Monday, January 3, 2022

Understanding the Azure Security Benchmark

Security in IT can keep people awake at nights. There are many new services and features introduced to Azure every year. It is not easy to keep a track of everything as an administrator or even as a team. Sudden exploits at any level can cost organisations valuable money and thereafter their credibility. So how can we make sure our services on cloud are secure as best it can get? 

This is answered with Azure Security Benchmark.

There are three main guidelines provide security standards. 

  1. Center of Internet Security (CIS)
  2. National Institute of Standards and Technology (NIST)
  3. Payment Card Industry Data Security Standards (PCI - DSS)

Azure Security Benchmark assigns relevant combinations in each guidelines to 12 different control areas.

  1. Network Security (NS)
  2. Identity Management (IM)
  3. Privileged Access (PA)
  4. Data Protection (DP)
  5. Asset Management (AM)
  6. Logging and Threat Detection (LT)
  7. Incident Response (IR)
  8. Posture and Vulnerability Management (PV)
  9. Endpoint Security (ES)
  10. Backup and Recovery (BR)
  11. DevOps Security (DS)
  12. Governance and Strategy (GS)

Inside each control area, there is a list of recommendations with each having a Benchmark ID and more information as shown in the image below. Source:

Then each service is mapped to the necessary recommendations applicable to each control. 

Eg: Cosmos DB can be implemented with following Network Security recommendations.  
NS-1, NS-2, NS-3, NS-4, NS-6, NS-7
The there are following Identity Management recommendations.
IM-1, IM-2, IM-3, IM-7
Likewise, other category recommendations are available based on the service. 
There are some categories which do not have recommendations related to Cosmos DB such as DevOps Security(DS), Governance and Strategy (GS) and etc..

However, these are only to guide you towards compliance as Microsoft specially mentions by adopting this you do not become compliant. 

So how shall we start? Pick the list of resources you have, go one by one and see what are missing. Then plan how you can make them fit into the guidelines. Easy as that.


  1. This comment has been removed by a blog administrator.

  2. I read a article under the same title some time ago, but this articles quality is much, much better. How you do this.. Log4j

  3. Great Information sharing .. I am very happy to read this article .. thanks for giving us go through info.Fantastic nice. I appreciate this post. security company

  4. I haven’t any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. best security company

  5. The information in the post you posted here is useful because it contains some of the best information available. Thanks for sharing it. Keep up the good work Bug Sweeping Company.

  6. The context of this content is really good. Thank you for sharing this type of awareness with us. In this article, you shared much informative knowledge on multiplication activities. Take look at this tooToronto Construction Security Guard Service . Thanks!

  7. I really appreciate your work which you have shared here about The article you have shared here is very informative and the points you have mentioned are very helpful. Thank you so much.DiseƱador de calendarios Roses

  8. This comment has been removed by the author.

  9. You are doing a great job by writing such an informative article. Interesting at the same time. Also check this out SIA Security Guarding Top Up Only £99. Thank you.

  10. You've written an excellent post, and you've shared it with us. Your article provided me with some unique and useful knowledge. I appreciate you sharing this text with us. Security Companies in Bakersfield CA

  11. Enjoyed every bit of your blog post. Really looking forward to read more. Fantastic.
    data archiving

  12. Really appreciate you sharing this post. Really thank you! Want more. hire security company