Contoso administrators recently learned about the Azure Security Center and have decided to implement many of its features to secure their cloud-based Azure infrastructure (IaaS) and applications (PaaS). Specifically, they want to ensure that any internet exposed resources have been property secured and any non-required internet access disabled. They also decided that implementing a “jump machine” for admins with Application Security was also important as they have had instances of admins installing non-approved software on their machines and then accessing cloud resources. Additionally, they want the ability to be alerted when TCP/IP Port Scans are detected, and fire alerts based on those attacks.

This diagram shows external access to Azure resources where Just In Time is utilize to lock down the Jump Machine. Azure Log Analytics with Azure Sentinel is then used to monitor the deny events on the network security groups.

The solution begins by creating a jump machine. This jump machine is used to access the virtual machines and other resources in the resource group. All other access is disabled via multiple virtual networks. More than one virtual network is required as having a single virtual network would cause all resource to be accessible based on the default currently un-customizable security group rules. Resources are organized into these virtual networks. Azure Center Security is utilized to do Just-In-Time access to the jump machine. This ensures that all access is audited to the jump machine and that only authorized IP-addressed are allowed access, this prevents random attacks on the virtual machines from bad internet actors. Additionally, applications are not allowed to be installed on the jump machine to ensure that malware never becomes an issue. Each of the virtual network and corresponding network security groups have logging enabled to record deny events to Azure Logging. These events are then monitored by a custom alert rule in Azure Sentinel to fire custom alerts. Once the solution is in place, the Compliance Manager tool is utilized to ensure that all GDPR based technical and business controls are implemented and maintained to ensure GDPR compliance.