You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security/fundamentals/services-technologies.md
+29-30Lines changed: 29 additions & 30 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,16 +4,15 @@ description: The article provides a curated list of Azure Security services and
4
4
services: security
5
5
documentationcenter: na
6
6
author: terrylanfear
7
-
manager: barbkess
8
-
editor: TomSh
7
+
manager: rkarlin
9
8
10
9
ms.assetid: a5a7f60a-97e2-49b4-a8c5-7c010ff27ef8
11
-
ms.service: information-protection
12
-
ms.subservice: aiplabels
10
+
ms.service: security
11
+
ms.subservice: security-fundamentals
13
12
ms.topic: conceptual
14
13
ms.tgt_pltfrm: na
15
14
ms.workload: na
16
-
ms.date: 1/29/2019
15
+
ms.date: 01/16/2023
17
16
ms.author: terrylan
18
17
19
18
---
@@ -28,7 +27,7 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
28
27
## General Azure security
29
28
|Service|Description|
30
29
|--------|--------|
31
-
|[Microsoft Defender for Cloud](../../security-center/security-center-introduction.md)| A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.|
30
+
|[Microsoft Defender for Cloud](../../defender-for-cloud/defender-for-cloud-introduction.md)| A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.|
32
31
|[Microsoft Sentinel](../../sentinel/overview.md)| A scalable, cloud-native solution that delivers intelligent security analytics and threat intelligence across the enterprise.|
33
32
|[Azure Key Vault](../../key-vault/general/overview.md)| A secure secrets store for the passwords, connection strings, and other information you need to keep your apps working. |
34
33
|[Azure Monitor logs](../../azure-monitor/logs/log-query-overview.md)|A monitoring service that collects telemetry and other data, and provides a query language and analytics engine to deliver operational insights for your apps and resources. Can be used alone or with other services such as Defender for Cloud. |
@@ -40,34 +39,32 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
40
39
|Service|Description|
41
40
|------|--------|
42
41
|[Azure Storage Service Encryption](../../storage/common/storage-service-encryption.md)|A security feature that automatically encrypts your data in Azure storage. |
43
-
|[StorSimple Encrypted Hybrid Storage](../../storsimple/storsimple-ova-overview.md)| An integrated storage solution that manages storage tasks between on-premises devices and Azure cloud storage.|
44
-
|[Azure Client-Side Encryption](../../storage/common/storage-client-side-encryption.md)| A client-side encryption solution that encrypts data inside client applications before uploading to Azure Storage; also decrypts the data while downloading. |
45
-
|[Azure Storage Shared Access Signatures](../../storage/common/storage-sas-overview.md)|A shared access signature provides delegated access to resources in your storage account. |
46
-
|[Azure Storage Account Keys](../../storage/common/storage-account-create.md)| An access control method for Azure storage that is used for authentication when the storage account is accessed. |
47
-
|[Azure File shares with SMB 3.0 Encryption](../../storage/files/storage-files-introduction.md)|A network security technology that enables automatic network encryption for the Server Message Block (SMB) file sharing protocol. |
48
-
|[Azure Storage Analytics](/rest/api/storageservices/Storage-Analytics)| A logging and metrics-generating technology for data in your storage account. |
42
+
|[Azure StorSimple Virtual Array](../../storsimple/storsimple-ova-overview.md)| An integrated storage solution that manages storage tasks between an on-premises virtual array running in a hypervisor and Microsoft Azure cloud storage.|
43
+
|[Client-Side encryption for blobs](../../storage/blobs/client-side-encryption.md)| A client-side encryption solution that supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client. |
44
+
|[Azure Storage shared access signatures](../../storage/common/storage-sas-overview.md)|A shared access signature (SAS) provides delegated access to resources in your storage account. |
45
+
|[Azure Storage Account Keys](../../storage/common/storage-account-create.md)| An access control method for Azure storage that is used authorize requests to the storage account using either the account access keys or an Azure Active Directory (Azure AD) account (default). |
46
+
|[Azure File shares](../../storage/files/storage-files-introduction.md)| A storage security technology that offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST AP. |
47
+
|[Azure Storage Analytics](../../storage/common/storage-analytics.md)| A logging and metrics-generating technology for data in your storage account. |
49
48
50
49
<!------>
51
50
52
51
## Database security
53
52
|Service|Description|
54
53
|------|--------|
55
54
|[Azure SQL Firewall](/azure/azure-sql/database/firewall-configure)|A network access control feature that protects against network-based attacks to database. |
56
-
|[Azure SQL Cell Level Encryption](/archive/blogs/sqlsecurity/recommendations-for-using-cell-level-encryption-in-azure-sql-database)| A database security technology that provides encryption at a granular level. |
57
55
|[Azure SQL Connection Encryption](/azure/azure-sql/database/logins-create-manage)|To provide security, SQL Database controls access with firewall rules limiting connectivity by IP address, authentication mechanisms requiring users to prove their identity, and authorization mechanisms limiting users to specific actions and data. |
58
-
|[Azure SQL Always Encryption](/sql/relational-databases/security/encryption/always-encrypted-database-engine)|Protects sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. |
59
-
|[Azure SQL Transparent Data Encryption](/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql)| A database security feature that encrypts the storage of an entire database. |
60
-
|[Azure SQL Database Auditing](/azure/azure-sql/database/auditing-overview)|A database auditing feature that tracks database events and writes them to an audit log in your Azure storage account. |
61
-
|[Virtual network rules](/azure/azure-sql/database/vnet-service-endpoint-rule-overview)|A firewall security feature that controls whether the server for your databases and elastic pools in Azure SQL Database or for your dedicated SQL pool (formerly SQL DW) databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks. |
62
-
56
+
|[Azure SQL Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine)|Protects sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database, Azure SQL Managed Instance, and SQL Server databases. |
57
+
|[Azure SQL transparent data encryption](/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql)| A database security feature that helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. |
58
+
|[Azure SQL Database Auditing](/azure/azure-sql/database/auditing-overview)|An auditing feature for Azure SQL Database and Azure Synapse Analytics that tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace, or Event Hubs. |
59
+
|[Virtual network rules](/azure/azure-sql/database/vnet-service-endpoint-rule-overview)|A firewall security feature that controls whether the server for your databases and elastic pools in Azure SQL Database or for your dedicated SQL pool (formerly SQL DW) databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks. |
63
60
64
61
## Identity and access management
65
62
|Service|Description|
66
63
|------|--------|
67
64
|[Azure role-based access control](../../role-based-access-control/role-assignments-portal.md)|An access control feature designed to allow users to access only the resources they are required to access based on their roles within the organization. |
68
-
|[Azure Active Directory](../../active-directory/fundamentals/active-directory-whatis.md)|A cloud-based authentication repository that supports a multi-tenant, cloud-based directory and multiple identity management services within Azure. |
69
-
|[Azure Active Directory B2C](../../active-directory-b2c/overview.md)|An identity management service that enables control over how customers sign-up, sign-in, and manage their profiles when using Azure-based applications. |
70
-
|[Azure Active Directory Domain Services](../../active-directory-domain-services/overview.md)| A cloud-based and managed version of Active Directory Domain Services. |
65
+
|[Azure Active Directory](../../active-directory/fundamentals/active-directory-whatis.md)|A cloud-based identity and access management service that supports a multi-tenant, cloud-based directory and multiple identity management services within Azure. |
66
+
|[Azure Active Directory B2C](../../active-directory-b2c/overview.md)| A customer identity access management (CIAM) solution that enables control over how customers sign-up, sign-in, and manage their profiles when using Azure-based applications. |
67
+
|[Azure Active Directory Domain Services](../../active-directory-domain-services/overview.md)| A cloud-based and managed version of Active Directory Domain Services that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. |
71
68
|[Azure AD Multi-Factor Authentication](../../active-directory/authentication/concept-mfa-howitworks.md)| A security provision that employs several different forms of authentication and verification before allowing access to secured information. |
72
69
73
70
## Backup and disaster recovery
@@ -79,19 +76,21 @@ Over time, this list will change and grow, just as Azure does. Make sure to chec
79
76
## Networking
80
77
|Service|Description|
81
78
|------|--------|
82
-
|[Network Security Groups](../../virtual-network/virtual-network-vnet-plan-design-arm.md)| A network-based access control feature using a 5-tuple to make allow or deny decisions. |
79
+
|[Network Security Groups](../../virtual-network/network-security-groups-overview.md)| A network-based access control feature to filter network traffic between Azure resources in an Azure virtual network. |
83
80
|[Azure VPN Gateway](../../vpn-gateway/vpn-gateway-about-vpngateways.md)| A network device used as a VPN endpoint to allow cross-premises access to Azure Virtual Networks. |
84
-
|[Azure Application Gateway](../../application-gateway/overview.md)|An advanced web application load balancer that can route based on URL and perform SSL-offloading. |
81
+
|[Azure Application Gateway](../../application-gateway/overview.md)|An advanced web traffic load balancer that enables you to manage traffic to your web applications. |
85
82
|[Web application firewall](../../web-application-firewall/overview.md) (WAF)|A feature that provides centralized protection of your web applications from common exploits and vulnerabilities|
|[Azure ExpressRoute](../../expressroute/expressroute-introduction.md)| A dedicated WAN link between on-premises networks and Azure Virtual Networks. |
88
-
|[Azure Traffic Manager](../../traffic-manager/traffic-manager-overview.md)| A global DNS load balancer.|
89
-
|[Azure Application Proxy](../../active-directory/app-proxy/application-proxy.md)| An authenticating front-end used to secure remote access for web applications hosted on-premises. |
90
-
|[Azure Firewall](../../firewall/overview.md)|A managed, cloud-based network security service that protects your Azure Virtual Network resources.|
84
+
|[Azure ExpressRoute](../../expressroute/expressroute-introduction.md)| A feature that lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. |
85
+
|[Azure Traffic Manager](../../traffic-manager/traffic-manager-overview.md)| A DNS-based traffic load balancer.|
86
+
|[Azure Active Directory Application Proxy](../../active-directory/app-proxy/application-proxy.md)| An authenticating front-end used to secure remote access to on-premises web applications. |
87
+
|[Azure Firewall](../../firewall/overview.md)|A cloud-native and intelligent network firewall security service that provides threat protection for your cloud workloads running in Azure.|
91
88
|[Azure DDoS protection](../../ddos-protection/ddos-protection-overview.md)|Combined with application design best practices, provides defense against DDoS attacks.|
92
-
|[Virtual Network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md)|Extends your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection.|
93
-
|[Azure Private Link](../../private-link/private-link-overview.md)|Provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services.|
94
-
|[Azure Bastion](../../bastion/bastion-overview.md)|A service you deploy that lets you connect to a virtual machine using your browser and the Azure portal.|
89
+
|[Virtual Network service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md)| Provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. |
90
+
|[Azure Private Link](../../private-link/private-link-overview.md)|Enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.|
91
+
|[Azure Bastion](../../bastion/bastion-overview.md)|A service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.|
95
92
|[Azure Front Door](../../frontdoor/front-door-application-security.md)|Provides web application protection capability to safeguard your web applications from network attacks and common web vulnerabilities exploits like SQL Injection or Cross Site Scripting (XSS).|
96
93
94
+
## Next steps
97
95
96
+
Learn more about Azure's [end-to-end security](end-to-end.md) and how Azure services can help you meet the security needs of your business and protect your users, devices, resources, data, and applications in the cloud.
0 commit comments