Azure Cloud Security

Building a Profitable Security Practice with Microsoft

Agenda
 “Zero Trust” in Cloud Environments

Identitäten Devices Apps & Data

Cloud apps
Shadow
IT SaaS
Azure
Employees
Partners
Customers

Data breach

Identity breach On-premises apps

Transformation New Attack “Identities are the new

Cloud & Mobility Patterns Perimeter”
 DOWNLOAD the MICROSOFT „Zero Trust“ Whitepaper here

Microsoft Internal Use and Microsoft Partners Only

Azure/Office 365 - Shared Responsibility
 Microsoft Security für M365 and Azure
Identity & access Threat Network Data & information Security
management protection Security protection management

Micro Segmentation (VNET,

Azure Active Directory Azure Security Center Encryption (Disks, Storage, SQL) Azure Security Center
Service Endpoints, NSG/ASG)

Application Gateway
Multi-Factor Authentication Microsoft Antimalware for Azure Azure Key Vault Azure Log Analytics
Azure (WAF), Azure Firewall
Security
Role Based Access Control IoT Security DDoS Protection Standard Confidential Computing
Azure Sentinel
Virtual WAN (SIEM as a Service)
Azure Sentinel
(ExpressRoute, VPN)

Azure Active Directory Windows Defender Advanced Azure Information Protection Secure Score
Threat Protection
Windows Hello Office 365 Data Loss Prevention Microsoft security and
Office 365 Advanced Threat compliance center
Credential Guard Protection Windows Information
Microsoft Protection
Azure Advanced Threat
365 Protection BitLocker

Microsoft Cloud App Security Microsoft Cloud App Security

 https://aka.ms/MCRA Video Recording Strategies
Office 365
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)

Securing Privileged Access

Dynamics 365
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)

Data Loss Protection

Data Governance
eDiscovery

SQL Encryption &

Data Masking

+Monitor
Security Operations Center

Provide actionable security

alerts, raw logs, or both
Security Practice Playbook
Playbook Table of Contents
About this Playbook
The Security Opportunity
Define Your Strategy
Define Your Practice Focus
Understanding the Security Practice
Understanding Project Based Services
Deploy Microsoft Intune
Deploy Azure Sentinel
Deploy Azure Information Protection
Understanding and Accelerating Your Managed Service
Model
Understanding Intellectual Property
Define Vertical Offerings
Define Your Pricing Strategy
Identify Partnership Opportunities
Define Engagement Process
Stay Informed on Security & Compliance
Calculate Your Azure Practice Costs
Identify Potential Customers
Identify Solution Marketplace Platform
To provide feedback, email:
playbookfeedback@microsoft.com
https://aka.ms/cloudsecurityplaybook
Hire & Train
Hire, Build, and Train Your Team
Job Descriptions
Recruiting Resources
Training & Readiness
Competencies & Certifications
Operationalize
Implement a Solution Delivery Process
Define Customer Support Program & Process
Manage and Support and Azure Deployment
Support Ticket Setup and Tracking
Integrate Into a Marketplace
Implement Intellectual Property Offerings
Setup Social Offerings
Create Engagement Checklists & Templates
Go to Market and Close Deals
Marketing to the Security Buyer
Consultative Selling and Technical Pre-Sales
Architecture Design Session
Implement Proofs of Concept
Optimize and Manage
Understanding Customer Lifetime Value
 Partner Competencies – Azure Cloud Security

MS-500 – Microsoft Certified Security Administrator

https://docs.microsoft.com/en-us/learn/certifications/exams/ms-500

AZ-500 - Microsoft Certified Azure Security Technologies

https://docs.microsoft.com/en-us/learn/certifications/exams/az-500
Learning Path - Security & Identity Practice Lead & Sales
Resources

• Security Practice
Beginner Intermediate Advanced Development Playbook

• M365 Partner Technical

Introduction to security in Microsoft 365
Protect identity and access with Azure
Identity & Access Management Readiness Hub
Active Directory
• Microsoft Security & Identity
Available now Available now Available now
Practice Page
Defend against threats with Microsoft
Threat Protection • Winning with Microsoft
Threat Protection Security & Compliance
Available now Available now Webinar Series
MDATP Ninja L400 Course - Available Now
Azure Security Center Ninja L400 - Available Now Technical Resources
Manage security with Microsoft 365
• Security docs
Available now Azure Sentinel
• Endpoint Management
Available now Practice Page
Azure Sentinel Ninja L400 Course - Available Now
• Secure Remote Work docs

Endpoint Management • Secure Remote Work

Resource Center
Available now
• Transform: Sales Content,
Demos, Labs & Readiness

• M365 Security and

Compliance Partners
Yammer Community

• Engineering Security
Exam reference M365 Security Administrator
M365 Enterprise
Azure Security Engineer Webinars
Administrator
• Azure Security Center in the
Field Channel
Job Experience
Learning Path - Compliance Practice Lead & Sales
Resources

• Security Practice
Beginner Intermediate Advanced Development Playbook

• M365 Partner Technical

Learn how Microsoft safeguards Manage information protection and
M365 Compliance Masterclass Readiness Hub
customer data governance
• Microsoft Compliance
Available now Available now Available now
Practice Page

• Winning with Microsoft

Manage insider risk in Microsoft 365
Security & Compliance
Webinar Series
Available now
Technical Resources
Advanced eDiscovery & Advanced
Audit • Practice Page
Available now • Compliance docs

Protect enterprise information with • Transform: Sales Content,

Microsoft 365 Demos, Labs & Readiness

Available now • M365 Security and

Compliance Partners
Yammer Community

Exam reference M365 Security Administrator

M365 Enterprise
Administrator

Job Experience
Network
Security
 Azure Network Security enabling “Zero Trust”

DDoS Web Application Azure Network Service

protection Firewall Firewall Security Groups Endpoints

DDOS protection tuned Centralized inbound web Centralized outbound and Distributed inbound & Restrict access to Azure
to your application application protection inbound (non-HTTP/S) outbound network (L3-L4) service resources (PaaS)
traffic patterns from common exploits network and application traffic filtering on VM, to only your Virtual
and vulnerabilities (L3-L7) filtering Container or subnet Network

Application protection Micro segmentation

 Hub-Spoke Network Topology in Azure - Reference
Architecture

https://docs.microsoft.com/de-de/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
 Hub-Spoke Network Components
Local Network: A private local network operated in an organization.

VPN Device: A device or service that already has external connectivity to the local network.

VPN Gateway for a virtual network or ExpressRoute gateway: The virtual network gateway can connect to the
VPN device or expressroute to connect to your local network. For more information, see Connecting a Local
Network to a Microsoft Azure Virtual Network.

Virtual Hub Network: The virtual network used as a hub in the hub-spoke topology. The hub is the central
connectivity point for your local network that allows you to host services that can be used by the various
workloads hosted in the virtual spoke networks.

Gateway Subnet: The virtual network gateways are on the same subnet.

Virtual Spoke Networks: Virtual networks used as spokes in the hub-spoke topology. Spokes can be used to
isolate workloads in their own virtual networks that are managed separately from other spokes.
peerconnection.
 Azure Netzwerk Segmentation – Subnets
A virtual network can be segmented into subnets up to the applicable limits.

You can use a Network Security Group (NSG) to filter traffic on your network and apply rules to that
traffic.
Deployment - Hub-Spoke Architecture
Spoke Vnet – Connected Devices
 Connect Spoke und Hub Vnet (Peering)

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Connect Spoke und Hub Vnet (Peering)
 Azure Firewall
Cloud native stateful Firewall as a PaaService
 Azure Firewall Certifications 07/20
SOX (US)
23 NYCRR 500 GxP (FDA 21 CFR Part 11)
Spain DPA
AFM and DNB (Netherlands) HIPPA
TISAX
AMF and ACPR (France) HITECH Act (US)
TruSight
APRA(Australia) HITRUST
UK G-Cloud
ISO 20000-1:2011
Argentina PDPA WCAG 2.0
ISO 22301:2012
Australia IRAP ISO 27001:2013
CDSA ISO 27017:2015
CFTC 1.31 ISO 27018:2014
CSA STAR Attestation ISO 9001:2015
CSA STAR Certification Japan My Number Act
CSA STAR Self-Assessment K-ISMS
Canadian Privacy Laws KNF(Poland)
DPP(UK) MAS and ABS (Singapore)
EU ENISA IAF MPAA(US)
NBB and FSMA (Belgium)
EU Model Clauses
NEN 7510:2011 (Netherlands)
European Banking Authority NHS IG Toolkit (UK)
FCA and PRA (UK) Netherlands BIR 2012
FERPA (US) OSFI(Canada)
FFIEC(US) PCI DSS Level 1
FINMA (Switzerland) RBI and IRDAI (India)
FSA (Denmark) SOC 1 Type 2
GLBA (US) SOC 2 Type 2
Germany C5 SOC 3

https://docs.microsoft.com/en-us/azure/firewall/compliance-certifications
 Azure Firewall Manager

Azure Firewall Manager Features includes

• Central Azure Firewall deployment and configuration

• Hierarchical policies (global and local)
• Integrated with third-party security-as-a-service for advanced
security
• Centralized route management
• Region availability

https://docs.microsoft.com/de-de/azure/firewall-manager/overview
 Azure FW for MSSP Partner Customer Customer 1
Reference Architecture Subscription 2

MSSP Operations Customer 1

Azure Subscription Azure Subscription 1 Azure FW

Partner Admin PAL

Center Registration
SOC Collaboration Customer 1
M365 Subscription Subscription 3
Azure FW Azure FW
Manager Manager
Teams for
secure Azure FW
collaboration
B2B Customer Identity
and Azure AD: Tenant 3
communication
CA

PIM Customer 2

Customer 3
MSSP Identity
Azure AD: Tenant 2
Customer 4
Microsoft Internal Use and Microsoft Partners Only
 Tutorial - Deploying an Azure Firewall to Hub Vnet

https://docs.microsoft.com/de-de/azure/firewall/tutorial-firewall-deploy-portal
Before you start ….
DeployAzure Firewall (as PaaS)
Azure Firewall Deployment - Create Route Tables
Azure Firewall Configuration via Rules
Azure Firewall – Network Access Rule
Azure Firewall Configuration - NAT Rule on JumperVM
Azure Firewall Configuration – Threat Intelligence Feature
… check Peering to Spoke VNet
 Microsoft Intelligent Security Association

https://www.microsoft.com/en-us/security/partnerships/intelligent-security-association
Differences 3rd Party ISV Firewall Solution
Deploying Firewall ISV solutions as IaaS
 3rd Party WAF Flexible Licensing Options
Bring your own license (BYOL) Pay as you go (PAYG)

1.

2.
3.

40 | © 2015, Palo Alto Networks. Confidential and Proprietary.

3rd Party ISV Firewall (IaaS)- Reference architecture (IaaS)
FortiGate (IaaS) – Data Flow
43
44
45
46
47
48
49
50
51
 Security
Management
(Azure Security
Center)
 Azure Cloud Security - Kill Chain Model

Exposure Access Lateral movements Actions

Insecurely configured
Virtual machines Web apps Data loss
applications

Vulnerabilities Web apps SQL databases

Data exfiltration

Infected admin Credentials Virtual machines

Brute force attacks

IoT devices

© Microsoft Corporation Azure

 Azure Security Center for hybrid and multi-cloud environments

Continuous assessment of security

state with a dynamic secure score

Best practice recommendations

Central policy for security and

compliance

Across all your workloads

 Risk Mitigation through Azure Security Center

Security Center – Overview provides a unified view into the security posture of your
hybrid cloud workloads, enabling you to discover and assess the security of your
workloads and to identify and mitigate risk. Security Center automatically enables
any of your Azure subscriptions not previously onboarded by you or another
subscription user to the Free tie
The NEW Azure Security Center Dashboard
NEW – Azure Security Center with Azure Defender Dashboard
 Azure Defender for Azure IaaS & PaaS

© Microsoft Corporation Azure

 Azure Security Center with Azure Defender

© Microsoft Corporation Azure

 Advanced Security Monitoring & Response for Multi Cloud with Azure Arc

© Microsoft Corporation Azure

 ASC for Multi Cloud and Hybrid Cloud Environments

© Microsoft Corporation Azure

 ASC – Multi Cloud Connectors

© Microsoft Corporation Azure

 ASC – Insight through Recommendations

© Microsoft Corporation Azure

 ASC – Insight through Security Alerts

© Microsoft Corporation Azure

 ASC - Improved Automation to respond to risks

Apply Quick Fixes to recommendations

Automate responses with LogicApps

Continuously export to Event Hub and Log Analytics

Export to CSV

©Microsoft Corporation
Azure
 ASC – Respond to an Alert (Risk/Threat Mitigation)

© Microsoft Corporation Azure

 ASC – Improved Visibility through Centric View

© Microsoft Corporation Azure

 Getting started … - Azure Security Center

https://docs.microsoft.com/en-us/azure/security-center/security-center-get-started
 Learn more about Azure Sentinel

© Microsoft Corporation Azure

 WW Security Community
https://aka.ms/SecurityCommunity

Product Recordings of Past Webinars

Azure Security Center for IoT https://aka.ms/ASCIoTRecordings

Azure Advanced Threat Protection https://aka.ms/AATPRecordings

Azure Sentinel http://aka.ms/AzureSentinelRecordings

Azure Information Protection https://aka.ms/AIPRecordings

Microsoft Cloud App Security https://aka.ms/MCASRecordings

Security Intelligence Report https://aka.ms/SIRRecordings

 Partner Support – Azure Cloud Security
Partner Technical Service:

depts@microsoft.com
aka.ms/tpdmsform

aka.ms/tpdmsform

Ansprechpartner:
Hunor Kovacs
Partner Technical Consultant | Technical Presales & Deployment Services
CSS Partner Enablement
 Thank you

matthias.partl@microsoft.com