Defense In Depth
Microsoft has a concept called defense in depth, which enforces security on all different layers of the network instead of just a single point of failure.
various Security Layers
- Data: Virtual Network Endpoint
- Application: API Management
- Compute: Limiting Access, Windows Update
- Network: Network Security Groups, Subnets, Deny By Default
- Perimeter: DDoS, Firewall
- Identity & Access: Azure AD
- Physical: Door Locks, Fences, Key Cards