ZeroConf Secure Infra for SMBs
Now that you’re up and running, here are some additional things to do in order to maintain longterm security of your infrastructure. These are things we would have done for you, but Azure doesn’t quite give us a way to automate it. Check back here often!
As good BCDR practice, you should have at least two Owner level users on your subscription.
When we provision your infrastructure, we create an RBAC group called $namePrefixadmins.
These users have control over your infrastructure, including secrets. You can add more users
to help manage things.
Enable Multi-Factor Auth to prevent your accounts from being hijacked.
Azure Sentinel is a SIEM to help monitor your subscriptions from bad guys.
It uses existing log sources to find Indicators of Compromise and will notify you of anything nasty, or can be used to automate remediation.
Sentinel is a paid service, and you will be billed per GB of logs that it ingests. For billing, see Sentinel Pricing