Share via

Security Control: Penetration Tests and Red Team Exercises

  • Article
  • 01/30/2024

Note

The most up-to-date Azure Security Benchmark is available here.

Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.

11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings

Azure ID CIS IDs Responsibility
11.1 20.1, 20.2, 20.3, 20.4, 20.5, 20.6, 20.7, 20.8 Shared

Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies. Use Microsoft's strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications.

Next steps

Additional resources

Training

Module

Design solutions for security posture management in hybrid and multicloud environments - Training

You learn how to design security posture management solutions that integrate into hybrid and multicloud scenarios using capabilities in Microsoft Defender for Cloud, Azure Arc and Microsoft Cloud Security Benchmark (MCSB).

Certification

Microsoft Certified: Azure Security Engineer Associate - Certifications

Demonstrate the skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities.