Microsoft Cloud Security Expert? These documents are your bibles
I've been having a think about what are the most valuable documents a Microsoft cloud security person should always have in their back pocket... Even if you're looking to get into this field. Read ahead and take note:
The Microsoft Cloud Adoption Framework for Azure
Best practices is key. I've already experienced fixing security architecture that didn't follow best practice. It's a lot of work and time to rectify... Get it RIGHT the first time so you don't set yourself up for more (not-fun) work in the future. You might also cause someone else a headache. Let's not do that. This document is I'd say, a fundamental.
Azure Architecture Center
Best practices and patterns for building applications on Microsoft Azure. Covering design for cloud, optimising your workloads, choosing the right technologies, devops and much more. Get it right the first time!
Microsoft Azure Well-Architected Framework
This lives within Azure Architecture Center and forms an absolute solid base to work upon. The Azure Well-Architected Framework is a set of guiding tenets that can be used to improve the quality of a workload. Take note of the 5 important pillars that make up this framework.
Microsoft Sentinel Documentation
Use cases to get started using this SIEM. Covering all that Sentinel does such as KQL (Kusto), threat intelligence and detection, threat hunting, investgation and response.
Microsoft Sentinel Documentation - Decision Tree
Part of the documentation above is the Decision Tree; if you're designing your Sentinel workspace and CSOC architecture (which I hope you are and not just winging it...) then this will help you. Even for established environments I've found this handy when it comes to the possibility of multiple workspaces in other regions.
Kusto Query Language (KQL) Overview
This will bolster your skill set in cloud security. You don't have to know every single query, but Azure runs on Kusto. You'll need to know a little and once you know that you can figure things out. It's very friendly! The operators, statements and functions are worth looking at.
Zero Trust Implementation Guidance
As it says on the tin - hugely useful documents for creating a secure environment following Zero Trust principles.
Fundamentals Documentation - Zero Trust Security
This is important and not everyone understands Zero Trust. If you can explain it, you'll look pretty good and do some decent work.
Microsoft 365 Security - Deploying Zero Trust for Microsoft 365
Quite new to me, but after doing some digging I've found this section important. It includes an illustration representing the work of deploying Zero Trust capabilities. I think that's content for another few posts....
These documents are what I think is important for new and seasoned cloud security folk who work with Microsoft slash Azure. I'm sure when I delve to the darkside (AWS) I'll do a similar post.