SlideShare a Scribd company logo

Securing Red Hat workloads on Azure - Summary Presentation

Principled Technologies, profile picture
Principled Technologies

Leveraging the strength of cloud-native security As organizations of all sizes continue to adopt the cloud, security remains a serious concern, particularly for industries with stringent compliance requirements. Microsoft Azure, with its extensive service portfolio and integration capabilities, and Red Hat, with its enterprise-grade open-source solutions, combine to offer a robust cloud environment for those prioritizing security. This report has highlighted key security features from both vendors, demonstrating how their collaboration can help organizations protect their data and meet evolving security needs. We encourage organizations deploying Red Hat workloads on Azure to further delve into the publicly available material we have referenced and determine how best to configure their solutions to meet their particular security needs.

Technology
Related topics:
Red Hat Technologies Microsoft Azure Data SecurityIdentity Management Cybersecurity Solutions Threat Detection
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
PT logo A Principled Technologies presentation: Hands-on testing. Real-world results. PT logo Securing Red Hat workloads on Azure: Leveraging the strength of cloud-native security February 2025
PT logo www.principledtechnologies.com About PT Principled Technologies, Inc. (PT) is the leading provider of third-party competitive marketing services for technology. Our hands-on testing mirrors the way real users work with your product and delivers proof points you and they can count on, while our award-winning competitive marketing contextualizes those claims. Learn more at www.principledtechnologies.com. PT logo About our research To explore how Azure can secure Red Hat® workloads in the cloud, we used publicly available materials and interviews with Microsoft and Red Hat subject matter experts (SMEs). Our goal was to research the security features that each platform offers and how they intersect to provide enhanced protection for Red Hat on Azure customers. We found several areas where the two platforms work together to offer a great deal of value, and in our research report, we provide some detail on key security features and benefits available to customers in the Azure and Red Hat ecosystems. This PowerPoint deck summarizes our report, which you can read at https://facts.pt/G94Mifm. February 2025
PT logo Security principles of Azure Shared responsibility model An organization’s security team maintains some responsibilities for securing applications, data, containers, and workloads in the cloud, while Azure also takes some responsibility. Defense in Depth Azure customers should implement security at many levels to mitigate the risk of any point of failure. Zero Trust Zero Trust security always assumes breach and thus requires systems and users to verify every request as though it originated from an uncontrolled network. Secure Future Initiative (SFI) SFI is a multi-year commitment that advances the way Microsoft designs, builds, tests, and operates technology to ensure that Microsoft solutions meet the highest possible standards for security. February 20, 2025 February 2025
PT logo Types of security we researched February 20, 2025 Infrastructure Azure Boost, Retina, Azure Monitor, and other key tools protect the foundational components of IT environments, including physical and virtual systems, networks, and data centers. Application Microsoft Entra ID, Microsoft Defender for Cloud, Red Hat® Insights, and other tools that safeguard software can prevent unauthorized access, data breaches, and malicious exploitation. Data Azure uses many approaches to encrypt data at rest and data in transit. Encryption approaches for data at rest include server-side and Azure disk encryption. Encryption approaches for data in transit include transit layer security (TLS) encryption and more. Code GitHub Advanced Security for Azure DevOps protects code from vulnerabilities, threats, and malicious attacks to ensure integrity, confidentiality, and availability. February 2025
PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Boost, which offloads server virtualization processes onto purpose-built software and hardware, contains several features that could improve the security of Azure Virtual Machines. Azure Monitor collects, analyzes, and responds to monitoring data from Azure and on-premises environments. Retina, the cloud-agnostic, open-source Kubernetes® network observability platform, uses the enhanced Berkeley Packet Filter technology for deep visibility at the kernel level to monitor application and network health and security. Azure Bastion, a fully managed platform-as-a-service solution, can provide secure access to Azure VMs without exposing them to public IP addresses. February 20, 2025 February 2025
PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Firewall and Azure Network Security Groups help secure Azure virtual networks by filtering and managing network traffic while offering threat protection. Change management and policy enforcement • Azure Policy (compliance and governance) can enforce organizational standards while ensuring compliance across large environments. • Azure Arc (single-pane management) provides a centralized platform for managing VMs, Kubernetes® clusters, and databases as if they are part of Azure, enabling consistent management, governance, and security across environments. February 20, 2025 February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure uses many approaches to encrypt data at rest and data in transit. Data at rest encryption approaches include server-side and Azure disk encryption. Data in transit encryption approaches include TLS encryption and more. Data at rest For most scenarios, Microsoft recommends using server-side encryption (SSE) features for ease of use in protecting your data. • Azure Storage SSE: Azure Storage uses SSE to “automatically encrypt your data when it is persisted to the cloud.” • Azure-managed disk encryption options: Azure offers Azure Disk Storage SSE, Encryption at host, Azure Disk Encryption, and more. Client-side encryption refers to data encryption performed outside of Azure. Customers manage keys, helping prevent cloud service providers (CSPs) from decrypting data. February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Data in transit • Data-link layer encryption: Azure encrypts hardware in its data centers to help secure data moving between them. • TLS encryption in Azure: Azure customers can use TLS protocol to protect data in transit between the customer and Azure. • Remote Desktop Protocol (RDP) sessions: Users with Windows or Linux VMs on Azure can sign-in to their systems securely via RDP. • Secure access to Linux® VMs with SSH: Customers can use Secure Shell (SSH), an encrypted connection protocol, to connect to Linux VMs running on Azure. • Azure VPN encryption: Users can create a secure tunnel that protects the privacy of data being sent across the network. February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure Backup and disaster recovery Azure offers Azure Backup and Azure Site Recovery to help customers running Red Hat workloads on Azure with disaster recovery. Azure Backup backs up and restores data on Azure while Azure Site Recovery facilitates seamless disaster recovery for applications, helping organizations maintain business continuity during outages. Confidential computing Confidential computing refers to the prevention of unauthorized access to data in use and in memory, rather than at rest or in transit (both of which Azure already encrypts). February 2025
PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Web Application Firewall (WAF) provides security without modifying backend code, which enables organizations to protect their applications seamlessly. Microsoft Entra ID is a cloud-based identity and access management service allowing users to access both external and internal resources, such as Azure and Microsoft 365 (external) or apps developed within a user’s own organization (internal). Confidential containers, like confidential VMs, provide enhanced data security, privacy, and integrity for workloads in them. February 2025
PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Vulnerability management tools Microsoft Defender for Cloud, a cloud-native application protection platform (CNAPP), performs continuous security assessments of connected resources and provides security recommendations for any detected vulnerabilities. Microsoft Defender for Endpoint on Linux provides threat and vulnerability detection and mitigation features. Microsoft Defender for Storage addresses malicious file uploads, sensitive data accessibility, and data corruption. Microsoft Sentinel is a cloud-native security information and event management solution for security orchestration, automation, and response. Red Hat Insights helps organizations better manage and optimize hybrid- cloud environments. February 2025
PT logo Code security tools GitHub Advanced Security for Azure DevOps • Secret scanning push protection • Repository secret scanning • Alert system for secrets • Credential pair detection • Dependency scanning • Code scanning February 20, 2025 GitHub Advanced Security for Azure DevOps, a CNAPP, enables developer, security, and operations (DevSecOps) teams to protect code with the following: • Secret scanning push protection actively monitors code pushes. • Repository secret scanning analyzes repositories for accidentally committed secrets, generates a single alert per unique credential across branches and commit history, and provides detailed remediation guidance • Alert system for secrets notifies users of detected secrets in repositories from many service providers. • Credential pair detection scans for paired credentials, such as API keys and secrets, to ensure both parts are present. • Dependency scanning detects direct and transitive open-source dependencies, flags associated vulnerabilities, and generates detailed alerts with severity, affected components, and Common Vulnerabilities and Exposures (CVE) information in the build log. • Code scanning uses the CodeQL static analysis engine to identify code-level vulnerabilities and automates security checks with detailed alerts for proactive remediation. February 2025
PT logo Azure and Red Hat integration points and compatibilities February 20, 2025 Red Hat Enterprise Linux® compatibility with Azure confidential VM provides hardware-based isolation, OS disk encryption, and more. Integrating Microsoft Entra and Red Hat Identity Management enables IT teams to provide and centralize administrative functionality and user maintenance. See more examples in the report. Users can leverage Microsoft Defender for Cloud for system auditing, security management, and threat protection. Users can also connect Red Hat on Azure VMs to the Red Hat Insights automatically for monitoring. February 2025
PT logo How customers win from the Microsoft and Red Hat partnership February 20, 2025 Red Hat and Microsoft share an integrated, co-located support team that serves as a unified contact point for Red Hat ecosystems running on Azure. This team provides expertise, knowledge, and joint support models. Get integrated support for Red Hat workloads on Azure Microsoft and Red Hat engineering teams work closely to build standard images within the Azure Marketplace. Follow compliance regulations with Azure Marketplace for Red Hat images Microsoft and Red Hat have partnered to create a ready-made starting point called Landing Zone for Red Hat Enterprise on Linux. Receive partner architecture guidance February 2025
PT logo Read the report at https://facts.pt/G94Mifm Read the report at https://facts.pt/G94Mifm u  February 20, 2025 February 2025

More Related Content

PDF
Securing Red Hat workloads on Azure
Principled Technologies
 
PDF
Securing Red Hat workloads on Azure - Infographic
Principled Technologies
 
PPTX
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
PDF
Flyer- Cloud Environment Overview- Microsoft Azure
Brad Brown
 
PDF
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
PDF
Comprehensive Guide to Azure Cloud Services_ Features, Benefits, and Use Case...
unicloudm
 
PPTX
Azure Cloud Services
Kajal Kathrotiya
 
Securing Red Hat workloads on Azure
Principled Technologies
 
Securing Red Hat workloads on Azure - Infographic
Principled Technologies
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Flyer- Cloud Environment Overview- Microsoft Azure
Brad Brown
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
Comprehensive Guide to Azure Cloud Services_ Features, Benefits, and Use Case...
unicloudm
 
Azure Cloud Services
Kajal Kathrotiya
 

Similar to Securing Red Hat workloads on Azure - Summary Presentation (20)

PPTX
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
PDF
Azure Security Overview
David J Rosenthal
 
PDF
Best Practices in Cloud Security
Alert Logic
 
PPTX
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
PDF
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
cscpconf
 
PPTX
Introduction-to-Microsoft-AzurePowerShell Module.pptx
MahmoudElmahdy23
 
PDF
Service for Storing Secrets on Microsoft Azure.pdf
Zen Bit Tech
 
PPTX
Microsoft-Azure (1).pptx.cloud computing
datascience0227
 
PPTX
Microsoft Azure Fundamentals Training Course in Noida.pptx
amritadigital09
 
PPTX
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
PDF
Azure 101
Korry Lavoie
 
PPTX
Azure Compute, Networking and Storage Overview
Azure Riyadh User Group
 
PDF
Azure 10 major services
Arnab Chakraborty,PMP
 
PPTX
Azure Fundamentals Part 3
CCG
 
PPTX
Introduction-to-Microsoft-Azure.pp TO learntx
osamaaleem2321
 
PPTX
Azure security and Compliance
Karina Matos
 
PDF
Bhadale group of companies it cloud security catalogue
Vijayananda Mohire
 
DOCX
Navigating Microsoft Azure A Practical Guide to Cloud Computing and Developme...
Elysium Academy
 
PPTX
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
PPTX
Infrastructure as a Service Cloud Computing.pptx
AldrinAdona
 
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6
 
Azure Security Overview
David J Rosenthal
 
Best Practices in Cloud Security
Alert Logic
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
cscpconf
 
Introduction-to-Microsoft-AzurePowerShell Module.pptx
MahmoudElmahdy23
 
Service for Storing Secrets on Microsoft Azure.pdf
Zen Bit Tech
 
Microsoft-Azure (1).pptx.cloud computing
datascience0227
 
Microsoft Azure Fundamentals Training Course in Noida.pptx
amritadigital09
 
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
Azure 101
Korry Lavoie
 
Azure Compute, Networking and Storage Overview
Azure Riyadh User Group
 
Azure 10 major services
Arnab Chakraborty,PMP
 
Azure Fundamentals Part 3
CCG
 
Introduction-to-Microsoft-Azure.pp TO learntx
osamaaleem2321
 
Azure security and Compliance
Karina Matos
 
Bhadale group of companies it cloud security catalogue
Vijayananda Mohire
 
Navigating Microsoft Azure A Practical Guide to Cloud Computing and Developme...
Elysium Academy
 
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
Infrastructure as a Service Cloud Computing.pptx
AldrinAdona
 
Ad

More from Principled Technologies (20)

PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Dell Pro 14 Plus: Be better prepared for what’s coming
Principled Technologies
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
Unlock faster insights with Azure Databricks
Principled Technologies
 
PDF
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
PDF
The case for on-premises AI
Principled Technologies
 
PDF
Dell PowerEdge server cooling: Choose the cooling options that match the need...
Principled Technologies
 
PDF
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
PDF
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
PDF
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
PDF
Unlock flexibility, security, and scalability by migrating MySQL databases to...
Principled Technologies
 
PDF
Migrate your PostgreSQL databases to Microsoft Azure for plug‑and‑play simpli...
Principled Technologies
 
PDF
On-premises AI approaches: The advantages of a turnkey solution, HPE Private ...
Principled Technologies
 
PDF
A Dell PowerStore shared storage solution is more cost-effective than an HCI ...
Principled Technologies
 
PDF
Gain the flexibility that diverse modern workloads demand with Dell PowerStore
Principled Technologies
 
PDF
Save up to $2.8M per new server over five years by consolidating with new Sup...
Principled Technologies
 
PDF
Streamline heterogeneous database environment management with Toad Data Studio
Principled Technologies
 
PDF
Run your in-house AI chatbot on an AMD EPYC 9534 processor-powered Dell Power...
Principled Technologies
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Dell Pro 14 Plus: Be better prepared for what’s coming
Principled Technologies
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Unlock faster insights with Azure Databricks
Principled Technologies
 
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
The case for on-premises AI
Principled Technologies
 
Dell PowerEdge server cooling: Choose the cooling options that match the need...
Principled Technologies
 
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
Unlock flexibility, security, and scalability by migrating MySQL databases to...
Principled Technologies
 
Migrate your PostgreSQL databases to Microsoft Azure for plug‑and‑play simpli...
Principled Technologies
 
On-premises AI approaches: The advantages of a turnkey solution, HPE Private ...
Principled Technologies
 
A Dell PowerStore shared storage solution is more cost-effective than an HCI ...
Principled Technologies
 
Gain the flexibility that diverse modern workloads demand with Dell PowerStore
Principled Technologies
 
Save up to $2.8M per new server over five years by consolidating with new Sup...
Principled Technologies
 
Streamline heterogeneous database environment management with Toad Data Studio
Principled Technologies
 
Run your in-house AI chatbot on an AMD EPYC 9534 processor-powered Dell Power...
Principled Technologies
 
Ad

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Cloud computing and distributed systems.
kkkkkhan
 
A Presentation on Artificial Intelligence
memembruh336
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KodekX | Application Modernization Development
KodekX
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation theory and applications.pdf
gurumoop
 

Securing Red Hat workloads on Azure - Summary Presentation

  • 1. PT logo A Principled Technologies presentation: Hands-on testing. Real-world results. PT logo Securing Red Hat workloads on Azure: Leveraging the strength of cloud-native security February 2025
  • 2. PT logo www.principledtechnologies.com About PT Principled Technologies, Inc. (PT) is the leading provider of third-party competitive marketing services for technology. Our hands-on testing mirrors the way real users work with your product and delivers proof points you and they can count on, while our award-winning competitive marketing contextualizes those claims. Learn more at www.principledtechnologies.com. PT logo About our research To explore how Azure can secure Red Hat® workloads in the cloud, we used publicly available materials and interviews with Microsoft and Red Hat subject matter experts (SMEs). Our goal was to research the security features that each platform offers and how they intersect to provide enhanced protection for Red Hat on Azure customers. We found several areas where the two platforms work together to offer a great deal of value, and in our research report, we provide some detail on key security features and benefits available to customers in the Azure and Red Hat ecosystems. This PowerPoint deck summarizes our report, which you can read at https://facts.pt/G94Mifm. February 2025
  • 3. PT logo Security principles of Azure Shared responsibility model An organization’s security team maintains some responsibilities for securing applications, data, containers, and workloads in the cloud, while Azure also takes some responsibility. Defense in Depth Azure customers should implement security at many levels to mitigate the risk of any point of failure. Zero Trust Zero Trust security always assumes breach and thus requires systems and users to verify every request as though it originated from an uncontrolled network. Secure Future Initiative (SFI) SFI is a multi-year commitment that advances the way Microsoft designs, builds, tests, and operates technology to ensure that Microsoft solutions meet the highest possible standards for security. February 20, 2025 February 2025
  • 4. PT logo Types of security we researched February 20, 2025 Infrastructure Azure Boost, Retina, Azure Monitor, and other key tools protect the foundational components of IT environments, including physical and virtual systems, networks, and data centers. Application Microsoft Entra ID, Microsoft Defender for Cloud, Red Hat® Insights, and other tools that safeguard software can prevent unauthorized access, data breaches, and malicious exploitation. Data Azure uses many approaches to encrypt data at rest and data in transit. Encryption approaches for data at rest include server-side and Azure disk encryption. Encryption approaches for data in transit include transit layer security (TLS) encryption and more. Code GitHub Advanced Security for Azure DevOps protects code from vulnerabilities, threats, and malicious attacks to ensure integrity, confidentiality, and availability. February 2025
  • 5. PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Boost, which offloads server virtualization processes onto purpose-built software and hardware, contains several features that could improve the security of Azure Virtual Machines. Azure Monitor collects, analyzes, and responds to monitoring data from Azure and on-premises environments. Retina, the cloud-agnostic, open-source Kubernetes® network observability platform, uses the enhanced Berkeley Packet Filter technology for deep visibility at the kernel level to monitor application and network health and security. Azure Bastion, a fully managed platform-as-a-service solution, can provide secure access to Azure VMs without exposing them to public IP addresses. February 20, 2025 February 2025
  • 6. PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Firewall and Azure Network Security Groups help secure Azure virtual networks by filtering and managing network traffic while offering threat protection. Change management and policy enforcement • Azure Policy (compliance and governance) can enforce organizational standards while ensuring compliance across large environments. • Azure Arc (single-pane management) provides a centralized platform for managing VMs, Kubernetes® clusters, and databases as if they are part of Azure, enabling consistent management, governance, and security across environments. February 20, 2025 February 2025
  • 7. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure uses many approaches to encrypt data at rest and data in transit. Data at rest encryption approaches include server-side and Azure disk encryption. Data in transit encryption approaches include TLS encryption and more. Data at rest For most scenarios, Microsoft recommends using server-side encryption (SSE) features for ease of use in protecting your data. • Azure Storage SSE: Azure Storage uses SSE to “automatically encrypt your data when it is persisted to the cloud.” • Azure-managed disk encryption options: Azure offers Azure Disk Storage SSE, Encryption at host, Azure Disk Encryption, and more. Client-side encryption refers to data encryption performed outside of Azure. Customers manage keys, helping prevent cloud service providers (CSPs) from decrypting data. February 2025
  • 8. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Data in transit • Data-link layer encryption: Azure encrypts hardware in its data centers to help secure data moving between them. • TLS encryption in Azure: Azure customers can use TLS protocol to protect data in transit between the customer and Azure. • Remote Desktop Protocol (RDP) sessions: Users with Windows or Linux VMs on Azure can sign-in to their systems securely via RDP. • Secure access to Linux® VMs with SSH: Customers can use Secure Shell (SSH), an encrypted connection protocol, to connect to Linux VMs running on Azure. • Azure VPN encryption: Users can create a secure tunnel that protects the privacy of data being sent across the network. February 2025
  • 9. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure Backup and disaster recovery Azure offers Azure Backup and Azure Site Recovery to help customers running Red Hat workloads on Azure with disaster recovery. Azure Backup backs up and restores data on Azure while Azure Site Recovery facilitates seamless disaster recovery for applications, helping organizations maintain business continuity during outages. Confidential computing Confidential computing refers to the prevention of unauthorized access to data in use and in memory, rather than at rest or in transit (both of which Azure already encrypts). February 2025
  • 10. PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Web Application Firewall (WAF) provides security without modifying backend code, which enables organizations to protect their applications seamlessly. Microsoft Entra ID is a cloud-based identity and access management service allowing users to access both external and internal resources, such as Azure and Microsoft 365 (external) or apps developed within a user’s own organization (internal). Confidential containers, like confidential VMs, provide enhanced data security, privacy, and integrity for workloads in them. February 2025
  • 11. PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Vulnerability management tools Microsoft Defender for Cloud, a cloud-native application protection platform (CNAPP), performs continuous security assessments of connected resources and provides security recommendations for any detected vulnerabilities. Microsoft Defender for Endpoint on Linux provides threat and vulnerability detection and mitigation features. Microsoft Defender for Storage addresses malicious file uploads, sensitive data accessibility, and data corruption. Microsoft Sentinel is a cloud-native security information and event management solution for security orchestration, automation, and response. Red Hat Insights helps organizations better manage and optimize hybrid- cloud environments. February 2025
  • 12. PT logo Code security tools GitHub Advanced Security for Azure DevOps • Secret scanning push protection • Repository secret scanning • Alert system for secrets • Credential pair detection • Dependency scanning • Code scanning February 20, 2025 GitHub Advanced Security for Azure DevOps, a CNAPP, enables developer, security, and operations (DevSecOps) teams to protect code with the following: • Secret scanning push protection actively monitors code pushes. • Repository secret scanning analyzes repositories for accidentally committed secrets, generates a single alert per unique credential across branches and commit history, and provides detailed remediation guidance • Alert system for secrets notifies users of detected secrets in repositories from many service providers. • Credential pair detection scans for paired credentials, such as API keys and secrets, to ensure both parts are present. • Dependency scanning detects direct and transitive open-source dependencies, flags associated vulnerabilities, and generates detailed alerts with severity, affected components, and Common Vulnerabilities and Exposures (CVE) information in the build log. • Code scanning uses the CodeQL static analysis engine to identify code-level vulnerabilities and automates security checks with detailed alerts for proactive remediation. February 2025
  • 13. PT logo Azure and Red Hat integration points and compatibilities February 20, 2025 Red Hat Enterprise Linux® compatibility with Azure confidential VM provides hardware-based isolation, OS disk encryption, and more. Integrating Microsoft Entra and Red Hat Identity Management enables IT teams to provide and centralize administrative functionality and user maintenance. See more examples in the report. Users can leverage Microsoft Defender for Cloud for system auditing, security management, and threat protection. Users can also connect Red Hat on Azure VMs to the Red Hat Insights automatically for monitoring. February 2025
  • 14. PT logo How customers win from the Microsoft and Red Hat partnership February 20, 2025 Red Hat and Microsoft share an integrated, co-located support team that serves as a unified contact point for Red Hat ecosystems running on Azure. This team provides expertise, knowledge, and joint support models. Get integrated support for Red Hat workloads on Azure Microsoft and Red Hat engineering teams work closely to build standard images within the Azure Marketplace. Follow compliance regulations with Azure Marketplace for Red Hat images Microsoft and Red Hat have partnered to create a ready-made starting point called Landing Zone for Red Hat Enterprise on Linux. Receive partner architecture guidance February 2025
  • 15. PT logo Read the report at https://facts.pt/G94Mifm Read the report at https://facts.pt/G94Mifm u  February 20, 2025 February 2025