Azure Security for Critical Workloads: Implementing Modern Security Controls for Authentication, Authorization and Auditing

This is a crisp, practical, and hands-on guide to moving mission-critical workloads to Azure. This book focuses on the process and technology aspects of Azure security coupled with pattern-oriented, real-world examples. You will implement modernized security controls, catering to the needs of authentication, authorization, and auditing, thereby protecting the confidentiality and integrity of your infrastructure, applications, and data.
The book starts with an introduction to the various dimensions of cloud security, including pattern-based security and Azure's defense security architecture. You will then move on to identity and access management with Azure Active Directory. Here, you will learn the AAD security model, application proxy, and explore AAD B2B and B2C for external partners. Network security patterns and infrastructure security patterns are discussed next, followed by application and data security patterns. Finally, you will learn how to set up security policies and work with Azure Monitor and Azure Sentinel, and to create leadership support and training for a rigorous security culture.
After completing this book, you will understand and be able to implement reusable patterns for mission critical workloads, standardizing and expediting the move of those workloads to Azure.
What Will You Learn

• Understand security boundaries required to implement Azure's defense-in-depth security architecture
• Understand Azure Active Directory security model
• Master design patterns relating to network, infrastructure, and software
• Automate security monitoring with advanced observability and gain practical insights on how this can be implemented with Azure Monitor and Azure Sentinel

Who Is This Book For
Developers and IT consultants/architects who are working on Azure.

這是一本關於將關鍵任務工作負載遷移到Azure的清晰、實用和實踐指南。本書著重於Azure安全的流程和技術方面，並提供基於模式的真實世界示例。您將實施現代化的安全控制，滿足身份驗證、授權和審計的需求，從而保護基礎架構、應用程序和數據的機密性和完整性。
本書首先介紹了雲安全的各個方面，包括基於模式的安全和Azure的防禦安全架構。然後，您將深入研究Azure Active Directory的身份和訪問管理。在這裡，您將了解AAD安全模型、應用程序代理，並探索面向外部合作夥伴的AAD B2B和B2C。接下來討論網絡安全模式和基礎架構安全模式，然後是應用程序和數據安全模式。最後，您將學習如何設置安全策略，並使用Azure Monitor和Azure Sentinel進行工作，並為嚴格的安全文化創建領導支持和培訓。
完成本書後，您將了解並能夠實施用於關鍵任務工作負載的可重用模式，從而標準化並加快將這些工作負載遷移到Azure的過程。
您將學到什麼

• 了解實施Azure防禦安全架構所需的安全邊界


• 了解Azure Active Directory的安全模型


• 掌握與網絡、基礎架構和軟件相關的設計模式


• 使用高級可觀察性自動化安全監控，並獲得如何在Azure Monitor和Azure Sentinel中實施的實用見解

本書適合對象
開發人員和正在使用Azure的IT顧問/架構師。

Sagar Lad is a Data Solution Architect working with a leading multinational software company in Netherlands and has deep expertise in implementing Data & Analytics solutions for large enterprises using Cloud and Artificial Intelligence. He is an experienced Azure Platform evangelist with a strong focus on driving cloud adoption for enterprise organizations using Microsoft Cloud Solutions & Offerings with 8+ Years of IT experience. He loves blogging and is an active blogger on Medium, LinkedIn, and the C# Corner developer community. He was awarded the C# Corner MVP in September 2021 for his contributions to the developer community.

Sagar Lad 是一位資料解決方案架構師，目前在荷蘭的一家領先跨國軟體公司工作，擁有深厚的專業知識，並使用雲端和人工智慧實施大型企業的資料與分析解決方案。他是一位經驗豐富的 Azure 平台推廣者，專注於推動企業組織使用微軟雲端解決方案和產品，擁有超過 8 年的 IT 經驗。他熱愛撰寫部落格，是 Medium、LinkedIn 和 C# Corner 開發者社群的活躍部落客。他因為對開發者社群的貢獻，在 2021 年 9 月獲得了 C# Corner MVP 的殊榮。