2. Who am I ?
• Microsoft MVP – Microsoft Azure
• Senior IT Developer in Big 4
• Microsoft Certified in Azure Security Engineer Associate
3. Microsoft Azure TOP 20 vulnerabilities
1. A storage account accessible from the Internet
2. Storage accounts that allow insecure transfers
3. Lack of multi-factor authentication for privileged users
4. Lack of multi-factor authentication for joining devices
5. The free basic version of Azure Security Center lacks many necessary
security features
6. Azure virtual network with basic DDoS protection
7. Unencrypted operating system and data disks
8. Missing email notifications in the Security Center
9. Missing log alerts in Azure Monitor
10. Azure NSG inbound rule is configured as ANY
4. Continue…
11. Configure the public IP address as Basic SKU
12. Use dynamic IP addresses for public-facing services
13. Blob storage with anonymous read access
14. The number of guest users in Azure AD is too large
15. Insecure guest user settings in Azure AD
16. Unlimited access to Azure AD management portal
17. Azure Identity Protection feature is disabled by default
18. Azure Network Watcher is disabled by default
19. HTTPS is not mandatory for all web application traffic
20. Monitoring strategy in Azure Security Center