Pen Testing Your Applications in Microsoft Azure

Several people in the Azure security community have been asking about pen testing applications that they’ve deployed in Microsoft Azure. It’s a good question and so I put together an answer for you that you can find over at Pen testing your applications hosted in Microsoft Azure. If you have any questions, comments or ideas…


Security Considerations and Best Practices for Azure Resource Manager

This post comes from George Moore, Principal Program Manager Lead, Azure Compute. When working with Azure Resource Manager (ARM) and ARM templates for deploying IaaS resources, you want to make sure to bake in enterprise-grade security by considering security best practices. Key security issues to consider when using ARM templates include options and best practices…


Cross-Posting: Multi-factor Authentication Cloud Security Controls

Good afternoon community: Here is the next cross-positing of Tim Rain’s blog from the cloud security controls series on multi-factor authentication. This particular posting is very valuable in the value and implementation of multi-factor authentication for your assets and applications in the cloud.   We look forward to your comments and feedback on what you would like…

0

Certificate Management in Azure: Do’s and Don’ts

This post comes from Avi Ben-Menahem, a Principal Security Program Manager in the Azure Security engineering team. There are multiple services that require credentials for secure access or data protection as part of service development and operations in Azure. Some of the most immediate examples include SSL (ok, actually TLS, but we’ll refer to it…

0

Cross posting: Azure Active Directory’s Access and Usage Reports

Good morning community: I thought I would share a good cross-positing of Tim Rain’s blog on Azure Active Directory’s Access and Usage Reports. It is a part of a new cloud security control series and very tightly tied in the Azure Security controls and operations discussed and shared in this blog. Stay tuned, there is…

0

Best Practices to protect your Azure deployment against “cloud drive-by” attacks

As a follow-up to David Cross‘s “Cloud Security as a Shared Responsibility” blog, I’d like to share the perspective of the Microsoft Security Response Center (MSRC). The MSRC executes security response activities for threats that target Azure’s internal infrastructure and customer deployments. This experience provides a unique perspective on how cloud providers and customers are…


Azure Active Directory Audit logs

This post comes from Namgyal Dolker, a senior security program manager in the Azure Security engineering team. One of the primary concerns from customers is the sense of losing the visibility into what is happening in their cloud service.  They want to understand how to perform many of the same actions and activities In the…

1

Cloud Security as a Shared Responsibility

I thought it would be valuable to start a series of conversations on how Microsoft thinks, acts and enables cloud infrastructure security from an Azure perspective.  Cloud security is a shared responsibility between Microsoft and all our tenants.  We (Azure) protect the infrastructure, we detect fraud and abuse and we respond to incidents by notifying…

1

Building Cloud Trust

A few weeks ago, Vijay Kumar and I delivered a session at the RSA Conference in San Francisco where we discussed how you can trust a cloud provider.  As we discussed in our session using the Microsoft cloud as an example, trust is perhaps one of the most fundamental aspects people need and seek out when they…

0