AZ-500: Microsoft Azure Security Technologies
EXAM PASSED!!!
#Azure #Security #AzureSecurity #CertifiedProfessional #CloudSecurity #CloudFamily #CyberSecurity #MicrosoftAzure #MicrosoftCloud #Microsoft #alwaysbelearning #AZ500 #EXAM #PASSED
Challenge: Separate subscriptions for multiple disciplines under the same Azure Active Directory Tenancy.
Required : Each subscription to have the same role assignments
Solution : Azure Blueprints to define a repeatable set of Azure resources
How ?
Azure Blueprints provides
Reference guides
Getting Started Azure Blueprints (PREVIEW)
Creating Blueprint Guide – Focused on Roles
Create a blue print, if your new, start with a sample predefined Blueprint.
For this example I have selected Resource Groups with RBAC (Role-based Access Control)
Create blueprint> Enter Name, Description and Definition Location
Next : Artifacts
Click Save Draft
How to Publish Blueprint
Click Blueprints > Blueprint Definitions > Select the version to publish
Click Publish blueprint.
Enter version and change notes > Click Publish
Sample screen shots of Azure Advisor
Recommendations : Cost , Security, High Availability, Performance, Operational Excellence
Example Recommendations report export, output as a PDF or CSV
This feature looks to identify activity and assign a risk level. “Risk detection and remediation”
All features look to be available in Azure AD Premium P2 and restricted number of features in Azure Premium P1 and Basic/Free.
Key differences are the notifications options only in Azure AD Premium P2.
There are three default polices
Example of the Identity Protection Policies
Reference How To Guides :
A Virtual machine must be running.
If a virtual machine is stopped your deployment will fail
Note a Charge
Steps to Install Extension for Microsoft Antimalware
Select Virtual Machine > Extensions > New Resource > Microsoft Antimalware > Install Extension
Deployment in progress
Installed and Configuration completed
Stephen Hackers Completed the Course
Creating Security Baselines In Microsoft Azure
By Neil Morrissey
#AlwaysBeLearning #UpSkill #Azure #Security #CyberSecurity #PluralSight
How to prepare to collect security log data from your Azure Windows virtual machines. You require two things:
This guide shows how to setup the workspace and install the agents on the virtual machine.
Create a Log Analytics Workspace
Pricing is Pay as you go
Next you connect to the data source
Click Virtual Machines > Select Virtual Machine and click Connect.
The Agent is then automatically installed and ready to configure for the log analytics workspace
Next Configure workspace under advanced settings. See MS Doc Quick Start Guide
Windows event log collect from Windows VM
This example shows how to assign a user/group a role to admin virtual machines in a resource group.
How to steps..
Select “Resource Group” > IAM > Add > Select user or group and select a role – Ok
Locking prevents the accidental deletion or modifying of critical resources. Example Azure Subscription, Resource Group, Network, Files, VMs.
How to configure Management locks to prevent the accidental deletion of core networks?
In this example we will put a “Delete” lock on a virtual network.
Virtual Network > Select the network > Locks > Add > Name + Set lock type to delete > Ok
Configured
To remove a lock / delete the lock
Something I regularly do, is review security against attacks and remediate if required.
This example is a simple SQL injection attack.
There is a few things in addition to code which can either prevent, log or alert this activity. Some examples listed below
Example: Web Site – SQL injection in the username of a web portal
Username: “Select * From table 1”
Password : Blank
Result
Access Denied. Potential loophole is blocked.
Reason
One of the many firewall rules in place blocks SQL injection and the platform restricts special characters being used as usernames.