Announcing availability of Azure Sentinel, Azure AD Domain Services and DDoS Protection in Azure Government

Azure Gov Team

Azure Gov Team

Azure Government continues to invest in delivering new cloud capabilities to government customers at a rapid pace. On the security side, we’ve recently added several new services to give you greater choice and help you optimize the security of your digital estate.

New security services available in Azure Government include Azure Sentinel, Azure Active Directory Domain Services (Azure AD Domain Services), and Azure DDoS Protection.

Learn more about these services below, read about additional new services in our March blog on new services in Azure Government to enhance your security posture, and reach out to us with any questions at azgovfeedback@microsoft.com. For a complete list of services, view Azure services by region.

Azure Sentinel

Invest in security, not infrastructure setup and maintenance with the first cloud-native SIEM from a major cloud provider, Azure Sentinel. Sentinel provides a birds-eye view across the enterprise, standing watch and helping you:

  • Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
  • Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence
  • Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks

Image SecurityBlog part2 SentinelConnect to and collect data from all your sources including users, applications, servers, and devices running on-premises or in any cloud. Integrate with existing tools, whether business applications, other security products, internal tools, or machine-learning models.

Azure Sentinel resources:

 

Azure Active Directory Domain Services

Use Azure Active Directory Domain Services (Azure AD Domain Services) to join Azure machines virtual to a domain, without having to deploy domain controllers. Use Group Policy to more securely administer domain-joined virtual machines—a familiar way to apply and enforce security baselines on all of your Azure virtual machines. Migrate on-premises apps to Azure with no identity worries using Azure AD Domain Services features like domain join, LDAP, NT LAN Manager (NTLM), and Kerberos authentication.

Azure AD Domain Services can also help you migrate legacy directory-aware applications running on-premises to Azure, without having to worry about identity requirements. On Linux and Windows Server virtual machines on Azure, easily deploy line-of-business applications. You don’t have to deploy domain controllers as Azure virtual machines or use a VPN connection back to your identity infrastructure.

How it works

To provide identity services, Azure creates an AD Domain Services instance on a virtual network of your choice. Behind the scenes, a pair of Windows Server domain controllers is created that run on Azure VMs. You don’t need to manage, configure, or update these domain controllers. The Azure platform manages the domain controllers as part of the Azure AD Domain Services.

The Azure AD Domain Services managed domain is configured to perform a one-way synchronization from Azure AD to provide access to a central set of users, groups, and credentials. You can create resources directly in the Azure AD Domain Services managed domain, but they aren’t synchronized back to Azure AD. Applications, services, and VMs in Azure that connect to this virtual network can then use common AD Domain Services features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.

Image SecurityBlog part2 ActiveDirectory

In a hybrid environment with an on-premises AD DS environment, Azure AD Connect synchronizes identity information with Azure AD, which is then synchronized to Azure AD DS.

Azure Active Directory Domain Services resources

 

Azure DDoS Protection Standard

Azure DDoS Protection provides defense against Distributed denial of service (DDoS) attacks with the scale and elasticity of Azure. Backed by the Microsoft global network, DDoS Protection brings massive DDoS mitigation capacity to every Azure region. Scrub traffic at the Azure network edge before it can impact the availability of your service.

A turnkey defense with adaptive tuning, DDoS Protection can cover all resources on a virtual network with simplified configuration. Always-on traffic monitoring provides near real-time detection of a DDoS attack, with no intervention required.

Azure DDoS protection, combined with application design best practices, provide defense against DDoS attacks. Azure DDoS protection provides a Basic service tier, automatically enabled as part of the Azure platform, and a Standard tier, which provides additional mitigation capabilities tuned specifically to Azure Virtual Network resources. The Standard tier is now available in Azure Government.

Image SecurityBlog part2 DDoSProtectionStandard

DDoS Protection monitors actual traffic utilization and constantly compares it against the thresholds defined in the DDoS Policy. When the traffic threshold is exceeded, DDoS mitigation is initiated automatically. When traffic returns below the threshold, the mitigation is removed.

Azure DDoS Protection resources

 

0 comments

Comments are closed. Login to edit/delete your existing comments