azure 安全组
As more organizations are delivering innovation faster by moving their businesses to the cloud, increased security is critically important for every industry. Azure has built-in security controls across data, applications, compute, networking, identity, threat protection, and security management so you can customize protection and integrate partner solutions.
随着越来越多的组织通过将业务转移到云中来更快地交付创新,提高安全性对于每个行业都至关重要。 Azure具有跨数据,应用程序,计算,网络,身份,威胁保护和安全管理的内置安全控件,因此您可以自定义保护并集成合作伙伴解决方案。
We keep investing in security and we are excited to share exciting updates this week at Hannover Messe 2019. We are excited to announce that Dedicated Hardware Security Module Service (HMS) in UK, Canada, and Australia, Azure disk encryption support for Virtual Machine Scale Sets (VMSS) are generally available. Also Advanced Threat Protection for Azure Storage, the Regulatory Compliance Dashboard, and support for virtual machine sets are now generally available as part of Azure Security Center.
我们一直在安全方面进行投资,我们很高兴在本周的Hannover Messe 2019上分享令人振奋的更新。我们很高兴地宣布,英国,加拿大和澳大利亚的专用硬件安全模块服务(HMS)专用于虚拟机规模的Azure磁盘加密支持集(VMSS)通常可用。 现在,作为Azure安全中心的一部分,通常还提供了Azure存储的高级威胁防护,法规遵从性仪表板以及对虚拟机集的支持。
现在普遍提供Azure存储的高级威胁防护 (Advanced Threat Protection for Azure Storage is now generally available)
Advanced Threat Protection for Azure Storage helps customers detect and respond to potential threats on their storage account as they occur. This layer of protection allows you to protect and address concerns without needing to be an expert in security. Enabling it is quick and simple. Once enabled, security alerts are triggered when suspicious activity occurs and you can view them listed in Azure Security Center. Security alerts provide details of suspicious activity that was detected and recommended actions to take to investigate and mitigate the potential threat.
Azure存储的高级威胁防护可帮助客户在存储帐户发生潜在威胁时对其进行检测并做出响应。 此保护层使您无需成为安全专家即可保护和解决问题。 启用它既快速又简单。 启用后,当发生可疑活动时会触发安全警报,您可以查看Azure安全中心中列出的警报。 安全警报提供检测到的可疑活动的详细信息,以及建议采取的调查和缓解潜在威胁的措施。
The benefits of Advanced Threat Protection for Azure Storage includes:
Azure存储的高级威胁防护的优势包括:
- Detection of anomalous access and data exfiltration activities. 检测异常访问和数据泄露活动。
- Email alerts with actionable investigation and remediation steps. 电子邮件警报,其中包含可行的调查和补救步骤。
- Centralized views of alerts for the entire Azure tenant using Azure Security Center. 使用Azure安全中心的整个Azure租户的警报的集中视图。
- Easy enablement for many storage accounts using the Azure portal, Azure Policy, or Standard Azure APIs. 使用Azure门户,Azure策略或标准Azure API轻松启用许多存储帐户。
To learn more, refer to the documentation, “Advanced Threat Protection for Azure Storage,” or the Azure Security Center pricing page.
若要了解更多信息,请参考文档“ Azure存储的高级威胁防护 ”,或Azure安全中心定价页面。
Azure安全中心中的法规遵从性仪表板通常可用 (Regulatory compliance dashboard in Azure Security Center is generally available)
We are pleased to announce that the regulatory compliance dashboard in Azure Security Center is now generally available! The dashboard helps Security Center customers streamline their compliance process by providing insight into their compliance posture for a set of supported standards and regulations.
我们很高兴地宣布,Azure安全中心中的法规遵从性仪表板现已普遍可用! 仪表板通过提供对一组支持的标准和法规的合规状况的洞察力,帮助Security Center客户简化其合规流程。
The compliance dashboard surfaces security assessments and recommendations as they align to specific compliance requirements based on continuous assessments of your Azure and hybrid environments. The dashboard also provides actionable information for how to act on recommendations and reduce risk factors in your environment, and thus improve your overall compliance posture.
合规性仪表板会根据对Azure和混合环境的持续评估,使安全评估和建议与特定合规性要求保持一致,从而使它们得以体现。 仪表板还提供有关如何根据建议采取行动并减少环境中的风险因素,从而改善整体合规性的可行信息。
The information provided by the regulatory compliance dashboard can be very useful for providing evidence to internal and external auditors on your compliance status with the supported standards. To further facilitate this, you can now generate and download a compliance report directly from the compliance dashboard. The report can be generated for a particular supported compliance standard and depicts a high-level summary of your current compliance status with respect to that standard. In addition, you can now automate compliance processes and manage them at scale using programmatic APIs.
监管合规性仪表板提供的信息对于为内部和外部审计师提供有关您符合受支持标准的合规性状态的证据非常有用。 为了进一步简化此过程,您现在可以直接从合规性仪表板生成并下载合规性报告。 可以针对特定的受支持合规性标准生成报告,并描述有关该标准的当前合规性状态的高级摘要。 此外,您现在可以自动化合规性流程,并使用编程API对其进行大规模管理。
To learn more about regulatory compliance in Azure Security Center, visit the documentation, “Tutorial: Improve your regulatory compliance.”
若要了解有关Azure安全中心中法规遵从性的更多信息,请访问文档“ 教程:改善法规遵从性” 。
Azure安全中心现在支持虚拟机规模集 (Azure Security Center now supports Virtual Machine Scale Sets)
Security Center can now protect your Virtual Machine Scale Sets. You can easily monitor the security posture of your VM Scale Sets with security recommendations to increase overall security, reduce vulnerabilities, and detect threats with Security Center’s advanced threat detection capabilities.
安全中心现在可以保护您的虚拟机规模集。 您可以使用安全建议轻松监视VM规模集的安全状况,以提高整体安全性,减少漏洞并使用Security Center的高级威胁检测功能检测威胁。
Security Center automatically discovers your VM Scales Sets and recommends that you install the monitoring agent to get better security assessments and enable events-based threat detection.
安全中心会自动发现您的VM规模集,并建议您安装监视代理程序以获得更好的安全性评估并启用基于事件的威胁检测。
You can view the security health and recommendations of each VM scale set:
For every VM scale set instance, you can benefit from a list of recommendations such as:
对于每个VM规模集实例,您可以从以下建议列表中受益:
- Install the monitoring agent 安装监视代理
- Remediate vulnerabilities in security configuration 补救安全配置中的漏洞
- Remediate endpoint protection health failures 修复端点保护运行状况失败
- Install endpoint protection solution on virtual machine scale sets 在虚拟机规模集上安装端点保护解决方案
- Install system updates 安装系统更新
- Enable diagnostics logs in Virtual Machine Scale Sets’ 在“虚拟机规模集”中启用诊断日志
Threat detection alerts are also available for VM scale sets instances for any VM protected by Security Center standard tier. To learn more on VM Scale Set support.
威胁检测警报也可用于受Security Center标准层保护的任何VM的VM规模集实例。 要了解有关VM Scale Set支持的更多信息 。
Note: Pricing of VM scale sets instances is the same as VM. For detailed information visit our pricing page.
注意: VM规模集实例的定价与VM相同。 有关详细信息,请访问我们的 定价页面。
宣布在英国,加拿大和澳大利亚地区推出Azure专用HSM服务 (Announcing Azure Dedicated HSM service availability in UK, Canada, and Australia regions)
The Azure Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements. This service is the ideal solution for customers requiring FIPS 140-2 Level 3 validated devices and complete, exclusive control of the HSM appliance. The Dedicated HSM service uses SafeNet Luna Network HSM 7 devices from Gemalto. This device offers the highest levels of performance and cryptographic integration options and makes it simple for you to migrate HSM-protected applications to Azure. The Azure Dedicated HSM is leased on a single-tenant basis.
Azure专用硬件安全模块(HSM)服务在Azure中提供加密密钥存储,并满足最严格的客户安全性和合规性要求。 对于需要FIPS 140-2 Level 3认证设备以及对HSM设备进行完全控制的客户,这项服务是理想的解决方案。 专用HSM服务使用金雅拓的SafeNet Luna Network HSM 7设备 。 此设备提供了最高级别的性能和加密集成选项,使您可以轻松将受HSM保护的应用程序迁移到Azure。 Azure专用HSM是按单租户租用的。
The Azure Dedicated HSM service was originally announced in 8 Azure public regions on November 28, 2018 and we are now pleased to announce that the service is expanded to the UK, Canada, and Australia. With this new announcement, the Dedicated HSM service is now available in 14 regions namely, East US, West US, South Central US, East US 2, Southeast Asia, East Asia, West Europe, North Europe, UK South, UK West, Canada Central, Canada East, Australia East, and Australia Southwest regions. We plan to continue expanding this service to other Azure regions.
Azure专用HSM服务最初于2018年11月28日在8个Azure公共区域中宣布,我们现在很高兴地宣布该服务已扩展到英国,加拿大和澳大利亚。 通过此新公告,专用HSM服务现已在14个地区提供,即美国东部,美国西部,美国中南部,美国东部2,东南亚,东亚,西欧,北欧,英国南,英国西加拿大中部,加拿大东部,澳大利亚东部和澳大利亚西南地区。 我们计划继续将此服务扩展到其他Azure区域。
To learn about the Dedicated HSM service availability announcement, please refer to blog post, “Announcing Azure Dedicated HSM availability.”
要了解有关专用HSM可用性的公告,请参阅博客文章“ 宣布Azure专用HSM可用性” 。
To learn more about the Azure Dedicated HSM service, please refer to the service documentation.
若要了解有关Azure专用HSM服务的更多信息,请参考服务文档 。
- To learn about pricing and suitability of this service for your applications, please contact your Microsoft Account representative. 若要了解此服务的价格和适用性,请与您的Microsoft客户代表联系。
宣布虚拟机规模集的Azure磁盘加密常规可用性 (Announcing Azure Disk Encryption general availability for Virtual Machine Scale Sets)
Today, we are excited to announce the general availability of Azure Disk Encryption (ADE) for Virtual Machine Scale Sets (VMSS). With this announcement, Azure disk encryption can be enabled for Windows and Linux Virtual Machine Scale Sets in Azure public regions. This enables customers to help protect and safeguard the Virtual Machine Scale Sets data at rest using industry standard encryption technology.
今天,我们很高兴地宣布虚拟机规模集(VMSS)的Azure磁盘加密(ADE)的普遍可用性。 通过此公告,可以为Azure公共区域中的Windows和Linux虚拟机规模集启用Azure磁盘加密。 这使客户能够使用行业标准的加密技术来帮助保护和维护静态的虚拟机规模集数据。
Azure Disk Encryption is a capability that helps you encrypt your Windows and Linux IaaS Virtual Machine Scale Sets disks. Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption of disks. The solution is integrated with Azure Key Vault to help you control and manage the disk-encryption keys and secrets. The solution also ensures that all data on the VM disks are encrypted at rest in your Azure Storage.
Azure磁盘加密功能可帮助您加密Windows和Linux IaaS虚拟机规模集磁盘。 磁盘加密利用Windows的行业标准BitLocker功能和Linux的DM-Crypt功能来提供磁盘的卷加密。 该解决方案与Azure Key Vault集成在一起,可帮助您控制和管理磁盘加密密钥和机密。 该解决方案还确保VM磁盘上的所有数据在Azure存储中处于静止状态时被加密。
The solution is deployed in all Azure public regions. Additional details on supported and unsupported scenarios, interfaces, and how you can use the disk encryption technology to encrypt your Virtual Machine Scale Sets and validate your scenarios is documented below.
该解决方案已部署在所有Azure公共区域中。 下面介绍了有关受支持和不受支持的方案,接口以及如何使用磁盘加密技术来加密虚拟机规模集和验证方案的其他详细信息。
支持的方案 (Supported scenarios)
- Virtual Machine Scale Sets encryption is supported only for scale sets created with managed disks, and not supported for native (or unmanaged) disk scale sets. 仅使用托管磁盘创建的规模集支持虚拟机规模集加密,而本机(或非托管)磁盘规模集不支持虚拟机规模集加密。
- Virtual Machine Scale Sets encryption is supported for OS and Data volumes for Windows Virtual Machine Scale Sets. Windows虚拟机规模集的OS和数据卷支持虚拟机规模集加密。
- Disable encryption is supported for OS and data volumes for Windows Virtual Machine Scale Sets. Windows虚拟机规模集的操作系统和数据量支持禁用加密。
- Virtual Machine Scale Sets encryption is supported for data volume for Linux Virtual Machine Scale Sets. Disable encryption is supported for data volumes for Linux Virtual Machine Scale Sets. Linux虚拟机规模集的数据量支持虚拟机规模集加密。 Linux虚拟机规模集的数据卷支持禁用加密。
- Virtual Machine Scale Sets reimage and upgrade operations are supported. 支持虚拟机规模集重新映像和升级操作。
- The key vault to safeguard the encryption must be provisioned with the right access policies in the same subscription and same region as the Virtual Machine Scale Sets. 必须在与虚拟机规模集相同的订阅中和相同的区域中为正确的访问策略提供用于保护加密的密钥保管库。
不支持的方案 (Unsupported scenarios)
- Virtual Machine Scale Sets encryption is not supported for scale sets created with native (or unmanaged) disk. 使用本地(或非托管)磁盘创建的规模集不支持虚拟机规模集加密。
- Virtual Machine Scale Sets encryption is not supported for OS volume for Linux Virtual Machine Scale Sets encryption. Linux虚拟机规模集加密的OS卷不支持虚拟机规模集加密。
For additional details on Azure Disk Encryption support for Virtual Machine Scale Sets, refer to the below ADE documentation:
有关虚拟机规模集的Azure磁盘加密支持的其他详细信息,请参阅下面的ADE文档:
Our continued investments in Azure security can help you reduce costs and complexity with a highly secure cloud foundation managed by Microsoft. Use multi-layered, built-in security controls, and unique threat intelligence from Azure to help identify and protect against rapidly evolving threats. To learn more about Azure Security please visit Azure Security homepage. To try Azure Security Center’s new capabilities, please visit the Azure Security Center homepage. As always, for any feedback or additional information contact our team at SecurityCenter@microsoft.com.
我们对Azure安全的持续投资可以通过Microsoft管理的高度安全的云基础来帮助您降低成本和复杂性。 使用Azure的多层内置安全控制和独特的威胁情报,可以帮助识别和防御Swift发展的威胁。 若要了解有关Azure安全的更多信息,请访问Azure安全主页。 若要尝试Azure安全中心的新功能,请访问Azure安全中心主页。 与往常一样,对于任何反馈或其他信息,请通过SecurityCenter@microsoft.com与我们的团队联系。
Learn how Microsoft partners are building a sustainable future at Hannover Messe 2019.
在2019年汉诺威工业博览会上了解Microsoft合作伙伴如何构建可持续发展的未来。
This blog post was co-authored by Ron Matchoro, Principal Program Manager, Ronit Reger, Senior Program Manager, Miri Landau, Senior Program Manager, and Devendra Tiwari, Principal PM Manager, Azure Security Center.
该博客文章由首席程序经理Ron Matchoro,高级程序经理Ronit Reger,高级程序经理Miri Landau和Azure安全中心首席PM经理Devendra Tiwari共同撰写。
azure 安全组
526
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
