What are some azure specific guardrails that need to be in place for a safe landing? Before you migrate even a single workload, you may want to address some of these security guardrails on your Azure Subscription (or multi subscription).

Security, IAM, Budgeting and Related Guardrails - Azure Security Architect

  • Subscription Management, Collapsing existing Subscriptions and management groups. 
  • Conditional Access Policies Overview and Recommended Policies (as well as remediation of any policy violations)
  • Azure AD Management, Access and Deny policies for users and AAD. AAD Subdomains, Device and User Management within AAD.
  • DNS Carryover from on premises to Azure
  • Sign In Security - Identity Protection and Sign In Policies
  • Mapping On premises roles to corresponding Azure roles, using Azure RBAC
  • Log Analytics for better insights into azure's native logs
  • Azure Security Center - For creating non compliance alerts and remediating the underlying resources. 
  • Azure Governance, Resource Graphs and Queries, Azure Policies, Azure Blueprints (resource groups, policies, role assignments, Resource Manager templates ).
  • Office 365 Tenants and Applications. Federating Corporate Users, Adding Guest Users.  
  • Using Azure Blob Storage and Azure Cloud Shell for easier Powershell based management of the subscription 
  • Efficient Resource Management including Tagging of Resource Groups and Resources 
  • Cost and Budget Compliance

Need a hands on Azure Security Architect? Set up a 1 on 1 appointment with Anuj to assist with your cloud journey