3.5 min to readCloud Services

Keeping Azure secure – what you need to know

Ravi Bindra
Ravi BindraCISO
An image of a glass building against a blue sky.

Microsoft security team has been receiving signals indicating that some customers' Azure resources are being used for fraudulent activities due to insecure or misconfigured subscriptions.

Here’s what you need to do

1. Follow Microsoft Security Best Practices.

2. Passwords

  1. Follow password management policies with strong authentication and frequent password rotation
  2. Use Passwordless sign-in with Microsoft Authenticator app
  3. Verify all global admin users’ password recovery email and phone numbers within Azure AD and update if required

3. Access

  1. Who has access to your Azure account? Review, audit and minimize access privileges and delegated permissions. Adopt a ‘least-privilege’ approach. Remove any unnecessary or unrecognised partner relationship accesses.
  2. Review and tighten all tenant administrator accounts, including those with Administer on Behalf of (AOBO) in Azure subscriptions, and verify the authenticity of all users and activity.
  3. Ensure that multifactor authentication (MFA) is enabled, and enforce conditional access policies. MFA is the best baseline security hygiene method to protect against threats. Follow the detailed guidance on setting up multi-factor authentication in Microsoft 365, and the guidance on deploying and configuring conditional access policies in Azure Active Directory (Azure AD). Contact SoftwareOne if you need assistance in getting this set up.

4. Activity

  1. Review audit logs, sign-ins and any configuration changes. You can find these in your Azure AD sign in logs, Azure AD audit logs, and the Microsoft Purview compliance portal
  2. Customers should frequently review subscriptions and resources or services that may have been provisioned unexpectedly.

Here's what we are doing

As a Microsoft partner who works with thousands of customers around the world, your security is our priority. This is how we are ensuring that we are keeping our customers secure:

  1. All SoftwareOne access to customer environments is secured with MFA and Microsoft’s security feature DAP (Delegated Admin Privileges).
  2. We follow the Secure Application Model framework.
  3. Access rights are reviewed and changed regularly to reduce the likelihood that SoftwareOne accounts may be compromised. Delegated admin privileges are removed when not in use.
  4. We track activity logs with custom security dashboards to show user activity and detect suspicious activities.
  5. We follow a Zero Trust approach with passwordless sign-ins and use Privileged Identity Management to enforce just in time access to review and approve access.
  6. SoftwareOne is actively engaged with our customers to detect any breaches to avoid and report financial spikes.
  7. We have set alerts for fraud detection and overspend, to which SoftwareOne will react and advise impacted customers of such activity in their environment and assist them to remediate.
  8. We follow Microsoft security best practice guidelines

Security is always your responsibility, but you don’t have to do it alone. SoftwareOne can help you ensure that your security is configured correctly and that there are no gaps in your security strategy or policies. Always follow the guidelines of cloud vendors, regardless of which cloud provider you use, and don’t assume security is taken care of automatically.

A green field with a river running through it.

Be cyber smart

If you need help in ensuring Azure security best practice or have concerns, please contact us and one of our security team will be in touch. Learn more about cybersecurity in our security resource centre.

Be cyber smart

If you need help in ensuring Azure security best practice or have concerns, please contact us and one of our security team will be in touch. Learn more about cybersecurity in our security resource centre.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.