Microsoft model for a scalable Cloud Adtoption is based on the Enterprise Scale Architecture and I think this is a scalable and useful modell for every customer that uses Azure ressources. It´s based on the definition to granulary devide the workloads in different subscriptions and gives via Management Groups the possibility to group this differnent subscription into workload groups like Development, Core, etc. I know many customers struggle with this model and mistakenly think that Enterprise Scale is a reference to Enterprise customers, but this is not the case.
Based on the Enterprise Scale Architecture some services and security features can only be activated on subscription level to guarante that each resource inside the subscription is secured. This basis makes it even more important for customers to consider the Enterprise Scale Architecture or to orient themselves towards it.
The Microsoft Defender for Cloud and especially the Defender for Server P1 and P2 plans can only be activated on subscription level in the past. Microsoft has decided to change this and now allow plans to be activated at resource level (per server). It is important to understand that the principled approach activating on Subscription Level and the Enterprise Scale architecture are still valid and needed and this possibility is only a concession to cover certain requirements:
Continue reading Enable granular pricing for Defender for Servers P1 or P2 on specific resources within your subscription via API/Powershell
- manage security configurations at a lower hierarchy level
- flexibility for excluding specific resources (VMs) inside the subscription
- enable different plans on subscription because for implementation of Enterprise Scale approach
Microsoft announces with the Azure Firewall Standard and Premium two native Firewall Services available as PaaS solution what are a great benefit to classic Firewall deployments, because of native Autoscaling Features, no need for VM Management and more. Unfortunately the price was to high for SMBs, with 900€ for the Standard and over 1200€ for the Premium Edition. A frequently requested Features, was a cheaper variant aimed at small and medium businesses.
This wish has been answered and last year October with the Azure Firewall Basic edition (public preview). The Azure Firewall Basic (AzFw Basic) has leaved the Public Preview and are now GA. T
he planned subscription must first be prepared before the deployment can begin with some Powershell commands.
Now Azure offers three different Azure Firewall solutions. The following table list the different SKUs and the price for using in West Europe (03/2023).
Microsoft has made some changes to deploy the Firewall Basic compared to the Firewall Standard and Premium SKU for better Service avalability. This article will give you a short overview of this changes.
Continue reading Azure Firewall Basic SKU is now GA
One of my goal this year was to work more and more with the Microsoft security solutions and got deeper into the different services and possibilities. My focus on this is to get a better understanding how we can secure our Hybrid Cloud environment with the different Microsoft defender products.
About the Microsoft Security Community
Continue reading How I successfully passed the MS Defender for Cloud Ninja training and how the security community helped me