# Azure Security

* &#x20;
* Cloud Shared Security Responsibility Model
* * Few controls need to focus
  * * Physical Security
    * Host Security/client/end point protection
    * Network controls
    * Application Security controls
    * Identity and Access Management
    * Data Classification
* &#x20;
* Azure Subscription
* * How many subscriptions we have now ?
* &#x20;
* Azure Tenants
* * Tenant ID
* &#x20;
* \*\*\* Azure AD might have collection of subscriptions based on the cloud services onboarded
* &#x20;
* &#x20;
* Cloud based Identity and Access management service
* Azure Active Directory :
* Azure AD Rest API calls on port 80,443
* &#x20;
* Authentication and Authorization protocol's :
* AML, WS-Federation, OpenID Connect, Oauth, SAML 2.0  over HTTPS/HTTP
* Kerberos, which is used by on-premises AD.
* Uses federation services, ADFS
* &#x20;
* Azure AD helps,
* authentication with SaaS
* Applications hosted on Azure
* Authentication management, cloud and on prem applications
* &#x20;
* &#x20;
* &#x20;
* Traditional AD :
* LDAP (389) and LDAPs (686)
* Uses kerberos for authentication
* User and Groups on organization units and group policy objects
* Service principles
* &#x20;
* &#x20;
* External Users UPN's
* * Need regular audit
* &#x20;
* &#x20;
* &#x20;
* &#x20;
* Custom domain on Azure\
  DNS configuration
* &#x20;
* &#x20;
* &#x20;
* Azure AD Licensing and what features we have
* * Identity Protection
  * Privileged Identity Management
  * Azure AD Identity Security
* &#x20;
* &#x20;
* &#x20;
* Azure Groups
* * Security groups
  * MS 365 groups
* &#x20;
* Azure AD roles : access to azure AD
* Azure AD RBAC roles  : access to Azure resources
* &#x20;
* &#x20;
* &#x20;
* &#x20;
* Application Registration on Azure
* &#x20;
* &#x20;
* Azure AD Connect : synchronization of on prem AD to cloud AD
* &#x20;
* Domain Join
* &#x20;
* Attack scenarios:
* * Compromised credentials
  * Azure AD authentication brute force
* &#x20;
* Logs:
* * Azure AD auth on 443, 80
  * AD on LDAP 389, 686
  * Azure AD Modern authentication protocols
  * Monitoring GPO changes
  * Kerberos authentication activity
  * * UDP 88
    * TCP 88
    * TCP 2105
    * TCP 544
    * TCP 1 -1023
    * TCP 32000-65535
  * NTLM authentication activity
  * Azure AD Built in roles review
* &#x20;
* &#x20;
* Reference:
* <https://learn.microsoft.com/en-us/azure/security/fundamentals/>
* <https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/>
* <https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/>
* &#x20;
* &#x20;
* &#x20;
* &#x20;
* &#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://moharat.gitbook.io/cylabs/security-domains/cloud-security-1/azure-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.