{
	"id": "5c13378e-aa75-42ce-85a4-b6ab52926812",
	"created_at": "2026-04-06T00:21:07.801095Z",
	"updated_at": "2026-04-10T13:12:40.82203Z",
	"deleted_at": null,
	"sha1_hash": "85e9f2f38e159ca45e30add697620d42f1a3311c",
	"title": "Security baselines for Azure overview",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43152,
	"plain_text": "Security baselines for Azure overview\r\nBy msmbaldwin\r\nArchived: 2026-04-05 22:32:26 UTC\r\nSecurity baselines are standardized documents for Azure product offerings, describing the available security\r\ncapabilities and the optimal security configurations to help you strengthen security through improved tooling,\r\ntracking, and security features. We currently have service baselines available for Azure only.\r\nSecurity baselines for Azure focus on cloud-centric control areas in Azure environments. These controls are\r\nconsistent with well-known industry standards such as: Center for Internet Security (CIS) or National Institute for\r\nStandards in Technology (NIST). Our baselines provide guidance for the control areas listed in the Microsoft\r\ncloud security benchmark v1.\r\nEach baseline consists of the following components:\r\nHow does a service behave?\r\nWhich security features are available?\r\nWhat configurations are recommended to secure the service?\r\nNote\r\nMicrosoft cloud security benchmark is the successor of Azure Security Benchmark (ASB), which was rebranded\r\nin October 2022.\r\nThe v1 baselines will follow the Microsoft cloud security benchmark v1 control requirements, which also map to\r\nnewer industry frameworks such as NIST and PCI. These baselines are security feature driven (unlike the\r\nbaselines for the Azure Security Benchmarks v1 and v2), which is more intuitive and easier to use.\r\nEach Security Benchmark control includes the following information, except where noted:\r\nControl ID: The Microsoft cloud security benchmark ID that corresponds to the control in the Microsoft\r\ncloud security benchmark.\r\nFeature: Security feature(s) that can help you meet that control requirement.\r\nFeature Description: A high-level description of the feature and how it fits into the product offering.\r\nSupported: A true/false value indicating if this feature is supported to secure this product offering.\r\nEnabled by Default: A true/false value indicating if this feature is enabled in a default deployment by\r\nMicrosoft.\r\nConfiguration Responsibility: Who is responsible for implementing the configuration guidance (where\r\npossible scenarios are Customer responsibility, Microsoft responsibility, or Shared responsibility).\r\nConfiguration Guidance: Actionable guidance to implement the configurations.\r\nMicrosoft Defender for Cloud monitoring Note: Microsoft Defender for Cloud policy / monitoring\r\ninformation. (Note: If a feature is not monitored by Microsoft Defender for Cloud for the service, this\r\nhttps://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline\r\nPage 1 of 2\n\nsection is omitted.)\r\nReference: A reference link to dive deeper into how to implement the configuration guidance.\r\nAnatomy of a v3 feature listing\r\nFeature Legend:\r\n  True False Not Applicable\r\nSupported\r\nThis feature is supported to\r\nsecure this product offering.\r\nThis feature is not supported\r\nto secure this product\r\noffering.\r\nThis feature has no use\r\ncases in this product\r\noffering.\r\nEnabled by\r\nDefault\r\nThis feature’s security\r\nconfiguration is enabled or\r\ndeployed by default. (Note:\r\nsome default configurations\r\ncan be changed or managed\r\nby customers.)\r\nThis feature’s security\r\nconfigurations are not\r\nenabled or deployed by\r\ndefault. The customer is\r\nresponsible for implementing\r\nconfiguration guidance.\r\nThis feature is either not\r\nsupported or not applicable\r\nto secure the product, so the\r\nfeature's 'Enabled by\r\nDefault' value is also\r\nmarked as 'Not Applicable'.\r\nTo access a list of all Security Benchmark controls, including controls that are not applicable to this specific\r\nservice, see the full security baseline mapping file. There may occasionally be controls that are not applicable for\r\nvarious reasons—for example, IaaS/compute-centric controls (such as controls specific to OS configuration\r\nmanagement) may not be applicable to PaaS services.\r\nWe welcome your feedback on the security baselines for Azure services. We encourage you to provide comments\r\nin the feedback area below. Or, if you prefer to share your input more privately with the us, email us at\r\nbenchmarkfeedback@microsoft.com.\r\nRead the Microsoft cloud security benchmark v1 introduction\r\nSee the Microsoft cloud security benchmark v1 overview\r\nLearn the Azure Security Fundamentals\r\nSource: https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline\r\nhttps://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline"
	],
	"report_names": [
		"aad-security-baseline"
	],
	"threat_actors": [],
	"ts_created_at": 1775434867,
	"ts_updated_at": 1775826760,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/85e9f2f38e159ca45e30add697620d42f1a3311c.pdf",
		"text": "https://archive.orkl.eu/85e9f2f38e159ca45e30add697620d42f1a3311c.txt",
		"img": "https://archive.orkl.eu/85e9f2f38e159ca45e30add697620d42f1a3311c.jpg"
	}
}