Azure networking has a lot of moving parts. This chapter from Microsoft Azure Security Infrastructure discusses components from a security perspective, best practices, and some patterns that you might want to adopt for your own deployments.
To understand Microsoft Azure network security, you have to know all the pieces and parts that are included. That means this chapter begins with a description and definition of all the features and services related to Azure networking that are relevant to security. For each feature, the chapter describes what it is and provides some examples to help you understand what the feature does and why it’s good (or bad) at what it does. Some capabilities in Azure networking don’t have a security story to tell, so the chapter leaves out those capabilities.
After the groundwork is laid and you have a better understanding of Azure networking, the chapter discusses Azure security best practices. These best practices are a compilation of things that you should do regarding Azure network security if they are appropriate to your deployment.
The chapter ends with a description of some useful patterns that you might want to use as reference implementation examples on which you can build your own solutions.
The goal of this chapter is to help you understand the “what’s” and “why’s,” because if you don’t understand those, you’ll never get to the how’s; if you implement the “how’s” without understanding the “what’s” and the “why’s,” you’ll end up with the same “it sort of grew that way” network that you might have on-premises today. (If your network isn’t like that, consider yourself exceptionally wise or lucky.)
To summarize, the chapter:
Discusses the components of Azure networking from a security perspective.
Goes over a collection of Azure networking best practices.
Describes some Azure network security patterns that you might want to adopt for your own deployments.
One more thing before you venture into the inner workings of Azure networking: If you’ve been with Azure for a while, you’re probably aware that Azure started with the Azure Service Management (ASM) model for managing resources. Even if you haven’t been around Azure since the beginning, you’re probably aware of the “old” and “new” portals (the “old” portal is now called the “classic” portal and the new portal is called the “Azure portal”). The classic portal uses the ASM model. The new portal uses the resource management model known as Azure Resource Management. This chapter focuses only on the Azure Resource Management model and the networking capabilities and behavior related to this model. The reason for this is that the ASM model is being phased out and there is no future in it, so it would be best to migrate your ASM assets (if you have any) to the new Azure Resource Management model.