Linkedin-in Whatsapp
Main Menu

Table of Contents

Hardening Your Application Insights on Azure: A Comprehensive Guide to Securing Cognitive Services

Description

Application Insights is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps. Developers and DevOps professionals can use it. Application Insights to:

  • Automatically detect performance anomalies.  
  • Help diagnose issues by using powerful analytics tools.  
  • See what users do with apps.  
  • Help continuously improve app performance and usability.  

Application Insights Features:

  • Supports various platforms, including .NET, Node.js, Java, and Python.  
  • Works for apps hosted on-premises, hybrid, or on any public cloud.  
  • Integrates with DevOps processes.  
  • Has connection points to many development tools.  
  • Can monitor and analyze telemetry from mobile apps by integrating with Visual Studio.

BASELINE CONFIGURATION

Config Name Description Solution GE Control ID
RG Resource Group requirement Must use same region for resource, resource group and subscription Standard EA
Network Type Access to the service Must opt NO for "Accept data ingestion& Query from public networks not connected through a Private Link Scope" SEC 1.2
Data Encryption Send data Securely To ensure security of data transit to Azure Monitor. With an enforce to configure the agent to use at least TLS 1.2 SEC 7.2
Authentication/Authorization Authenticate to console services and data sources using Azure native security services Authenticating of services using AAD IAM RBAC SEC 2.1
Keys API keys stored in keys Vault as secrets You can either create your own keys or store them in a key vault APIs to generate keys. SEC 4.1
Logging Collect platform logs and operation logs. Logs must be stored in Gas Power Cyber approved logging destination: central analytics workspace in 328-gp-azr-ops SEC 3.11

Tagging Considerations

Policy Name Description Solution
UAI tag All speech services must be tagged with a valid UAI - Example: Key: uai
- Value: uai1234567
- Use lower case name and value
Env tag All speech services must be tagged with a tag corresponding to the application environment - Example: Key : env, Value: prd
- For Valid envs see item 5.2 in cloud controls document
- Use lower case name and value
Appname tag Must tagged with application short name where applicable - Example: Key: appname
- Value: ABC123

Resource Standards and Policies

Config Name Description Solution
Naming convention Resource follows standard naming convention Apply naming standards based on the following guidelines
Naming & Tagging Standards

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  

Start Today !

Network Considerations

Config Name Description Solution
Standard network Configuration Standard vnet, subnet, NSG configuration applied See network baseline config for more information.
Private endpoints Deny public internet access Ensure that key vault is accessible only over Stakeholder private network

Identity and Access Management

Config Name Description Solution Mandated/Optional IAM Policy CF Template
IAM RBAC Configuration Standard RBAC roles defined for speech service and assigned to users See Stakeholder’s approved baseline configuration for more information Mandated

Operational Considerations

Config Name Description Solution
API Key rotation Keys should be rotated periodically. Generate Keys regularly and store keys in Key Vaults
Backup and Recovery Ensure Regular automated Backups Follow standards to backup

ISmile Technologies brings its managed cloud security services to your defence. We help you reimagine cloud security by building it into the foundation of your company. In this way it can meet your business’s evolving needs cost-effectively as a fully managed, consumption-based, as-a-service model, ensuring advanced security. Schedule a free assessment today.

CLOUD Engineer

Gopi Krishna

I’m working as Cloud DevOps Engineer. Expertise in technologies of Kubernetes, cloud services and cloud-native services, and DevOps technologies in various clouds.

Liked what you read !

Please leave a Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *

Join the sustainability movement

Is your carbon footprint leaving a heavy mark? Learn how to lighten it! ➡️

Register Now

Calculate Your DataOps ROI with Ease!

Simplify your decision-making process with the DataOps ROI Calculator, optimize your data management and analytics capabilities.

Calculator ROI Now!

Related articles you may would like to read

The Transformative Power of Artificial Intelligence in Healthcare
Read More
How To Setup An AI Center of Excellence (COE) With Use Cases And Process 
Read More
Connect With Us
  • USA : 501 S Weber Rd Unit 108, Bolingbrook, IL 60490
  • Canada : 3191 Stocksbridge Ave Oakville, ON L6M 0A7
  • India : 2-3-285, Secunderabad, Hyderabad, 500003
About Us
Linkedin-in Whatsapp Instagram Youtube
This website is hosted Green - checked by thegreenwebfoundation.org
End to End Solution
Managed Services
Partners
Resources
Get in Touch
Privacy Policy
Copyright © 2022  ISmile Technologies

Find our Resources

Proposals

Know the specific resource requirement for completing a specific project with us.

Blog

Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.

Webinar

Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

About Us +

Request a Consultation

Register Now