Security with SAP and Microsoft

Introduction

In episode 262 of our SAP on Azure video podcast we talk about Security.

In the past, security was never really a prominent topic for SAP customers. When asked about their top 5 priorities in the next year, other topics were always on the top. To my suprise, this changed quite a bit: not only in the latest DSAG Survey Security came out as one of the most important topics.

So with todays session, we want to kick off several sessions focused completely on Security with SAP and Microsoft. This goes way beyond using Entra ID for Signle Sign-On and my colleague Martin Pankraz has focused on this for years. So I am really glad to have Martin back with us to kick off the security related sessions.

Find all the links mentioned here: https://www.saponazurepodcast.de/episode262

Reach out to us for any feedback / questions:

• Goran Condric: https://www.linkedin.com/in/gorancondric/
• Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/

#Microsoft #SAP #Azure #SAPonAzure #Security #Sentinel #RISEwithSAP #MSDefender

Summary created by AI

• Rising Importance of SAP Security:
• Holger and Martin Pankraz discussed the increasing prioritization of security among SAP customers, referencing recent DSAG survey results and highlighting the shift in focus towards cybersecurity within the SAP ecosystem.
  • DSAG Survey Findings: Holger explained that security has become a top priority for SAP customers, as evidenced by the latest DSAG (German SAP User Group) survey, which showed a significant increase in the relevance of cybersecurity for investment planning in 2025.
  • Changing Customer Attitudes: Martin noted that the momentum around security has shifted, with more SAP customers and partners recognizing the need to invest in security due to global events and increased awareness of sovereignty and business competition.
  • Educational Initiatives: Holger and Martin described hands-on events like ‘Hacker in a Day’ and hackathons, which have successfully educated hundreds of SAP customers and partners about the importance and practical aspects of security.
• Overview of Microsoft and SAP Security Integration:
• Martin Pankraz provided a comprehensive overview of the current state of SAP security on Microsoft platforms, detailing available tools, co-engineered solutions, and the multilayered approach to protecting SAP workloads.
  • Identity and Access Management: Martin described how Microsoft Entra ID enables single sign-on, multifactor authentication (MFA), and conditional access for SAP systems, including RISE, SAP NetWeaver, and SAP SaaS, with Entra ID Governance managing SAP user lifecycle events.
  • Data Protection Mechanisms: Martin outlined data protection features such as encryption, Azure Backup with immutable vaults for ransomware protection, Microsoft Purview for SAP, Azure Key Vault for secrets management, and Azure Confidential Computing for processing-level encryption.
  • Network Security Solutions: The discussion covered network isolation options like SAP Private Link for Azure, Azure ExpressRoute, and Azure Private Link, which provide secure, high-performance connections between SAP and Azure services.
  • Threat Protection and Security Management: Martin highlighted Microsoft Sentinel for SAP applications, SAP LogServ integration, and Defender for Endpoint (HANA aware) as key tools for detecting and responding to threats, with co-engineered solutions ensuring compatibility and deep integration.
  • AI Security and Partner Solutions: The session introduced AI-driven security features such as Microsoft Security Copilot, Entra Agent ID, Azure AI Content Safety, and Prompt Shields, as well as the role of partner solutions in extending protection, detection, and response capabilities.
• Current Threat Landscape and Attack Trends:
• Martin and Holger discussed the evolving threat landscape, emphasizing the prevalence of identity-based attacks, the scale of Microsoft’s security operations, and actionable insights for SAP customers to mitigate risks.
  • Microsoft’s Security Operations Scale: Martin shared that Microsoft processes over 78 trillion security signals daily and employs 34,000 dedicated security engineers, providing a unique vantage point for understanding and defending against global cyber threats.
  • Identity Attack Prevalence: The speakers noted that more than 99% of identity attacks are password-based, with Microsoft blocking 7,000 password attacks per second, and highlighted the importance of moving to MFA and passwordless authentication.
  • Attack Techniques and Trends: Martin explained that attackers are increasingly targeting identity infrastructure, exploiting abandoned or overprivileged applications, and using advanced techniques like token theft and consent phishing, making monitoring and secure development practices essential.
  • Actionable Security Recommendations: The discussion included recommendations such as employing AI-driven threat detection, monitoring identity infrastructure changes, retiring passwords in favor of phishing-resistant methods, and ensuring secure application development and device compliance.
• Best Practices and Tools for SAP Security:
• Martin and Holger reviewed best practices for SAP security, including the use of MFA, secure key management, immutable backups, and the integration of Microsoft and SAP tools to provide comprehensive protection across identity, data, network, and threat management.
  • Multifactor Authentication Adoption: The speakers emphasized the effectiveness of MFA in reducing attack vectors, recommending its use for SAP systems and explaining the differences between standard and phishing-resistant MFA methods.
  • Key Management and Data Loss Prevention: Martin described the importance of Azure Key Vault for secure secrets management and Microsoft Purview for data loss prevention, noting that losing encryption keys can render systems unrecoverable and highlighting the need for robust key management policies.
  • Immutable Backups and Recovery: The session covered the use of Azure Backup with immutable vaults to protect against ransomware and accidental data loss, stressing the need for regular backups and early detection of compromises.
  • Network Isolation and ExpressRoute: Holger and Martin recommended using Azure ExpressRoute for reliable, low-latency connections to SAP systems, ensuring network isolation and performance guarantees compared to standard internet or VPN connections.
• Threat Detection, Response, and Compliance for SAP:
• Martin detailed the integration of Microsoft Sentinel, Defender for Endpoint, and SAP LogServ for comprehensive threat detection, response, and compliance, including support for long-term log retention and AI-driven security operations.
  • Microsoft Sentinel Integration: Martin explained that Microsoft Sentinel offers first-party integration with SAP systems, ingesting audit logs and providing security operations centers with the tools to monitor, block users, and reactivate audit logs as needed.
  • SAP LogServ and Shared Responsibility: The speakers discussed SAP’s LogServ service, which supports the shared responsibility model in RISE deployments by providing access to critical logs, with Microsoft Sentinel being the first SIEM product to integrate with this service.
  • Defender for Endpoint (HANA Aware): Martin described how Defender for Endpoint is tailored for SAP hosts, recognizing HANA databases and ensuring that security operations do not interfere with SAP workloads, with extensive testing on Microsoft’s own SAP infrastructure.
  • Long-Term Log Retention and Compliance: The session addressed the need for long-term log retention due to regulatory requirements, with Microsoft’s security data lake and LogServ connector enabling cost-efficient storage and compliance for SAP customers.
  • AI-Driven Security Operations: Martin introduced Microsoft Security Copilot, which leverages AI to assist SOC analysts in remediation, detection, and reporting, significantly reducing the time required to respond to incidents involving SAP systems.
• Future Directions and Partner Ecosystem:
• Martin and Holger previewed upcoming security features, the evolving role of AI and agent identities, and the importance of partner solutions in extending and customizing SAP security on Microsoft platforms.
  • Upcoming Security Features: Martin mentioned that Microsoft Ignite will introduce new security capabilities, with future sessions planned to cover these advancements once they are publicly available.
  • Agent Identity and AI Security: The speakers discussed the growing importance of agent identities (Entra Agent ID) for AI-driven integrations, ensuring traceability and compliance as agents act on behalf of users in SAP environments.
  • Partner Solutions and Customization: Martin highlighted the role of SAP and third-party partners in complementing Microsoft’s baseline security offerings, providing specialized integrations and features tailored to customer needs.

• Microsoft Sentinel solutions for SAP applications

• 0:00 Intro
• 1:45 Introducing Martin Pankraz
• 5:15 Important of Cyber Security - DSAG Report
• 6:25 Our unique vantage point
• 8:30 7000 password attacks blocked
• 11:35 Secure and defend SAP apps and data on Microsoft Cloud - Identity and access management
• 12:30 Data protection
• 16:00 Network security
• 18:20 Thread protecion
• 22:40 AI Security
• 28:25 Add SAP ERP to your companies protection layers