Azure AD |
Cloud-based identity service (authn, SSO, identity services) |
Azure Advanced Threat Protection (ATP) |
- Security solution that identifies, detects, and helps investigate advanced threats, compromised identities, and malicious insider actions
- Components:
- ATP portal: portal through which you can monitor and respond to suspicious activity
- ATP sensors: installed directly on your domain controllers (to monitor its traffic)
- ATP cloud service: runs on Azure infrastructure and is connected to Microsoft's intelligent security graph
|
Azure Information Protection (AIP) |
Solution that helps classify and optionally protect documents and emails by applying labels |
Azure Key Vault |
Centralized cloud service for storing application secrets |
Azure Policy |
- Create, assign and, manage policies which enforce different rules and effects over resources (think at AWS SCPs)
- It focuses on resource properties (e.g., types or locations) during deployment and for already-existing resources (whereas RBAC focuses on user actions at different scopes)
- It is a default-allow-and-explicit-deny system
- Common policy definitions:
- Allowed Storage Account SKUs (stock keeping units)
- Allowed Resource Type
- Allowed Locations
- Allowed Virtual Machine SKUs
- Not allowed resource types
|
Compliance Manager |
- Workflow-based risk assessment dashboard within the Service Trust Portal that enables to track, assign, and verify regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure
- Compliance Manager is a dashboard that provides a summary of data protection and compliance stature and recommendations for improvement
|
Security Center |
- Monitoring service that provides threat protection both in Azure, and on-premises
- The Free tier provides security policies, assessments, and recommendations while the Standard tier provides a robust set of features, including threat intelligence
- It can:
- Provide security recommendations based on your configurations, resources, and networks
- Monitor security settings and automatically apply required security to new services as they come online
- Continuously monitor all your services and perform automatic security assessments to identify potential vulnerabilities
- Use machine learning to detect and block malware from being installed in your services and virtual machines
- Analyze and identify potential inbound attacks and help to investigate threats and any post-breach activity which might have occurred
- Just-In-Time access control for ports, reducing your attack surface by ensuring the network only allows traffic you require
|
Service Trust Portal (STP) |
Hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports (ISO, SOC, NIST, FedRAMP, GDPR) and other compliance-related information relevant to Microsoft's cloud services |
Storage Service Encryption |
Azure storage automatically encrypts data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage |
Trust Center |
Website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services |