Secure your Azure applications the right way. The expert DevSecOps techniques you'll learn in this essential handbook make it easy to keep your data safe.

Azure Security is a practical guide to the native security services of Microsoft Azure. You'll learn how to use Azure tools to improve your systems security and get an insider's perspective on establishing a DevSecOps program using the capabilities of Microsoft Defender for Cloud. Insightful analogies and hands-on examples help demystify tricky security concepts, while clever exercises help reinforce what you've learned.

As a Program Manager at Microsoft, Bojan Magusic has helped numerous Fortune 500 companies improve their security posture in Azure. Now, in Azure Security he brings his experience from the cyber security frontline to ensure your Azure cloud-based systems are safe and secure.

In Azure Security you’ll learn vital security skills, including how to:

• Set up secure access through Conditional Access policiesImplement Azure WAF on Application Gateway and Front Door
• Deploy Azure Firewall Premium for monitoring network activities
• Enable Microsoft Defender for Cloud to assess workload configurations
• Utilize Microsoft Sentinel for threat detection and analytics
• Establish Azure Policy for compliance with business rules

Correctly set up out-of-the-box Azure services to protect your web apps against both common and sophisticated threats, learn to continuously assess your systems for vulnerabilities, and discover cutting-edge operations for security hygiene, monitoring, and DevSecOps. Each stage is made clear and easy to follow with step-by-step instructions, complemented by helpful screenshots and diagrams.

About the technology

Securing cloud-hosted applications requires a mix of tools, techniques, and platform-specific services. The Azure platform provides built-in security tools to keep your systems safe, but proper implementation requires a foundational strategy and tactical guidance.

About the book

Azure Security details best practices for configuring and deploying Azure’s native security services—from a zero-trust foundation to defense in depth (DiD). Learn from a Microsoft security insider how to establish a DevSecOps program using Microsoft Defender for Cloud. Realistic scenarios and hands-on examples help demystify tricky security concepts, while clever exercises help reinforce what you’ve learned.

What's inside

• Set up secure access policies
• Implement a Web Application Firewall
• Deploy MS Sentinel for monitoring and threat detection
• Establish compliance with business rules

About the reader

For software and security engineers building and securing Azure applications.

Table of Contents

PART 1. FIRST STEPS

1. About Azure security

2. Securing identities in Azure: The four pillars of identity and Azure Active Directory

PART 2. SECURING AZURE RESOURCES

3. Implementing network security in Azure: Firewall, WAF, and DDoS protection

4. Securing compute resources in Azure: Azure Bastion, Kubernetes, and Azure App Service

5. Securing data in Azure Storage accounts: Azure Key Vault

6. Implementing good security hygiene: Microsoft Defender for Cloud and Defender CSPM

7. Security monitoring for Azure resources: Microsoft Defender for Cloud plans

PART 3. GOING FURTHER

8. Security operations and response: Microsoft Sentinel

9. Audit and log data: Azure Monitor

10. Importance of governance: Azure Policy and Azure Blueprints

11. DevSecOps: Microsoft Defender for DevOps

About the reader

For software and security engineers building and securing Azure applications.

About the Author

Bojan Magusic is a Program Manager with Microsoft on the Cloud Security Customer Experience Engineering Team. In addition to his various technical certifications (15+ Microsoft certifications and counting), Bojan also has certifications from INSEAD and Kellogg School of Management.