Azure Security white papers

Introduction to Azure Security Explains the collection of security controls implemented in Azure from both the customer's and Microsoft operations' perspectives. Provides a comprehensive look at the customer-facing security controls available with Azure.
Security best practices for Azure solutions A collection of security best practices to use when you’re designing, deploying, and managing your cloud solutions by using Azure.
Developing secure applications on Azure A general guide to the security questions and controls you should consider at each phase of the software development lifecycle when developing applications for the cloud.
Advanced threat detection Guides you through the Azure approaches towards threat vulnerability assessments, diagnostics, and analysis. Explains how Microsoft uses advanced threat detection mechanisms to secure the platform. Also explains how Microsoft includes these mechanisms in public facing features and services.
Azure data encryption-at-rest Focuses on how data is protected at rest across Azure and the various components taking part in the data protection implementation. Reviews the pros and cons of the different key management protection approaches.
Azure logging and auditing Provides an introduction for generating, collecting, and analyzing security logs from services hosted on Azure. These logs can help you gain security insights into your Azure deployments.
Azure network security Introduces you to the wide range of network controls you can configure to enhance the security of the solutions you deploy in Azure. The focus is customer-facing network security controls.
Azure Functions and serverless platform security This downloadable white paper covers the benefits of serverless computing while providing security considerations and mitigations in the context of Azure.
Container security in Microsoft Azure Describes containers, container deployment and management, and native platform services. It also describes runtime security issues that arise with the use of containers on the Azure platform.
Azure operational security Provides a comprehensive look at the customer-facing operational security technologies and services available with Azure.
Azure security technical capabilities Focuses on the security features and functionality supporting Azure Storage, Azure SQL Database, the Azure virtual machine model, and the tools and infrastructure that manage it all.
Azure Storage security guide Provides an overview of each of the security features that can be used with Azure Storage. Covers management plane security, data plane security, encryption at rest, encryption in flight, and storage analytics.
Data classification for cloud readiness This downloadable paper introduces the fundamentals of data classification and its value in the context of cloud computing. Organizations assessing cloud computing for future use or organizations currently using cloud services and seeking ways to optimize data management will benefit most from this paper.
Governance in Azure Explains the security and governance features built into Azure. The main governance issues discussed are: policies, processes, and procedures implementation for your organization goals; security and continuous compliance with organization standards; alerting and monitoring.
Isolation in the Azure public cloud Outlines how Azure provides isolation against both malicious and non-malicious users. Serves as a guide for architecting cloud solutions by offering various isolation choices to architects. Primary focus is on the customer-facing security controls, and does not attempt to address SLAs, pricing models, and DevOps practice considerations.
Overview of Azure compliance This downloadable paper discusses Azure compliance offerings, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.
Each offering description states which Azure customer-facing services are in scope for the assessment, and provides links to downloadable resources to assist customers with their own compliance obligations.
Security management in Azure Discusses issues in the remote access of Azure resources. The nature of the cloud demands remote access administration and, therefore, security is paramount. Covers general security guidelines, client configuration, best practices, and operational principles and procedures.
Azure AD data and security The downloadable document explains the different components of Azure Active Directory and their interaction with each other. It outlines how the various components protect, secure, encrypt, or hash their data in transit (for example, across the Internet) and how it is protected at rest. It explains the various Azure AD datacenter locations and their interaction with on-premises directories, as well as the flows to and from Azure AD. Finally, it describes the operational procedures used by the Azure AD engineering team to manage and secure the service.
An overview of password-less authentication This document is an overview of the key benefits of password-less authentication using Windows Hello for Business, FIDO2 Security Keys, and the Microsoft Authenticator App. It’s recommended for security professionals and CISOs who are interested in understanding how Microsoft can help to go beyond passwords and deploy next generation authentication credentials.