Threat Detection & Monitoring
Azure Threat Protection and Monitoring
Azure offers built-in threat protection functionality through services such as Azure Active Directory (Azure AD), Azure Monitor logs, and Azure Security Center. This collection of security services and capabilities provides a simple and fast way to understand what is happening within your Azure deployments.
Azure provides a wide array of options to configure and customize security to meet the requirements of your app deployments.
Azure Active Directory Identity Protection
Azure AD Identity Protection is an Azure Active Directory Premium P2 edition feature that provides an overview of the risk detections and potential vulnerabilities that can affect your organisation’s identities. Identity Protection uses existing Azure AD anomaly-detection capabilities that are available through Azure AD Anomalous Activity Reports and introduces new risk detection types that can detect real-time anomalies.
Identity Protection capabilities
Azure Active Directory Identity Protection is more than a monitoring and reporting tool. To protect your company’s identities, you can configure risk-based policies that automatically respond to detected issues when a specified risk level has been reached. These policies, in addition to other Conditional Access controls provided by Azure Active Directory and EMS, can either automatically block or initiate adaptive remediation actions including password resets and multi-factor authentication enforcement.
Azure AD Privileged Identity Management
With Azure Active Directory Privileged Identity Management (PIM), you can manage, control, and monitor access within your organization. This feature includes access to resources in Azure AD and other Microsoft online services, such as Microsoft 365 or Microsoft Intune.
Azure Monitor logs
Azure Monitor logs is a Microsoft cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. Because Azure Monitor logs are implemented as a cloud-based service, you can have it up and running quickly with minimal investment in infrastructure services. New security features are delivered automatically, saving ongoing maintenance and upgrade costs.
Insight and analytics
At the centre of Azure Monitor logs is the repository, which is hosted by Azure. You collect data into the repository from connected sources by configuring data sources and adding solutions to your subscription.
Automation and control: Alert on security configuration drifts
Azure Automation automates administrative processes with runbooks that are based on PowerShell and run in the cloud. Runbooks can also be executed on a server in your local data centre to manage local resources. Azure Automation provides configuration management with PowerShell Desired State Configuration (DSC).