Overview
Since its first introduction in 2019, the Azure Security Benchmark and its successor Microsoft cloud security benchmark announced in 2023, Microsoft cloud security benchmark (“the Benchmark”) has been widely used by our customers to secure their Azure environments, especially as a security bible and toolkit for Azure security implementation planning and helping the security compliance on various industry and government regulatory standards.
What’s new?
We’re thrilled to announce the Microsoft cloud security benchmark v2 (public preview), a new Benchmark version with the enhancement in following areas:
- Adding artificial intelligence security into our scope to address the threats and risks in this emerging domain.
- Expanding the prior simple basic control guideline to a more comprehensive, risk and threats-based control guide with more granular technical implementation examples and references details.
- Expanding the Azure Policy based control measurements from ~220 to ~420 to cover more new security controls and expanding the measurements on the existing controls.
- Expanding the control mappings to more industry regulations standards such as NIST CSF, PCI-DSS v4, ISO 27001, etc.
- Alignment with SFI objectives to introduce Microsoft internal security best practices to our customers.
Microsoft Defender for Cloud update
In addition, you will soon see the Benchmark dashboard embedded into the Microsoft Defender for Cloud with additional 200+ Azure Policy mapped to the respective controls, allowing you to monitor the Azure resources against the respective controls in the Benchmark.
Value proposition recap
Please also refer to How Microsoft cloud security benchmark helps you succeed in your cloud security journey if you want to understand more on the value proposition of Microsoft cloud security benchmark.
Microsoft