4. Azure VM
Web App Blob storage
Azure Kubernetes
Services (AKS)
Azure Key Vault
(AKV)
Azure SQL
Azure Container
Registry (ACR)
Private
Datacenter /
Other clouds
5. Azure
Microsoft Azure
$1B annual investment
in cybersecurity
3500+ global security experts
Trillions of diverse signals for
unique intelligence
6. Windows Admin Center provides granular management anywhere
Lightweight, browser-based, remote
management
Great for troubleshooting,
configuration, maintenance
Connect to and manage a single
server/cluster at a time
7. Extend on-premises into Azure Centrally manage from Azure
Business continuity & disaster recovery
Azure Site
Recovery
Azure
Backup
Storage
Replica
Azure
Network Adapter
Azure
Extended Network
Azure File Sync
Create Azure VM
Azure
Monitor
Azure
Security Center
Azure Update
Management
Azure Arc for Servers
Secure
Extend on-premises capacity
Storage Migration Service
Monitor Update
Govern
Azure Policy
Cloud witness
8. Get secure faster
Azure security center
Strengthen security posture
Cloud security posture management
Secure Score
Policies and compliance
Protect against threats
For
servers
For cloud native
workloads
For
databases
and storage
9. Centralized management from Azure
Azure management services
Azure Policy
via Azure Arc
Azure
Update Management
Azure
Security Center
Azure Monitor
10. Azure Security Center
Protect your workloads from threats
Use industry’s most extensive threat intelligence to gain deep insights
Protect cloud-native services
from threats
Protect data services against
malicious attacks
Protect your Azure IoT solutions with
near real time monitoring
Service layer detections: Azure
network layer and Azure management
layer (ARM)
Detect & block advanced malware and
threats for Linux and Windows Servers
on any cloud SQL
management
Apps
VMs/
Servers IoT
Network
Containers
Cloud workload protection
11. Protect Linux and Windows VMs from threats
Reduce open network ports:
• Use Just-in-Time to avoid
exposure of management ports
• Limit open ports with adaptive
network hardening
Protect against malware:
• Block malware with adaptive
application controls
• Built-in Microsoft Defender
ATP EDR
• Crash dump analysis and
fileless attack detections
Antimalware
Defender ATP
!
Behavior analytics
!
App control
!
Lateral
Movement
Data
exfiltration
Malicious code
execution
On-premise
Azure, AWS, and GCP
12. Protect hybrid datacenters and multi-cloud with Azure security center
Hybrid Server protection for Datacenters
and other clouds
Onboard on-prem servers to Security
Center from Windows Admin Center
Auto-onboard AWS EC2 instances using a
new API connector (preview)
13. Cloud workload protection for hybrid VMs and servers
Automatic
onboarding &
extending to hybrid
cloud
Server security
hygiene
File integrity
monitoring
Detect and block
advanced threats for
servers
Built-in EDR with
Microsoft Defender
ATP
Cloud-native
detections
Built-in
vulnerability
Assessment
Cloud native network
security controls
Adaptive application
control
Central management
Reduce attack surface
Detect advanced threats
15. Azure ARC
Govern across your environment
• Asset organization and inventory with a unified
view in the Azure Portal
• Universal governance anywhere through Azure
Policy
• Built-in server compliance rules
• Central compliance view across all servers
• Server owners can view and remediate to meet
their compliance
• MSPs can implement governance for their
customer’s environment
O n-premises
& ho sted
Multi -cloud
Azure Management
(Azure Resource Manager, Azure Policy,
Azure Portal, API, CLI…)
16. Example solution architecture on Azure
Azure VM
Web App Blob storage
Azure Kubernetes
Services (AKS)
Azure Key Vault
(AKV)
Azure SQL
Azure Container
Registry (ACR)
Private
Datacenter /
Other clouds
17. Threat protection for cloud at scale:
Export assessments and alerts for security roles
Compute
App Network
Access
IoT
SQL
Azure Security Center
Cloud Workload Protection
Azure Sentinel
Cloud Native SIEM
Microsoft
365
Azure Security
Center
Azure
SentinelASC Connector
SIEM
18. Automate workflows with ASC
Automate workflows with ASC
Trigger playbooks based on ASC
recommendations and alerts
Built-in playbooks, build your own with
Azure Logic apps
New community hub
Share workflows and remediation
policies with the community the things
that you’ve built
Learn what others did and deploy
directly to Azure
Automate and script through API
and PowerShell
19. Protect your workloads against threats: a go-do list
Good hygiene comes
first, strengthen your
cloud security posture
01
Turn on threat protection
for all cloud resources
02
Reduce attack surface for VMs
with JIT, Network and app
controls
03
Integrate alerts into your
SIEM & notify app owners
04
Identify root cause and
drive new security
hygiene up
05