Outcomes

Azure Security Features, Just a Few

View the original Working Session content
 

Outcomes

People came and learned about the security features of Azure and other features.

An informal session for knowledge sharing and learning the newer security features of Azure, including: Access Control (AIM), Just in Time (JIT) access control, Security Center Recommendations, Virtual Machine Security Recommendations, and Key Vault.

People now know more and got to try Azure. They now know about security centre, and we all agreed that now we are in a DevOps world and we now have to worry about not only AppSec but also OpSec.

Specific features and aspects demonstrated/discussed in the session:

  • Giving access to virtual machine (VM) to another user and assign user role of contributor, owner, reader, etc. Possibility of customizing roles too.
  • ‘Just in time access’, which is new functionality, allowing access to be granted only upon a specific need. For example, for a pen tester.
  • The security tab for a given VM will show recommendations and security alerts, together with a description of any issue(s). Security Center runs a scan for this automatically.
  • The system recommends ports for access. You can accept or refuse recommendations, define ports, time duration of access, protocol, specific IP source address (and more).
  • Remember to enable the Microsoft Monitoring Agent per VM (or set to auto-provision) to get the most out of the recommendations.
  • The security center allows you to see everything in data center and for the whole team. It offers recommendations, security solutions, new alerts/incidents, last week’s alerts/incidents, and more.
  • Web application firewalls (WAFs) can be linked into the Security Center. This is a manual process for non-Microsoft WAF solutions.
  • Security Center offers a marketplace for buying access to/service from additional security solutions. ZAP (Zed Attack Proxy) is one such solution. Snyk Task is another.
  • Users may need to turn on a monitoring agent or take other manual action for a viable/useful security setup.
  • Security Center offers Key Vault to securely hold keys, secrets, certificates, and other confidential data.
  • Dashboards give general and at-a-glance information, including vulnerability statements.
  • Resource creation in the Security Center also allows push-button creation of a DevOps project.
  • Security Center subscription is/starts from $15, which is affordable to many.
  • People do not always realize that Security Center is available in Azure. They might benefit from knowing this.

Next Steps

  1. Tanya (the organizer) to learn more about the features and make a much better demo. She will add all new things to Patty the pipeline in DevSlop.
  2. Write Microsoft Docs about each step, or if one exists send feedback.

References

Session organiser(s)

Tanya Janca Tanya Janca

Participants

Franziska Buehler Franziska Buehler , Dominik De Smit , Felipe Zipitria Felipe Zipitria , Fraser Scott Fraser Scott , Gabor Pek Gabor Pek , Imran Mohammed A Imran Mohammed A , John Dileo , Abdullah Garcia Abdullah Garcia , Abhinav Sejpal Abhinav Sejpal , Adam Shostack Adam Shostack , Alex Chapman Alex Chapman , Alina Radu Alina Radu , Amanda Colpoys Amanda Colpoys , Andre Fourie Andre Fourie , Ante Gulam Ante Gulam , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Benjamin Brunzel Benjamin Brunzel , Carlos Holguera Carlos Holguera , Claudio Camerino Claudio Camerino , Colin Domoney Colin Domoney , Cristian Torres Cristian Torres , Davide Cioccia Davide Cioccia , Ian Taylor Ian Taylor , Jacob Christiansen Jacob Christiansen , Jannik Hollenbach Jannik Hollenbach , Joset Zamora Joset Zamora , Kevin Fielder Kevin Fielder , Manish Saindane Manish Saindane , Manuel Jeckelmann Manuel Jeckelmann , Marjorie Mohammad Marjorie Mohammad , Matt Pendlebury Matt Pendlebury , Panagiotis Yialouris Panagiotis Yialouris , Peter Turczak Peter Turczak , Radu Tighineanu Radu Tighineanu , Roni Yaari Roni Yaari , Ruediger Heins , Russell Coleman Russell Coleman , Sotiraki Sima Sotiraki Sima , Stephanie Vanroelen Stephanie Vanroelen , Stephen Hookings Stephen Hookings , Sven Schleier Sven Schleier , Tony Richards Tony Richards , Yogesh Sharma Yogesh Sharma , Yuriy Ackermann Yuriy Ackermann , Nicole Becher Nicole Becher , Mario Platt Mario Platt , Daniel Garcia (cr0hn) Daniel Garcia (cr0hn) , Sara Davis Sara Davis KRBard KRBard

Attached materials: