapt Azure Security Center’s built-in policies and definitions for your organization • Perform security assessments and implement Azure Security Center recommendations • Use incident response features to detect, investigate, and address threats • Create high-fidelity fusion alerts to focus attention on your most urgent security issues • Implement application whitelisting and just-in-time VM access • Monitor user behavior and access, and investigate compromised or misused credentials • Customize and perform operating system security baseline assessments • Leverage integrated threat intelligence to identify known bad actors




Microsoft Azure Network Security


Book Description

Master a complete strategy for protecting any Azure cloud network environment! Network security is crucial to safely deploying and managing Azure cloud resources in any environment. Now, two of Microsoft's leading experts present a comprehensive, cloud-native approach to protecting your network, and safeguarding all your Azure systems and assets. Nicholas DiCola and Anthony Roman begin with a thoughtful overview of network security's role in the cloud. Next, they offer practical, real-world guidance on deploying cloud-native solutions for firewalling, DDOS, WAF, and other foundational services – all within a best-practice secure network architecture based on proven design patterns. Two of Microsoft's leading Azure network security experts show how to: Review Azure components and services for securing network infrastructure, and the threats to consider in using them Layer cloud security into a Zero Trust approach that helps limit or contain attacks Centrally direct and inspect traffic with the managed, stateful, Platform-as-a-Service Azure Firewall Improve visibility into Azure traffic with Deep Packet Inspection Optimize the way network and web application security work together Use Azure DDoS Protection (Basic and Standard) to mitigate Layer 3 (volumetric) and Layer 4 (protocol) DDoS attacks Enable log collection for Firewall, DDoS, WAF, and Bastion; and configure NSG Flow Logs and Traffic Analytics Continually monitor network security with Azure Sentinel, Security Center, and Network Watcher Customize queries, playbooks, workbooks, and alerts when Azure's robust out-of-the-box alerts and tools aren't enough Build and maintain secure architecture designs that scale smoothly to handle growing complexity About This Book For Security Operations (SecOps) analysts, cybersecurity/information security professionals, network security engineers, and other IT professionals For individuals with security responsibilities in any Azure environment, no matter how large, small, simple, or complex




Pentesting Azure Applications


Book Description

A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.




Practical Microsoft Azure IaaS


Book Description

Adopt Azure IaaS and migrate your on-premise infrastructure partially or fully to Azure. This book provides practical solutions by following Microsoft’s design and best practice guidelines for building highly available, scalable, and secure solution stacks using Microsoft Azure IaaS. The author starts by giving an overview of Azure IaaS and its components: you’ll see the new aspects of Azure Resource Manager, storage in IaaS, and Azure networking. As such, you’ll cover design considerations for migration and implementation of infrastructure services, giving you practical skills to apply to your own projects. The next part of the book takes you through the different components of Azure IaaS that need to be included in a resilient architecture and how to set up a highly available infrastructure in Azure. The author focuses on the tools available for Azure IaaS automated provisioning and the different performance monitoring and fine-tuning options available for the platform. Finally, you’ll gain practical skills in Azure security and implementing Azure architectures. After reading Practical Microsoft Azure IaaS, you will have learned how to map the familiar on-premise architecture components to their cloud infrastructure counterparts. This book provides a focused and practical approach to designing solutions to be hosted in Azure IaaS. What You Will Learn Map the key Azure components to familiar concepts in infrastructure, such as virtualization, storage provisioning, switching, and firewalls Implement Azure IaaS deployment architectures Design IaaS environments in line with the Microsoft recommended best practices for scalability, resiliency, availability, performance, and security Manage the operational aspects of hosted environments, leverage automation, and fine tune for optimal performance Who This Book Is For Infrastructure and solution architects with skills in on-premise infrastructure design who want to up-skill in Azure IaaS.




Microsoft Azure Infrastructure Services for Architects


Book Description

An expert guide for IT administrators needing to create and manage a public cloud and virtual network using Microsoft Azure With Microsoft Azure challenging Amazon Web Services (AWS) for market share, there has been no better time for IT professionals to broaden and expand their knowledge of Microsoft’s flagship virtualization and cloud computing service. Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions helps readers develop the skills required to understand the capabilities of Microsoft Azure for Infrastructure Services and implement a public cloud to achieve full virtualization of data, both on and off premise. Microsoft Azure provides granular control in choosing core infrastructure components, enabling IT administrators to deploy new Windows Server and Linux virtual machines, adjust usage as requirements change, and scale to meet the infrastructure needs of their entire organization. This accurate, authoritative book covers topics including IaaS cost and options, customizing VM storage, enabling external connectivity to Azure virtual machines, extending Azure Active Directory, replicating and backing up to Azure, disaster recovery, and much more. New users and experienced professionals alike will: Get expert guidance on understanding, evaluating, deploying, and maintaining Microsoft Azure environments from Microsoft MVP and technical specialist John Savill Develop the skills to set up cloud-based virtual machines, deploy web servers, configure hosted data stores, and use other key Azure technologies Understand how to design and implement serverless and hybrid solutions Learn to use enterprise security guidelines for Azure deployment Offering the most up to date information and practical advice, Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions is an essential resource for IT administrators, consultants and engineers responsible for learning, designing, implementing, managing, and maintaining Microsoft virtualization and cloud technologies.




Azure Cloud Security for Absolute Beginners


Book Description

Implement cloud security with Azure security tools, configurations and policies that address the needs of businesses and governments alike. This book introduces you to the most important security solutions available in Azure and provides you with step-by-step guidance to effectively set up security and deploy an application on top of Azure platform services, as well as on top of Azure infrastructure. Author Pushpa Herath begins by teaching you the fundamentals of Azure security. An easy to follow exploration of management groups, subscriptions, management locks and Azure policies further elaborate the concepts underlying Azure cloud security. Next, you will learn about Azure Active Directory (AAD) and the utilization of AAD in application and infrastructure security. Essential aspects of maintaining secure application keys and certificates are further explained in the context of Azure Key Vault. New application security implementations such as Azure configurations and Azure Defender for Azure storage are discussed, as are key platform security factors. Network security groups, gateways, load balancers, virtual networks and firewall configurations are all demonstrated in detail. Finally, you’ll learn how to create a much more secure environment through Azure App Service Environment in the context of securing infrastructure. If you want to learn the basics of securing Azure, Azure Cloud Security for Absolute Beginners is for you. After reading the book, you will be able to begin implementing secure cloud solutions with Microsoft Azure. What Will You Learn Get up and running quickly securing Azure Master the basic language of Azure security Understand the security features available in Azure cloud Configure and maintain Azure cloud security features Secure Azure PaaS Services Learn identity and access management options in Azure Cloud Who Is This Book For Cloud engineers, DevOps engineers, software developers and architects who are asked to manage or are involved in the Azure infrastructure management but have not had all that much experience with security.




Beginning Security with Microsoft Technologies


Book Description

Secure and manage your Azure cloud infrastructure, Office 365, and SaaS-based applications and devices. This book focuses on security in the Azure cloud, covering aspects such as identity protection in Azure AD, network security, storage security, unified security management through Azure Security Center, and many more. Beginning Security with Microsoft Technologies begins with an introduction to some common security challenges and then discusses options for addressing them. You will learn about Office Advanced Threat Protection (ATP), the importance of device-level security, and about various products such as Device Guard, Intune, Windows Defender, and Credential Guard. As part of this discussion you’ll cover how secure boot can help an enterprise with pre-breach scenarios. Next, you will learn how to set up Office 365 to address phishing and spam, and you will gain an understanding of how to protect your company's Windows devices. Further, you will also work on enterprise-level protection, including how advanced threat analytics aids in protection at the enterprise level. Finally, you’ll see that there are a variety of ways in which you can protect your information. After reading this book you will be able to understand the security components involved in your infrastructure and apply methods to implement security solutions. What You Will Learn Keep corporate data and user identities safe and secure Identify various levels and stages of attacks Safeguard information using Azure Information Protection, MCAS, and Windows Information Protection, regardless of your location Use advanced threat analytics, Azure Security Center, and Azure ATP Who This Book Is For Administrators who want to build secure infrastructure at multiple levels such as email security, device security, cloud infrastructure security, and more.




Exam Ref 70-533 Implementing Microsoft Azure Infrastructure Solutions


Book Description

Prepare for the newest versions of Microsoft Exam 70-533–and help demonstrate your real-world mastery of implementing Microsoft Azure Infrastructure as a Service (IaaS). Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the MCSA level. Focus on the expertise measured by these objectives: Design and implement Azure App Service Apps Create and manage compute resources, and implement containers Design and implement a storage strategy, including storage encryption Implement virtual networks, including new techniques for hybrid connections Design and deploy ARM Templates Manage Azure security and Recovery Services Manage Azure operations, including automation and data analysis Manage identities with Azure AD Connect Health, Azure AD Domain Services, and Azure AD single sign on This Microsoft Exam Ref: Organizes its coverage by exam objectives Features strategic, what-if scenarios to challenge you Assumes you are an IT professional with experience implementing and monitoring cloud and hybrid solutions and/or supporting application lifecycle management This book covers the 533 objectives as of December 2017. If there are updates for this book, you will find them at https://aka.ms/examref5332E/errata. About the Exam Exam 70-533 focuses on skills and knowledge for provisioning and managing services in Microsoft Azure, including: implementing infrastructure components such as virtual networks, virtual machines, containers, web and mobile apps, and storage; planning and managing Azure AD, and configuring Azure AD integration with on-premises Active Directory domains. About Microsoft Certification Passing this exam helps qualify you for MCSA: Cloud Platform Microsoft Certified Solutions Associate certification, demonstrating your expertise in applying Microsoft cloud technologies to reduce costs and deliver value. To earn this certification, you must also pass any one of the following exams: 70-532 Developing Microsoft Azure Solutions, or 70-534 Architecting Microsoft Azure Solutions, or 70-535, Architecting Microsoft Azure Solutions, or 70-537: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack.




The Azure Cloud Native Architecture Mapbook


Book Description

Improve your Azure architecture practice and set out on a cloud and cloud-native journey with this Azure cloud native architecture guide Key FeaturesDiscover the key drivers of successful Azure architectureImplement architecture maps as a compass to tackle any challengeUnderstand architecture maps in detail with the help of practical use casesBook Description Azure offers a wide range of services that enable a million ways to architect your solutions. Complete with original maps and expert analysis, this book will help you to explore Azure and choose the best solutions for your unique requirements. Starting with the key aspects of architecture, this book shows you how to map different architectural perspectives and covers a variety of use cases for each architectural discipline. You'll get acquainted with the basic cloud vocabulary and learn which strategic aspects to consider for a successful cloud journey. As you advance through the chapters, you'll understand technical considerations from the perspective of a solutions architect. You'll then explore infrastructure aspects, such as network, disaster recovery, and high availability, and leverage Infrastructure as Code (IaC) through ARM templates, Bicep, and Terraform. The book also guides you through cloud design patterns, distributed architecture, and ecosystem solutions, such as Dapr, from an application architect's perspective. You'll work with both traditional (ETL and OLAP) and modern data practices (big data and advanced analytics) in the cloud and finally get to grips with cloud native security. By the end of this book, you'll have picked up best practices and more rounded knowledge of the different architectural perspectives. What you will learnGain overarching architectural knowledge of the Microsoft Azure cloud platformExplore the possibilities of building a full Azure solution by considering different architectural perspectivesImplement best practices for architecting and deploying Azure infrastructureReview different patterns for building a distributed application with ecosystem frameworks and solutionsGet to grips with cloud-native concepts using containerized workloadsWork with AKS (Azure Kubernetes Service) and use it with service mesh technologies to design a microservices hosting platformWho this book is for This book is for aspiring Azure Architects or anyone who specializes in security, infrastructure, data, and application architecture. If you are a developer or infrastructure engineer looking to enhance your Azure knowledge, you'll find this book useful.