Peter De Tender - Pro Azure Governance and Security: A Comprehensive Guide to Azure Policy, Blueprints, Security Center, and Sentinel

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the books product page, located at www.apress.com/9781484249093 . For more detailed information, please visit http://www.apress.com/source-code .

We have an internal saying, Microsoft runs on trust. This motto guides us internally to build solutions that delight our customers and provide the custom-tailored security they need to operate in todays digital world. Each year we invest $1 billion in cybersecurity and we are dedicated to this commitment, with more than 3,500 professionals protecting, detecting, and responding to threats.

Microsoft Azure is an open, flexible, enterprise-grade cloud computing platform, with more than 100 infrastructure as a service and platform as a service offerings. We maintain 54 Azure regions across the globe, more than any other cloud provider, allowing our customers to leverage the cloud while still meeting their stringent data security, privacy, and sovereignty requirements. Azure also complies with more than 90 different industry and government compliance frameworks, making it easier for our regulated customers to leverage its services.

As a common target for attackers, Azure has been engineered from the ground up to ensure security and resiliency. As with any public cloud, there are shared responsibilities for security between the customer and Microsoft. For example, while Microsoft is solely responsible for the physical security of the data centers and supporting infrastructure that powers Azure, you as the customer retain responsibility for controlling access to data and user provisioning. Thats where the book you hold in your hands steps in. Pro Azure Governance and Security provides a comprehensive guide for customers to follow, in order to securely deploy and govern workloads within Azure.

The authors share their collective wisdom for operating Azure services at enterprise scale, starting with an explanation of the key governance building blocks of tenants, subscriptions, management groups, resources, and policies. One of the unique advantages of operating in the cloud is that everything is software-defined. This allows customers to create and leverage repeatable code to define and maintain their environments. Azure Policy, which the authors devote an entire chapter to, is a native Azure service that makes it easy for customers to govern their Azure resources, apply security controls at scale, and enforce and audit compliance against established policies and standards.

Azure also contains custom-built solutions that help customers achieve advanced levels of operational security. One of these solutions is Azure Security Center. Pro Azure Governance and Security intuitively guides you through the capabilities, configuration, and use of Azure Security Center. You will learn how to enlist Azure Security Center for security posture management and enhanced threat protection for cloud workloads. Not surprising, another one of Microsofts goals is to simplify security for our customers wherever possible. Azure Security Center does this by providing a Secure Score for customers so that they can quickly and easily identify security weaknesses and mitigate them based on Microsoft recommendations and best practices.

Finally, the authors of Pro Azure Governance and Security wrap up the book, teaching you about our newest cybersecurity solution, Azure Sentinel, a cloud-native security incident and event management (SIEM) solution. It provides limitless scale and speed, and is built to detect threats with built-in machine learning from Microsofts security analytics experts and researchers. Azure Sentinel was engineered to ease the operational burden on security analysts and includes advanced logic to fuse and collate events into incidents. Further, it offers playbooks to automate common and routine response activities.

If you are tasked with protecting Azure workloads, then Pro Azure Governance and Security is a must-read and a great reference for those studying to become a Microsoft Certified Azure Security Engineer ( https://www.microsoft.com/en-us/learning/azure-security-engineer.aspx ).

Microsoft is built on trust, and we are devoted to earning that trust by building and operating resilient and secure systems for our customers.

Jonathan C. Trull

Global Director, Cybersecurity Solutions

Cybersecurity Solutions Group

Chief Security Advisor

Microsoft

July 2019

As the Global Director for the Microsoft Cybersecurity Solutions Group, Jonathan leads Microsofts team of worldwide security advisors and cloud security architects who provide strategic direction on the development of Microsoft security products and services and deliver deep customer and partner engagements around the globe. He serves as a member of Microsofts Internal Risk Management Committee and is a principal author of the Microsoft Security Intelligence Report.