Events
Apr 8, 3 PM - May 28, 7 AM
Sharpen your AI skills and enter the sweepstakes to win a free Certification exam
Register now!This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Security baselines are standardized documents for Azure product offerings, describing the available security capabilities and the optimal security configurations to help you strengthen security through improved tooling, tracking, and security features. We currently have service baselines available for Azure only.
Security baselines for Azure focus on cloud-centric control areas in Azure environments. These controls are consistent with well-known industry standards such as: Center for Internet Security (CIS) or National Institute for Standards in Technology (NIST). Our baselines provide guidance for the control areas listed in the Microsoft cloud security benchmark v1.
Each baseline consists of the following components:
Note
Microsoft cloud security benchmark is the successor of Azure Security Benchmark (ASB), which was rebranded in October 2022.
The v1 baselines will follow the Microsoft cloud security benchmark v1 control requirements, which also map to newer industry frameworks such as NIST and PCI. These baselines are security feature driven (unlike the baselines for the Azure Security Benchmarks v1 and v2), which is more intuitive and easier to use.
Each Security Benchmark control includes the following information, except where noted:
Feature Legend:
True | False | Not Applicable | |
---|---|---|---|
Supported | This feature is supported to secure this product offering. | This feature is not supported to secure this product offering. | This feature has no use cases in this product offering. |
Enabled by Default | This feature’s security configuration is enabled or deployed by default. (Note: some default configurations can be changed or managed by customers.) | This feature’s security configurations are not enabled or deployed by default. The customer is responsible for implementing configuration guidance. | This feature is either not supported or not applicable to secure the product, so the feature's 'Enabled by Default' value is also marked as 'Not Applicable'. |
To access a list of all Security Benchmark controls, including controls that are not applicable to this specific service, see the full security baseline mapping file. There may occasionally be controls that are not applicable for various reasons—for example, IaaS/compute-centric controls (such as controls specific to OS configuration management) may not be applicable to PaaS services.
We welcome your feedback on the security baselines for Azure services. We encourage you to provide comments in the feedback area below. Or, if you prefer to share your input more privately with the us, email us at benchmarkfeedback@microsoft.com.
Events
Apr 8, 3 PM - May 28, 7 AM
Sharpen your AI skills and enter the sweepstakes to win a free Certification exam
Register now!