Best practices & security analysis for Microsoft Azure

Latest version of Runecast Analyzer 5.0 introduced proactive, actionable insights for Microsoft Azure. This means that Runecast Analyzer can now scan your Azure environment for proper alignment with best practices and compliance with CIS Benchmarks security standard.

Forecast: a growing multi-cloud

Microsoft Azure is one of the fastest growing cloud services on the market – but it is often not alone in its customers’ portfolios. The real growth is with multi-clouds, a composite of technologies from various cloud providers that include Azure.

According to Stanimir Markov, CEO and Co-Founder of Runecast:

“Organizations are not making ‘either or’ choices when it comes to their IT infrastructure these days – they often use a range of services from cloud providers in addition to their on-prem resources. This mix of infrastructure options creates an extremely complex environment and increased risk for misconfigurations, service disruptions and security gaps. And that’s where Runecast Analyzer enters the picture.”

Microsoft’s Azure public cloud was a little later to the party when compared to the dominant Amazon Web Services, but is growing market share aggressively, especially where organisations have typically consumed Microsoft’s software in the form of an Enterprise License Agreement. According to research published in October 2020 by Synergy Research Group, AWS currently holds 33% of the public cloud market, with Azure following closely behind at over 18%. Azure has been growing aggressively and continues to close the gap.


Enhancing your native toolset to handle multi-cloud 

To say that keeping a mixed portfolio of technologies stable and secure is challenging would be a vast understatement. While cloud providers such as AWS, Azure, and VMware typically offer their own best practice or security hardening guidelines to help users with compliance and stability issues, these resources naturally focus on the specific provider and have limited scope and range when it comes to real-world IT integrations.

Runecast Co-Founder and CTO Aylin Sali stated:

“It’s a problem of both rapid changes and poor visibility. Native tools help, but they're not designed to ensure that users have aligned their environments with best practices, security standards, or even known issues. Users need a single point of visibility across all technologies, with a platform-agnostic tool that reveals all the known and potential risks.”

Equally, Azure security compliance (e.g. compliance with Azure CIS Benchmarks) and keeping your IT environment aligned with Azure best practices can be a challenge for even the best of teams.

The founding team at Runecast – made up of veteran IT System Admins – built Runecast Analyzer specifically to answer the developing needs faced by organizations’ IT teams. Providing Admins with proactive insights for Azure best practices and security compliance, for example, was always part of their vision – one that began with VMware and moved later also into the realms of Runecast Analyzer coverage for AWS and Kubernetes.


Let’s take a deeper dive into our Microsoft Azure capabilities

In line with our integrations with other technologies, we start with the most commonly requested functionality: best practices and the latest CIS benchmark. CIS benchmarks have consistently been among the most requested knowledge profiles when discussing new technologies, and we roll out the CIS benchmark 1.3.0 for Azure with 96 checks in total. There’s a brand new dashboard focussed specifically on Azure services. Obviously, all of the Azure functionality rolls up into the global view, too, so you can see everything at the high level and dive all the way into specific services if that’s what you need.

As you can see from the new Azure dashboard, the supported services are broken down into Compute & Containers, Storage & Databases, Network & Security and Users & Roles.

Connecting Runecast Analyzer to your Azure account is super simple: you create an Application ID & Client Secret in your Azure Directory, then drop the details into the wizard. Hit Continue, and so long as connectivity is good, you’ll see your new Azure tenant in the connected systems, ready for analysis.

Runecast has worked closely for some time now with the Center for Internet Security – Analyzer is already CIS certified for the AWS and VMware benchmarks. Work is going on behind the scenes to finalise certification for the Kubernetes and now the Azure coverage.

Beyond this, there are several best practices for Azure, as detailed by Microsoft.

What is covered?

Runecast Analyzer covers every check included in the CIS benchmark for Azure and several best practices. These cover the following services:

  • Azure Active Directory
  • Azure App Services
  • AKS (Azure Kubernetes Service)
  • Disks
  • Key Vault
  • MySQL Server
  • Network Security Groups
  • PostgreSQL Server
  • SQL Server
  • Storage Accounts
  • Subscriptions
  • Virtual Machines


As with the other technologies that Runecast Analyzer provides proactive analytics for, expect the lists of supported services and regulatory standards to grow over time. Obviously, as this happens, the number of checks performed will grow!

Why did we choose to implement Microsoft Azure?

During the webinar, Kev Johnson and Stan Markov explained the logic behind best practices & security analysis capabilities. Explore with them the full set of mandatory CIS compliance rules and best practices audits with an out-of-the-box solution for Microsoft Azure.

How to configure Runecast Analyzer 5.0 & above for Microsoft Azure

Kev Johnson provides a step by step guide on how to configure Runecast Analyzer 5.0 and beyond for the new Microsoft Azure insights.

IT admins can test Runecast Analyzer in their own environments with a 14-day free trial.

Licensing and Pricing

In line with the AWS and Kubernetes functionality, the Azure functionality is licensed as a separate module in Runecast Analyzer. This provides the flexibility to license only the technologies relevant to your needs – it makes no sense to require customers to license VMware technologies if they’re not using VMware! You can find pricing details on our Licensing & Pricing page.

Runecast scores global recognition for its Runecast Analyzer

Recognized by Gartner as a ‘Cool Vendor’, Runecast’s innovative technology has also been patented in the United States. Its contribution to securing mission-critical data center operations resulted in the company winning a €1.9M EU Horizon 2020 grant for further development of its Runecast A.I. Knowledge Automation (RAIKA).

Notable clients using Runecast Analyzer to mitigate service risks and ensure maximum efficiency and security within their IT infrastructure include Avast Software, Chevron, Erste Bank, FLEXdata, Fujisoft, German Aerospace Center (DLR), Near East Bank, Raiffeisen Bank, Scania, Skyguide, and de Volksbank.

“A must-have tool for IT System Admins in the 21st Century”

Not only does Runecast Analyzer provide a single view of what is happening across workloads, but Runecast Analyzer also does this while running securely on-premises – or even offline, for the most security-conscious applications. This enhances system admins’ access to comprehensive analysis of their networks – regardless if those are on-premises, hybrid, or in the public cloud – while they maintain full control of their data.

Runecast Analyzer compiles information from an array of ‘sources of truth’ – including Knowledge Base articles (KBs), multiple vendor best practices, security standards, etc. – then uses Natural Language Processing (NLP) and Artificial Intelligence (AI) to highlight risks and automatically discover any misconfigurations that can negatively affect performance, trigger outages, or fail security audits

This time-sensitive information enables system admins to slash troubleshooting time as much as 75-85%, with an 80% reduction in monthly incidents and issues (see: University of St Andrews). Others have reported reducing upgrade planning time by 90% (see: FLEXdata).

Download 14-day free trial

Our customers and partners tell us that, once they tried Runecast Analyzer, they couldn’t afford NOT to use it in their tech stack.

Register now