Infrastructure and development security best practices
This article contains infrastructure and development security best practices and recommendations that help improve the security of workloads, data, and services in Azure.
Guidance
Infrastructure and development security best practices are in two parts, each with their own section. Each section covers the full lifecycle of strategy, architecture, implementation, operations, and governance. The guidance supplements Microsoft tools and security guides, including Microsoft Cloud Adoption Framework for Azure overview, Azure Security Benchmark introduction, and other supporting technical documentation.
Service baselines
You can implement Azure Security Benchmark security controls to individual service baselines throughout your organization's benchmark planning, approval, and implementation processes across high-level control domains:
- Network security (NS)
- Identity Management (IM)
- Privileged Access (PA)
- Data Protection (DP)
- Asset Management (AM)
- Logging and Threat Detection (LT)
- Incident Response (IR)
- Posture and Vulnerability Management (PV)
- Endpoint Security (ES)
- Backup and Recovery (BR)
- DevOps Security (DS)
- Governance and Strategy (GS)
For each topic, we provide top-level basic guidance along with a list and description of tools, materials, and approaches you can use in your organizations implementation process.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for