.svg?width=174&auto=compress,webp&upscale=true "aca-group (black)")
.svg?width=139&auto=compress,webp&upscale=true "aca-group (black)")
Reading time 5 min
ACA Group Team
6 May 2025
Reading time 6 min
Cybersecurity is no longer optional—it’s a cornerstone of every organization’s operational resilience and compliance strategy. With the introduction of the EU's NIS2 directive, European organisations face a pressing need to meet rigorous security standards. While the EU's NIS2 directive sets clear standards for network and information security, translating its mandates into actionable steps can be a challenge—especially for businesses using cloud platforms like Microsoft Azure.
Fortunately, Azure offers a range of tools designed to simplify compliance and strengthen your security framework. In this post, we’ll explain how Azure can help you to align with NIS2, breaking down the process into manageable steps to help you secure your environment and stay compliant.
What is NIS2?
The EU’s NIS2 (Network and Information Security Directive 2) is a cybersecurity directive introduced by the European Union to enhance the resilience and security of critical infrastructure and essential services across member states. It replaces the original NIS Directive from 2015 and has been incorporated into the national laws of each EU member state since October 18th, 2024.
NIS2 standardizes cybersecurity practices for a wide range of sectors and organizations, from digital services, healthcare and energy, to transportation and public administration. Non-compliance can result in high fines and even reputational damage, so for affected organizations adherence is crucial.
Challenges of NIS2
NIS2 covers a broad range of cyber security objectives, including governance, risk management and incident response. With so many objectives, it can be a daunting task for organisations to translate them into actionable steps.
Are your infrastructure resources located in the public cloud Azure? Do you know Azure offers important tools in order to audit and ensure your environment is NIS2-compliant.
How to start the implementation of NIS2?
The first step for implementing NIS2 is to break the directive into smaller manageable controls. Once this has been done, the work of mapping the controls to the best technology and process can start.
In this blog, we will break down a specific set of controls and map them to a technology with a focus on Microsoft Azure and Microsoft Entra ID.
Microsoft Entra ID: identity and access management for NIS2 compliance
One of the core requirements of NIS2 is ensuring only authorised personnel have access to critical systems and data. With Microsoft Entra ID, you have a very robust set of identity and access management (IAM) tools.
Multi Factor Authentication
Multi Factor Authentication (MFA) has become the de facto standard security method. It requires a user to provide at least two verification factors to access the environment.
Conditional Access Policies
Conditional Access Policies are often overlooked because they seem optional, but they are essential for ensuring a secure environment. They define the conditions users must meet to access the environment. They may grant or deny access based on parameters such as:
- IP address (location)
- User Group Membership in Entra ID
- Device Posture and compliance
Just-in-Time Access
Additional safety measures such as Just-in-Time-Access, which grants specific rights for a limited time, should also be configured. As an administrator, you should maintain read-only access by default, using Just-In-Time-Access to temporarily elevate privileges during approved change windows.
Security Information and Event Management
All the safety measures in the world mean nothing if you don’t have an effective way to continuously monitor and respond accordingly. There are several SIEM (Security Information and Event Management) solutions available. You can adopt Microsoft Sentinel which has both hybrid and cloud native support.
Microsoft Sentinel
At ACA, we recommend closely monitoring your secure score in Microsoft Entra ID tenant. It provides a quick, clear overview of your compliance progress.
Azure tools for NIS2 compliance
The Azure platform provides many tools and technologies to help you with NIS2 compliance.
Microsoft Defender for Cloud
Microsoft Defender for Cloud is an excellent tool to provide real-time threat detection along with security recommendations for different Azure resources such as VM’s, SQL databases, storage and many more. This also includes monitoring for vulnerabilities, policy compliance and security misconfigurations.
Azure policy
Azure policy is the foundation for keeping your infrastructure compliant, establishing the foundations of your governance framework for your entire landing zone.
Before provisioning your first workloads in Azure, ensure your Azure policies are configured and compliant with the NIS2 directive.
Do you already have workloads in Azure? It makes policy enforcement a little bit more complex, as they are often set up without strict enforcement. In such cases, the policies have to run in ‘audit’ mode. This is where any non-compliance is flagged but not enforced. This approach lets organizations review and assess the impact before fully enforcing policies.
How to manage response and recovery in NIS2?
NIS2 is not only about security, but also has a compliance section on “Response and Recovery”. This is where you can leverage Azure Backup, Azure Site Recovery and of course, Infrastructure as Code.
Focusing further on the actual data, we need to consider the different types of data confidentially. Encryption is key here as it ensures that your data is only accessible to authorized individuals and systems.
There are three main types of encryption available:
1. Data at Rest
When you store a file in an Azure Storage Account, this is encrypted using Service-side encryption (SSE) automatically. There are different types of encryption at Rest in Azure, depending on which service you use.
2. Data in Transit
When data is transmitted over the network there are different ways to encrypt it with the most common being Transport Layer Security (TLS). This is the primary method used when connecting to and interacting with Azure services.
3. Data in Use
Data used for processing, such as when stored in memory, can also be encrypted. This is oftentimes overlooked because it’s more complex and the implementation varies depending on which service you use. If you use virtual machines in Azure, there’s a whole area covering Confidential Computing. In case someone would try to read the memory of the host, it is encrypted and unreadable.
Struggling with NIS2 compliance?
The journey towards NIS2 compliance is exciting, but can also be complex. The technological aspects alone involve numerous controls across various public cloud technologies. However, achieving true compliance requires a balanced approach that integrates the technologies with robust processes and governance.
➡️ At ACA, we care deeply about security. Wherever you are in the NIS2 journey, you can count on us to guide you towards NIS2 compliance success.
Questions about NIS2 compliance?
Related articles
What others have also read
Reading time 7 min
Patrik Söderström
18 DEC 2025
CloudBrew has always been a highlight on our calendar, but the 2025 edition felt different. Perhaps it was the timing. Just the month prior, November 2025, the Azure Belgium Central region finally opened its doors. ACA has always operated from the heart of Europe, so seeing this massive national milestone go live just before the conference added a layer of excitement.
Read more
Reading time 4 min
Roel Van Steenberghe
27 NOV 2025
Better uptime, lower costs, and avoiding vendor lock-in. These are three of the reasons why our customers opt for a multicloud strategy. Our Cloud Project Manager Roel Van Steenberghe explains what such a strategy entails and what the advantages of Google Cloud Platform (GCP) are.
Read more
Reading time 3 min
Bregt Coenen
8 MAY 2025
In the complex world of modern software development, companies are faced with the challenge of seamlessly integrating diverse applications developed and managed by different teams. An invaluable asset in overcoming this challenge is the Service Mesh. In this blog article, we delve into Istio Service Mesh and explore why investing in a Service Mesh like Istio is a smart move." What is Service Mesh? A service mesh is a software layer responsible for all communication between applications, referred to as services in this context. It introduces new functionalities to manage the interaction between services, such as monitoring, logging, tracing, and traffic control. A service mesh operates independently of the code of each individual service, enabling it to operate across network boundaries and collaborate with various management systems. Thanks to a service mesh, developers can focus on building application features without worrying about the complexity of the underlying communication infrastructure. Istio Service Mesh in Practice Consider managing a large cluster that runs multiple applications developed and maintained by different teams, each with diverse dependencies like ElasticSearch or Kafka. Over time, this results in a complex ecosystem of applications and containers, overseen by various teams. The environment becomes so intricate that administrators find it increasingly difficult to maintain a clear overview. This leads to a series of pertinent questions: What is the architecture like? Which applications interact with each other? How is the traffic managed? Moreover, there are specific challenges that must be addressed for each individual application: Handling login processes Implementing robust security measures Managing network traffic directed towards the application ... A Service Mesh, such as Istio, offers a solution to these challenges. Istio acts as a proxy between the various applications (services) in the cluster, with each request passing through a component of Istio. How Does Istio Service Mesh Work? Istio introduces a sidecar proxy for each service in the microservices ecosystem. This sidecar proxy manages all incoming and outgoing traffic for the service. Additionally, Istio adds components that handle the incoming and outgoing traffic of the cluster. Istio's control plane enables you to define policies for traffic management, security, and monitoring, which are then applied to the added components. For a deeper understanding of Istio Service Mesh functionality, our blog article, "Installing Istio Service Mesh: A Comprehensive Step-by-Step Guide" , provides a detailed, step-by-step explanation of the installation and utilization of Istio. Why Istio Service Mesh? Traffic Management: Istio enables detailed traffic management, allowing developers to easily route, distribute, and control traffic between different versions of their services. Security: Istio provides a robust security layer with features such as traffic encryption using its own certificates, Role-Based Access Control (RBAC), and capabilities for implementing authentication and authorization policies. Observability: Through built-in instrumentation, Istio offers deep observability with tools for monitoring, logging, and distributed tracing. This allows IT teams to analyze the performance of services and quickly detect issues. Simplified Communication: Istio removes the complexity of service communication from application developers, allowing them to focus on building application features. Is Istio Suitable for Your Setup? While the benefits are clear, it is essential to consider whether the additional complexity of Istio aligns with your specific setup. Firstly, a sidecar container is required for each deployed service, potentially leading to undesired memory and CPU overhead. Additionally, your team may lack the specialized knowledge required for Istio. If you are considering the adoption of Istio Service Mesh, seek guidance from specialists with expertise. Feel free to ask our experts for assistance. More Information about Istio Istio Service Mesh is a technological game-changer for IT professionals aiming for advanced control, security, and observability in their microservices architecture. Istio simplifies and secures communication between services, allowing IT teams to focus on building reliable and scalable applications. Need quick answers to all your questions about Istio Service Mesh? Contact our experts
Read moreContact us
Want to dive deeper into this topic?
Get in touch with our experts today. They are happy to help!
Contact us
Want to dive deeper into this topic?
Get in touch with our experts today. They are happy to help!
Contact us
Want to dive deeper into this topic?
Get in touch with our experts today. They are happy to help!
Contact us
Want to dive deeper into this topic?
Get in touch with our experts today. They are happy to help!