Security incident response.

Three of the most important words in any security operation.

These are also some of the most important words you need to use when you talk to potential public cloud service providers. You need to know that your cloud service provider has a mature and effective security response plan. If your provider can’t provide you their security response plan, then you need to think about how prepared they are for the inevitable security breach.

We expect you to ask that same question when you consider using Microsoft Azure as your choice of public cloud service provider.

To help you understand our approach, we provide you the Microsoft Azure Security Response in the Cloud White Paper.

This whitepaper is a distillation of the salient points from Microsoft’s Security Incident Management procedures for Azure. It provides you with the highlights of how the Azure Security Response team operates during the investigation and response to security incidents.

We hope you find the Microsoft Azure Security Response in the Cloud White Paper useful and please let us know if you have any questions by entering them in the Comments section below.

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

One of the most impressive features of Azure Security Center is its advanced threat detection.

Gone are the days of signature-based solutions.

Gone are the days of isolated point solutions that don’t share information and correlate their findings.

And closer are we to the days when floods of false positive alerts lead to us being desensitized to our IDS solutions.

Check out this video starring Sarah Fender to see how Azure Security Center uses advanced threat detection methods such as machine learning, anomaly detection and behavioral analysis to help provide you what might be the best protection yet available for your workloads in the public cloud.

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Both PaaS and IaaS services hosted in Azure generate a large amount of data in security logs. These logs contain vital information that can provide intelligence and powerful insights into policy violations, internal and external threats, regulatory compliance issues, and anomalies in network, host, and user activity.

This ability to get raw logs from your Azure resources into your Security Information and Event Management (SIEM) systems provides a unified dashboard for all your assets, on-premises or in the cloud, so that you can aggregate, correlate, analyze and alert for security events associated with your applications. Azure Log Integration enables you to integrate these logs from assets deployed in Azure to on-premises Security Information Event Management (SIEM) systems . 

High level architecture: 

What logs can I integrate?

Azure produces extensive logging for every service. These logs are categorized by two main types:

• Control/Management logs – Control/Management logs give visibility into the create, update and delete operations that goes through Azure Resource Manager. Azure Audit logs contain these logs

Data Plane logs – Data plane logs give visibility into the events raised using the usage of the Azure resource. An example of this are the Windows event system, security and application logs in a Virtual machine

Get Started with Azure Log Integration

Download the package from the Microsoft Download Center  and install Azure Log integration

Note: The Azure Log integration service collects telemetry data from the machine on which it is installed. Please uncheck the option if you would not like to allow Microsoft to collect the telemetry data.

Telemetry data collected –

• Exception information that happens during execution of Azure log integration
• Metrics about # of queries made and # of events processed
• Usage statistics about which Azlog.exe command line option is being used

Integrate Azure VM Logs from your WAD (Windows Azure Diagnostics) Storage accounts

1. Ensure that your WAD storage account is collecting the logs before continuing on the Azure log integration
2. Open command prompt, and cd into c:\Program Files\Microsoft Azure Log Integration
3. Run the command:  azlog source add <FriendlyNameForTheSource> WAD <StorageAccountName> <StorageKey>
   <StorageAccountName> – This is the Azure storage account configured to receive Diagnostics events from your Virtual Machine
    Example: azlog source add azlogtest WAD azlog9414 fxxxFxxxxxxxxywoEJK2xxxxxxxxxixxxJ+xVJx6m/X5SQDYc4Wpjpli9S9Mm+vXS2RVYtp1mes0t9H5cuqXEw==
   Optionally, you can append the subscription ID to the friendly name if you would like the subscription id to show up in the event XML. 
   azlog source add <FriendlyNameForTheSource>.<SubscriptionID> WAD <StorageAccountName> <StorageKey>
4. To view the events that are pulled from the storage account, Open Event Viewer –>Windows Event log–> Forwarded Events on the Azlog Integrator
5. Make sure your standard SIEM connector (e.g. Splunk Universal Forwarder or ArcSight Windows Event Smart Collector or QRadar WinCollect) installed on the machine is configured to pick events from forwarded events folder and pipe them to SIEM instance. Review the SIEM specific information to ensure that you are integrating the Azure VM logs.

Integrate Azure Audit logs and Azure Security Center Alerts

1. Open command prompt, and cd into c:\Program Files\Microsoft Azure Log Integration
2. Run the command:  azlog createazureid  This command will prompt for your Azure Login and creates an Azure Active Directory Service Principal in the Azure AD Tenants that host the Azure subscriptions in which the logged in user is a Co-Administrator or owner. The command will fail if the logged in user is only a Guest user in the Azure AD Tenant.Authentication to azure is done through Azure AD.  Creating a service principal for Azlog Integration will create the Azure AD identity that will be given access to read from Azure subscriptions.
3. Run the command:  azlog authorize <SubscriptionID>
   The azlog authorize command assigns reader access on the subscription to the service principal created in step # If you don’t specify a SubscriptionID , then the service principal will be assigned the reader role to all subscriptions to which you have any access.(Note: You may see some warnings if you run the authorize command immediately after createazureid. The reason for this is that there is some latency between the Azure Active Directory account creation and the account being available for use. If you wait about 10 seconds after running createazureid and then run authorize, then you should not see these warnings)
4. Check the following folders to confirm Audit log JSON files exist in them:
   C:\Users\azlog\AzureResourceManagerJson
   C:\Users\azlog\AzureResourceManagerJsonLD
   The tool generates both pretty printed and line delimited JSON.
5. Check the following folders to confirm that Azure Security Center alerts exist in them:
   C:\Users\azlog\ AzureSecurityCenterJson
   C:\Users\azlog\AzureSecurityCenterJsonLD
6. Point the standard SIEM file forwarder connector to the appropriate folder to pipe the data to SIEM instance. You may need some field mappings based on SIEM product you are using.
   To learn more about Azure Audit logs and property definitions, please see:
   https://msdn.microsoft.com/library/azure/dn931934.aspx
   https://azure.microsoft.com/en-us/documentation/articles/resource-group-audit/
   To learn about Azure security center alerts, please visit
   https://azure.microsoft.com/en-us/documentation/articles/security-center-managing-and-responding-alerts/

Today’s the day!

Yes, it’s *that* day – the day that Azure Security Center goes into General Availability.

That means it’s time for you to enroll your production workloads into Azure Security Center.

Not sure how to get started? A good place to start is to read Azure Security Center – from planning to operations in 10 steps.

Over the next few weeks we’ll go over a number of the cutting edge features and capabilities that Azure Security Center brings to bear to help secure your IaaS and PaaS workloads hosted on the Azure platform.

As a preview, here are some of things we’ll talk about in the coming weeks:

• Security policies – a set of controls that you can choose from which are recommended within a subscription or resource group that define what is detected
• Security recommendations – a collection of recommendations based on analysis of your deployment
• Security alerts – insightful alerts that let you know that a possible security event has taken place, and provide you advice on how to mitigate the possible problem
• SIEM integration – the ability to integrate Azure logs and Azure Security Center events with your on-premises SIEM solution
• Integration with partner solutions – Azure Security Center includes tight integration with a number of leading security solutions provided by Azure partners
• Advanced detection capabilities – Azure Security Center uses advanced detection capabilities which include machine learning-based algorithms, behavioral analysis, and anomaly detection, all of which work together to inform each other. This significantly reduces false positives and delivers to you alerts with a high probability of accuracy

Stay tuned to the Azure Security Team blog in the coming weeks for more information and make sure to read Azure Security Center goes into General Availability to learn about some new and compelling features included in Azure Security Center.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

One of the best things about the release of a new service in Azure is combing through the docs to learn all about it, and I know you’ll want to do that with Azure Security Center.

If you’re book sort of person, a table of contents goes a long way at allowing you to “eyeball” the subject and drill down on the things that look interesting to you.

So, for all of our Azure Security fans out there, here’s a table of contents for Azure Security Center docs as it stands today, July 21st 2016.

Keep in mind that this is not the entire list of docs! There are links inside many of these docs that will connect you with more Azure Security Center information – this list will get you started.

Enjoy the learning experience and make sure to let us know if you have questions! Just put your questions in the Comments section below and the Azure Security Center team will get back to you with answers.

Overviews

What is Azure Security Center?

Service Overview

Pricing

Azure Security Center FAQ

Data Security

Get Insights with Power BI

Get Started!

Azure Security Center Planning and Operations Guide

Azure Security Center Quick Start Guide

Prevention

Set Security Policies

Implement Security Recommendations

Monitor Security Health

Monitor Partner Solutions

Detect and Respond

Detection Capabilities

Manage Security Alerts

Develop

Rest API

Stay Current!

Azure Security and Compliance Blog

Azure.com Blog #security

Azure Security Information Hub

Azure Security Center MSDN Forum

There you go! Happy reading…

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

That’s sort of a mouthful, isn’t it?

Many people we talk to want to understand how Azure Security Center secures the data it uses to help secure the workloads you deploy in the Azure cloud. These people know that some of this information is sensitive and require that this information is secured from end-to-end.

In order to provide the advanced prevention, detection and response capabilities we have in Azure Security Center, we need to store a lot of information in order to use it for analysis:

• Configuration information
• Virtual machine and other types of metadata
• Crash dump files (used in crash dump analyses which can find hidden malware)
• Event logs
• Application and service logs
• Network logs
• Recommendations we give you
• Information related to our analysis of your deployment

And more!

This information is obtained from a number of sources, including:

• Azure services
• Network traffic
• Partner solutions
• Virtual machines

This data need to be protected, and we use a number of methods to protect it:

• Data segregation controls
• Data access controls
• Data access controls
• Data location controls

Interested in the details on how we do this? Then check out the article Azure Security Center Data Security.

Thanks!

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

At Microsoft, we are committed to implementing state-of-the art technology and world-class security solutions to meet the applicable controls of FedRAMP, NIST Special Publication 800-53 , and the Criminal Justice Information Services (CJIS) Security Policy to allow our customers to meet their compliance requirements.

To help you use the Azure security features and capabilities we provide to you, we have created the CJIS Implementation Guidelines white paper. This document provides guidelines and resources to assist CJIS Criminal Justice Information Services (CJIS) Security Policy Systems Agencies (CSA) and law enforcement agencies (LEA) in implementing and utilizing Microsoft Government Cloud features. These features meet the applicable CJIS certification standards and are consistent with FBI CJIS Security Policy v5.4 and future policy versions.

This document is designed to provide insight into the CJIS security controls applicable to Microsoft Cloud services, and provide guidance to law enforcement agencies on where to access detailed information to assist in CJIS audits.

The goal is to offer you guidelines that CJIS Systems Agencies and law enforcement agencies can use to understand how the security controls are met and to simplify the CJIS IT audit process

Thanks!

Tom
Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

It’s been a great couple of weeks for anyone interested in great security for solutions they host in Azure.

Last week we let you know about Azure Security Center going into general availability and how Azure Security Center can bring you the detection and response capabilities you need to protect your Azure workloads. We also let you know that this level of continuous security monitoring and alerting is most likely the best security solution offered by a public cloud service provider today.

Nice!

That was great news, but now for part 2 – Operations Management Suite-Security is now in General Availability and all of the good things in terms of threat detection that you have for your Azure workloads with Azure Security Center are now available in OMS Security.

OMS Security makes is possible easily assess your security posture for your on-premises or hybrid workloads. It’s a fantastic solution with a compelling interface that is both very easy to use and powerful at the same time. An example of this power is almost one of my favorite features – the ability to automate responses to specific detections using runbooks or webhooks.

Learn more by reading Microsoft brings together IT management and security for the hybrid cloud.

Some of the new security features included in OMS Security include:

• An enhanced Security dashboard
• A Threat Intelligence Map
• Security Configuration Baseline Assessment
• An Identity and Access Management dashboard
• Microsoft Advanced Threat Analytics integration
• Cisco ASA log ingestion
• Advanced threat detection engine

Sounds good? No! Sounds GREAT! For details on each of these new security features, check out Operations Management Suite expands to include security management, threat detection.

And as mentioned, OMS Security inherits much of the advanced threat detection you get with Azure Security Center – behavioral analysis, anomaly detection, machine learning based algorithms, multiple threat intelligence feeds, and more. For more information in OMS Security threat detection, check out Operations Management Suite (OMS) Adds Security Analytics to Power Threat Detection.

Enough of reading – let’s watch a movie! In this video Sarah Fender from the Azure Security Center team shows how OMS Security provides deep and actionable insights into the security of your hybrid cloud environments. Enjoy!

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Hey Azure Security Community!  Yuri Diogenes (CSI Enterprise Mobility and Azure Security team) here sharing with you some info we know you want to know about.

This week I had a great time recording an interview with Lex Thomas from Taste of Premier about how to leverage Azure Security Center and OMS Security for Incident Response. The Incident Response lifecycle that I used as example was extracted from our paper Microsoft Azure Security Response in the Cloud, which is also mentioned in the Incident Response section of our Azure Security Center Planning and Operations Guide.

In this interview I demonstrate how to use Azure Security Center Security Alerts to assist you in the following stages of the incident response:

• Stage 1 – Detect
• Stage 2 – Assess
• Stage 3 – Diagnose

I also explain how OMS Security and Audit Solution can be used in a hybrid environment where you need to perform further investigation regarding a potential attack, including the use of the Threat Intelligence capability. Watch the entire episode here or below:

Here are some useful links for you to learn more about OMS Security and Audit Solution, Azure Security Center and Azure Security in general:

• Visit Operations Management Suite page, and in the left navigation pane, click Security and Compliance for more information about OMS Security and Audit Solution.
• Visit Azure Security Center documentation page for more information about this cloud service.
• Visit Azure Security Information Site for more information about Azure Security capabilities in general.
• Pre-order our upcoming Azure Security Infrastructure book from Microsoft Press

The hits just keep coming this week!

We’re happy to announce a new Microsoft Virtual Academy source titled Introduction to Azure Security Center

Here’s the description of the course headed by a stellar array of Azure Security Center PMs (Sarah Fender, Gilad Elyashar and Tomer Teller):

Looking to combat today’s enterprise security threats? Want to respond to and recover from security incidents more quickly? Learn how Azure Security Center helps you prevent, detect, and respond to threats with increased visibility and control over the security of your Azure resources. And see how Azure Security Center uses advanced analytics to identify attacks that might otherwise go undetected.

Join a team of experts for this Azure Security Center training, as they show you how to stay ahead of current and emerging threats. Explore cloud security policies that enable you to recommend and monitor security configurations, easy deployment of integrated Microsoft and partner security solutions, and real-time security alerts.

1 | Overview

Learn how to combat today’s threats. See how Microsoft defined a new approach to security and how Security Center, a new Azure service, can enable customers to protect, detect, and respond to threats.

Watch it now!

2 | Security Roles

Explore how the different roles responsible for cloud security are using Azure Security Center to meet their security management, monitoring, and incident response needs.

Watch it now!

3 | Prevention Deep Dive

See how Azure Security Center hardens cloud deployments by setting policies, monitoring the security state of virtual machines, virtual networks, databases, and applying security recommendations.

Watch it now!

4 | Detections Deep Dive

Get the inside scoop on how Azure Security Center detection algorithms use threat intelligence, behavioral analytics, and anomaly detection to identify threats and to help you respond and recover.

Watch it now!

We hope you enjoy the presentations and learn what you need to know to get a start with securing your assets in Azure. If you have questions, please ask below and we’ll get back to you quick!  

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Getting started with a new service is never actually “easy”. Yes, I admit that we often say “easily do thus and such” and then when you get to the actual planning, design, implementation and management, that “easy” was used as a relative term . We’ve all been there and we know the drill.

But just because a service is new doesn’t mean that it has to be painful! In fact, if you have the right roadmap, it’s actually pretty fun (and isn’t that why we’re in the IT security business after all?)

The good news is that Azure Security Center *is* easy to use. I would say that it’s probably one of the easiest Azure services you’ll ever work with! The trick is to figure out where to start. That’s what this article is about – we’ll offer here a 10-step program that you can use to get started on the right foot and speed your way to Azure Security Center success.

Let’s get started!

1. Get to know Azure Security Center and understand why you need it

First things first. Why do you care about Azure Security Center? What does it have to offer and what problems does it solve for you?

To answer those questions, check out:

• Azure Security Center Service Overview
• Introduction to Azure Security Center

2. Understand data security and privacy issues with Azure Security Center data collection

Now that you know what Azure Security Center has to offer and how it helps you solve some important security issues for the solutions you host in Azure, the next step is to make sure you understand how we handle the data we store for Azure Security Center’s use. To help you with that read:

• Azure Security Center Data Security

3. Get an idea of how much it costs to use Azure Security Center

Are you all in? We hope so! But everyone has to deal with budgets so you’re going to need to know how much Azure Security Center is going to cost. You can get these numbers from:

• Azure Security Center pricing

4. Carefully plan how you’re going to use Azure Security Center to get the most out of it

Someone once said that failure to plan is planning to fail. You don’t want to fail! To help you get things done right from the beginning, you’ll want to know what you need to do to get things arranged to meet your security operations goals. To help you with this, we have the:

• Azure Security Center planning and operations guide

5. Get started on your Azure Security Implementation by configuring Security Policies

In a nutshell, Azure Security Center “security policies” define a set of things we look at so that we can provide you recommendations and alerts. This helps us and you focus on what’s important and not focus on irrelevant information. Get a jump on Azure Security Center policy configuration by reading:

• Setting security policies in Azure Security Center

6. Evaluate and act on Security Recommendations made by Azure Security Center

After Azure Security Center security policies are configured, we’ll start analyzing your subscription or resource groups for possible security issues. When the analysis is complete, we’ll provide you a collection of recommendations. For each of the recommendations, we’ll help you mitigate them with “one-click” solutions or provide you pointers to guidance that will streamline your efforts at getting things fixed. You can learn more about security recommendations by reading:

• Managing security recommendations in Azure Security Center

7. Learn how Azure Security Center uses cutting edge advanced threat detection to generate alerts

Not only does Azure Security Center continuously monitor your deployment for security configuration issues (it’s not just a one-time vulnerability assessment, we keep looking and looking), we also will alert you to possible threats and provide you advise on how to mitigate them. If you’re curious about how we discover advanced threats that you need to protect yourself from today, check out:

• Azure Security Center threat detection capabilities

8. Drill down to evaluate general and individual security health status

As I said, we don’t do a one-time vulnerability assessment, we keep looking and looking and analyzing your deployment for security issues. Learn more about what we find and how you can act on your findings by reading:

• Security health monitoring in Azure Security Center

9. View Azure Security Alerts and mitigate the threats

Danger Will Robinson, alert! alert! After Azure Security Center detects alerts, you’ll want to see what’s happening and do something about it. To help you find and respond to alerts, make sure you read:

• Managing and responding to security alerts in Azure Security Center

10. Troubleshoot problems with Azure Security Center

Got to the cloud and your configuration and management problems will be gone! Well, that’s what we hope, but we know problems are always with us – the key is to reduce them to as few as possible. If you do run into problems with Azure Security Center, run on over to Azure.com and read this:

• Azure Security Center Troubleshooting Guide

We hope you find this article useful! I want to extend a hat tip to Yuri Diogenes, who significantly inspired this article.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

The Microsoft Azure Compliance in the Context of Malaysia Security and Privacy white paper is written for IT decision makers in Malaysia who are considering the advantages of moving their data to Microsoft Azure.

This white paper answers several important questions:

• Does Microsoft Azure meet Malaysian compliance requirements?
• Where is data stored and who can access it?
• What is Microsoft doing to protect data?
• How can a customer verify that Microsoft is doing what it says?

The content is divided into three main sections:

• Malaysian compliance requirements. This section focuses on how Azure meets legislative and certification requirements.
• Key security principles. This section provides technical information on how Azure addresses key security principles for customers located in Malaysia, such as encryption and security best practices.
• Key privacy principles. This section provides technical information on how Azure addresses key privacy principles for customers located in Malaysia, such as data location and government requests.

Understanding how Azure shares responsibility with customers to meet Malaysian security and privacy requirements is also important step toward moving data to the cloud.

We hope you find value in reading the Microsoft Azure Compliance In the Context of Malaysian Security and Privacy Requirements white paper – if you have questions or suggestions regarding this paper, please let us know in the comments section below.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Microsoft Azure is a trusted cloud-based platform that provides Microsoft customers with the ability to realize the benefits of cloud computing. This white paper addresses questions posed by customers in New Zealand who are considering a move to the cloud. Questions such as how secure is cloud data, where is data stored, how is it used, and who can access it are common. These types of questions usually relate to one of three areas – compliance, security and privacy.

From a compliance perspective, the way Azure is designed, built, operated and independently certified enables government agencies to meet the security and privacy requirements established by three key New Zealand information security and privacy mechanisms: the Protective Security Requirements, the NZ government Cloud Computing Risk & Assurance Framework and the Privacy Act 1993.

Microsoft Azure Compliance in the context of New Zealand Security and Privacy Requirements paper is written for IT decision makers in New Zealand who are considering whether to move their data to Microsoft Azure, the paper addresses questions such as, Does Microsoft Azure meet New Zealand’s compliance requirements? where is data stored and who can access it? what is Microsoft doing to protect data? how can a customer verify that Microsoft is doing what it says?

The paper provides guidance for organizations in New Zealand on compliance requirements, and how key security and privacy principles can help address their concerns.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

When getting started with Azure, it’s natural to want to see if you can do all the things you can do on-premises in Azure. What better way to learn something new than by connecting it to things you already understand? Works for me, and I’ve seen it work for lots of other people as they ramp up on Azure.

One of the things that many IT Pros do on-premises is run mail servers and they’ve been doing it for many years. Running email is relatively complex, so the thought is “if I can get an email server running in Azure IaaS, then I probably can do just about anything else I can do on-premises”.

The good news is that you can run a mail server in Azure. However, you can’t run it exactly the same as you would run it on-premises. One of the key issues here relates to the ephemeral nature of Azure public IP addresses and potential for abuse and the effects that might have on other customers if they inherit your public IP addresses in the future. Because of this, we do *not* allow you to send email to external domains from Azure (this includes email servers and applications that send email as part of the service they provide).

To solve this problem, you’ll need to use an SMTP relay that is *not* hosted in Azure. That SMTP relay can be on-premises or you can use an SMTP hoster. Whatever works best for you.

There are some other things you need to understand about sending email from virtual machines to external domains and you can get those details in the blog post Sending E-mail from Azure Compute Resources to External Domains.

HTH,

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

The Cloud Security Mindset white paper discusses how  Microsoft IT has safely and securely moved much of its IT infrastructure to Microsoft Azure, while supporting rapid innovation within the enterprise. Applications and services that have moved support line of business activities across the enterprise landscape. Examples include source code management, Finance, Corporate, External, and Legal Affairs, Human Resources, and information security processes.

During the migration process, Microsoft IT discovered that a pure “lift and shift” approach to security architecture wasn’t enabling it to get the most out of their cloud transition. Some traditional approaches needed to be altered, and new or increased focus needed to be placed on responding to threats as opposed to preventing them. In this paper they discuss many security lessons learned during their migration – and now you can benefit from them and use them as you continue your secure journey into the Microsoft Azure cloud.

The following areas are discussed:

• Cloud computing as a partnership
• Protect, detect and respond
• DevOps teams control applications
• Providing guardrails, not gates
• Sanctioning shadow IT
• Getting security fundamentals right

We hope you find the Cloud Security Mindset white paper helpful and please ask any questions or add comments in the Comments section below.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

For the Azure Security and Compliance teams – security is job 1 (and 2 and 3 and…) and cloud security is what charges us up during the day and keeps us awake at night.

As a defender and protector for your organization, you have the same concerns. You need to know that you’re doing all you can to protect your information located on-premises and in the cloud.

That’s a lot of stuff to keep track of – wouldn’t it be great if there was an integrated solution for managing security in your hybrid environments?

There is! It’s called Operations Management Suite – Security and Compliance.

Here’s some of what you get with OMS – Security and Compliance:

• Cloud based solution – no on-premises infrastructure to set up
• Security posture and threat detection
• Unified view of security related issues – on-premises and in the cloud
• Advanced threat detection and incoming threat intelligence feeds
• Best practice recommendations and security baselines

Sounds like something worth checking out! Here’s some information to get you started:

• Operations Management Suite Suite Security & Compliance datasheet
• Demo video with Sarah Fender
• eBook – Anatomy of a Breach
• Streamline Security Audits with OMS Datasheet
• Video: Operations Management Suite Security – “One Step Ahead”
• Managing security and compliance with Microsoft Operations Management Suite video
• Getting started with the Operations Management Suite Security and Audit Solution

Ready to try it out? Just click the button!

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

You’ve got word that your group is tasked with moving to the cloud and one of the cloud providers you’ll be working with is Microsoft Azure.

Great!

Now you’re thinking “what about security?”

Good question.

Microsoft Azure has a ton of security built right into the platform. You can learn about Azure platform security (which you get with any service you run on Azure) by visiting the Microsoft Trust Center. There you’ll learn about what we do on at the Azure platform level to secure the services and information you place in Azure.

If you want to dive into Azure security technical details, architecture, and best practices, then head on over to the Azure Security Information site.

The next step is to start learning about the services, features and technologies that we make available to you that you can use to enhance the security of the services you build on Azure. There are a lot of them to choose from, so to help you get started, we’ve compiled a list of what we consider to be the “top 10” to start with. Over time, you’ll discover more – but make sure you know about these first!

1. Azure Security Center

Azure Security Center provides you a central location from which you can assign security policies, get security recommendations, and receive alerts and remediations for IaaS and PaaS assets you place in Azure. With Azure Security Center you’ll:

• Have a better understanding of your overall security state
• Be able to define security policies for your subscriptions and resource groups
• Easily deploy integrated security partner solutions
• Take advantage of advanced threat detection and quickly respond to threats

Azure Security Center is our elite security offering for protecting your Azure assets.

For more information Azure Security Center check out What is Azure Security Center.

2. OMS Security & Compliance

Operations Management Suite (OMS) Security and Compliance compliments and extends the advanced detection and alerting capabilities found in Azure Security Center by including your on-premises resources. Similar to Azure Security Center, OMS Security & Compliance helps you prevent, detect and respond to threats.

With OMS Security & Compliance you can:

• Analyze and investigate incidents
• Detect threats before they happen
• Streamline security audits

For more information about OMS Security & Compliance, check out Operations Management Suite | Security & Compliance

3. Azure Key Vault

Azure Key Vault is your Hardware Security Module (HSM) in the cloud. You can use Azure Key Vault to store and encrypt keys and small secrets like passwords using keys stored in Azure Key Vault HSMs. You can also monitor and audit key and secret usage by taking advantage of Azure Logging – all you need to do is pipe your logs in Azure HDInsight or your on-premises (or cloud) Security Information and Event Management (SIEM) system and you can get even more information and insights about key use (and abuse).

For more information about Azure Key Vault, check out What is Azure Key Vault.

4. Azure Disk Encryption

Azure Disk Encryption lets you encrypt your Windows and Linux Azure Virtual Machine disks. Azure Disk Encryption uses industry standard BitLocker for Windows VMs and DM-Crypt for Linux VMs to provide volume encryption for the OS and the data disks. Azure Disk Encryption is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription, while ensuring that all data in the virtual machine disks are encrypted at rest in your Azure storage. With Azure Disk Encryption, even if you’re virtual machine disks are stolen, the attacker will not be able to access the data on the encrypted disk.

For more information about Azure Disk Encryption, check out Azure Disk Encryption for Windows and Linux Azure Virtual Machines

5. Azure Storage Service Encryption

Azure Storage Service Encryption helps you protect data to meet organizational security and compliance commitments. With this feature, Azure Storage automatically encrypts your data prior to persisting to storage and decrypts it prior to retrieval. The encryption, decryption, and key management opaque to users so they never need to do anything to make it happen. Azure Storage Service Encryption enables you automatically encrypt block blobs, page blobs and append blobs.

For more information about Azure Storage Service Encryption, check out Azure Storage Service Encryption for Data at Rest (Preview).

6. Azure SQL Transparent Data Encryption

SQL Transparent Data Encryption helps protect your data in a scenario where the physical media (such as drives or backup tapes) are stolen so that a malicious party can just restore or attach the database and browse the data. One solution is to encrypt the sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. This prevents anyone without the keys from using the data. TDE performs real-time I/O encryption and decryption of the data and log files for both SQL Server in Azure Virtual Machines as well as Azure SQL.

For more information about Azure SQL Transparent Data Encryption, check out Transparent Data Encryption.

7. Azure SQL Cell Level Encryption

Azure SQL Cell Level Encryption allows you to select the columns you want to encrypt in your database, which can be useful in some instances when you have very large databases.

For more information about Azure SQL Cell Level Encryption, check out Recommendations for using Cell Level Encryption in Azure SQL Database.

8. Azure Log Integration

Azure Log Integration enables you to integrate logs from both Azure and on-premises assets so that you can integrate them with your on-premises Security Information and Event Management System (SIEM).

For more information about Azure Log Integration, check out Microsoft Azure Log Integration – Preview

9. Azure Active Directory Multi-Factor Authentication

Azure Active Directory Multi-Factor Authentication (MFA) enables you to increase the security of your solutions hosted on Azure by bypassing the security issues related to traditional username/password solutions. There are a number of identity verification options, such as phone call, SMS message, or mobile app notification. The solution provides real time alerts and monitoring and can be deployed on-premises, in the cloud, or both.

For more information about Azure Active Directory Multi-Factor Authentication, check out What is Azure Multi-Factor Authentication.

10. Azure Active Directory Privileged Identity Management

Azure Active Directory Privileged Identity Management (PIM) enables you can manage, control, and monitor access within your organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune.

Azure AD Privileged Identity Management helps you:

• See which users are Azure AD administrators
• Enable on-demand, “just in time” administrative access to Microsoft Online Services like Office 365 and Intune
• Get reports about administrator access history and changes in administrator assignments
• Get alerts about access to a privileged role

For more information about Azure Active Directory Privileged Identity Management, check out Azure AD Privileged Identity Management.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

The Microsoft Azure Compliance in the context of Australia Security and Privacy Requirements whitepaper addresses questions faced by customers in Australia who are considering a move to the cloud is now available!

Microsoft Azure Compliance in the context of Australia Security and Privacy Requirements paper is written for IT decision makers in Australia who are considering whether to move their data to Microsoft Azure.

Examples of questions the paper addresses include:

• Does Microsoft Azure meet Australia’s compliance requirements?
• Where is data stored and who can access it?
• What is Microsoft doing to protect data?
• How can a customer verify that Microsoft is doing what it says?

The paper provides guidance for organizations in Australia on compliance requirements, and how key security and privacy principles can help address their concerns.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

What do you do when your business goes mobile?

The transition to mobility and the cloud has further complicated the threat landscape, creating new challenges for our security heroes. Sophisticated attack vectors require a new approach to security. How can you arm yourself with a security strategy that uncovers blind spots, identifies anomalies, and stops risky behavior?

Identity-driven security is a holistic approach to security that complements your larger IT strategy. Start with one secure common identity as your first tool to address security challenges that span users, devices, data, apps, and platforms—on-premises and in the cloud—and build from there.

Join speaker Alex Weinert, Group Program Manager for the Identity Protection team and Tim Rains, Director of Security at Microsoft, on September 12, 2016 at 10:00 AM PST for a discussion on how you can adopt an identity driven security strategy, along with in-depth demos and live Q&A as part of our webinar, The security hero’s tool belt: Identity-driven security. Learn how you can protect your organization with innovative and intelligent security tools in a cloud-first, mobile-first world.

In this webinar, we will discuss:

• Risk-based conditional access
• Protecting data against user mistakes
• Attack detection through behavioral analytics and anomaly detection
• Attackers’ techniques

We look forward to you joining us!

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

No, not International Standards Organization superstars

ISO, as “In Search Of” (that’s vintage Internet speak!)

Are you an Azure Security Superstar? Do you know someone that you think of an Azure security superstar?

The move to cloud computing has reignited the interest and demand for security. Just about any conversation about public cloud computing is going to have a major portion dedicated to security. That’s a good thing, because without security, “you got nothin’”

What are some of the things you need to be expert on in order to be considered an Azure security superstar? Here’s a few:

• Azure Disk Encryption
• Azure Storage Encryption
• Azure Security Center
• Operations Management Suite-Security & Compliance
• Azure Key Vault
• Azure SQL Transparent Data Encryption and Cell-Level Encryption
• Azure SQL firewall
• Azure IoT security
• Azure Security best practices
• Azure Virtual Machine security
• Advanced threat detection/Machine Learning/Anomaly Detection/Behavioral Analysis
• Azure compliance and certifications

If you or someone you know is an Azure security superstar, then we want to extend an invite to be an Azure MVP.

What’s an MVP?

Microsoft’s MVP Program recognizes people who over the past 12 months have shown superior knowledge, leadership and passion, combined with a desire to help and accelerate other’s learning, careers, and abilities. If you love to help others succeed, then you’re MVP material.

To determine if you, or someone you know, meets the criteria to become an MVP for Azure, here are some things we are seeking:

• Passion about Microsoft Azure features and services, and excitement about what’s next
• Drive and motivation to share your knowledge with the wider technical community
• Significant contributions over the past year to online communities and/or in-person events (i.e., speaking, blogging, book writing, podcasts, hosting events, mentoring, etc.).
• Seen as a go-to person to discuss newly-released cloud technology and to advise on implementation

What are the benefits and opportunities?

Among the host of benefits and opportunities that Microsoft MVPs receive are:

• Recognition as being an outstanding community leader
• Early access to Microsoft products
• Direct communication channels with our product teams
• Invitation to the Global MVP Summit, an exclusive annual event hosted in our global HQ in Redmond.
• Close relationships with the local Microsoft teams in your area who support and empower MVPs to address needs and opportunities in the local ecosystem.

For more information and to nominate

To nominate yourself or someone else, visit our MVP nomination page.

For more information, please visit Microsoft MVP Site and take a look at our Nomination FAQ for helpful guidance.

HTH,

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!