Microsoft Azure Monitor Insights
You can subscribe here for more at Azure Academy on YouTube Channel
When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :
Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.
From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :
Microsoft Azure Security Center is working with the following navigation menu’s on the left :
Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture.
Improve your secure score in Azure Security Center
Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.
From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.
Azure Security Center Advise on Disk Encryption
I really like this feature in Azure Security Policy & Compliancy to help the business with GDPR and keep your Data Save by Security.
So now you can work on your Security and Compliance
Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.
Microsoft Azure Hybrid Cloud Architecture HUB-Spoke Model
This blogpost about Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift” is part of a Datacenter transition to Microsoft Azure Intelligent Cloud. It’s talking about Azure Architecture, Security, Assessment, Azure Policy, and implementation of the design. Here you find the first blogposts :
It’s important for your business to have your Azure Architectural design with Security in place before you start your “Lift and Shift” actions, think about Identity Management and Provisioning, RBAC for your Administrators and Super Users with Two-Factor Authentication. Security with Network Security Groups and Firewalls
To “Lift and Shift” to the Azure HUB Subscription we have the following in place by Design :
To help you more with your Azure Virtual Datacenter have a look here
When creating a building, scaffolding is used to create the basis of a structure. The scaffold guides the general outline and provides anchor points for more permanent systems to be mounted. An enterprise scaffold is the same: a set of flexible controls and Azure capabilities that provide structure to the environment, and anchors for services built on the public cloud. It provides the builders (IT and business groups) a foundation to create and attach new services keeping speed of delivery in mind. Read more hereI did the “Lift and Shift” between quotes because it’s important to follow the process workflow to be successful in your Datacenter transition to the Microsoft Azure Cloud.
Here you find all the Microsoft Azure Migration information
App Migration to Azure: Your options explained by Jeremy Winter
The Azure Migrate service assesses on-premises workloads for migration to Azure. The service assesses the migration suitability of on-premises machines, performs performance-based sizing, and provides cost estimations for running on-premises machines in Azure. If you’re contemplating lift-and-shift migrations, or are in the early assessment stages of migration, this service is for you. After the assessment, you can use services such as Azure Site Recovery and Azure Database Migration Service, to migrate the machines to Azure.
In your datacenter you got all kind of different workloads and solutions like :
When you do your Datacenter Assessment it’s important to get your workloads visible, because “Lift and Shift” with Azure Site Recovery (ASR) of a Virtual Machine is an different scenario then SQL database migration to Azure. That’s why Microsoft has different tooling like :
To get your dependencies in your Datacenter on the map, Microsoft has Azure Service Maps.
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
In the following step-by-step guide we will install the Azure Site Recovery Agent on a Hyper-V host and migrate a virtual machine to Microsoft azure in a “Lift and Shift” way.
First create a Recovery Services Vault => Click Add.
Then you go to your new created Recovery Vault and click on Getting started for Site Recovery. => Prepare infrastructure and follow the steps.
When you have selected Hyper-V VM to Azure, the next step is the ASR Deployment Planner tool kit. Here you find more information on Azure Site Recovery Deployment Planner user guide for Hyper-V-to-Azure production deployments.
Then in step 3 you will make your Hyper-V Site in Microsoft azure with the Right Hyper-V Servers.
Here is where the registration begins with the Azure Site Recovery (ASR) Agent installation on your Hyper-V Host.
Follow the five steps and make sure your Hyper-V Node can access Azure via secure port 443(https) via Proxy or firewall rules.
The Azure Site Recovery agent is installed and need to be registered with your Azure Recovery Vault.
For this you need the key file from the Azure portal to download at step 4. Click on Register.
In the Azure Portal you will see your Hyper-V Node, in my Demo LAB it’s WAC01.MVPLAB.LOCAL.
In the next step you can choose an existing Storage account, or a new one with different specifications.
In this step we create the replication policy.
When you click on OK the Infrastructure is done.
Select your Source and location.
here you select your target Storage account, Resource Group and Network.
The connections are made between Hyper-V, ASR Vault and Storage.
Select the Virtual Machine(s) from the Hyper-V host to replicate for migration with ASR
From here the Replication will begin from Hyper-V Host to Azure 🙂
To make your recovery plan and do the failover for migration to azure, you have to wait until the first replication is done for 100%.
The Target in the recovery plan can only be selected when the first replication is done.
Overview of the Azure Site Recovery Migration failover.
From the Hyper-V Host you can pause or see the replication health status.
Azure Migrate Virtual Machines using Azure Site Recovery video with Microsoft Jeff Woolsey
To migrate your SQL Backend to Microsoft Azure, use this step-by-step instructions help you perform your first assessment for migrating to on-premises SQL Server, SQL Server running on an Azure VM, or Azure SQL Database, by using Data Migration Assistant.
“Lift and Shift” Migration of your complete datacenter exists of different scenarios for your workloads to Microsoft Azure. With that said, Microsoft has for each scenario tooling available to get the job done. It’s all about a good Architectural Design, Security in place, People and process to get your Intelligent Azure Cloud up and running for your Business.
Next Blogpost Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 :
SQL assessment and Data Migration to Azure
Yesterday I was playing with Mimikatz (Hackertool) for Security pen tests and it was not working because Azure Security Center Quarantined the file 🙂
On my Surface I got an Azure monitoring Agent running
The Investigation feature in Security Center allows you to triage, understand the scope, and track down the root cause of a potential security incident.
The intent is to facilitate the investigation process by linking all entities (security alerts, users, computers and incidents) that are involved with the incident you are investigating. Security Center can do this by correlating relevant data with any involved entities and exposing this correlation in using a live graph that helps you navigate through the objects and visualize relevant information.
Microsoft Azure Security Center found also a rare SVCHOST Service on my Surface, and the ASC investigation dashboard gives you great overview of the security risk.
You can Run a Playbook based on this alert Rare SVCHOST Service
Try it yourself, more information about Azure Security Center Investigation Dashboard (Preview) can be found here
Windows Admin Center is an evolution of Windows Server in-box management tools; it’s a single pane of glass that consolidates all aspects of local and remote server management. As a locally deployed, browser-based management experience, an Internet connection and Azure aren’t required. Windows Admin Center gives you full control of all aspects of your deployment, including private networks that aren’t Internet-connected.
Windows Admin Center supports several optional features that integrate with Azure services. Use the following information to configure the Windows Admin Center gateway to support these Azure integration features. Configuring Azure Integration in WAC
When you have Azure integration in place with Microsoft Windows Admin Center you can use Azure Site Recovery (ASR).
Azure Site Recovery is an Azure service that replicates workloads running on VMs so that your business-critical infrastructure is protected in case of a disaster. Learn more about Azure Site Recovery
.Use the following information to configure replication settings and create a recovery plan from within the Azure portal, enabling Windows Admin Center to start VM replication and protect your VMs.
Follow Jeff Woolsey Principal Program Manager Windows Server / Hybrid Cloud
Windows Admin Center Just Rocks also for our PowerShell Administrators 😉
Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.
You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.
You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.
Here you find more on Set security policies in Azure Security Center
Some policies need the upgrade Enhanced Security
Contact information for Notifications
Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Security Center is offered in two tiers:
• The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
• The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….
What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.
Download the Baseline configuration JSON file
You can make a Custom Baseline with Visual Studio Code and Upload to Azure
Microsoft Azure Security Center QuickStart :
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:
Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.
All Events view in Azure Security Center
Upgrade to standard Tier for Hybrid Security
Search with analytics
Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.
Have a look and play with Azure Log Analytics.
in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:
Azure Security Center gives you Recommendations
For example to Encrypt your Virtual Machines in Azure with a Link
Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:
Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.
Compute Security Overview
Compute Security and Components view
Networking Security Overview
Storage & Data Security Overview
Identity and Access Overview in Azure Security Center
Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.
One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.
Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly
Custom Alert Rules
Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.
Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.
Azure Security Center Playbooks
What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.
Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !
Microsoft Azure Services 101 Cards
From here you can get the Azure Container Instances Information