本文介绍 Azure 资源管理器中内置的安全控制。This article documents the security controls built into Azure Resource Manager.
安全控制是促使 Azure 服务能够防范、检测和响应安全漏洞的一种服务质量或功能。A security control is a quality or feature of an Azure service that contributes to the service's ability to prevent, detect, and respond to security vulnerabilities.
对于每项控制,我们使用“Yes”或“No”来指示它当前是否用于该服务,对于不适用于该服务的控制为“N/A”。For each control, we use "Yes" or "No" to indicate whether it is currently in place for the service, "N/A" for a control that is not applicable to the service.我们还可能会提供有关属性的更多信息的注释或链接。We might also provide a note or links to more information about an attribute.
数据保护Data protection
安全控制Security control
Yes/NoYes/No
注释Notes
服务器端静态加密:Azure 托管的密钥Server-side encryption at rest: Azure-managed keys
是Yes
传输中加密(例如 ExpressRoute 加密、VNet 中加密,以及 VNet-VNet 加密)Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)
是Yes
HTTPS/TLS。HTTPS/TLS.
服务器端静态加密:客户管理的密钥 (BYOK)Server-side encryption at rest: customer-managed keys (BYOK)
空值N/A
Azure 资源管理器不存储客户内容,仅存储控制数据。Azure Resource Manager stores no customer content, only control data.
列级加密(Azure 数据服务)Column level encryption (Azure Data Services)
是Yes
加密的 API 调用API calls encrypted
是Yes
网络Network
安全控制Security control
Yes/NoYes/No
注释Notes
服务终结点支持Service endpoint support
否No
VNet 注入支持VNet injection support
是Yes
网络隔离和防火墙支持Network isolation and firewalling support