Our Azure products and services come with comprehensive security features and configuration settings. They are mostly customizable (to a point), so you can define and implement a security posture that reflects the need of your organization. But adopting & maintaining a good security posture goes far beyond turning on the right settings.
Mark Simos, lead Cyber security architect for Microsoft, explored the lessons learned from protecting both Microsoft's own technology environments and the responsibility we have to our customers, and shares the top 10 (+1!) recommendations for Azure security best practices.
I love that this is broken into people, process, technology, and architecture. While statistics prove that capabilities like Multi-Factor Authentication significantly reduce security risk, both people and processes are crucial to protecting from and responding to security threats.
Some of those points look clear and simple on the surface but may be the hardest to implement in your organization (like assigning accountability for cloud security decisions). Or you may have many of the people and process items already in place for an on-premises environment - these are just as valid for on-prem or hybrid environments too.
Don't brush this off as too simple and not worth your time. Locking the front door of your house is a simple but effective habit for increasing the security of your home. Complex technology systems can also benefit from organizations having the simplest, most effective people and process elements too.