Azure Security Ecosystem Archives - Azure Security Architect

Azure Policy Recommended Policies

anuj — Sun, 29 Dec 2024 16:32:53 +0000

These are the top recommended policies for most customers.

Enforce resource tagging
Limit allowed locations
Prohibit specific resources deployment (e.g. Public IP addresses)
Require Secure Transfer for Storage Accounts
Block Public Access to Storage Accounts
Block Anonymous access to storage accounts
Configure Cosmos DB accounts to disable public network access
Configure Azure SQL accounts to disable public network access

The post Azure Policy Recommended Policies appeared first on Azure Security Architect.

Azure Firewall – Stateful, Packet Inspection

anuj — Mon, 15 Apr 2024 14:38:25 +0000

What is needed to deploy an Azure Firewall?

Azure Firewall requires it’s own empty subnet and an unused IP address space. You will need to create an address space, if one isn’t available.

Do I also need NSGs?

No. Once an Azure Firewall is in place, no NSGs are needed.

Do I also need ASGs?

No. An Application Security Group is a grouped set of azure resources that can be referenced via a common set of NSGs rules.

Do I also Azure Policy?

No. These are different from Firewalls – these are more around Governance.

The post Azure Firewall – Stateful, Packet Inspection appeared first on Azure Security Architect.