Happy New Year 2024!

With new year comes new resolutions, new dreams and new goals.

This year my focus is on mastering a new cloud platform and its security aspects.

I had two major options: GCP and Azure. Though I have some experience with GCP, particularly its key security components, Azure remains an unexplored area for me.

In 2024, my goal is to master Azure and its security capabilities. Instead of traditional learning methods, I'm choosing to 'learn in public.' This means I'll share insights through short articles and tweets, ensuring that we all learn about Azure cloud security together.

The aim of this email series is straightforward: to make you comfortable and knowledgeable in Azure Security.

Before we begin…

If you want to make the best use of this series, I would urge you to:

1. Create a free Azure account (comes with $200 credit and popular Azure services free for 12 months, just like AWS Free Tier)

2. Try the concepts yourself in your own Azure account. When I write about dashboard, just play around with your Azure account’s dashboard and see. When I write about Virtual Networks or Network Security Groups, you can experiment with the same in your account.

3. Reach out to me in case of questions/feedback.

4. Finally, share this series with your friends and colleagues who would like to learn about Azure Security. 🙂 This really has a compounding effect: more people read this series → more feedback I get → more experiments I do and learn → much better articles and emails.

Week 1 - Basics of Azure

This week is all about basics of Azure. Yes, just the basics.

For first few weeks let’s get comfortable talking about Azure, it’s jargon and how the popular Azure services work at a high level.

Introduction to Azure

Azure is more than just about hosting and storage. Azure offers a unique blend of services tailored for various needs, from AI and analytics to security and IoT.

In a nutshell, what sets Azure apart is its seamless integration with other services (including Azure and Office 365 services), its global scale and its unmatched security.

Learn more about this here - https://badshah.io/azure/introduction/

Navigating Azure Portal

After signing up for an Azure account, the first step is to familiarize yourself with the Azure Portal.

The Azure Portal (at https://portal.azure.com) offers a user-friendly interface for managing Azure services. The landing page provides a summary of your resources, recent activities, and personalized recommendations.

Pro Tip: Check out the “All Resources” page to find an inventory of all your Azure assets.

Learn more about this here - https://badshah.io/azure/navigating-azure-portal/

Azure Management Groups, Subscriptions and Resource Groups

One Azure account (known as subscription in Azure terms) is what you start with. Multiple Azure subscriptions is what you end up with on production. This can be for multiple reasons - one account per customer, one account per legal entity/product, segregating prod and nonprod resources, etc.

Azure offers a structure way of organizing its resources and subscriptions.

• Microsoft Entra Tenant - created when you sign up for an Azure account (more on this in following weeks)

• Azure Management Groups - a logical container of one/more subscriptions

• Azure Subscriptions - a logical container of one/more resource groups

• Azure Resource Group - a group of Azure resources

Learn about about this here - https://badshah.io/azure/azure-hierarchy/

Understanding Azure SKUs

A very common term you will come across in Azure is SKU (stands for “Stock Keeping Unit”).

In Azure, SKU refers to a specific version or offering of a resource. It defines the characteristics, capabilities, features, performance levels, and pricing of various Azure resources and services like virtual machines, storage accounts, databases, and more.

Let’s say you want to enable Azure Firewall. You have the following SKUs:

• Firewall Basic

• Firewall Standard

• Firewall Premium

You can learn more about SKUs here - https://badshah.io/azure/understanding-skus/

Introduction to Microsoft Entra ID

Microsoft Entra ID, formerly known as Azure Active Directory (AD), is a cloud-based identity and access management (IAM) service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Entra ID Free is enabled when you sign up for Azure. This provides most necessary security features such as:

• Single Sign On

• Multifactor Authentication (MFA)

• Azure Role-Based Access Control (RBAC)

• Security monitoring, alerts, and machine learning-based reports

• and more…

Microsoft Entra ID also has different SKUs. Entra ID Premium licenses offer you more features that are unavailable in Entra ID Free.

Remember: Microsoft Entra ID is NOT Active Directory in the Cloud!

You can learn more about Entra ID here - https://badshah.io/azure/introduction-to-microsoft-entra-id/

Virtual Networks in Azure

Azure VNet is a representation of your own network in the cloud. It’s a logical isolation of the Azure cloud dedicated to your Azure subscription.

VNets enable Azure resources like virtual machines (VMs) and applications to securely communicate with each other, the internet, and on-premises networks.

VNets integrate with other paid Azure security services like Azure Bastion, Azure Firewall and Azure DDoS Network Protection.

You can learn more about VNets here - https://badshah.io/azure/virtual-networks-in-azure/

Network Security Groups (NSGs)

Network Security Groups (NSGs) in Azure are essential for managing network traffic to and from Azure resources in an Azure Virtual Network.

They contain security rules that can either allow or deny inbound and outbound network traffic based on several factors such as source and destination, port, and protocol.

Unlike AWS’s security groups, Azure’s NSGs can be associated with either a virtual network subnet or directly to a network interface in a virtual machine.

You can learn more about NSGs here - https://badshah.io/azure/network-security-groups

Finally

Did you learn something new about Azure today? 🥺

Please share this email with your friends, hackers & cloud security engineers. Tweet about it, post it on social media, or forward this email to others.

If you have any specific feedback, shoot an email to [email protected]/send a DM on my LinkedIn.

Many thanks for considering my request.

Until next time 👋