Common Security Misconfigurations in Azure: A Security Consultant’s Guide

Although Amazon Web Services remains the market leader in the UK for cloud computing services, Microsoft Azure is quickly closing the gap, as increasingly, UK based businesses adopt both Azure and Microsoft 365 to host their computer resources, store their files, and administrate their business operations.?

You may be among the many new adoptees of Azure as your cloud computing platform, and whether your tenant was supplied by a third-party distributor, or you opted to configure the service yourself, you might assume that the default configuration of the platform would be sufficiently secure. Unfortunately, this is not the case, and many of the default settings leave your tenants and resources at risk.?

Common Misconfigurations?

Inadequate Access Controls?

The most common issue with fresh Azure tenants is the lack of stringent access controls. Any user can, for instance, create new tenants or security groups, have access to the administration panel, or share files externally that do not belong to them.?

Multifactor Authentication?

Multifactor authentication is critically important for enhancing the security of any IT environment, making it far more difficult for malicious users to compromise devices or online accounts. There are several ways to implement MFA within Azure, so it may be confusing to know which is the best method. Per-User MFA and Conditional Access policies are two such methods. You may be tempted to enable both, but when used together in Azure, these methods can lead to potentially less effective security configurations. Auditing two different MFA methods can be confusing, and the administrative overhead of maintaining two implementations may also lead to errors or oversights.?

?Lack of Monitoring and Logging?

Event based alerts are not configured by default within Azure. Actions like creating new billable resources or changing administrator passwords could go unnoticed. Azure Activity Logs also only retain information for 90 days, after which the logs are automatically erased. In the event of a breach, it is imperative that appropriate logs are stored to track illegitimate activity.???

Preventing Misconfigurations?

Both Microsoft and the Center for Internet Security (CIS) offer recommendations on how to secure your Azure resources in line with security best practice, however it can be time consuming to review the settings yourself. A Cloud Configuration Review performed by a Security Consultant can be a valuable way to understand the weaknesses in your Azure platform and identify areas that need attention and changes.?

Contact us at Fortis Cyber? if this is a service your organisation would benefit from.?

Author: Mackenzie Pearce?