Article

5 Essential Tips to Strengthen Security in Microsoft Azure

As an MSP or IT partner, Azure security is crucial for you and your clients. Unfortunately, we are seeing increasing cases where Azure accounts are hacked or compromised.   

Security breaches in Azure can have significant repercussions for you. As a member of the Microsoft program, you are responsible if your or your customers' Azure accounts are subject to hacking or unauthorized access.

Read on for our five valuable tips to avoid the worst-case scenario.

1. Use Cost Alerts to Monitor Usage

Cost Alerts are an effective way to receive warnings when Azure resources are used excessively or if the consumption exceeds your predetermined spending limit.

We recommend restricting user permissions so that only selected users can create Azure resources. Always investigate any significant or unexpected variations in consumption, as they can indicate unauthorized access. There are three main types of cost alerts: budget alerts, credit alerts, and departmental spending quota alerts.

2. Set Up a Monthly Azure Spending Budget

You can set a monthly consumption budget for Azure (across multiple clients). This tool helps your customers monitor their spending and quickly identify if there are any discrepancies, possibly due to unauthorized access. 

3. Check Owner and Azure Roles

Are you or your client's admin and owner roles still appropriately assigned? Changes might have occurred since the initial setup.

It's important to review who has access to Azure periodically, select appropriate roles, and decide which resources various individuals should access.

Start with the predefined roles in Azure and adjust as necessary. Then, assign roles hierarchically and set "owner" roles for relevant resources and resource groups. 

4. Check Your Azure Secure Score

The Azure Secure Score helps visualize security and measure workload security over time. It keeps you informed about your security status and helps avoid potential threats. 

5. Monitor Changes in the Azure Activity Log

The Azure Activity Log includes dashboards that monitor changes to Azure resources and resource groups. It keeps you informed about security and helps prevent potential threats. 

Bonus Tip: Multi-Factor Authentication (MFA)

You already know this: Multi-factor authentication (MFA) can't be left out.

You might know that Azure includes MFA, but did you also know that it's up to you to ensure it's activated for all users?

If you forget all about the other five points above, at least make sure to activate MFA on all Azure accounts and logins for both your own and your clients. 

Summary

Cost Alerts. Roles. Activity Log ... There are so many aspects to keep track of when protecting your customers' Azure accounts from hackers and unauthorized access.

However, the points in this article are a great place to start. Each one of them also represent an excellent opportunity for you as an MSP or IT partner to sell Azure security as a service to your clients.