Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/6/2019 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Published byÉdouard Beauregard Modified over 5 years ago

Similar presentations

Presentation on theme: "4/6/2019 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS."— Presentation transcript:

1 4/6/2019 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 4/6/2019 9:47 PM THR2360 Cloud Governance at Microsoft through Azure Policy, Management Groups, and Secure DevOps Toolkit Dana Baxter © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 4/6/2019 9:47 PM Scenario Design, develop and implement an Azure Policy & Governance Strategy that meets CSEO’s enterprise Cloud governance needs while enhancing the Azure product’s capabilities Current: Custom Toolkit Manually audit, remediate, and report on all deployed Azure resources for security compliance using Azsk Next steps: Native Azure Prevent deployment of non-compliant resources Automate remediation Secure by default © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Azure Policy and Governance
4/6/2019 9:47 PM Azure Policy and Governance Current AzSK Policy Deployments 7 Security Policies deployed across 100% of CSEO subs containing 226K resources AzSK Baseline Security – scanning 753 subs 81K scans on 32 minimum security controls Designing enterprise scale security and infrastructure policies Next Steps/Roadmap Internal POC – Centralized deployment to validate our ability to manage policy at enterprise scale Deployment at Scale – Both Security and Infrastructure Policies (Audit, DeployifNotExists, Deny, etc.) across CSEO as an enterprise wide deployment via Management Groups © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Azure Security Policy Deployment (How we got here)
4/6/2019 9:47 PM Azure Security Policy Deployment (How we got here) Feature Area Subscription Security Subscription Security Health Check Subscription Provisioning Secure Development Security Verification Tests (SVTs) Security IntelliSense VS Editor Extension Security in CICD AzSK-SVTs VSTS extension for injecting security tests in a CICD pipeline Continuous Assurance Security scanning of Azure subscription and applications via automation runbooks Alerting & Monitoring Single pane view of security across dev ops stages Cloud Risk Governance Support for control state attestation and security governance dashboards. Challenges Deployment is Manual – Deployment of policies requires users to run the azsk on each subscription. Policy Enforcement is Manual – Since deployment is manual, subscription have to monitored for existence of controls Compliance Reporting is Centralized – Monitoring have policy violations are centralized and requires a team to notify subscription owners when resources fall out of compliance Remediation is manual – Remediation of compliance failure requires users to run azsk commands on each subscription with a failed resources © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Azure Policy and Governance – Security Policies
4/6/2019 9:47 PM Azure Policy and Governance – Security Policies Deployed Security Policies Across CSEO - Audit Policies (Supports Alerting Capabilities that Generates Subscriptions Owners Notifications) AzSK_ARMPol_Audit_Classic_Resource_Create AzSK_ARMPol_Audit_Job_Scheduler_Free_Tier AzSK_ARMPol_Audit_NonGRS_Storage_SKU AzSK_ARMPol_Audit_NonHBI_Resource_Create AzSK_ARMPol_Audit_Old_SQL_Version AzSK_ARMPol_Audit_SQL_Basic_Create Deny Policy (Blocks Classic Resource Deployments) AzSK_ARMPol_Deny_Classic_Resource_Create © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Azure Security Policy Deployment (the road ahead)
4/6/2019 9:47 PM Azure Security Policy Deployment (the road ahead) Next Steps Management Groups deployed for test subscriptions Security Policies 74 policies ready for pilot Infrastructure Policies 19 policies ready for pilot Production Management Groups adoption Management Groups activity logging Improved RBAC for Management Groups Challenges Solved Deployment is automated – Deployment of policies is pushed to all subscription after the MG Tree Policy Enforcement is Automated – Inherence is enforced to all subscription after the MG Tree Compliance reporting is multi level – Policy Audit results can be seen by subscription owners via an Azure blade or IT managers Remediation is automated – New Azure Policy Remediation Feature allow user to failures © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Resources Ignite 2018 Sessions More info and recordings
4/6/2019 9:47 PM Resources Ignite 2018 Sessions BRK Architecting Security and Governance Across your Azure Subscriptions Joseph Chan,  Satya Vel Sep 25th 2:15 – 3:30 OCCC W331 BRK Deep dive into Implementing governance at scale through Azure Policy Liz Kim, Tigran Shahbazian Sep 27th 4:00 PM - 5:15 PM OCCC WF 3-4 (Tangerine Ballroom) More info and recordings Getting started with the Secure DevOps Kit for Azure (AzSK) Implement governance in Microsoft Azure at scale with policy-based management - Ignite 2017 Govern your Azure environment through Azure Policy - Build 2018 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Microsoft Core Services Engineering & Operations (CSEO)
Find us in the Immersion Zone and at Expo Theater #5 Meet the IT pros who power and digitally transform the Microsoft enterprise

10 Microsoft Ignite 2016 4/6/2019 9:47 PM IT Showcase Learn how our IT pros are digitally transforming the Microsoft enterprise -white papers -technical case studies -articles -webinars -blog microsoft.com/itshowcase © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Please evaluate this session Your feedback is important to us!
4/6/2019 9:47 PM Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: Go to the website: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 4/6/2019 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "4/6/2019 9:47 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS."

Similar presentations

11/19/2017 9:41 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

11/19/2017 9:41 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
Microsoft 2016 5/23/2018 8:20 PM THR3038 Implement dev and test scenarios using Azure and Visual Studio Team Services Alex Mang Azure MVP © 2016 Microsoft.

Microsoft /23/2018 8:20 PM THR3038 Implement dev and test scenarios using Azure and Visual Studio Team Services Alex Mang Azure MVP © 2016 Microsoft.
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Cloud-First, Modern Windows Management and Security

Cloud-First, Modern Windows Management and Security
Microsoft 2016 6/4/2018 11:15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.

Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Microsoft 2016 6/23/2018 1:11 AM BRK3180 Migrate CRM OnPremise organizations to CRM Online cloud using Dynamics Lifecycle Services (LCS) Aditya Varma Ganapathy.

Microsoft /23/2018 1:11 AM BRK3180 Migrate CRM OnPremise organizations to CRM Online cloud using Dynamics Lifecycle Services (LCS) Aditya Varma Ganapathy.
How Microsoft does IT: Our journey to success with Microsoft Teams

How Microsoft does IT: Our journey to success with Microsoft Teams
Jenkins and Azure OPEN322 Michael Friedrich.

Jenkins and Azure OPEN322 Michael Friedrich.
The power of common identity across any cloud

The power of common identity across any cloud
Microsoft Ignite 2016 7/17/ :54 PM BRK2092

Microsoft Ignite /17/ :54 PM BRK2092
Examine common architectures for hybrid identity

Examine common architectures for hybrid identity
7/19/2018 9:40 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

7/19/2018 9:40 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Ignite 2016 7/22/2018 3:27 PM BRK2121

Microsoft Ignite /22/2018 3:27 PM BRK2121

Similar presentations

Ads by Google