{"id":1320,"date":"2025-04-09T17:40:04","date_gmt":"2025-04-09T17:40:04","guid":{"rendered":"https:\/\/blog.gustavomagella.com\/?p=1320"},"modified":"2025-04-30T12:53:07","modified_gmt":"2025-04-30T12:53:07","slug":"006-beyond-the-cloud-spin-off-cloud-security-c04-09-governance-compliance-and-migration","status":"publish","type":"post","link":"https:\/\/blog.gustavomagella.com\/index.php\/2025\/04\/09\/006-beyond-the-cloud-spin-off-cloud-security-c04-09-governance-compliance-and-migration\/","title":{"rendered":"#006 | Beyond the Cloud &#8211; Spin-Off | Cloud Security | C04-09 &#8211; Governance, Compliance and Migration"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">[en-gb] \u26a0\ufe0f Important Disclaimer<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>1\ufe0f\u20e3 Some time ago, I recorded a course on cloud security in Microsoft environments for a Brazilian university called IGTI. This course was part of a Cloud Computing bootcamp and helped many students who were just starting their careers in the field. (After the institution shut down, the content became unavailable.)<\/p>\n\n\n\n<p>\ud83c\udfaf So, I decided to remaster, sanitize, and re-release this content for free on YouTube, with the goal of continuing to support those who are beginning their journey in Cloud and Cloud Security.<\/p>\n\n\n\n<p>2\ufe0f\u20e3 The original course is in Portuguese (pt-BR), but throughout the series I\u2019ll also publish articles in English (en-US) so the content can reach more people \u2014 at least until the new courses in English are recorded and ready.<\/p>\n\n\n\n<p>3\ufe0f\u20e3 Important: this series is not certification prep and not a silver bullet.<br>The goal here is to share structured knowledge, with a hands-on, accessible approach focused on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud beginners,<\/li>\n\n\n\n<li>Security enthusiasts, and<\/li>\n\n\n\n<li>Anyone looking to better understand how Azure actually handles security.<\/li>\n<\/ul>\n\n\n\n<p>4\ufe0f\u20e3 Microsoft has <strong>rebranded some of its products<\/strong> \u2014 for example, <em>Azure Security Center<\/em> is now <strong>Defender for Cloud<\/strong>, and <em>Azure Active Directory<\/em> is now <strong>Entra ID<\/strong>. Some lessons may still refer to the old names, but don\u2019t worry \u2014 the <strong>core concepts, technical foundations, and functionalities remain the same<\/strong>. Focus on the architecture and principles being taught.<\/p>\n\n\n\n<p>Hope you enjoy it! Big hug!<\/p>\n\n\n\n<p>Gustavo Magella<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfac Watch Episode #04 of 09 Now<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\ud83d\udd17 <strong><a href=\"https:\/\/youtu.be\/zUCdZ0MNttQ\" data-type=\"link\" data-id=\"https:\/\/youtu.be\/2FeBjah0cJk\">Click here to watch on YouTube \u2013 Episode 04 of 09.<\/a><\/strong><br><em>(And yes, hit that subscribe button. I\u2019m watching\u2026 \ud83d\udc40)<\/em><\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">[en-us] Beyond The Cloud &#8211; Spin-Off | Chapter 04: &nbsp;Governance, Compliance and Migration<\/h2>\n\n\n\n<p><strong>Hey, what\u2019s up folks!?<\/strong> <\/p>\n\n\n\n<p>Welcome to Chapter 04 of the <em>Beyond The Cloud \u2013 Spin-Off<\/em> series. <\/p>\n\n\n\n<p>This time, we\u2019re tackling some of Azure&#8217;s <strong>most underrated, yet mission-critical security features<\/strong>: Azure Backup, Dedicated Hosts, Azure Key Vault, Defender for Cloud, and Microsoft Sentinel.<\/p>\n\n\n\n<p>No buzzwords. No fluff. Just practical cloud security, the way it should be.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcc1 Azure Backup: Snapshots That Save Your Skin<\/h3>\n\n\n\n<p>Let\u2019s get real. No backup, no mercy. Azure Backup is your safety net when everything else goes wrong. It supports:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMs (Azure and on-prem);<\/li>\n\n\n\n<li>SQL, SAP HANA, PostgreSQL;<\/li>\n\n\n\n<li>File shares &amp; blob storage;<\/li>\n\n\n\n<li>System state &amp; full machines;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182759-1024x576.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1328\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182759-1024x576.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182759-300x169.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182759-768x432.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182759.png 1274w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\ud83d\udcc5 Retention Policies? You bet:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Daily, weekly, monthly, and even yearly backups;<\/li>\n\n\n\n<li>Up to 99 years (because&#8230; why not?);<\/li>\n<\/ul>\n\n\n\n<p>\ud83d\udd10 Bonus: It supports encryption with your own keys and offers Soft Delete &amp; Recovery Locks to prevent sabotage.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcfa Azure Dedicated Hosts: Physical Isolation, Zero Roommates<\/h3>\n\n\n\n<p>Need compliance-level isolation? Meet Dedicated Hosts:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Physical servers assigned to your org;<\/li>\n\n\n\n<li>Hardware-level isolation;<\/li>\n\n\n\n<li>Control over maintenance windows;<\/li>\n\n\n\n<li>Bring-your-own-license (save up to 41%);<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"612\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-1024x612.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1329\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-1024x612.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-300x179.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-768x459.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-1536x919.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-2048x1225.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182938-1320x789.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>If your workload is fussy, sensitive, or regulated, this is your bunker.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd11 Azure Key Vault: No More Passwords in Plain Text<\/h3>\n\n\n\n<p>Stop emailing passwords. Stop storing certificates in shared folders. Use Azure Key Vault for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secrets (passwords, connection strings);<\/li>\n\n\n\n<li>Keys (RSA, HSM-backed);<\/li>\n\n\n\n<li>Certificates (auto-renew with CA integrations);<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"605\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-1024x605.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1330\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-1024x605.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-300x177.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-768x454.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-1536x907.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-2048x1210.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183018-1320x780.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Access is <strong>double-gated<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure RBAC <strong>and<\/strong> Access Policies;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"607\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-1024x607.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1331\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-1024x607.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-300x178.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-768x455.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-1536x910.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-2048x1213.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183038-1320x782.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>You can even allow\/disallow purge operations. Perfect for high-security needs.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0e Defender for Cloud: Unified Visibility &amp; Protection<\/h3>\n\n\n\n<p>Too many resources. Too little time? Defender for Cloud is your command center:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure Score with actionable insights;<\/li>\n\n\n\n<li>Regulatory compliance reports (PCI, ISO, SOC&#8230;);<\/li>\n\n\n\n<li>Threat detection (VMs, containers, SQL, Key Vault, etc.);<\/li>\n\n\n\n<li>Protection across Azure, on-prem, AWS &amp; GCP;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"606\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-1024x606.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1332\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-1024x606.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-300x178.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-768x455.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-1536x909.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-2048x1213.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183108-1320x782.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>It&#8217;s your security GPS. It doesn&#8217;t just tell you you&#8217;re lost \u2014 it shows you how to fix it.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u26a0\ufe0f Microsoft Sentinel: SIEM &amp; SOAR That Actually Work<\/h3>\n\n\n\n<p>Sentinel is your security eye in the sky:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aggregates logs from Azure, 365, on-prem, third-party;<\/li>\n\n\n\n<li>Visualizes anomalies with dashboards;<\/li>\n\n\n\n<li>Correlates events for deeper insights;<\/li>\n\n\n\n<li>Automates incident response (Playbooks + Logic Apps);<\/li>\n<\/ul>\n\n\n\n<p>Want real security maturity? Start hunting with Sentinel.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\ude96 Practical Checklist<\/h3>\n\n\n\n<p>\u2601\ufe0f <strong>Backup:<\/strong> <br>\u2705 Vault created in the same region as resources (Azure won&#8217;t teleport your backups \u2014 keep it close);<br>\u2705 Daily + weekly + monthly backup policy set (Don&#8217;t wait for chaos to learn about retention);<br>\u2705 Backup Now triggered after enabling (don\u2019t wait for 2AM \u2014 Murphy\u2019s Law is real);<br>\u2705 Soft Delete and Retention Locks enabled (Because &#8220;oops&#8221; is never a recovery strategy);<\/p>\n\n\n\n<p>\ud83d\udecb\ufe0f <strong>Dedicated Hosts:<\/strong> <br>\u2705 Used for workloads with strict isolation\/compliance (Shared tenancy \u2260 secure);<br>\u2705 Hybrid benefit applied to save $$ (Don\u2019t throw money out the window \u2014 use your licenses!);<\/p>\n\n\n\n<p>\ud83d\udd11 <strong>Key Vault:<\/strong> <br>\u2705 Secrets + certs stored securely (Shared folders are <em>not<\/em> vaults);<br>\u2705 Access policies and RBAC in place (RBAC alone won\u2019t save you \u2014 double-check your configs);<br>\u2705 Purge protection for critical assets (One bad click shouldn&#8217;t erase your crown jewels);<\/p>\n\n\n\n<p>\ud83d\udee1\ufe0f <strong>Defender for Cloud:<\/strong> <br>\u2705 Secure Score reviewed monthly (If it&#8217;s stuck at 37, you&#8217;re flying blind);<br>\u2705 All Defender plans activated where needed (Turn on the damn shield);<br>\u2705 Regulatory Compliance reviewed (You can&#8217;t fake compliance \u2014 it&#8217;s audit season);<br>\u2705 JIT, Endpoint Protection, Encryption enabled (Security theater \u2260 real security);<\/p>\n\n\n\n<p>\ud83d\udce1 <strong>Sentinel:<\/strong> <br>\u2705 Connected to all critical data sources (Logs not connected = threats undetected);<br>\u2705 Alerts and Playbooks configured (Manual response is so 2008);<br>\u2705 Log Analytics workspace with retention policies (Because logs you don\u2019t store are logs you don\u2019t have);<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcca My Tech Two Cents<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Backup is your &#8220;Undo&#8221; button. Use it.<\/li>\n\n\n\n<li>Key Vault is the only place secrets belong.<\/li>\n\n\n\n<li>Dedicated Hosts are not cheap. But breaches cost more.<\/li>\n\n\n\n<li>Defender for Cloud is your tactical map.<\/li>\n\n\n\n<li>Sentinel is your surveillance drone.<\/li>\n<\/ul>\n\n\n\n<p>Layer your security. Document everything. No shortcuts.<\/p>\n\n\n\n<p>Next up: Chapter 05 \u2014 Monitoring &amp; Health in Azure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Advisor;<\/li>\n\n\n\n<li>Azure Service Health;<\/li>\n\n\n\n<li>Azure Monitor;<\/li>\n<\/ul>\n\n\n\n<p>Stay tuned. Stay sharp. See you soon! \ud83c\udf39\ufe0f\u2764\ufe0f<\/p>\n\n\n\n<p>Gustavo Magella<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">[pt-br] \u26a0\ufe0f Um aviso importante:<\/h2>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>1\ufe0f\u20e3 H\u00e1 um tempo, eu gravei um curso de seguran\u00e7a em nuvem focado em ambientes Microsoft para uma universidade brasileira chamada <strong>IGTI<\/strong>. Esse curso fazia parte de um bootcamp de Cloud Computing e, na \u00e9poca, ajudou muitos alunos que estavam come\u00e7ando suas jornadas na \u00e1rea. (Com o fechamento da institui\u00e7\u00e3o, o conte\u00fado acabou ficando indispon\u00edvel.)<\/p>\n\n\n\n<p>\ud83c\udfaf Sendo assim, resolvi <strong>remasterizar, sanitizar e re-lan\u00e7ar esse conte\u00fado gratuitamente no YouTube<\/strong>, com o objetivo de continuar ajudando quem est\u00e1 come\u00e7ando na \u00e1rea de Cloud e Cloud Security.<\/p>\n\n\n\n<p>2\ufe0f\u20e3 O curso original est\u00e1 em <strong>portugu\u00eas (pt-BR)<\/strong>, mas ao longo da s\u00e9rie vou publicar tamb\u00e9m <strong>artigos em ingl\u00eas (en-US)<\/strong>, para que o conte\u00fado possa alcan\u00e7ar mais pessoas at\u00e9 que os novos cursos em ingl\u00eas estejam gravados e dispon\u00edveis.<\/p>\n\n\n\n<p>3\ufe0f\u20e3 <strong>Importante:<\/strong> essa s\u00e9rie <strong>n\u00e3o \u00e9 preparat\u00f3ria para certifica\u00e7\u00f5es<\/strong> e <strong>n\u00e3o \u00e9 uma bala de prata<\/strong>.<br>A proposta aqui \u00e9 <strong>compartilhar conhecimento de forma estruturada<\/strong>, com uma pegada pr\u00e1tica e acess\u00edvel, voltada para:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Iniciantes em Cloud,<\/li>\n\n\n\n<li>Entusiastas de seguran\u00e7a, e<\/li>\n\n\n\n<li>quem busca entender melhor como o Azure trata seguran\u00e7a de verdade.<\/li>\n<\/ul>\n\n\n\n<p>4\ufe0f\u20e3 A Microsoft <strong>renomeou alguns de seus produtos<\/strong> \u2014 por exemplo, o <em>Azure Security Center<\/em> agora se chama <strong>Defender for Cloud<\/strong>, e o <em>Azure Active Directory<\/em> virou <strong>Entra ID<\/strong>. Em algumas aulas, os nomes antigos ainda aparecem, mas foquem nos <strong>conceitos e fundamentos t\u00e9cnicos<\/strong>, que continuam v\u00e1lidos e extremamente relevantes.<\/p>\n\n\n\n<p>Espero que voc\u00eas gostem! Um forte Abra\u00e7o!<\/p>\n\n\n\n<p>Gustavo Magella<\/p>\n<\/blockquote>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfac Assista o Cap\u00edtulo 04<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\ud83d\udd17 <strong><a href=\"https:\/\/www.youtube.com\/watch?v=pTHLmsTbhQo&amp;t\">Assista agora no YouTube \u2013 Cap\u00edtulo 04 de 09<\/a><\/strong><br>(E se inscreve no canal, sen\u00e3o vou saber que voc\u00ea pulou essa parte\u2026 rs)<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">[pt-br] Beyond The Cloud \u2013 Spin-Off | Cap\u00edtulo 04: Seguran\u00e7a Geral no Azure<\/h2>\n\n\n\n<p>\ud83d\udea8 Seja bem-vindo ao Cap\u00edtulo 04 da s\u00e9rie <em>Beyond The Cloud \u2013 Spin-Off<\/em>! Hoje vamos falar de cinco recursos que pouca gente d\u00e1 aten\u00e7\u00e3o \u2014 mas que salvam vidas (e ambientes): Azure Backup, Dedicated Hosts, Key Vault, Defender for Cloud e o SIEM da Microsoft, o Azure Sentinel.<\/p>\n\n\n\n<p>Aqui \u00e9 na pr\u00e1tica. Sem enrola\u00e7\u00e3o.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2601\ufe0f Azure Backup: Snapshot \u00e9 vida<\/h3>\n\n\n\n<p>Nada de backup? Ent\u00e3o nada de desculpas. O Azure Backup \u00e9 sua rede de seguran\u00e7a:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMs (Azure e on-prem);<\/li>\n\n\n\n<li>SQL, SAP HANA, PostgreSQL;<\/li>\n\n\n\n<li>File shares e blobs;<\/li>\n\n\n\n<li>Backup de estado de sistema e m\u00e1quinas inteiras;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182745-1024x572.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1333\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182745-1024x572.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182745-300x168.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182745-768x429.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182745.png 1279w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\ud83d\uddd3\ufe0f Pol\u00edticas de reten\u00e7\u00e3o:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Di\u00e1ria, semanal, mensal e at\u00e9 anual<\/li>\n\n\n\n<li>At\u00e9 99 anos de reten\u00e7\u00e3o (s\u00f3 n\u00e3o vale chorar depois)<\/li>\n<\/ul>\n\n\n\n<p>\ud83d\udd10 Suporta criptografia com sua pr\u00f3pria chave, Soft Delete e Locks para evitar sabotagem.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddf1 Dedicated Hosts: Isolamento de verdade<\/h3>\n\n\n\n<p>Para workloads sens\u00edveis, com exig\u00eancia de compliance forte:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Servidor f\u00edsico isolado s\u00f3 para sua empresa;<\/li>\n\n\n\n<li>Sem dividir com vizinhos;<\/li>\n\n\n\n<li>Controle de janelas de manuten\u00e7\u00e3o;<\/li>\n\n\n\n<li>Trazer sua pr\u00f3pria licen\u00e7a (economia de at\u00e9 41%);<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"606\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-1024x606.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1334\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-1024x606.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-300x178.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-768x455.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-1536x909.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-2048x1212.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-182925-1320x781.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd11 Azure Key Vault: Adeus, planilha com senha<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Armazene senhas, segredos, certificados e chaves (at\u00e9 HSM);<\/li>\n\n\n\n<li>Controle duplo: RBAC + Access Policies;<\/li>\n\n\n\n<li>Permiss\u00f5es granulares por tipo de objeto;<\/li>\n\n\n\n<li>Prote\u00e7\u00e3o contra <em>purge<\/em> (ideal pra segredos cr\u00edticos);<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"604\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-1024x604.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1335\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-1024x604.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-300x177.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-768x453.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-1536x906.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-2048x1208.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183005-1320x779.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"609\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-1024x609.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1336\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-1024x609.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-300x178.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-768x457.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-1536x913.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-2048x1217.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183028-1320x785.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0e Defender for Cloud: Seu painel de guerra!<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure Score com recomenda\u00e7\u00f5es acion\u00e1veis;<\/li>\n\n\n\n<li>Relat\u00f3rios de compliance (PCI, ISO, SOC, etc.);<\/li>\n\n\n\n<li>Detec\u00e7\u00e3o de amea\u00e7as (VMs, containers, SQL&#8230;);<\/li>\n\n\n\n<li>Prote\u00e7\u00e3o para ambientes h\u00edbridos e multi-cloud;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"608\" src=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-1024x608.png\" loading=\"lazy\" alt=\"\" class=\"wp-image-1337\" srcset=\"https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-1024x608.png 1024w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-300x178.png 300w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-768x456.png 768w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-1536x912.png 1536w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-2048x1216.png 2048w, https:\/\/blog.gustavomagella.com\/wp-content\/uploads\/2025\/04\/Screenshot-2025-04-09-183047-1320x784.png 1320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Simplesmente essencial.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udce1 Azure Sentinel: SIEM &amp; SOAR de verdade<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agrega logs de tudo (Azure, 365, on-prem, terceiros);<\/li>\n\n\n\n<li>Pain\u00e9is visuais, correla\u00e7\u00e3o de eventos;<\/li>\n\n\n\n<li>Automatiza resposta a incidentes (Playbooks);<\/li>\n\n\n\n<li>Ca\u00e7a proativa de amea\u00e7as com queries prontas;<\/li>\n<\/ul>\n\n\n\n<p>Quer maturidade em seguran\u00e7a? Comece pelo Sentinel.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\ude96 Checklist R\u00e1pido<\/h3>\n\n\n\n<p><strong>\u2601\ufe0f Backup: <br><\/strong>\u2705 Vault na mesma regi\u00e3o dos recursos;<br>\u2705 Pol\u00edtica de backup di\u00e1ria\/semanal\/mensal definida;<br>\u2705 Executar Backup Now ap\u00f3s habilitar (n\u00e3o espera 2h da manh\u00e3);<br>\u2705 Soft Delete e Locks ativados;<\/p>\n\n\n\n<p><strong>\ud83e\uddf1 Dedicated Host: <br><\/strong>\u2705 Usado apenas para workloads com compliance;<br>\u2705 Hybrid Benefit ativado (n\u00e3o joga dinheiro fora!);<\/p>\n\n\n\n<p><strong>\ud83d\udd11 Key Vault: <br><\/strong>\u2705 Segredos e certificados salvos (nada de pasta compartilhada);<br>\u2705 RBAC e pol\u00edticas de acesso aplicadas;<br>\u2705 Prote\u00e7\u00e3o contra purge para ativos cr\u00edticos;<\/p>\n\n\n\n<p><strong>\ud83d\udee1\ufe0f Defender for Cloud: <br><\/strong>\u2705 Secure Score revisto todo m\u00eas;<br>\u2705 Defender habilitado nos recursos necess\u00e1rios;<br>\u2705 Compliance revisado (n\u00e3o basta estar seguro, tem que provar);<br>\u2705 JIT, antiv\u00edrus, criptografia: tudo ligado<\/p>\n\n\n\n<p><strong>\ud83d\udce1 Sentinel: <\/strong><br>\u2705 Conectado a todas as fontes cr\u00edticas<br>\u2705 Playbooks e alertas configurados<br>\u2705 Log Analytics com pol\u00edtica de reten\u00e7\u00e3o<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcca Minha Tech Two Cents:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Backup \u00e9 bot\u00e3o de desfazer. Use.<\/li>\n\n\n\n<li>Key Vault \u00e9 onde segredos moram. Mais nada.<\/li>\n\n\n\n<li>Dedicated Hosts s\u00e3o caros. Mas breach \u00e9 mais caro.<\/li>\n\n\n\n<li>Defender \u00e9 seu mapa t\u00e1tico.<\/li>\n\n\n\n<li>Sentinel \u00e9 seu drone de vigil\u00e2ncia.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>\ud83d\udcc6 No pr\u00f3ximo cap\u00edtulo (Cap\u00edtulo 05): Monitoramento e Sa\u00fade no Azure<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Advisor;<\/li>\n\n\n\n<li>Azure Service Health;<\/li>\n\n\n\n<li>Azure Monitor;<\/li>\n<\/ul>\n\n\n\n<p>Te vejo l\u00e1! \ud83c\udf39\u2764\ufe0f<\/p>\n\n\n\n<p>\u2014 Gustavo Magella<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[en-gb] \u26a0\ufe0f Important Disclaimer \ud83c\udfac Watch Episode #04 of 09 Now \ud83d\udd17 Click here to watch on YouTube \u2013 Episode 04 of 09.(And yes, hit&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1321,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[24,23],"class_list":["post-1320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-01-my-tech-two-cents","tag-en-gb","tag-pt-br"],"menu_order":0,"_links":{"self":[{"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/posts\/1320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/comments?post=1320"}],"version-history":[{"count":7,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/posts\/1320\/revisions"}],"predecessor-version":[{"id":1338,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/posts\/1320\/revisions\/1338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/media\/1321"}],"wp:attachment":[{"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/media?parent=1320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/categories?post=1320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gustavomagella.com\/index.php\/wp-json\/wp\/v2\/tags?post=1320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}