0
0
Azurecloud~5 mins

Security pillar principles in Azure - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Security pillar principles help protect your cloud resources from threats. They guide you to keep data safe, control access, and monitor your environment.
When you want to protect sensitive customer data in your cloud applications
When you need to control who can access your cloud resources and what they can do
When you want to detect and respond to security threats quickly
When you need to comply with laws and regulations about data protection
When you want to build trust with users by keeping their information secure
Commands
This command enables automatic provisioning of security services in your Azure subscription to help protect resources.
Terminal
az security auto-provisioning-setting create --name default --auto-provision On
Expected OutputExpected
{ "autoProvision": "On", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Security/autoProvisioningSettings/default", "name": "default", "type": "Microsoft.Security/autoProvisioningSettings" }
--name - Sets the name of the auto-provisioning setting
--auto-provision - Turns auto-provisioning On or Off
This command assigns the Reader role to a user or service, giving them read-only access to resources in a specific resource group.
Terminal
az role assignment create --assignee 11111111-1111-1111-1111-111111111111 --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup
Expected OutputExpected
{ "canDelegate": null, "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/roleAssignments/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "name": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "principalId": "11111111-1111-1111-1111-111111111111", "principalType": "User", "roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup", "type": "Microsoft.Authorization/roleAssignments" }
--assignee - Specifies the user or service principal to assign the role
--role - Specifies the role to assign
--scope - Limits the role assignment to a specific resource or group
This command lists security alerts in the specified resource group to help you monitor potential threats.
Terminal
az security alert list --resource-group myResourceGroup
Expected OutputExpected
[ { "alertDisplayName": "Suspicious login", "alertType": "SuspiciousLogin", "severity": "High", "status": "Active", "timeGenerated": "2024-06-01T12:00:00Z" } ]
--resource-group - Filters alerts to a specific resource group
Key Concept

If you remember nothing else from this pattern, remember: controlling access, protecting data, and monitoring threats are the core of cloud security.

Common Mistakes
Assigning overly broad permissions to users or services
This can lead to accidental or malicious changes that harm your resources or data.
Use the principle of least privilege by assigning only the permissions needed for the task.
Not enabling automatic security service provisioning
Without automatic provisioning, some security features may not be active, leaving gaps in protection.
Enable auto-provisioning to ensure security services are always running.
Ignoring security alerts or not monitoring them regularly
Threats can go unnoticed and cause damage if alerts are not reviewed and acted upon.
Regularly check security alerts and respond promptly to any issues.
Summary
Enable automatic security service provisioning to protect resources continuously.
Assign roles carefully to control who can access and change your cloud resources.
Monitor security alerts regularly to detect and respond to threats quickly.