An overview of Azure services

As we noted earlier in this chapter, there are over 200 services available in Azure. Even though this sounds like a lot of services, they can generally be grouped into five categories, outlined as follows:

• Services that are used to host applications: These services provide a runtime environment that can be used to execute application code or run container images. Services such as Azure App Service, Azure Virtual Machine (Azure VM), and Azure Kubernetes Service (AKS) fall into this category. Organizations use them to host external and internal applications.
• Services that are used to store data for applications: These services are used to store different kinds of application data. Services such as Storage accounts, Azure SQL, and Cosmos DB fall into this category.
• Services that are used to create applications: These services are used to create workflows that run in the cloud. Services such as Logic Apps and Functions apps fall into this category.
• Services that are used to enhance applications: These are typically Software-as-a-Service (SaaS)-type services in Azure that are used to provide extra capabilities to other applications. A service such as Azure Cognitive Services falls into this category. This is used by developers to add intelligence to their custom applications using pre-built and pre-trained machine learning algorithms.
• Services that are used to monitor or manage applications: These are services that are used to manage or monitor other services or applications. Services such as Azure Automation, API Management, Application Insights, and Azure Monitor fall into this category. Additional security-focused services, such as Azure Sentinel and Azure Security Center, would also fall into this category. These services can also provide useful insights from a penetration-testing perspective.

As we progress through the book, we will touch on many services, but the core resources that are important to understand are outlined here.

This table outlines some of the most common Azure services that will be attacked in this book:

As you can see from the preceding information, Microsoft was very practical with the naming of Azure services. For the most part, the service names are based on what the service does. For example, the Azure service used for hosting VMs is called Virtual Machines. In contrast, the equivalent service in AWS would be Elastic Compute Cloud (EC2).

Important note

For anyone that is making the terminology transition from AWS to Azure, the following Microsoft document may be helpful for matching up any of the confusing service names: https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services.

For those more familiar with GCP, Microsoft also has some helpful documentation at https://docs.microsoft.com/en-us/azure/architecture/gcp-professional/services.

In Chapter 3, Finding Azure Services and Vulnerabilities, we will discuss how some of these services can be discovered anonymously using the Azure Domain Name System (DNS) naming structure. In the next section, we will review how access to Azure services is structured and managed using RBAC.