Describe security baselines for Azure


Microsoft's cybersecurity group and the Center for Internet Security (CIS), have developed best practices to help establish security baselines for the Azure platform. A baseline is the implementation of the benchmark on the individual Azure service.

CIS benchmarks have been used with Azure security services and tools to make security and compliance easier for customer applications running on Azure services. Every service comes with a baseline that's already designed to help provide security for most common-use cases. These baselines also provide a consistent experience when securing your environment.

The Azure Security Benchmark

A benchmark contains security recommendations for a specific technology, such as Azure. The recommendations are categorized by the control to which they belong. The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.

The ASB focuses on cloud-centric control areas. These controls are consistent with well-known security benchmarks, such as those described by the CIS. The areas covered include network security, identity management, posture and vulnerability management, and endpoint security.

Each recommendation includes the following information:

  • Azure ID: The Azure Security Benchmark ID that corresponds to the recommendation.
  • Recommendation: The recommendation provides a high-level description of the control.
  • Guidance: The rationale for the recommendation and links to guidance on how to implement it.
  • Responsibility: Who is responsible for implementing the control? Possible scenarios are customer responsibility, Microsoft responsibility, or shared responsibility.
  • Azure Security Center monitoring: Does Azure Security Center monitor the control?

All recommendations, including the ones that don't apply to this specific service, appear in the baseline to provide a complete picture of how the Azure Security Benchmark relates to each service.

Security baselines are included for many Azure services, including Azure security baseline for Security Center.