Azure Sentinel – on the fast track

Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture – get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.

On-demand session

Here is the link to attend the full session, on-demand: https://info.microsoft.com/AP-AzureSec-WBNR-FY20-10Oct-24-AzureSentinel-SRDEM10204_LP02OnDemandRegistration-ForminBody.html 

Slides

Demos

Onboarding Sentinel and dahsboards exploration

Security Investigations with Azure Sentinel

Additionnal resources:

As usual, happy to hear your feedbacks!

Arnaud

Cloud Adoption Framework, Scaffolding and Azure Virtual Datacenter

<Updated 11th July 2019>

Since we started to help customers of all sizes to deploy cloud technologies, we have developed many frameworks which all evolved in parallel over time. You may have heard about: Cloud Adoption Framework, Cloud Operations Model, Entreprise Cloud Strategy, Entreprise Scaffolding and maybe a couple more.

The CAF is dead, long live the CAF!

A couple of weeks ago, we published a new version of CAF – Cloud Adoption Framework for Azure, which consolidates all of our engineering and field best practices, as well as patterns that we’ve seen from big entreprises going to the cloud.

CAF has now five main sections which guide you throughout the whole circle:

cloud-adoption-framework-overview

  1. Plan
  2. Ready
  3. Migrate
  4. Manage
  5. Govern

This model is very realistic and field inspired, including some discussions around adoption with one or more cloud providers.

Governance

One of the most intimidating aspects of cloud adoption is the governance: how to manage new risks that are involved with cloud deployments and how to accompany that with entreprise processes and policies (and how does it remain current).

It is of course an iterative process that will evolve as you add new services into your environment: from dev/test to prod, and from legacy 3-tiers application to a brand new cloud-native application.

We distinguish 5 disciplines in governance:

  1. Cost management
  2. Security baseline
  3. Resource consistency
  4. Identity baseline
  5. Deployment Acceleration

But the difficulty is the first step: how do I get a minimal viable product (MVP) for my first cloud deployment?

incremental-governance-example

Actions: In order to avoid you the blank page syndrome, we have prepared you some actions:

  1. Determine your immediate objectives with cloud, and the readiness of your organization. Cloud Assessment Tool: https://aka.ms/CAF/gov/assess 
  2. Establish your governance MVP:
    1. Small to Medium Entreprises
    2. Large Entreprises

For all those journey we document a minimum viable product across the five disciplines, we explain the design decisions we took for you, the discussion points and alternative design considerations.

When we define governance, we also think about compliance to the rules, and automatic remediation methods for it: this is called Azure Policy.

Along the way, if you are going for ongoing compliance, why not going to continuous integration and continuous deployment for your infrastructure?

cicd

If you want to have a look at all of that in action, check at:

Azure Scaffolding

We used to talk a lot of  “scaffolding” as it is an excellent checklist, or set of mandatory technical implentation details for a good cloud deployment. It is being replaced by the “landing zone” construct (see next section).

Here is a refresher picture about what scaffolding includes:

scaffoldv2

Important readings on Azure Scaffolding:

Azure Landing Zones

Landing Zone is our new construct to describe a good deployment, its replacing the scaffolding idea but takes all of its good ideas.

landing-zone-considerations-2

It has the idea of primitives which includes all mandatory decisions:

  • Management Groups
  • Resource Groups
  • Naming Standards
  • Number of subscriptions

On the technical implementations of Governance it includes all of:

  • Policies
  • Cost
  • Monitoring
  • Identity

Moreover, it comes with all set of decision trees in order to help you when it comes to implementation with your customers/partners:

 

Azure Virtual Datacenter

Azure VDC is a set of concepts, implentation guidance and automation scripts that allows you to build a highly available and highly secure datacenter, based on Microsoft Azure services.

vdc_example

You can find all the materials here: https://docs.microsoft.com/en-gb/azure/architecture/vdc/ 

Check at the automation scripts and all the archetypes that allow you to deploy a VDC environment fast – based on Docker and Python : https://github.com/Azure/vdc

As last reference, as usual, our Azure Architecture Center

That’s it, now you will have a very well architected Azure deployment!

Arnaud 

Azure Governance in the real world

In this session, we review the fundamentals behind a well managed Azure environment: Azure Management Groups, Azure Policy and Blueprints.

Session

Slides

Download the slides here

Demo 1: Architecture Center, Service Trust Portal

 

Demo 2: Azure Management Groups & Azure Policy

 

Demo 3: Create custom policies with Terraform

 

Demo 4: Azure Blueprints

 

More

Follow the new sessions coming up on the Azure APAC webinar series: 

https://www.microsoft.com/en-sg/apac/azurewebinar 

As usual, feel free to reach out if you have any question!

Arnaud

Improve your application security and compliance with Azure

Please find below materials from our online session for 29th August 2018 10am Singapore time!

Microsoft Azure enables you to meet the compliance requirements for data confidentiality, while ensuring data integrity and availability at all times. Tune in to this webinar to find out more about the available security technologies for your application and learn more about the security tools to help you meet the data compliance and protection requirements for your organization.

On-demand content

Registration: https://info.microsoft.com/AP-AzureINFRA-WBNR-FY19-08Aug-29-securityandcompliancewithAzure-MCW0008428_01Registration-ForminBody.html 

Video of the session

Slides

Demos

Azure Privacy and Compliance

Azure Firewall

Azure Security Center

 

As usual, feel free to reach out if you have any question!

 

Arnaud

Azure Infrastructure Fundamentals Webinars – part 2

In this article we continue to review our online sessions covering Azure Infrastructure fundamentals that went live couple of weeks ago. Please find below the links to the sessions, the slides, demos and step by steps guides to reproduce the demos!

 

Session 3: Azure Backup and Disaster Recovery

Azure Site Recovery and Backup are two features that allow you to easily build Disaster Recovery and Backup plans. In this session, we will review the different options that are available to build a DRP that you can rely on.

Session on demand: https://info.microsoft.com/AP-AzureINFRA-WBNR-FY18-03Mar-28-AzureSiteRecoveryAzureBackup-MCW0004394_02OnDemandRegistration-ForminBody.html

Slides:

Demos:
1. Backup

2. Disaster recovery

Demos references:

 

Session 4: Azure Compliance and security

The security and compliance session review the fundamentals of Azure security in both technical and non-technical terms. After a review of certification against the best in class policies and procedures, we will spend some time reviewing the technologies that customers can leverage to deploy solutions.

Session on demand: https://info.microsoft.com/AP-AzureINFRA-WBNR-FY18-03Mar-07-AzureSecurityandCompliance-MCW0004574_01Registration-ForminBody.html

Slides:

Demos:
1. Azure Security Center

2. Azure Key Vault

Demo references:

That’s it for today, in the next post, more details on the other episodes of the serie!

Arnaud