When you have your Microsoft Azure Architectural Design in place like a HUB-Spoke model this Microsoft documentation can help you with the Security and networking design in Microsoft Azure Cloud services.
The Virtual Data Center (VDC) isn't just the application workloads in the cloud. It's also the network, security, management, and infrastructure. Examples are DNS and directory services. It usually provides a private connection back to an on-premises network or datacenter. As more and more workloads move to Azure, it's important to think about the supporting infrastructure and objects that these workloads are placed in. Think carefully about how resources are structured to avoid the proliferation of hundreds of workload islands that must be managed separately with independent data flow, security models, and compliance challenges.
When you have your Microsoft Azure High Level Design, get your security and network in Azure in place in a manageable way for your Cloud Administrators and your Business. Here are some tips:
- Understand the data workflows in your Azure Virtual Data Center.
- Make a Detailed network and security design (Low level)
- Keep it Simple but Secure.
- Before you go into production, do a Security assessment (Pentest) by 3rd party Professionals
( For example via Company CQURE )