Azure This Week

3 important Azure security tips

Episode description

James Lee joins us again for Azure news this week! In a roundup of Azure announcements, security seems to be top of mind. From centralizing identities using Azure AD to synthetic monitoring using Application Insights, James packages up the latest Azure updates with three ways to have a more secure Azure environment! Oh, and try our free Azure security course:

0:35 Identity
Services that support Azure AD authentication
Preview – Azure AD auth for Managed Disks
2:36 Connectivity
Azure Gateway Load Balancer
4:05 Monitoring
Application Insights standard test for synthetic monitoring

Current free Azure courses:
Introduction to Governance and Compliance on Azure
Intro to Serverless on Azure
Introduction to Microsoft Azure Security
Azure Storage Deep Dive

Join the discussion in Discord:

Series description

Azure This Week is your weekly news roundup for all things Azure. Join our expert hosts as they cover everything you need to know about the past week’s developments, keeping it short, fun and informative. Whether you’re just beginning your cloud journey, or you know your stuff, there’s something for everyone!

Microsoft's recent July patch Tuesday saw Azure security taking center stage. There were over 30 fixes for various security vulnerabilities for Azure Site Recovery. So hopefully you've got all of your systems patched and up-to-date. But even if you do, you might be left wondering just how secure are your solutions in Azure? Welcome to Azure This Week. My name is James Lee, and today we're going to walk through three tips for security in Azure.

Now you can use a lot of different services in Azure, and each of them often have their own way of controlling who gets access to what. For example, you might give a database administrator access to a SQL database in Azure SQL database, and maybe an entirely separate account for logging into a virtual machine that they're going to use to manage those databases. But do you really want your database admin, or anyone else for that matter, to have to use one account for one Azure service and an entirely separate account for each and every other Azure service that you use. Well my first security tip for you today is to avoid this problem by centralizing your identities with Azure Active Directory. Azure AD allows you to control access to a lot more than just the Azure Portal and Microsoft 365 applications like Exchange online.

Azure AD actually supports authentication for a range of different services. Things like Azure Web Apps, Azure SQL, Azure Virtual Machines, and much, much more. In fact, this list just keeps growing and growing. Microsoft have even recently announced the public preview of Azure AD authentication for supporting exporting and importing Managed Disks. So if you're looking to centrally manage the identities that your staff, partners, and even applications use to access other Azure resources, be sure to check out whether your scenario is supported by Azure AD.

Every month A Cloud Guru has a number of totally free courses, which change over time. Now this month is security month. So perhaps you could try out our Introduction to Azure Security. We've also got other free courses available for you also, such as Intro to Serverless on Azure, and Azure Storage Deep Dive. A free account is genuinely free as well.

No credit card needed just content delivered. Now once you've followed tip one and you've got identity and access up and running for your solutions, we of course are going to have to open things up. Users will need access to your web apps. Applications themselves will need access to backend databases. And administrators will need to manage all of this as well.

So tip number two is to ensure you don't stop once you've got identity and access up and running, but you also ensure that connectivity for your solution is secure as well. Now, Azure includes a range of products and features that can help with this goal. Whether you're using something like Always Encrypted for Azure SQL, or Denial of Service protection for virtual network resources, or even cool features like just-in-time admin access for your virtual machines. But if there's some security feature that you're missing, well fear not. You can also use third-party security network virtual appliances.

For example, third-party firewalls, intrusion detection systems, or advanced packet analytics appliances. And with the recent release of Azure Gateway Load Balancer, you can now use the Azure Load Balancer itself to improve the reliability of all of these third-party security appliances as well. So whether you're using Azure products or third-party tools, there are a variety of ways to secure your solution connectivity. We've covered just two of the many, many elements of security and to wrap things up I have for you tip number three - monitor your solutions. Monitoring isn't something people always think of when we talk about security and that's why it has made today's list.

Because no matter how we're configuring security, we really do need to know how the solution is being used, or if it is being abused. Do you know if someone is maybe attempting a brute-force login attack? Or maybe a denial of service attack? What are the status of the accounts and encryption across your solutions? Or any of the other many security concerns to consider. To help with this, once again Azure includes a range of tools, features and products. You might use Activity Logs to see what's happening in your Azure subscription, or Defender for Cloud for security posture management, or even Azure Sentinel to analyze security events across all of your monitoring data. And once again, as security threats evolve, we see Microsoft evolve these products too.

For example, Application Insights Standard Tests have just been made generally available. This improves the existing monitoring capabilities with added features such as SSL certificate validity checks. So make sure whatever you are doing to secure your solution, you're continuing to monitor the things that matter. Well everybody, that's a wrap for today. Thanks so much for being with me.

For more awesome updates on all things Azure, be sure to tune in again to next week's episode. Until then, keep being awesome Cloud Gurus.

More videos in this series

Is AI the real Web 3.0?

Have you heard our TECHnically Possible Podcast: In Azure news this week, Lars takes a look at the general availability of Azure OpenAI, Microsoft’s…

Master the Cloud with ACG

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?