Microsoft's recent July patch Tuesday saw Azure security taking center stage. There were over 30 fixes for various security vulnerabilities for Azure Site Recovery. So hopefully you've got all of your systems patched and up-to-date. But even if you do, you might be left wondering just how secure are your solutions in Azure? Welcome to Azure This Week. My name is James Lee, and today we're going to walk through three tips for security in Azure.

Now you can use a lot of different services in Azure, and each of them often have their own way of controlling who gets access to what. For example, you might give a database administrator access to a SQL database in Azure SQL database, and maybe an entirely separate account for logging into a virtual machine that they're going to use to manage those databases. But do you really want your database admin, or anyone else for that matter, to have to use one account for one Azure service and an entirely separate account for each and every other Azure service that you use. Well my first security tip for you today is to avoid this problem by centralizing your identities with Azure Active Directory. Azure AD allows you to control access to a lot more than just the Azure Portal and Microsoft 365 applications like Exchange online.

Azure AD actually supports authentication for a range of different services. Things like Azure Web Apps, Azure SQL, Azure Virtual Machines, and much, much more. In fact, this list just keeps growing and growing. Microsoft have even recently announced the public preview of Azure AD authentication for supporting exporting and importing Managed Disks. So if you're looking to centrally manage the identities that your staff, partners, and even applications use to access other Azure resources, be sure to check out whether your scenario is supported by Azure AD.

Every month A Cloud Guru has a number of totally free courses, which change over time. Now this month is security month. So perhaps you could try out our Introduction to Azure Security. We've also got other free courses available for you also, such as Intro to Serverless on Azure, and Azure Storage Deep Dive. A free account is genuinely free as well.

No credit card needed just content delivered. Now once you've followed tip one and you've got identity and access up and running for your solutions, we of course are going to have to open things up. Users will need access to your web apps. Applications themselves will need access to backend databases. And administrators will need to manage all of this as well.

So tip number two is to ensure you don't stop once you've got identity and access up and running, but you also ensure that connectivity for your solution is secure as well. Now, Azure includes a range of products and features that can help with this goal. Whether you're using something like Always Encrypted for Azure SQL, or Denial of Service protection for virtual network resources, or even cool features like just-in-time admin access for your virtual machines. But if there's some security feature that you're missing, well fear not. You can also use third-party security network virtual appliances.

For example, third-party firewalls, intrusion detection systems, or advanced packet analytics appliances. And with the recent release of Azure Gateway Load Balancer, you can now use the Azure Load Balancer itself to improve the reliability of all of these third-party security appliances as well. So whether you're using Azure products or third-party tools, there are a variety of ways to secure your solution connectivity. We've covered just two of the many, many elements of security and to wrap things up I have for you tip number three - monitor your solutions. Monitoring isn't something people always think of when we talk about security and that's why it has made today's list.

Because no matter how we're configuring security, we really do need to know how the solution is being used, or if it is being abused. Do you know if someone is maybe attempting a brute-force login attack? Or maybe a denial of service attack? What are the status of the accounts and encryption across your solutions? Or any of the other many security concerns to consider. To help with this, once again Azure includes a range of tools, features and products. You might use Activity Logs to see what's happening in your Azure subscription, or Defender for Cloud for security posture management, or even Azure Sentinel to analyze security events across all of your monitoring data. And once again, as security threats evolve, we see Microsoft evolve these products too.

For example, Application Insights Standard Tests have just been made generally available. This improves the existing monitoring capabilities with added features such as SSL certificate validity checks. So make sure whatever you are doing to secure your solution, you're continuing to monitor the things that matter. Well everybody, that's a wrap for today. Thanks so much for being with me.

For more awesome updates on all things Azure, be sure to tune in again to next week's episode. Until then, keep being awesome Cloud Gurus.