Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article contains security best practices to use when you're designing, deploying, and managing your cloud solutions by using Azure. These best practices come from our experience with Azure security and the experiences of customers like you.
Best practices
These best practices are intended to be a resource for IT pros. IT pros include designers, architects, developers, and testers who build and deploy secure Azure solutions.
- Best practices for protecting secrets
- Azure database security best practices
- Azure data security and encryption best practices
- Azure identity management and access control security best practices
- Azure network security best practices
- Azure operational security best practices
- Azure PaaS Best Practices
- Azure Service Fabric security best practices
- Best practices for IaaS workloads in Azure
- Securing PaaS databases in Azure
- Securing PaaS web and mobile applications using Azure App Service
- Securing PaaS web and mobile applications using Azure Storage
Next steps
Microsoft finds that using security benchmarks can help you quickly secure cloud deployments. Benchmark recommendations from your cloud service provider give you a starting point for selecting specific security configuration settings in your environment and allow you to quickly reduce risk to your organization.
Microsoft Cloud Security Benchmark (MCSB)
The Azure cloud security benchmark (MCSB) provides comprehensive security best practices aligned with industry frameworks spanning identity, networking, compute, data protection, and management layers.
Note
Microsoft Cloud Security Benchmark v2 (Preview): MCSB v2 is now available in preview with significant enhancements including:
- Artificial Intelligence Security: New control domain with 7 recommendations covering AI platform security, AI application security, and AI security monitoring to address threats and risks in AI deployments
- Expanded Azure Policy Coverage: Increased from 220+ to 420+ policy-based control measurements for comprehensive security posture monitoring
- Enhanced Implementation Guidance: More granular technical implementation examples with risk and threat-based control guides
MCSB v2 includes new guidance for confidential computing workloads and can be enforced and monitored through Azure Policy. For more information, see Overview of Azure cloud security benchmark v2 (preview).
Implementation recommendations:
- Monitor compliance: Use the Microsoft Defender for Cloud regulatory compliance dashboard to track Microsoft Cloud Security Benchmark compliance and identify security gaps
- Enforce baselines: Implement Azure Policy to audit and enforce secure configuration baselines based on Microsoft Cloud Security Benchmark v2 (preview) recommendations
- Assess AI workloads: Review the new Artificial Intelligence Security controls in Microsoft Cloud Security Benchmark v2 (preview) if deploying AI/ML workloads to ensure proper platform, application, and monitoring security
For a complete collection of high-impact security recommendations, see the Azure cloud security benchmark.