Dean_Gross
Certainly, I'd be happy to address your questions :
1. Which Defender for Cloud workload plans should be enabled for this architecture?
In the context of securing the Azure App Service Landing Zone and Azure OpenAI integration, it might be interesting to enable the following Azure Defender plans:
-
Azure Defender for App Service: This plan is important as it provides protection for Azure App Service, which is a central component in our architecture. It helps detect and respond to threats targeting your web applications and APIs hosted on Azure App Service.
-
Azure Defender for Key Vault: If your architecture involves using Azure Key Vault to store sensitive secrets and cryptographic keys, enabling this plan is advisable. It helps protect your cryptographic keys, certificates, and secrets stored in Key Vault.
2. How should Sentinel be configured to monitor these services?
-
There is nothing out of tLhe box, however you would monitor security events related to access to your application, you would have to concentrate on authentication events, app service and WAF logs if you are exposing this service.
- If you integrate APIM, you might be able to monitor other events such as unauthorised request, but nothing out of the box yet.
3. How should we configure Conditional Access policies for the users of this application and its administrators?
To enhance the security of your application and ensure proper access control, consider the following Conditional Access policies:
-
Multi-Factor Authentication (MFA): Enforce MFA for user access to Azure services and applications, including the Azure portal and Azure App Service. Require MFA for all administrative roles to add an extra layer of security.
-
Conditional Access App Control: Implement Conditional Access App Control to control access to your web application and Azure portal based on conditions like device health and location. This helps you enforce access policies dynamically.
-
Least Privilege Access: Follow the principle of least privilege (PoLP) by assigning roles and permissions only as needed. Limit access to critical Azure resources and the Azure portal to authorized personnel to reduce the attack surface.
-
User Risk and Sign-In Risk Policies: Configure policies based on user risk and sign-in risk to adapt security measures dynamically. For instance, you can block or allow access based on the risk level associated with a user's sign-in attempt.
These security measures work cohesively to protect your Azure resources and applications, ensuring they remain secure and compliant with your organization's security policies. Feel free to adapt these recommendations to your specific security requirements and compliance standards.