![]() SupportedĬonfiguration Guidance: This feature is not supported to secure this service. IM-3: Manage application identities securely and automatically Features Managed Identitiesĭescription: Data plane actions support authentication using managed identities. ![]() Local Authentication Methods for Data Plane Accessĭescription: Local authentications methods supported for data plane access, such as a local username and password. SupportedĬonfiguration Guidance: No additional configurations are required as this is enabled on a default deployment. IM-1: Use centralized identity and authentication system Features Azure AD Authentication Required for Data Plane Accessĭescription: Service supports using Azure AD authentication for data plane access. Identity managementįor more information, see the Microsoft cloud security benchmark: Identity management. Disable Public Network Accessĭescription: Service supports disabling public network access either through using service-level IP ACL filtering rule (not NSG or Azure Firewall) or using a 'Disable Public Network Access' toggle switch. NS-2: Secure cloud services with network controls Features Azure Private Linkĭescription: Service native IP filtering capability for filtering network traffic (not to be confused with NSG or Azure Firewall). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet. Protect your subnet from potential threats by restricting access to it with a Network Security Group (NSG). Subnets should be associated with a Network Security Group Reference: Working with NSG access and Azure Bastion Microsoft Defender for Cloud monitoringĪzure Policy built-in definitions - Microsoft.Network: Name (Azure portal) Create NSG rules to restrict your service's open ports (such as preventing management ports from being accessed from untrusted networks). SupportedĬonfiguration Guidance: Use network security groups (NSG) to restrict or monitor traffic by port, protocol, source IP address, or destination IP address. Reference: Tutorial: Deploy Bastion Network Security Group Supportĭescription: Service network traffic respects Network Security Groups rule assignment on its subnets. SupportedĬonfiguration Guidance: Deploy the Azure Bastion into a virtual network with the subnet at least /26 or larger. NS-1: Establish network segmentation boundaries Features Virtual Network Integrationĭescription: Service supports deployment into customer's private Virtual Network (VNet). Service can be deployed into customer's virtual networkįor more information, see the Microsoft cloud security benchmark: Network security. The security profile summarizes high-impact behaviors of Azure Bastion, which may result in increased security considerations. To see how Azure Bastion completely maps to the Microsoft cloud security benchmark, see the full Azure Bastion security baseline mapping file. Features not applicable to Azure Bastion have been excluded.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |