This is Part#6 of our series of articles about best security practices that you can apply to an Azure environment. Please note that all the articles have been compiled from various official Microsoft sources.
Define Clear Lines of Responsibility
What : Designate the parties responsible for specific functions
Why : Consistency helps avoid confusion that can lead to human and automation errors that create security risk.
How : Designate groups (or individual roles) that will be responsible for key centralized functions
|Network Security|| Typically existing network security team |
Configuration and maintenance of Azure Firewall, Network Virtual Appliances (and associated routing), WAFs, NSGs, ASGs, etc.
|Network Management || Typically existing network operations team|
Enterprise-wide virtual network and subnet allocation
|Server Endpoint Security|| Typically IT operations, security, or jointly|
Monitor and remediate server security (patching, configuration, endpoint security, etc.)
|Incident Monitoring and Response|| Typically security operations team|
Investigate and remediate security incidents in SIEM or source console:
•Azure Security Center
•Azure AD Identity Protection
|Policy Management|| Typically GRC team + Architecture|
Set direction for use of Roles Based Access Control (RBAC), Azure Security Center, Administrator protection strategy, and Azure Policy to govern Azure resources
|Identity Security and Standards|| Typically Security Team + Identity Team Jointly |
Set direction for Azure AD directories, PIM/PAM usage, MFA, password/synchronization configuration, Application Identity Standards