In Azure, “defense in depth” means using multiple, layered security controls to protect your cloud environment rather than relying on a single safeguard. Microsoft designs and operates Azure with this layered approach so that your data, applications, compute, and networking resources are protected at several levels. These layers typically include: - **Physical and infrastructure security** – Controls at the datacenter and platform level that Microsoft manages for you. - **Network security** – Capabilities to segment, filter, and monitor traffic to and from your resources. - **Compute and application security** – Controls that help you secure virtual machines, containers, and application workloads. - **Data protection** – Options to secure data at rest and in transit, and to manage access. - **Monitoring and management** – Tools to continuously observe, manage, and improve your security posture. This approach helps reduce risk because if one control is bypassed, other controls are still in place to help protect your environment.

Azure provides a set of services and capabilities designed to help you secure, manage, and monitor your cloud environment as part of your day‑to‑day operations. From a **security** perspective, Azure offers platform features and configuration options that let you control access, protect data, and secure compute and networking resources. Microsoft operates the underlying cloud platform with built‑in security practices, while you configure and manage the controls that apply to your own subscriptions, workloads, and data. For **management and monitoring**, Azure gives you tools to: - Track the health and performance of your applications and infrastructure. - Monitor security‑related events and alerts. - Standardize how you apply policies and controls across resources. Together, these capabilities help you reimagine how you govern and protect your environment in the cloud, while still giving you visibility into what is happening across your data, apps, and infrastructure.

Azure Security Center is a set of security management and monitoring capabilities that help you apply defense‑in‑depth controls across your Azure resources. In the Azure Essentials material, Microsoft goes in‑depth on how Security Center: - Surfaces recommendations so you can strengthen the security of your data, apps, compute, and networking resources. - Helps you understand which controls you can configure and manage directly. - Clarifies what Microsoft is responsible for securing in the underlying Azure platform. You can use Azure Security Center to: - Assess your current security posture. - Identify gaps in configuration or protection. - Monitor ongoing security status across your environment. This helps you rethink how you manage cloud security by combining Microsoft’s platform protections with the controls you configure, giving you a more complete, layered defense in depth for your Azure workloads.