Versions Compared

Version Old Version 41 New Version 42
Changes made by

thierry sinassamy

thierry sinassamy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

APPLICATIVE SECURITY : Combining thes milestones 2 & 3

...

  1. Access restrictions in App Service are equivalent to a firewall allowing you to block and filter traffic. Access restrictions apply to inbound access only (App Service Access restrictions - Azure App Service | Microsoft Learn). (The ability to restrict access to your web app from an Azure virtual network uses service endpoints. With service endpoints, you can restrict access to a multitenant service from selected subnets (Azure App Service access restrictions - Azure App Service | Microsoft Learn).

  2. XXXX

  3. Virtual Network

...

  1. Integration : It gives your app access to resources in your virtual network, but it doesn't grant inbound private access to your app from the virtual network. Iy is used only to make outbound calls from your app into your virtual network. For inbound private access, we need to refer to private endpoints and so, we need to deploy the ap behind private endpoint (Connect privately to an App Service apps using private endpoint - Azure App Service | Microsoft Learn | Azure App Service access restrictions - Azure App Service | Microsoft Learn)

...

  1. Virtual Network Peering would be added if we decide to create ressources deployed in other VNet : Azure Virtual Network peering | Microsoft Learn

...

  1. connectivity between on-premise server and Azure VNet will be implemented via an ExpressRoute (private peering) or VPN

...

  1. To prevent data exfiltration or the risk of malicious program implantation, we can control the outbound traffic with Azure Firewall. By default, App Service can make outbound request to the public Internet. As our App Service is integrated with Azure VNet, we can control the outbound traffic with Network Security Group to a limited extend (such as target IP address, Port and Protocol) : App Service outbound traffic control with Azure Firewall - Azure App Service | Microsoft Learn

Azure Storage :

Logging & threat detection : Defender for App Service & Diagnostic log with Azure Monitor.

...

Privileged access : Least Privilege principle.Data Protection : data discovery with Purview or Azure Information Protection, encyrpt data in transit (SSL/TLs certificates), prevent loss prevention but we can reduce data exfiltration with NSG or Azure Firewall, enable data at rest encryption using CMK

Network & CyberSecurity : Combining the milestones 2 & 3

...