Microsoft’s recently released Azure Security Benchmark v2 allows you to map to the same benchmarks that you use for your on-premises technology. The benchmarks for both CIS Controls v7.1 and NIST SP800-53 r4 Security and Privacy Controls for Federal Information Systems and Organizations will soon be aligned with the Azure security benchmarks. This will provide a consolidated view of Microsoft’s Azure security recommendations.
Reviewing the Azure benchmarks and frameworks will give you a clearer picture of your Azure security posture. I urge you to look these over even if you are not in a regulated industry. These best practices can go a long way to keeping you secure.
What Azure Security Benchmark v2 includes
Network security: This covers controls to secure and protect Azure networks, securing virtual networks, private connections, preventing and mitigating external attacks, and securing DNS. This is close to the physical and hardware network security in a typical on-premises network.
Identity management: The new security edge in the cloud is identity. This includes controls to establish a secure identity and access controls using Azure Active Directory (AD). It also covers the use of single sign-on (SSO), strong authentications, managed identities (and service principles) for applications, conditional access, and account anomalies monitoring.