Data Security in Microsoft Azure
There are plenty of superpowers that Microsoft Azure holds that guard your data in the cloud and on premises. I am going to mention three of those in this article and show you a quick demo in my videos below. Please note that the below videos are only for the demonstration and not a tutorial to configure the settings of related topics.
There are three primary threats to be guarded against to ensure data security: Data Loss, Unauthorized Access, and Malware.
Microsoft Intune can offer protection by protecting data loss, i.e. ensuring data is not leaked or stolen. It can stop unauthorized access to systems and data and protect against malware.
Data loss can be caused by information being copied outside of corporate systems, devices which have access to corporate data being lost or stolen, and access to data by unauthorized people – both inside and outside of the business. Intune offers functionality to help each of these data loss scenarios. To prevent data from being copied from company to outside apps or locations, administrators can block cut and paste options within an app. This will ensure your organisation’s data stays within authorized company applications. You can also block the permissions which allow data sharing between apps.In cases where the mobile device is either lost or stolen, Intune can wipe the device (data) or lock it. This effectively blocks the access to the device to prevent it being accessed by the person who has found it or stolen the device.
Azure Rights Management Service (RMS) was a complicated solution with a lot of moving parts. Azure Information Protection (AIP), is the successor to AD RMS.
The purpose of AIP is to classify and protect data. Classification can be highly sensitive or confidential data, internal company use only, or general consumption. It is important to classify documents properly, so that end-users are aware of how to use that data appropriately. And depending on the level of classification you may want to apply protection to that data.
Azure Privileged Identity Management (PIM) manages, controls, and monitors privileged access across Microsoft Online Services like Azure AD, Azure resources, and other online services like Office 365, and Microsoft Intune.
Regarding Cloud Security, one needs to understand Azure does run in the datacenters which are managed by Microsoft, and Azure is based on shared responsibility model which means that when you move to the cloud(fully or hybrid) from on premises, Microsoft takes some responsibility but you are always responsible for :
- Data
- Endpoints
- Accounts
- Access Management
So, it's in your very best interest to familiarise yourself with the responsibilities that you have as an administrator depending on the SaaS, PaaS or IaaS that you have chosen. A detail guide can be downloaded from -