Introduction to basic governance in Azure - #GABDK
•Download as PPTX, PDF•
0 likes•557 views
This document discusses basic governance in Azure, including Azure AD PIM, Azure Locks, and Azure AD Access Review. It provides an overview of Azure Sentinel for security information and event management. It also discusses managing secrets with Azure Key Vault and using managed identities for Azure resources.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Introduction to basic governance in Azure - #GABDK
Similar to Introduction to basic governance in Azure - #GABDK (20)
More from Peter Selch Dahl
More from Peter Selch Dahl (12)
Recently uploaded
Recently uploaded (20)
Introduction to basic governance in Azure - #GABDK
- 1. Introduction to basic governance in Azure Peter Selch Dahl – Azure MVP – I’m ALL Cloud First - Taking back control of your Azure Subscription with light-weight governance and logging
- 2. Microsoft MCSA: Cloud Platform - Certified 2018, Microsoft MCSA: Office 365 - Certified 2018, Microsoft MCSE: Cloud Platform and Infrastructure - Certified 2018 Microsoft MCSA: 2016 Windows Server 2016, Microsoft MCSA: 2012 Windows Server 2012, Microsoft MCITP: 2008 Server and Enterprise Administrator, Microsoft MCSA: 2008 Windows Server 2008, Microsoft MCSA/MCSE : 2003 Security, Microsoft MCSA/MCSE : 2000 Security, VMWare Certified Professional VI3/VI4/VI5, CompTIA A+, Network+, EC-Council: Certified Ethical Hacker (CEH v7), And more Peter Selch Dahl Cloud Architect, Azure MVP Twitter: @PeterSelchDahl www: www.peterdahl.net Blog : http://blog.peterdahl.net Mail : psd@apento.com
- 3. • Azure AD PIM • Azure Locks • Azure AD Access Review • And more
- 5. Got Hacked! Not Fake News :O
- 6. Got Hacked! Not Fake News :O
- 9. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, Group, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk CLOUD-POWERED PROTECTION
- 11. Azure AD Privileged Identity Management (PIM) Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services like Office 365 or Microsoft Intune. • Provide just-in-time privileged access to Azure AD and Azure resources • Assign time-bound access to resources using start and end dates • Require approval to activate privileged roles • Enforce multi-factor authentication to activate any role • Use justification to understand why users activate • Get notifications when privileged roles are activated • Conduct access reviews to ensure users still need roles • Download audit history for internal or external audit
- 15. Azure Active Directory – Access Review
- 16. Azure Subscription – Access Review
- 17. Azure Active Directory – Access Review
- 18. Managed identities for Azure resources
- 19. Protect your keys and secrets!
- 20. Protect your keys and secrets! In-code passwords Azure KeyVault MSI BAD Better BEST
- 21. Managed identities for Azure resources Automatically managed service principals in Azure Active Directory, exclusively dedicated for Azure services instances. They enable Azure workloads to authenticate to cloud services*, without needing credentials in code.
- 22. Analogy Keys Built-in garage door opener Hand-held garage door opener Virtual Machine App Services Functions Etc. Azure Storage, Key Vault, Resource Manager, etc. Keys SAS Keys, username and password, etc. Built-in garage door opener System assigned managed identity Hand-held garage door opener User assigned managed identity One resourceShared between multiple resource
- 23. The bigger picture… Application / script Azure Active Directory MSI Endpoint / Id Object Azure VM, App Service, Function, etc. Get token
- 25. Managed identity provisioning (ExampleusingVM) 1. Azure Resource Manager is the orchestrator. Supported via: Portal, PowerShell, CLI, Template, REST and Azure SDKs. 2. Service Principal gets created in Azure AD. These are treated as special service principals, which belong to a Managed Identity. 3. Service Principal details are given to Compute Resource Provider. Resource is created/updated with the identity details. 4. Managed Identity (service principal) can be granted permissions via RBAC. 5. Code running inside the VM can request tokens via IMDS. 6. Managed Identity sub-system requests the actual token from Azure AD.
- 27. Access patterns using managed identities 1. Services that support Azure AD authentication Azure Resource Manager Azure Key Vault Azure Data Lake Azure SQL Azure Event Hubs Azure Service Bus Azure Storage Azure AD Graph API 2. Services that depend on Access Keys for authentication Access keys stored in: Azure Key Vault or Azure Resource Manager
- 29. Azure Locks • CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource. • ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
- 32. Azure Sentinel - Videohttps://azure.microsoft.com/da-dk/resources/videos/introducing-microsoft-azure-sentinel/ Azure Sentinel
- 33. Azure Sentinel Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
- 34. Azure Active Directory Activity logs in Azure Log Analytics Microsoft provides some great tools for auditing and insights into the data that have been logged. Most of these tools depend on extra configuration and licensing to give you the insight that is needed. How would you lookup data that older than 100 days? • https://docs.microsoft.com/en-us/azure/active- directory/reports-monitoring/reference-reports-data- retention • https://docs.microsoft.com/en- us/office365/securitycompliance/search-the-audit-log-in- security-and-compliance#before-you-begin
- 35. T: +45 82 32 32 32 F: +45 82 32 32 22 M: info@proactive.dk W: www.proactive.dk
- 36. Azure Customer Story: From Hybrid to Native Cloud https://www.youtube.com/watch?v=TVcdYNmUkfQ&t=16s
- 37. A shift in IT focus…..
- 38. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, Group, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk CLOUD-POWERED PROTECTION
Editor's Notes
- https://azure.microsoft.com/en-us/blog/managing-azure-secrets-on-github-repositories/
- https://azure.microsoft.com/en-us/blog/managing-azure-secrets-on-github-repositories/
- Back in our global administrators portal, we can track the changes in privileged role assignments and role activation history. CLICK STEP(S) On the Manage privileged roles blade, click Audit history.
- Point out: the business justification entered above, which is displayed in the Reasoning column. The admin can see Isaiah requested access as a Global Administrator and the reasoning given. This information can be critical for auditing and forensic investigations. Closing remarks: With Azure Active Directory Privileged Identity Management, you can manage, control, and monitor access within your organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune. Organizations want to minimize the number of people who have access to secure information or resources, because that reduces the chance of a malicious user getting that access. However, users still need to carry out privileged operations in Azure, Office 365, or SaaS apps. Organizations give users privileged access in Azure AD without monitoring what those users are doing with their admin privileges. Azure AD Privileged Identity Management helps to resolve this risk. Azure AD Privileged Identity Management helps you: See which users are Azure AD administrators Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune Get reports about administrator access history and changes in administrator assignments Get alerts about access to a privileged role CLICK STEP(S) Click anywhere on the slide to end the presentation.
- https://azure.microsoft.com/en-us/blog/managing-azure-secrets-on-github-repositories/
- https://azure.microsoft.com/en-us/blog/managing-azure-secrets-on-github-repositories/
- https://jwt.ms/
- https://jwt.ms/
- https://jwt.ms/
- https://jwt.ms/
- https://jwt.ms/
- https://jwt.ms/
- https://azure.microsoft.com/da-dk/resources/videos/introducing-microsoft-azure-sentinel/
- https://azure.microsoft.com/da-dk/resources/videos/introducing-microsoft-azure-sentinel/
- https://azure.microsoft.com/da-dk/resources/videos/introducing-microsoft-azure-sentinel/
- https://azure.microsoft.com/da-dk/resources/videos/introducing-microsoft-azure-sentinel/
- Adoption of new features each quarter of the year….. continuous adoption