Enterprise Security in Practice

Slides:



Advertisements
Similar presentations
Secure Hyperconnectivity with TeamViewer and Windows technologies
Advertisements

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
The story of an IoT solution
Azure File Sync Setup, configuration and management
How To Deliver Apps Faster And Secure Them The Microsoft Way
Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions
Migrating your IaaS infrastructure from ASM to ARM without downtime
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Modernizing your Remote Access
Azure SDKs and Tools for You
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise
The power of common identity across any cloud
Virtual Machine Diagnostics in Microsoft Azure
Protect sensitive information with Office 365 DLP
Secure Remote Access to on-premises Web Apps using Azure AD
SQL Server on Linux on All-Flash Arrays
Microsoft Ignite /31/ :08 AM
Excel and Power BI Better Together Democratization of data
Workflow Orchestration with Adobe I/O
Customize Office 365 Search and create result sources
Eliminate Service Outages with Microsoft Azure and ServiceNow
Best Practices for Securing Hybrid Clouds
Azure Security in four steps
Automate all things! Microsoft Azure continuous deployment
Data Growth Challenge at WSP USA
9/18/ :06 AM BRK2212 Gain visibility into Network performance and availability with Network monitoring solutions in Azure Vijay Tinnanur Abhishek.
Prevent Costly Data Leaks from Microsoft Office 365
9/22/2018 3:49 AM BRK2247 Learn from MVPs: Panel discussion on all things SharePoint and OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT.
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Port your AWS Knowledge to Azure
Continuous Delivery with Visual Studio Team Services
Azure Advisor: Optimization in the best way
Mobile Center and VSTS:​ Better together for your Mobile DevOps
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Microsoft products for non-profits
Power-up NoSQL with Azure Cosmos DB
Automating security for better, continuous compliance in the cloud
Introduction to ASP.NET Core 1.0
Five mistakes to avoid when deploying Enterprise Mobility + Security
Five cool things you can do with Windows PowerShell on Office 365
What do YOU get from SharePoint Hybrid?
Microsoft To-Do Preview
MDM Migration Analysis Tool (MMAT)
Overview: Dynamics 365 for Project Service Automation
Virtual Reality with Azure and Unity
Understand your Azure cloud assets dependencies with BMC Discovery
Surviving identity management in a hybrid world
Breaking Down the Value of A Yammer Post: 20 Things to Do
Cool Microsoft Edge Tips and Tricks
When Bad Things Happen to Good Applications
Getting the most out of Azure resources with Azure Advisor
Manage your App Service resources using Command line tools
“Hey Mom, I’ll Fix Your Computer”
4/21/2019 7:09 AM THR2098 Unlock New Opportunities with Nintex Hawkeye Process Intelligence and Workflow Analytics Sr. Product.
Business Continuity and the Microsoft Cloud
Consolidate, manage, backup, and secure your cloud content
Designing Bots that Fit Your Organization
Ask the Experts: Windows 10 deployment and servicing
Passwordless Service Accounts
Azure Networking inside and out
Digital Transformation: Putting the Jigsaw Together
WCF and .NET Framework Microservices in Containers
Diagnostics and troubleshooting in Azure App Service Support Center
Optimizing your content for search and discovery
Route web traffic using Azure CLI
Presentation transcript:

Enterprise Security in Practice 5/20/2018 11:12 PM THR3067 Enterprise Security in Practice Radu Vunvulea Senior Architect, Endava @RaduVunvulea © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Purpose Discover how we can mitigate enterprise security requirements using Microsoft Azure resources

Enterprise and security 5/20/2018 11:12 PM Enterprise and security Slow feedback Lack of flexibility High number of stakeholders © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Infrastructure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sandbox Each System is isolated inside a sandbox 5/20/2018 11:12 PM Sandbox Each System is isolated inside a sandbox Group resources Control Manage Resource Group System © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Direct access Direct communication between resources inside System 5/20/2018 11:12 PM Direct access Direct communication between resources inside System Same network Visible between each other Easy access and control VNET Resource Group System © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Isolation Control traffic inside and outside a network 5/20/2018 11:12 PM Isolation Control traffic inside and outside a network NSG Restric traffic Controls what goes to and from VNET Isolate from outside VNET Resource Group System © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

NSG – Tips and Tricks Don’t remove default rules Rules priority Control traffic that goes to the same network Load Balancer probes Allow outbound traffic Rules priority Rules are checked in the order of priority Multiple association Same NSG can be associate to multiple resources

Cross System communication Control traffic between Systems 5/20/2018 11:12 PM Cross System communication Control traffic between Systems VNET VNET Specify what can be exchange between Systems Full control on inbound and outbound traffic System A System B NSG © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Integrate with company firewall security policies 5/20/2018 11:12 PM Integrate with company firewall security policies © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Network Virtual Appliance Protection and monitoring capabilities 5/20/2018 11:12 PM Network Virtual Appliance Protection and monitoring capabilities VNET Control security from only one location Cross location synchronization NGFW NGFW Appliance System A © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitor and Audit Monitor all traffic that goes through a VNET 5/20/2018 11:12 PM Monitor and Audit Monitor all traffic that goes through a VNET VNET All traffic goes through virtual appliance Push audit data to on-premises system Firewall, IDS, IPS System Virtual Appliance UDR © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Traffic Control © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM External traffic control External traffic needs to come only from on-premises NSG & NVA Full control of IP Filtering Traffic goes through VPN VNET S2S VPN System Internet © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM IPSec VPN terminated outside firewall VPN connection shall be terminated on dedicated IPSec router VNET Cannot be done using S2S VPN VPN terminated before NGFW, inside Virtual Gateway Appliance S2S VPN System NGFW VG Appliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM IPSec VPN terminated outside firewall VPN connection shall be terminated on dedicated IPSec router VNET Appliance plays the role of firewall and VPN Gateway S2S VPN System VNS3 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Device authentication using certificates VPN connection shall rely on certificates VNET Supported only for Point-to-Site VPN Site-to-Site VPN is connected directly to VPN hardware System VG Appliance certificates © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Cascaded Virtual Appliances Dedicated firewall, auditing, stateful, antivirus VNET Multiple virtual appliances connected together VNS3 NGFW System © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Independent log management server

5/20/2018 11:12 PM Central logging data Available for at least 180 days, longer retention policies Activity Logs Azure Diagnostic Logs AAD Reporting VM and Cloud Services Storage Analytics Network Security Groups Application Insights Security Alert Color Map: Configurable, +180 days, 90 days © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitor and react - OMS Respond to alerts in a timely manner 5/20/2018 11:12 PM Monitor and react - OMS Respond to alerts in a timely manner Agent Log Analytics Repository Alerts Cloud Log Search API © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

API and Infrastructure changes 5/20/2018 11:12 PM API and Infrastructure changes Cloud service provider can make changes only after the nature of change is understood and a security assessment is done. YES: Microsoft announce 12 months in advance any breaking changes at API or functionality level. NO: Infrastructure and services change are done on the fly as long as the API or functionality is not altered. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory

5/20/2018 11:12 PM Identity and Access Management System shall be integrated with the following systems AD TIM/TAM EAI ADFS TFIM SecurID © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory The gold mine of enterprises 5/20/2018 11:12 PM Azure Active Directory The gold mine of enterprises Separation of duties Access policies Remote access accounts Multi-factor authentication Encrypted password Password hashed in motion Identity life-cycle management Accounts updated immediately Password policies compliant Users federation Role-based access Edge authentication © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Final thoughts © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Mitigation Document and Mitigate 5/20/2018 11:12 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM Q&A © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 5/20/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/20/2018 11:12 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.