Professional Documents
Culture Documents
Data breach
Application Gateway
Multi-Factor Authentication Microsoft Antimalware for Azure Azure Key Vault Azure Log Analytics
Azure (WAF), Azure Firewall
Security
Role Based Access Control IoT Security DDoS Protection Standard Confidential Computing
Azure Sentinel
Virtual WAN (SIEM as a Service)
Azure Sentinel
(ExpressRoute, VPN)
Azure Active Directory Windows Defender Advanced Azure Information Protection Secure Score
Threat Protection
Windows Hello Office 365 Data Loss Prevention Microsoft security and
Office 365 Advanced Threat compliance center
Credential Guard Protection Windows Information
Microsoft Protection
Azure Advanced Threat
365 Protection BitLocker
+Monitor
Security Operations Center
https://aka.ms/cloudsecurityplaybook
Partner Competencies – Azure Cloud Security
• Security Practice
Beginner Intermediate Advanced Development Playbook
• Engineering Security
Exam reference M365 Security Administrator
M365 Enterprise
Azure Security Engineer Webinars
Administrator
• Azure Security Center in the
Field Channel
Job Experience
Learning Path - Compliance Practice Lead & Sales
Resources
• Security Practice
Beginner Intermediate Advanced Development Playbook
Job Experience
Network
Security
Azure Network Security enabling “Zero Trust”
DDOS protection tuned Centralized inbound web Centralized outbound and Distributed inbound & Restrict access to Azure
to your application application protection inbound (non-HTTP/S) outbound network (L3-L4) service resources (PaaS)
traffic patterns from common exploits network and application traffic filtering on VM, to only your Virtual
and vulnerabilities (L3-L7) filtering Container or subnet Network
https://docs.microsoft.com/de-de/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
Hub-Spoke Network Components
Local Network: A private local network operated in an organization.
VPN Device: A device or service that already has external connectivity to the local network.
VPN Gateway for a virtual network or ExpressRoute gateway: The virtual network gateway can connect to the
VPN device or expressroute to connect to your local network. For more information, see Connecting a Local
Network to a Microsoft Azure Virtual Network.
Virtual Hub Network: The virtual network used as a hub in the hub-spoke topology. The hub is the central
connectivity point for your local network that allows you to host services that can be used by the various
workloads hosted in the virtual spoke networks.
Gateway Subnet: The virtual network gateways are on the same subnet.
Virtual Spoke Networks: Virtual networks used as spokes in the hub-spoke topology. Spokes can be used to
isolate workloads in their own virtual networks that are managed separately from other spokes.
peerconnection.
Azure Netzwerk Segmentation – Subnets
A virtual network can be segmented into subnets up to the applicable limits.
You can use a Network Security Group (NSG) to filter traffic on your network and apply rules to that
traffic.
Deployment - Hub-Spoke Architecture
Spoke Vnet – Connected Devices
Connect Spoke und Hub Vnet (Peering)
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Connect Spoke und Hub Vnet (Peering)
Azure Firewall
Cloud native stateful Firewall as a PaaService
Azure Firewall Certifications 07/20
SOX (US)
23 NYCRR 500 GxP (FDA 21 CFR Part 11)
Spain DPA
AFM and DNB (Netherlands) HIPPA
TISAX
AMF and ACPR (France) HITECH Act (US)
TruSight
APRA(Australia) HITRUST
UK G-Cloud
ISO 20000-1:2011
Argentina PDPA WCAG 2.0
ISO 22301:2012
Australia IRAP ISO 27001:2013
CDSA ISO 27017:2015
CFTC 1.31 ISO 27018:2014
CSA STAR Attestation ISO 9001:2015
CSA STAR Certification Japan My Number Act
CSA STAR Self-Assessment K-ISMS
Canadian Privacy Laws KNF(Poland)
DPP(UK) MAS and ABS (Singapore)
EU ENISA IAF MPAA(US)
NBB and FSMA (Belgium)
EU Model Clauses
NEN 7510:2011 (Netherlands)
European Banking Authority NHS IG Toolkit (UK)
FCA and PRA (UK) Netherlands BIR 2012
FERPA (US) OSFI(Canada)
FFIEC(US) PCI DSS Level 1
FINMA (Switzerland) RBI and IRDAI (India)
FSA (Denmark) SOC 1 Type 2
GLBA (US) SOC 2 Type 2
Germany C5 SOC 3
https://docs.microsoft.com/en-us/azure/firewall/compliance-certifications
Azure Firewall Manager
https://docs.microsoft.com/de-de/azure/firewall-manager/overview
Azure FW for MSSP Partner Customer Customer 1
Reference Architecture Subscription 2
PIM Customer 2
Customer 3
MSSP Identity
Azure AD: Tenant 2
Customer 4
Microsoft Internal Use and Microsoft Partners Only
Tutorial - Deploying an Azure Firewall to Hub Vnet
https://docs.microsoft.com/de-de/azure/firewall/tutorial-firewall-deploy-portal
Before you start ….
DeployAzure Firewall (as PaaS)
Azure Firewall Deployment - Create Route Tables
Azure Firewall Configuration via Rules
Azure Firewall – Network Access Rule
Azure Firewall Configuration - NAT Rule on JumperVM
Azure Firewall Configuration – Threat Intelligence Feature
… check Peering to Spoke VNet
Microsoft Intelligent Security Association
https://www.microsoft.com/en-us/security/partnerships/intelligent-security-association
Differences 3rd Party ISV Firewall Solution
Deploying Firewall ISV solutions as IaaS
3rd Party WAF Flexible Licensing Options
Bring your own license (BYOL) Pay as you go (PAYG)
1.
2.
3.
Insecurely configured
Virtual machines Web apps Data loss
applications
IoT devices
Security Center – Overview provides a unified view into the security posture of your
hybrid cloud workloads, enabling you to discover and assess the security of your
workloads and to identify and mitigate risk. Security Center automatically enables
any of your Azure subscriptions not previously onboarded by you or another
subscription user to the Free tie
The NEW Azure Security Center Dashboard
NEW – Azure Security Center with Azure Defender Dashboard
Azure Defender for Azure IaaS & PaaS
Export to CSV
©Microsoft Corporation
Azure
ASC – Respond to an Alert (Risk/Threat Mitigation)
https://docs.microsoft.com/en-us/azure/security-center/security-center-get-started
Learn more about Azure Sentinel
depts@microsoft.com
aka.ms/tpdmsform
aka.ms/tpdmsform
Ansprechpartner:
Hunor Kovacs
Partner Technical Consultant | Technical Presales & Deployment Services
CSS Partner Enablement
Thank you
matthias.partl@microsoft.com