Merge pull request #280009 from vhorne/sec-hub-update

v-regandowner · web-flow · commit 89b1d95b7368 · 2024-07-03T13:45:52.000-04:00
Update current hub based on consolidation
diff --git a/articles/networking/security/index.yml b/articles/networking/security/index.yml
@@ -12,20 +12,20 @@ metadata:
   author: vhorne
   ms.author: victorh
   manager: kumudD
-  ms.date: 11/17/2023
+  ms.date: 07/03/2024
 
 highlightedContent:
 # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new 
   items: 
     - title: Azure network security overview 
       itemType: overview # controls the icon image and super-title text 
       url: ../../security/fundamentals/network-overview.md
-    - title: Configure network security
-      itemType: learn
-      url: /training/modules/network-security/
+    - title: Azure best practices for network security
+      itemType: concept
+      url: ../../security/fundamentals/network-best-practices.md
     - title: What's new in Azure Networking and Security? 
       itemType: whats-new 
-      url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/bg-p/AzureNetworkSecurityBlog
+      url: https://azure.microsoft.com/en-us/updates/?category=networking&query=security
     - title: Azure Well-Architected Framework review - Azure Firewall
       itemType: architecture
       url: /azure/well-architected/services/networking/azure-firewall
@@ -38,149 +38,124 @@ highlightedContent:
     - title: Choose a secure network topology
       itemType: concept
       url: ../secure-network-topology.md
-    - title: Choose a secure application delivery service
+    - title: Azure networking services overview
       itemType: concept
-      url: ../secure-application-delivery.md
+      url: ../fundamentals/networking-overview.md
+
+productDirectory:
+  title: Get started
+  items:
+    - title: Azure Firewall
+      summary: Native firewalling capabilities with built-in high availability, unrestricted cloud scalability, and zero maintenance
+      imageSrc: https://static.docs.com/ui/media/product/azure/firewall.svg
+      url: ../../firewall/index.yml
+    - title: Azure Web Application Firewall
+      summary: A cloud-native web application firewall (WAF) service that provides powerful protection for web apps
+      imageSrc: https://static.docs.com/ui/media/product/azure/frontdoor-waf-policies.svg
+      url: ../../web-application-firewall/index.yml
+    - title: Azure DDoS Protection
+      summary: Protect your applications from Distributed Denial of Service (DDoS) attacks.
+      imageSrc: https://static.docs.com/ui/media/product/azure/ddos-protection.svg
+      url: ../../ddos-protection/index.yml
+    - title: Firewall Manager
+      imageSrc: https://static.docs.com/ui/media/product/azure/firewall-manager.svg
+      summary: "Central network security policy and route management for globally distributed, software-defined perimeters"
+      url: ../../firewall-manager/index.yml
 
 
 # additionalContent section (optional)
 # Card with links style
 additionalContent:
   # Supports up to 4 sections
   sections:
-    - title: Secure your perimeter  # < 60 chars (optional)
+    - title: Use cases and scenarios  # < 60 chars (optional)
       items:
         # Card
-        - title: I want to...
+        - title: Secure your perimeter
           links:
-            - text: Protect my network from DDos attacks
-              url: ../../ddos-protection/ddos-protection-overview.md
             - text: Protect my outbound network connections
               url: ../../firewall/overview.md
             - text: Protect my inbound web application connections
               url: ../../web-application-firewall/overview.md
-            - text: Manage my network firewall
-              url: ../../firewall-manager/overview.md
-            - text: Learn more about Azure Firewall
-              url: ../../firewall/index.yml
-            - text: Learn about the Azure Firewall solution for Microsoft Sentinel
-              url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/new-detections-hunting-queries-and-response-automation-in-azure/ba-p/2688746
-            - text: Detect malware
-              url: ../../firewall/detect-malware-with-sentinel.md
-            - text: Detect new threats
-              url: ../../web-application-firewall/waf-new-threat-detection.md
-            - text: Enhance network security using custom WAF geomatch rules
-              url: ../../web-application-firewall/geomatch-custom-rules-examples.md
-        - title: Training
-          links:
-            - text: Introduction to Azure Firewall
-              url: /training/modules/introduction-azure-firewall/
-            - text: Introduction to Azure Firewall Manager
-              url: /training/modules/intro-to-azure-firewall-manager/
-            - text: Introduction to Azure Web Application Firewall
-              url: /training/modules/introduction-azure-web-application-firewall/
-            - text: Design and implement network security
-              url: /training/modules/design-implement-network-security-monitoring/
-            - text: Design solutions for network security
-              url: /training/modules/design-solutions-network-security/
-            - text: Design and implement network monitoring
-              url: /training/modules/design-implement-network-monitoring/
-        - title: Architecture
-          links:
-            - text: Implement the Zero Trust model
-              url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/zero-trust-with-azure-network-security/ba-p/3668280
-            - text: Apply Zero Trust principles to an Azure Virtual WAN deployment
-              url: /security/zero-trust/azure-virtual-wan
-            - text: Securely managed web applications
-              url: /azure/architecture/example-scenario/apps/fully-managed-secure-apps
-            - text: Firewall and Application Gateway for virtual networks
-              url: /azure/architecture/example-scenario/gateway/firewall-application-gateway
-            - text: Improved-security access to multitenant web apps from an on-premises network
-              url: /azure/architecture/web-apps/guides/networking/access-multitenant-web-app-from-on-premises
             - text: Implement a secure hybrid network
               url: /azure/architecture/reference-architectures/dmz/secure-vnet-dmz?tabs=portal
-            - text: Mission-critical baseline architecture with network control
-              url: /azure/architecture/reference-architectures/containers/aks-mission-critical/mission-critical-network-architecture
-            - text: Build the first layer of defense with Azure Security services
-              url: /azure/architecture/solution-ideas/articles/azure-security-build-first-layer-defense
-            - text: Secure and govern workloads with network-level segmentation
-              url: /azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation
-    - title: Secure your virtual networks
-      items:
         # Card
-        - title: I want to...
+        - title: Secure your virtual networks
           links:
-            - text: Secure networks with Zero Trust
-              url: /security/zero-trust/deploy/networks
-            - text: Filter network traffic between Azure resources
-              url: ../../virtual-network/network-security-groups-overview.md
-            - text: Secure access to Azure services
-              url: ../../virtual-network/virtual-network-service-endpoints-overview.md
             - text: Inspect traffic to a private endpoint
               url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/deploy-azure-firewall-to-inspect-traffic-to-a-private-endpoint/ba-p/3714575
-            - text: Learn more about Azure Virtual Network
-              url: ../../virtual-network/index.yml
-            - text: Create a site-to-site VPN connection
-              url: ../../vpn-gateway/tutorial-site-to-site-portal.md
-            - text: Deploy security admin rules with Virtual Network manager
-              url: ../../virtual-network-manager/how-to-block-network-traffic-portal.md
-        - title: Training
-          links:
-            - text: Configure network security groups
-              url: /training/modules/configure-network-security-groups/
-            - text: Secure and isolate access to Azure resources by using network security groups and service endpoints
-              url: /training/modules/secure-and-isolate-with-nsg-and-service-endpoints/
-            - text: Troubleshoot platform-as-a-service issues in Microsoft Azure
-              url:  /training/modules/troubleshoot-platform-service-issues/
-            - text: Connect my on-premises network to Azure with VPN gateways
-              url: /training/modules/connect-on-premises-network-with-vpn-gateway/
             - text: Monitor and troubleshoot your end-to-end Azure network infrastructure
               url: /training/modules/troubleshoot-azure-network-infrastructure/
-        - title: Architecture
-          links:
-            - text: Apply Zero Trust principles to a spoke virtual network in Azure
-              url: /security/zero-trust/azure-infrastructure-iaas
-            - text: Apply Zero Trust principles to a hub virtual network in Azure
-              url: /security/zero-trust/azure-infrastructure-networking
             - text: Hub-spoke network topology in Azure
               url: /azure/architecture/reference-architectures/hybrid-networking/hub-spoke
-            - text: Choose between virtual network peering and VPN gateways
-              url: /azure/architecture/reference-architectures/hybrid-networking/vnet-peering
-            - text: Extend an on-premises network using ExpressRoute
-              url: /azure/architecture/reference-architectures/hybrid-networking/expressroute
             - text: Azure Network Virtual Application Firewall architecture
               url: /azure/architecture/example-scenario/firewalls/
-    - title: Protect your apps and services
-      items:
         # Card
-        - title: I want to...
+        - title: Protect your apps and services
           links:
             - text: Protect my service from DDoS attacks
               url: ../../ddos-protection/ddos-protection-overview.md
-            - text: Protect against PaperCut vulnerability
-              url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/protect-against-papercut-vulnerability-with-azure-firewall/ba-p/3859945
+            - text: Learn more about Azure DDoS Protection
+              url: ../../ddos-protection/index.yml
+            - text: Introduction to Azure DDoS Protection
+              url: /training/modules/introduction-azure-ddos-protection/
+            - text: Use Azure Firewall to help protect an Azure Kubernetes Service (AKS) cluster
+              url: /azure/architecture/guide/aks/aks-firewall
+    - title: Learn more about Azure network security
+      items:
+        # Card
+        - title: Scenarios
+          links:
             - text: Securely access my PaaS Services in Azure
               url: ../../private-link/private-link-overview.md
             - text: Create a private interface to connect to a service
               url: ../../private-link/private-endpoint-overview.md
             - text: Connect a service using a private link 
               url: ../../private-link/private-link-service-overview.md
-            - text: Learn more about Azure DDoS Protection
-              url: ../../ddos-protection/index.yml
+            - text: Apply Zero Trust principles to a spoke virtual network with Azure PaaS Services
+              url: /security/zero-trust/azure-infrastructure-paas
+            - text: Secure networks with Zero Trust
+              url: /security/zero-trust/deploy/networks
+            - text: Filter network traffic between Azure resources
+              url: ../../virtual-network/network-security-groups-overview.md
+            - text: Secure access to Azure services
+              url: ../../virtual-network/virtual-network-service-endpoints-overview.md
+            - text: Deploy security admin rules with Virtual Network manager
+              url: ../../virtual-network-manager/how-to-block-network-traffic-portal.md
+            - text: Apply Zero Trust principles to a spoke virtual network in Azure
+              url: /security/zero-trust/azure-infrastructure-iaas
+            - text: Apply Zero Trust principles to a hub virtual network in Azure
+              url: /security/zero-trust/azure-infrastructure-networking
+            - text: Implement the Zero Trust model
+              url: https://techcommunity.microsoft.com/t5/azure-network-security-blog/zero-trust-with-azure-network-security/ba-p/3668280
+            - text: Apply Zero Trust principles to an Azure Virtual WAN deployment
+              url: /security/zero-trust/azure-virtual-wan
+
+
         - title: Training
           links:
-            - text: Introduction to Azure DDoS Protection
-              url: /training/modules/introduction-azure-ddos-protection/
             - text: Introduction to Azure Private Link
               url: /training/modules/introduction-azure-private-link/
             - text: Design and implement private access to Azure Services
               url: /training/modules/design-implement-private-access-to-azure-services/
             - text: Encrypt network traffic end to end with Application gateways
               url: /training/modules/end-to-end-encryption-with-app-gateway/
+            - text: Configure network security groups
+              url: /training/modules/configure-network-security-groups/
+            - text: Secure and isolate access to Azure resources by using network security groups and service endpoints
+              url: /training/modules/secure-and-isolate-with-nsg-and-service-endpoints/
+            - text: Connect my on-premises network to Azure with VPN gateways
+              url: /training/modules/connect-on-premises-network-with-vpn-gateway/
+            - text: Design and implement network security
+              url: /training/modules/design-implement-network-security-monitoring/
+            - text: Design solutions for network security
+              url: /training/modules/design-solutions-network-security/
+            - text: Design and implement network monitoring
+              url: /training/modules/design-implement-network-monitoring/
+
+
         - title: Architecture
           links:
-            - text: Apply Zero Trust principles to a spoke virtual network with Azure PaaS Services
-              url: /security/zero-trust/azure-infrastructure-paas
             - text: Zero-trust network for web applications with Azure Firewall and Application Gateway
               url: /azure/architecture/example-scenario/gateway/application-gateway-before-azure-firewall
             - text: Azure Private Link in a hub-and-spoke network
@@ -189,29 +164,13 @@ additionalContent:
               url: /azure/architecture/guide/networking/private-link-virtual-wan-dns-guide
             - text: Secure network access to Kubernetes
               url: /azure/architecture/aws-professional/eks-to-aks/private-clusters
-            - text: Use Azure Firewall to help protect an Azure Kubernetes Service (AKS) cluster
-              url: /azure/architecture/guide/aks/aks-firewall
-    - title: Secure your virtual machines
-      items:
-        # Card
-        - title: I want to...
-          links:
-            - text: Connect to my VMs without a public IP address exposure
-              url: ../../bastion/bastion-overview.md
-            - text: Learn more about Azure Bastion
-              url: ../../bastion/index.yml
-            - text: Enable just-in-time access on VMs
-              url: ../../defender-for-cloud/just-in-time-access-usage.yml
-        - title: Training
-          links:
-            - text: Configure the network for your virtual machines
-              url: /training/modules/configure-network-for-azure-virtual-machines/
-            - text: Introduction to Azure Bastion
-              url: /training/modules/intro-to-azure-bastion/
-            - text: Connect to a VM using Azure Bastion
-              url: /training/modules/connect-vm-with-azure-bastion/
-        - title: Architecture
-          links:
-            - text: Multilayered protection for Azure virtual machine access
-              url: /azure/architecture/solution-ideas/articles/multilayered-protection-azure-vm
-
+            - text: Extend an on-premises network using ExpressRoute
+              url: /azure/architecture/reference-architectures/hybrid-networking/expressroute
+            - text: Securely managed web applications
+              url: /azure/architecture/example-scenario/apps/fully-managed-secure-apps
+            - text: Mission-critical baseline architecture with network control
+              url: /azure/architecture/reference-architectures/containers/aks-mission-critical/mission-critical-network-architecture
+            - text: Build the first layer of defense with Azure Security services
+              url: /azure/architecture/solution-ideas/articles/azure-security-build-first-layer-defense
+            - text: Secure and govern workloads with network-level segmentation
+              url: /azure/architecture/reference-architectures/hybrid-networking/network-level-segmentation
