Protecting Your Azure Subscription – Customer Checklist
Why this matters
Azure fraud typically occurs when an attacker gains access to privileged accounts and deploys high‑cost resources. Any consumption in your Azure subscription is chargeable to your organisation.
✅ Identity & Access Controls (Highest Priority)
- Enable MFA for all Global Admin accounts
- Enable MFA for all Subscription Owners and Contributors
- Ensure MFA is registered, not just enabled
- Disable legacy authentication where possible
- Use separate admin accounts for privileged access
- Regularly review and remove unnecessary admin roles
✅ Azure Subscription Controls
- Review Azure regions and VM sizes users are allowed to deploy
- Minimise RBAC permissions – avoid “Owner” unless truly required
✅ Security Monitoring
- Review recommendations in Microsoft Defender for Cloud
- Investigate any high‑risk security alerts promptly
- Enable activity logging and review for unexpected changes
✅ Important Reminders
- Azure consumption can increase very quickly if an account is compromised
- Identity compromise is a financial risk, not just a data security issue
- MFA acts as a financial safeguard as well as a security control
- You are responsible for securing your tenant and monitoring Azure usage
If you need help reviewing your Azure security or enabling these controls, please contact support@cobweb.com.