AZ 500 Terms Flashcards
(151 cards)
1
Q
Azure Active Directory (Azure AD)
A
Definition:
Microsoft’s cloud based identity and access management service, used for managing users, groups and access to resources in Azure.
Key concepts:
Single sign on (SSO), Multi factor authentication and conditional access policies
2
Q
Role Based Access Control (RBAC)
A
Definition:
A system for managing access to Azure resources based on user roles. These roles determine what actions users can perform.
Key concepts:
Roles like Owner, Contributor, and Reader. Roles can be assigned at different scopes such as subscription, resource group or specific resources
3
Q
Azure Security Center
A
Definition:
A unified security management system that provides advanced threat protection across Azure workloads
Key Concepts:
Security score, security recommendations and vulnerability assessments
4
Q
Network Security Groups (NSG)
A
Definition:
A tool used to filter network traffic to and from Azure resources within an Azure Virtual Network
Key Concepts:
Inbound and outbound rules to control traffic based on source/destination IP addresses, ports and protocols.
5
Q
Azure Firewall
A
Definition:
A managed, cloud based network security service that protects Azure Virtual Network Resources
Key Concepts:
Stateful firewall that provides centralized control and protection over network traffic flows
6
Q
Azure Key Vault
A
Definition:
A service for securely storing and managing cryptographic keys, secrets, and certificates
Key Concepts:
Provides encryption at rest, and integrates with services to safeguard data
7
Q
Azure Policy
A
Definition:
A service used to create, assign and manage policies that enforce governance across Azure resources
Key Concepts:
Ensures compliance with security standards by preventing violations (like enabling encryption on storage accounts)
8
Q
Azure DDoS Protection
A
Definition:
A service that protects Azure applications from DDoS attacks
Key Concepts:
Includes basic (default) and standard tiers, protecting against volumetric, protocol and application layer attacks
9
Q
Azure Privileged Identity Management (PIM)
A
Definition:
A service that provides oversight of privileged roles, such as global administrator, to ensure controlled and limited user.
Key Concepts:
Just In Time Access, Approval Workflows, and monitoring of privileged roles
10
Q
Azure Information Protection (AIP)
A
Definition:
A cloud based solution that helps organizations classify, label and protect documents and emails.
Key Concepts:
Data classification and protection based on sensitivity labels.
11
Q
Azure Monitor
A
Definition:
A comprehensive solution for collecting, analyzing and acting on telemetry from Azure resources.
Key Concepts:
Centralized logging and monitoring with integration into security alerting systems like Azuree Security Center.
12
Q
Azure Sentinel
A
A cloud native security information and event management (SIEM) tool that provides intelligent security analytics for enterprises.
Uses artificial intelligence to detect, prevent and respond to threats
13
Q
Virtual Private Network (VPN) Gateway
A
A type of virtual network gateway that sends encrypted traffic between an Azure virtual network and an on premises location. This is used for hybrid cloud solutions and secure site to site or point to site VPN connections
14
Q
Managed Identities
A
Azures service used for managing identity in Azure applications without the need to manage credentials. There are two types of managed identities, system assigned and user assigned
15
Q
Encryption at rest
A
The process of encrypting data when it is stored, ensuring that data is inaccessible without proper key.s Azure Storage encryption, Azure SQL Database encryption (TDE) and Key Vault integrations
16
Q
Conditional Access
A
A tool used to enforce access controls to applications and data based on conditions like user, location and device
Enforces MFA, restricts access based on device health or requires compliant devices
17
Q
Just in Time VM Access
A
A feature in Azure Security Center that limits access to virtual machines by granting access only when needed
Reduces the attack surface by restricting the time a VM port is open
18
Q
Azure Application Gateway
A
A web traffic load balancer that enables you to manage traffic to your web applications
This is application layer (layer 7) routing, web application firewall for protection from common threats like SQL injection and cross site scripting
19
Q
Azure Log Analytics
A
A service in Azure Monitor that collects and analyzes log data from multiple sources which enables querying and alerting on log data for insights in resource operations and security incidents
20
Q
Security Baselines
A
Pre configured security settings that service as recommendations or requirements for a secure environment
Baselines provided by Microsoft such as Azure Security Benchmark guide organizations in secure their workloads
21
Q
Azure MFA
A
An authentication method that requires more than one verification method such as password and a phone based code to access resources. This helps secure user identities by requiring two or more verification methods
22
Q
Service Endpoints
A
Extends virtual networks to Azure services by enabling private access to services like Azure storage, without the need for public IP.
This increases security by limiting traffic between resources to the Azure backbone network
23
Q
Private Link and Private Endpoints
A
Allows you to securely connect to Azure services over a private virtual network, eliminating exposure to the public internet. This ensures that Azure resources such as storage accounts and databases are only accessible through a private endpoint
24
Q
Azure Blueprint
A
A service that helps with deploying Azure resources according to organizational policies, ensuring compliance and governance. This automates resource configuration, policies and security controls to adhere to industry standards
25
Azure AD Identity Protection
A tool within Azure AD that uses machine learning to detect and remediate identity based risks. This detects suspicious user activities, such as leaked credentials and risky sign ins
26
Microsoft Defender for Identity
A cloud based security solution that identifies and protects against identity based attacks within your on premises Active Directory. This monitors suspicious user activity such as lateral movement and helps detect compromised identities
27
Microsoft Defender for Endpoint
An endpoint security platform designed to help enterprises prevent, detect, investigate and respond to advanced threats. Provides endpoint detection and response, vulnerability management and attack surface reduction
28
Azure Disk Encryption (ADE)
A feature that uses BitLocker (for Windows) or DM Crypt (for Linux) to encrypt operating system and data disks of VMs. This ensures data security at rest using keys stored in Azure Key Vault
29
Azure Storage Encryption
Automatically encrypts data at test using Microsoft managed keys or customer managed keys in Azure Storage. Data is encrypted using 256 bit AES encryption
30
Shared Access Signature (SAS)
A URI that grants restricted access rights to Azure Storage resources, such as blobs, queues and tables. You can specify the levels of access, time constraints, and IP restrictions for a SAS token.
31
Azure Policy Initiative
A collection of Azure policies that are grouped together to track compliance across multiple policies. This helps ensure compliance with governance standards across resources by enforcing multiple policies simultaneously
32
Azure Bastion
A fully managed service that provides secure and seamless RDP/SSH access to virtual machines without exposing them to the internet. This eliminates the need for a public IP on VMs and reduces security risks
33
Custom RBAC roles
Customizable roles in Azure RBAC that allow for precise control over what actions a user can perform on Azure
34
SIEM
System that provide real time analysis of security alerts generate by network hardware and applications
35
Security Orchestration, Automation and Response (SOAR)
Technology that enables organizations to collect security data and alerts from different sources, automate the response to low level threats and orchestrate activities across multiple teams and tools. Azure Sentinel offers SOAR capabilities to automate threat response.
36
Azure DDos Protection Standard
An enhanced DDoS protection service for protecting Azure applications from volumetric, protocol and application layer DDoS attacks. Provides mitigation against large scale attacks by absorbing and mitigating DDoS traffic before it affects the application
37
Azure Application Security Groups (ASG)
Logical groups of VMs used to simplify the management of network security rules in Azure NSGs. This reduces complexity in NSG rules by grouping VMs based on application functions or tiers
38
Azure SQL Database Auditing
A feature that tracks database activities and writes audit logs to an audit log destination such as a storage account or Log Analytics. This helps in maintaining compliance and detecting security violations or unusual database activity
39
Network Virtual Appliances (NVA)
Pre configured network solutions deployed in Azure as VMs, used to control network traffic, inspect traffic for malware or set up secure networking environments. This includes firewalls load balances and VPN gateways deployed in a virtual network
40
Microsoft Cloud App Security (MCAS)
A Cloud Access Security Broker (CASB) that protects your cloud apps by providing visibility, control over data movement and sophisticated analytics to identify and combat cyber threats. MCAS monitors and manages the security of cloud applications and enforces security policies
41
Azure Dedicated Hosts
A service that provides physical servers that host one or more Azure virtual machines, offering isolation from other customer VMs. This ensures full control over compliance and regulatory requirements, especially for workloads with strict compliance needs
42
Azure Security Benchmark
A collection of best practices and recommendations for securing Azure services, aligned with common compliance frameworks. This helps establish a secure foundation by guiding the implementation of security controls
43
Azure SQL Always Encrypted
A feature that encrypts sensitive data inside databases so that it is encrypted both in rest and in use, protecting it from high privileged users. Data remains encrypted throughout the lifecycle and the keys are managed separately in Azure Key Vault
44
Azure Policy Exemptions
A configuration that allows specific resources to be exempt from policy evaluation without removing the policy itself. This is useful for managing compliance in special cases where resources need temporary exemptions
45
Azure Disk Encryption Sets
A resource for managing encryption keys across multiple disks in Azure virtual machines. Allows for uniform encryption policies across different VMs by centralizing key management
46
Azure Resource Locks
Locks that prevent accidental deletion or modification of critical Azure resources. Two types of locks are CanNotDelete (prevents deletion) and ReadOnly (prevents modification)
47
Azure Automation
A service that allows you to automate repetitive tasks like patching, deployment and configuration management . This is used for automating security related tasks like updating VMs and monitoring compliance.
48
Azure Site Recovery (ASR)
A disaster recovery service that replicates workloads running on VMs to secondary locations to ensure business continuity. This protects from site outages and ensures fail-over to a secondary location
49
Azure Security Center Regulatory Compliance
A dashboard in Azure Security Center that provides insights in your organizations compliance posture . This assesses your environment against regulatory standards like ISO, NIST and CIS
50
Azure Availability Zones
Physically separate data centers within an Azure region that provide high availability for workloads. This protects from data center failures by distributing services across different zones.
51
Azure ExpressRoute
A service that enables private connections between Azure data centers and on premises infrastructure. This provides a secure, fast, and reliable connection for hybrid cloud architectures.
52
Azure App Service Environments (ASE)
A fully isolated and dedicated environment for securely running Azure App Service apps at scale.THis is used for running mission critical applications with high security and compliance requirements
53
Azure Policy Compliance State
The compliance state of Azure resources as evaluated against the assigned Azure polices. This helps track whether resources comply with organizational policies and security standards
54
Azure Front Door
A scalable and secure entry point for global applications that provides routing, load balancing and security. This supports SLL offloading, Web Application Firewall and DDoS protection
55
Azure Network Watcher
A network performance monitoring and diagnostics tools for Azure Virtual Networks. This provides tools for packet capture, network diagnostics and connection monitoring
56
Azure Backup
A service that provides scalable solutions for backing up data and virtual machines in Azure. This protects data from accidental deletion, corruption or ransomware attacks
57
Azure Identity Risk Policies
Policies in Azure AD Identity Protection that can automatically respond to detected risks by enforcing access controls like MFA. This automates remediation of risky users, sign ins and vulnerabilities
58
Managed Service Identity (MSI)
A feature that provides Azure services with an automatically managed identity in Azure AD. This eliminates the need to manage credentials in applications that access Azure resources
59
Azure Log Analytics Workspaces
A workspace that allows you to collect and analyze log data from different Azure resources and on premises systems. This is used for security monitoring, troubleshooting and alerting
60
Azure Devps Security
Security features and practices to secure the Azure DevOps environment, including repository protection and pipeline security. This protects the software development lifecycle with RBAC, auditing and secure code practices
61
Conditional Access Policies
Rules that govern how and when users can access Azure resources based on various conditions like location and device compliance. This is used to enforce policies such as MFA or access restrictions based on risk
62
Azure Cost Management and Billing
A service that provides insights into cloud costs and usage, with tools to set budgets and track spending. This can help manage security costs by monitoring resource usage and alerting for anomalies.
63
Resource Health
A service that provides information about the health of Azure resources and notifications of outages or service issues. Ensures proactive management of security risks related to resource availability
64
Managed Disk Encryption
Azure's disk encryption solution that encrypts disks attached to Azure VMs using Azure Key Vault. Protects sensitive data stored on virtual machine disks.
65
Azure Resource Manager (ARM) Templates
JSON files that define the infrastructure and configurations for Azure resources. Enables deployment automation and consistency, including the security configurations of resources.
66
Azure Application Insights
An application performance monitoring service that helps detect, diagnose, and monitor security vulnerabilities in applications. Provides end to end tracking of user actions and insights into application security.
67
Azure DDoS Protection Basic
A default DDoS protection service included with all Azure services that provides basic defense against common attacks. Protects against smaller scale attacks without requiring additional configurations
68
Virtual Networking Peering
A method that connects two Azure Virtual Networks (VNets) to allow traffic to flow securely between them. Ensures secure communication between VMs in different VNets
69
User Entity and Behavior Analytics (UEBA)
A technique that uses machine learning to analyze and detect anomalous user and entity behaviors. Helps identify potential security threats based on unusual activity.
70
Service Principals
An identity used by applications, services or automation tools to access Azure resources securely. This is used for controlling access to resources with fine grained permissions
71
Azure DNS Private Zones
A DNS service that provides a secure way to manage domain names and access them privately within a virtual network. Secures DNS queries and isolates traffic within Azure VNets
72
Azure Custom Domains
Allows users to configure a custom domain for Azure services like websites or storage accounts. Secures traffic with SSL certificates and encryption
73
Azure Blueprint Artifacts
Components within Azure Blueprints that consist of ARM templates, role assignments and policies. This helps define and implement security and compliance controls in a consistent manner
74
Azure Conditional Access Named Locations
A feature in Azure AD Conditional Access that defines trusted locations (such as specific IP ranges) to control access. This restricts access to Azure resources based on geographic location
75
Azure Privileged Access Workstations (PAW)
Hardened workstations dedicated to critical tasks, providing a secure operating environment for privileged users. This helps prevent credential theft and lateral movement in cyberattacks
76
Azure Sentinel Playbooks
Automated workflows in Azure Sentinel that help respond to security incidents by executing predefined actions. This uses Azure Logic Apps to orchestrate responses to security alerts
77
Azure Resource Tags
Metadata attached to Azure resources that helps in organizing and managing them. This is useful for tracking security related configurations, auditing and cost management
78
Azure NSG Flow Logs
Logs that capture network traffic information through Network Security Groups (NSGs). This helps in analyzing and monitoring network traffic for security anomalies.
79
Azure Policy Aliases
Shortcuts that represent specific Azure resource properties when defining custom policies. This simplifies policy management by using aliases to refer to resource properties
80
Azure Security Center Just In Time VM Access
This is a feature that locks down ports on Azure VMs and provides access only when needed, reducing the attack surface. This helps prevent unauthorized access by enforcing time based access control to virtual machines.
81
Data Loss Prevention (DLP)
A policy based approach to protect sensitive data from being lost, accessed or shared inappropriately. This is used in Azure Information Protection to secure sensitive information
82
Azure Virtual WAN
A networking service that provides optimized and automated branch connectivity. Enhances the security of global network architectures using encryption and optimized routing.
83
Azure RBAC Deny Assignments
84
Azure RBAC Deny Assignments
A feature that allows admins to explicitly deny certain actions to specific users, overriding any other role assignments they may have. Enforces strict control by ensuring certain actions cant be performed, regardless of other permissions.
85
Azure Activity Logs
Logs that provide information about operations on resources in your environment, such as modifications or deletions. This is essential for auditing and tracking changes to detect security incidents
86
Azure Private DNS
A DNS service that provides name resolution for virtual machines and resources in a private network This ensures secure and isolated DNS name resolution within your virtual network.
87
Azure Managed Identity Authentication
An identity management service that provides applications with their own identities in Azure AD, which can be used to authenticate against Azure services. This eliminates the need for storing credentials in code for accessing Azure resources
88
Azure Secure Score
A security metric in Azure Security Center that evaluates the security posture of your environment and provides recommendations. The higher the score, the more aligned your setup is with best security practices
89
Azure SQL Database Threat Detection
A feature that detects potential security threats in your Azure SQL Database, such as SQL injection or abnormal access patterns. This monitors and alerts administrators of suspicious database activity.
90
Azure Virtual Machine Scale Sets
A service that automatically scales virtual machines to meet demand, increasing or decreasing resources. This provides high availability and scalability, and integrates with load balancing and auto scaling features.
91
Azure AD Domain Services
A managed service that provides domain services like LDAP, Kerberos and NTLM authentication without deploying domain controllers. This allows you to manage traditional on premises apps in the cloud without the need to manage VMs
92
Azure Lighthouse
A service that enables providers to manage customer environments securely at scale. Provides cross tenant visibility and management for large scale Azure environments
93
Azure AD Password Protection
A security features that prevents users from using weak or compromised passwords in Azure AD. This enhances password security by enforcing custom or global banned password lists
94
Azure Blueprint Versioning
A feature of Azure Blueprints that allows you to manage version of blueprints, providing control over updates and changes. This ensures that updates to compliance and security configurations are consistent and traceable
95
Azure Tenant
A dedicated instance of Azure AD associated with your organization, including users, groups and application registrations. This is used to manage identities and security for the Azure environment
96
Azure Identity Protection Risk Events
Specific types of detected risks in Azure AD Identity Protection, such as sign ins from unfamiliar locations or leaked credentials. This helps identify and respond to threats against user identities
97
Azure SQL Always ON
A high availability and disaster recovery solution for Azure SQL databases that allows automatic failover. This provides continuous database availability even during planned or unplanned outages.
98
Azure Traffic Manager
A traffic routing service that directs user traffic for high availability and performance across global Azure regions. This uses DNS based routing to ensure availability and performance of services across multiple locations
99
Azure Arc
A service that extends Azure management and security to on premises, multi cloud and edge environments. This unifies operations and security management across hybrid and multi cloud environments.
100
Azure Active Directory B2B
A feature that allows external users (partners or collaborators) to access your resources using their existing credentials. Ensures secure collaboration across organizations while retaining control over access
101
Azure Active Directory B2C (Business to Consumer)
A feature for enabling external users to sign in and use applications with their social or personal identities. Facilitaties consumer identity management with features like MFA and conditional access
102
Azure Security Center Adaptive Application Controls
A feature that recommends and enforces application whitelisting for VMs to reduce the attack surface. This helps restrict which applications can run on your VMs, enhancing security.
103
Azure SQL Data Encryption
A combination of Transparent Data Encryption (TDE), Always Encrypted and cell level encryption to protect SQL databases. This ensures sensitive data remains encrypted at rest, in transit and in use
104
Azure Key Vault Managed HSM (Hardware Security Module)
A dedicated hardware security module for managing and safeguarding cryptographic keys and secrets. This provides the highest level for key management, useful for regulatory compliance
105
Azure Network Security Group (NSG) Prioritization
The ordering of rules within an NSG based on priority values, which determine which rules are applied first. This helps resolve conflicts between security rules, ensuring the correct rules are enforced.
106
Azure File Sync
A service that centralizes your file shares in Azure, allowing replication and synchronization with on premises Windows servers. This ensures secure, centralized file management while reducing on premises storage costs
107
Azure Key Vault Access Policies
Policies that control access to Key Vault secrets, keys and certificates defining what actions users or services can perform. This is essential for controlling who can access sensitive cryptographic material
108
Azure AD Hybrid Identity
A solution for integrating on premise Active Directory with Azure AD, enabling a unified identity for accessing resources both on premises and in Azure. This supports seamless authentication across hybrid environments.
109
Azure AD Seamless Single Sign On (SSO)
A feature that automatically signs users in when they are on their corporate devices and connected to the corporate network. This provides users with a smooth sign in experience, reducing the need to remember passwords
110
Azure DDoS Protection Metrics
Metrics that provide insights into the performance of Azure DDoS protection, including traffic analysis, attacker patterns and mitigation efforts
111
Azure Security Center Workflow Automation
A feature that allows you to automate responses to security alerts using logic apps to create workflows for remediation. This reduces the time to react to security incidents and enhances the efficiency of incident response.
112
Azure Policy Guest Configuration
A feature that helps ensure VMs in your environment are configured according to your security and compliance policies. This enforces policies related to security baselines and configuration settings inside the guest operating system
113
Azure Active Directory Self Service Password Reset (SSPR)
A feature that allows users to reset their own passwords without contacting the help desk. This increases security and reduces IT workload by empowering users to manage their passwords securely
114
Azure Automation Update Management
A feature that allows you to manage updates and patching for Windows and Linux VMs in your environment. This automates the process of applying updates to improve security compliance and reduce vulnerabilities.
115
Azure AD Access Reviews
A feature that allows administrators to review user access to ensure that only the right people have access to specific resources. This improves security by regularly reviewing and verifying access permissions for users
116
Azure AD Role Based Access Control (RBAC) Conditions
Advanced conditions that can be added to RBAC role assignments to enforce security requirements such as time based access or device based access. Provides fine grained access control to resources by introducing additional conditional logic.
117
Azure Service Trust Portal
A portal that provides access to audit reports, compliance documentation and security practices for Azure services. This is essential for verifying the compliance and security posture of Azure services for regulatory purposes.
118
Azure Active Directory Conditional Access Device Compliance
119
Azure Bastion
A fully managed service that provides secure and seamless RDP/SSH access to virtual machines without exposing them to the public internet. This protects VMs by keeping them within the private network, reducing exposure to external threats
120
Azure AD Identity Governance
A collection of features in Azure AD that help organizations manage identities, including access reviews, entitlement management and privilege identity management. This ensures secure and efficient management of user identities and access rights
121
Azure Security Center Continuous Export
A feature that allows you to continuously export security alerts and recommendations to a Log Analytics workspace or Event Hubs for further processing. This facilitates integration with other security tools and enables automated responses
122
Azure Monitor Diagnostic Settings
Configurations that allow the collection of logs and metrics from Azure resources for monitoring and alerting purposes. This is essential for gaining insights into the performance, health and security of resources
123
Azure AD App proxy
A service that allows you to securely expose on premises web applications to external users. Enables remote and secure access to internal applications without needing to expose them to the internet directly
124
Azure Security Benchmark
A set of best practices and guidelines provided by Microsoft to help secure Azure services. This is used as a framework for improving security posture and ensuring alignment with industry standards
125
Azure AD Access Tokens
JSON Web Tokens (JWT) issues by Azure AD that contain claims about the user and can be used to authenticate and authorized API access. This is essential for securing communications between services and APIs by ensuring only authorized users can access them
126
Azure Virtual Network Service Endpoints
A feature that extends your virtual networks private IP address space to Azure services, securing the network traffic between VMs and Azure services. This ensure secure and private connections between Azure services and virtual networks
127
Azure AD Token Lifetimes
Configurations that control how long tokens, such as access tokens and refresh tokens, remain valid. This helps strike the right balance between security (shorter token lifetimes) and user convenience (longer lifetimes)
128
Azure Role Assignment Scope
Defines the level at which a role is assigned in Azure (ie management group, subscription, resource group or individual resource). This helps control and limit access to resources based on the scope of the role assignment
129
Azure Active Directory External Identities
A feature that allows organizations to provide access to external users (partners, customers) using Azure AD B2B and B2C. This ensures secure collaboration and identity management for users outside the organization
130
Azure Virtual Network Encryption
Encryption of network traffic within virtual networks, both within and between virtual machines. This adds an additional layer of security to communication within the Azure cloud environment.
131
Azure Container Registry (ACR) Geo replication
A feature of ACR that allows the replication of container images across multiple Azure regions. This ensures high availability and disaster recovery for containerized applications
132
Azure API Management (APIM) Security
Security features of Azure API Management, including authentication, authorization, IP filtering and rate limiting. Protects APIs from unauthorized access, malicious use and overload by implementing security policies
133
Azure AD Identity Protection Risk Detentions
Automated detection mechanism in Azure AD that identify risky user sign ins or behaviors (ie sign in from unfamiliar locations or IP addresses). Alerts admins to potential threats and helps enforce policies like MFA or risky sign in.
134
Azure AD Enterprise Applications
Applications registered with Azure AD that can be assigned to users and groups for single sign on and access management. Centralized management of access to SaaS and custom applications in the cloud
135
Azure AD Dynamic Groups
Groups in Azure AD that automatically include or exclude members based on criteria such as user attributes (job title, location, etc). This simplifies access management by automatically adjusting group memberships based on user attributes.
136
Azure AD Workload Identities
Identities used by applications, services and automation tools to access Azure resources securely. These identities reduce the need for human interaction and their permissions can be controlled using RBAC and other security measures.A
137
Azure API Management Certificates
Certificates used in Azure API management to secure communication between the API Management gateway and backend servers. This ensures secure and encrypted API communication, protecting data integrity and confidentiality.
138
Azure Policy Exemptions
Configurations that exclude certain resources from policy enforcement, often for specific, temporary reasons. This provides flexibility in policy enforcement while maintaining overall governance and compliance
139
Azure AD Conditional Access Terms of Use
A feature that presents users with terms of use agreements before they can access resources. This enhances security by ensuring users acknowledge organizational policies before accessing critical services.
140
Azure DDoS Protection Standard Tier
A paid, enhanced service that offers advanced DDoS protection with real time mitigation reports and attack analytics. This provides stronger DDoS protection beyond the basic, default offering, including attack monitoring and alerting
141
Azure Firewall Forced Tunneling
A feature that forces outbound internet traffic from Azure to pass through an on premises firewall or another security appliance. This enhances security by ensuring that all outbound traffic is inspected by security controls.
142
Azure Defender for IoT
A security solution designed to monitor, detect and protect IoT devices and environments from cyberthreats
143
Azure Security Center Just in Time VM Access
A feature that locks down inbound traffic to Azure VMs, allowing access only when explicitly requested and for a limited time. This reduces exposure by granting access to VMs only when needed, minimizing the attack surface
144
Azure Resource Manager Locks
A feature that prevents the accidental deletion or modification of critical Azure resources. Useful for protecting resources like virtual machines, storage accounts and network configurations from being altered.
145
Azure Firewall Policy
A centralized management solution that allows you to define and enforce firewall rules across multiple firewalls in different regions. This simplifies rule management and ensures consistent security across global deployments
146
Azure Disk Encryption for VMs
A feature that uses BitLocker for Windows VMs and DM-Crypt for Linux VMs to encrypt the operating system and data disks. This ensures that data at rest is secure, protecting it from unauthorized access or theft
147
Azure Information Protection Scanner
A tool that scans on premises file shares and document libraries for sensitive information and applies appropriate protection labels. This helps organizations enforce data protection policies for documents outside of Azure and Office 365
148
Azure Sentinel Hunting Queries
Predefined or custom queries that allow security teams to proactively search for security threats across data ingested into Azure Sentinel. This helps identify threats that may not have triggered alerts but are visible in logs and telemetry data
148
Azure AD Group Based Licensing
A feature that allows organization to assign licenses to groups in Azure AD, automatically assigning those licenses to all group members. This streamlines license management, ensuring all members of a group receive the necessary licenses for accessing services
149
Azure Policy Effect
The action that a policy takes when it is applied to resources, such as deny, audit, append or deployifnotexists. This controls how Azure resources are managed and enforces governance rules to ensure compliance with organizational standards
150
