Security Control: Penetration Tests and Red Team Exercises

Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.

11.1: Conduct regular penetration testing of your Azure resources and ensure remediation of all critical security findings within 60 days

Azure ID CIS IDs Responsibility
11.1 20.1-20.8 Shared

Follow the Microsoft Rules of Engagement to ensure your Penetration Tests are not in violation of Microsoft policies:

https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=1

You can find more information on Microsoft’s strategy and execution of Red Teaming and live site penetration testing against Microsoft-managed cloud infrastructure, services, and applications, here:

https://gallery.technet.microsoft.com/Cloud-Red-Teaming-b837392e

Next steps

Read more about Azure Security Controls