Update to the Azure Secured Workstation
The update to the Secured Workstations Reference Architecture was released this week, and reflects the addition of several Key updates include - Here's the new content in summary:
- Setting up WAF blocking all outbound connections
- This is an interesting section that was provided by a colleague who helped define a set of white-listed URL's and by design block all other traffic. I'd note this is a benchmark of URL's you can use and block when managing Azure.
- Improved conditional access
- Conditional access is also important to ensure that workstation is the only way you manage your Azure subscription. The addition addresses the limitation of managing your cloud from ONLY a secure workstation, and prevent legacy protocols that may not be as secure.
- Setting up ATP, sentinel for monitoring
- Detecting and monitoring your network with the newly minted Azure SIEM. Sentinel offers a great way to agriggate your detection platform. This also provides a good means to collect your alerts.
- Addition of Applocker monitoring using MMA
- Monitoring applocker provides your best way to know what application is running, or installed on a secured workstation. The sample monitoring and script provides a way to quickly enable and track all application deployments.
The changes are designed to help continue drive the advancement of the secured workstation solution, and drive improved protection.
Additionally I've made two small correction that are now reflected in the architecture -
- Addition of hardware selections for root of trust in a supply chain
- Change Low security to Basic security
Let me know if you find the information useful.
Comments
Post a Comment