The Azure Security Architect Map

stephaneeyskens · ‎Feb 23 2021

Hi,

Recently, I built the Azure Solution Architect Map aimed at helping Architects finding their way in Azure. Given the unexpected success and the very positive feedback I received, I decided to come up with other maps, namely the Azure Security Architect Map, the Azure Infrastructure Architect Map and the Azure Application Architect Map.

Here are all the maps in my series of Architecture Maps:

The purpose of the Solution Architect map is to give a high-level view and quick insights about what is available and how to choose between the different services according to some functional needs.
It covers a few key areas, mostly about putting in place the foundations of an Azure Platform, and cannot go into the details because this would make the map very indigestible.

Today I come with the Azure Security Architect Map:

which focuses on security only and goes much deeper into that key area. It is by no means the holy grail but it should help you take informed decisions on how you plan to use and deploy services and how you will govern your Azure workloads. I bring business drivers such as TTM, cost optimization and true elasticity into the equation to highlight the consequences of choosing an option over another.

The map focuses on the following areas:

Network Layer
Identity Layer
Application Service Layer
Application Data
Security Posture
Keys, Certificates and Secrets Management as well as Encryption capabilities
MDM & MAM

How to read this map?

Whenever you see the attachment icon , it means that I have attached an explanation on a given rationale or service. If you see a (*) next to a node, it is kind of a must read information. So for instance, in the following screenshot:

I want to catch your attention on the following:

The rationales behind certain routes are based on my own experience and do not represent the only option, but they should be considered as advisory only. So the idea is to review these maps frequently since the above information is likely to change over the coming months and I'll simply keep adding notes or remove them when it does not make sense anymore.

The link icon is a pointer to the corresponding Microsoft documentation.

With this tool, any Security Architect (Cloud or not) will quickly grasp the security landscape of Azure.

Here is the pointer to the map:

Update (02/2021): the online MindMapMaker tool deletes maps that are older than 1 year....A pointer to the last version is available in the below table.

~~v1.0 (06/2019)~~	~~https://app.mindmapmaker.org/#m:mmc00bf17b40454ecda863046602b7be3e~~
~~v1.1 (12/2019)~~	~~https://app.mindmapmaker.org/#m:mm2247a15d373d4e97bf589772950af0ff~~
Last MindMapMaker map	https://app.mindmapmaker.org/#m:mmd329ac370bf141948f565b79c40b0ff6
Last PDF map	https://github.com/PacktPublishing/The-Azure-Cloud-Native-Architecture-Mapbook/blob/master/Chapter07...

Here are all the maps in my series of Architecture Maps:

Irfan_Haider · ‎Jun 24 2019

Great mind map Stephan. Would love to see Azure PKI service to be included in Keys, certs when available.

Julian Frank · ‎Jul 23 2019

Awsome.... So detailed... Thanks

fn6Dragon · ‎Aug 18 2019

Hello @stephaneeyskens . Awesome Diagram. Would you know what is the best way to collect Azure VM (windows to start with) logs to SIEM ?

Support told me to install MMA agent on VM and send it to Log Analytics but not sure how I could then stream it to Event Hub.

I would like to send Windows Security Logs to SIEM basically.

Is that the recommended approach? Thank you. Appreciate it.

stephaneeyskens · ‎Aug 19 2019

Hello @fn6Dragon

I guess there is no black or white answer here. It all depends on what your company has in terms of existing tools and whether or not they want to leverage Cloud-native solutions. In terms of incident detection/response, Azure Sentinel is now pushed by Microsoft although at the time of writing (08/2019) it is still in preview and still need to gain in maturity. Now, if you already have a SIEM like QRadar, you can send all your service logs to Event Hub directly and plug QRadar to Event Hub since it has a connector to it. This is valid for PaaS & FaaS, for VMs, you need indeed some agent to be installed (depending on the underlying OS). to collect the logs, send them to Azure Monitor & integrate with QRadar or other similar tools.

Best Regards

Patrick Riedl · ‎Aug 20 2019

This is fantastic! a really great map! Thanks a lot for your effort! :)

fn6Dragon · ‎Aug 24 2019

@stephaneeyskens hey. thanks for the reply. I appreciate it. yes. we use QRadar.

Azure service /administrative logs. >> Event hub >>> Qradar - this is working fine.

Azure VM windows logs >> EventHub >> QRadar. - What is the MS recommended method ? Agent > Azure Monitor> EventHub > QRadar?

stephaneeyskens · ‎Aug 25 2019

Hello @fn6Dragon ,

With VMs you need indeed an agent to collect the logs and Azure Monitor is indeed where things should be centralized.

Ed Price · ‎Sep 07 2020

@Irfan_Haider, thank you for your feedback! We appreciate it.

aqeelbhutta · ‎Oct 05 2020

Wealth of information well articulated. Gratitude!

KristianN · ‎Jan 10 2021

Hey @stephaneeyskens,

The map looks great however the link to mindmapmaker returns "Error not found" on server now.

It is the same with more of the other mind maps, like the Cloud Native.

stephaneeyskens · ‎Jan 12 2021

Hi @KristianN ,

Indeed, it was discovered a few days ago. It seems that MindMapMaker destroys all the maps that are older than a year...Stay tuned, a new wave of maps is coming. I'll update the posts accordingly

Best Regards

Henry_Pieterse · ‎Feb 17 2021

It seems the map is not there anymore, was this deleted or moved. These are fantastic visualizations of the security landscape in Microsoft.

cmendibl3 · ‎Mar 26 2021

Pure gold!

sidacharya · ‎Sep 27 2021

WOW!! Kudos for the Work.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

The Azure Security Architect Map