{"id":1143,"date":"2026-06-01T13:57:16","date_gmt":"2026-06-01T11:57:16","guid":{"rendered":"https:\/\/www.cloudtango.net\/blog\/?p=1143"},"modified":"2026-06-01T13:57:16","modified_gmt":"2026-06-01T11:57:16","slug":"microsoft-azure-security-best-practices","status":"publish","type":"post","link":"https:\/\/www.cloudtango.net\/blog\/2026\/06\/01\/microsoft-azure-security-best-practices\/","title":{"rendered":"Microsoft Azure Security Best Practices"},"content":{"rendered":"
\n

Whether you\u2019re\u00a0migrating to Microsoft Azure\u00a0or securing an existing environment, it\u2019s crucial to establish the right security controls in Azure. While Microsoft provides platform-level protection out of the box, customers need to configure additional security controls to meet their needs in terms of operations, security posture, and compliance.<\/p>\n

So, which best practices should you follow for Azure security?<\/p>\n

We\u2019ve got all the answers below.<\/p>\n

Key takeaways:<\/strong><\/p>\n

– Microsoft provides strong security for Azure at the platform level, but customers usually need to implement additional controls to satisfy their requirements.
\n– Data in Azure is secured by default, both at rest and in transit, but customers should configure policies, key ownership, and access to align with their requirements.
\n– Azure supports common compliance frameworks at the platform level, but organizations will need to move beyond default configurations to support compliance efforts.
\n– Microsoft Entra ID provides strong identity and access controls for Azure environments.
\n– Microsoft Defender for Cloud and Microsoft Sentinel can provide threat detection and correlation within your Azure environment.<\/p>\n<\/div>\n

<\/span><\/span><\/p>\n

Is Microsoft Azure secure by default?<\/h2>\n

Microsoft Azure is secure by default at the platform level, but customers must actively configure and manage Azure security controls to fully protect their workloads. Some customers engage internal staff to handle these responsibilities, while others choose to engage\u00a0cloud management services\u00a0from an MSP or MSSP.<\/p>\n

Azure is built on a highly secure global cloud infrastructure with strong baseline protections built in, such as:<\/p>\n

– Physical datacenter security
\n– Encrypted communications*
\n– Identity safeguards
\n– Continuous monitoring by Microsoft<\/p>\n

However\u2013and this is critical to understand\u2013Azure follows a shared responsibility model, meaning Microsoft secures the cloud itself, while customers are responsible for properly securing what they deploy in the cloud.<\/p>\n<\/div>\n

\"Azure<\/div>\n
<\/span><\/span><\/p>\n

What is the shared responsibility model for security in Azure?<\/h2>\n

The shared responsibility model for security in Azure defines how security responsibilities are divided between Microsoft and the customer. Microsoft is responsible for securing the Azure cloud platform itself, including physical datacenters, hardware, networking, and the underlying infrastructure, while customers are responsible for securing what they deploy in the cloud, such as identities, access controls, operating systems, applications, data, and configurations.<\/p>\n

Here\u2019s what that looks like in detail.<\/p>\n

What Microsoft secures by default in Azure<\/h3>\n

Microsoft is responsible for securing the underlying Azure platform and services, including:<\/p>\n

– Physical datacenter security<\/strong>\u00a0(access controls, surveillance, hardware lifecycle)
\n– Core infrastructure security<\/strong>\u00a0(network backbone, host OS, hypervisors)
\n– Baseline encryption<\/strong>\u00a0for data in transit and many services at rest
\n– Built\u2011in identity protections<\/strong>\u00a0via Microsoft Entra ID (formerly Azure AD)
\n– Platform threat detection<\/strong>\u00a0and global intelligence from Microsoft Security<\/p>\n

These controls mean Azure\u2019s foundational environment typically exceeds what most organizations can implement on\u2011premises in terms of baseline security.<\/p>\n

What Microsoft Azure customers must configure themselves to ensure security<\/h3>\n

Many of Azure\u2019s most important security controls are available but not enforced by default, including:<\/p>\n

– Multi-factor authentication (MFA)<\/strong>\u00a0enforcement for users and admins
\n– Least-privilege access<\/strong>\u00a0with Azure RBAC and role scoping
\n– Network exposure controls<\/strong>, such as private endpoints, firewalls, and segmentation
\n– Workload hardening<\/strong>\u00a0for VMs, containers, apps, and databases
\n– Security monitoring and posture management<\/strong>\u00a0using tools like Defender for Cloud<\/p>\n

Key takeaway<\/strong>: If these are left unconfigured, environments can still be vulnerable even though they\u2019re running on a secure platform.<\/p>\n

 <\/p>\n

Is data encrypted in Azure?<\/h2>\n

Yes, data in Microsoft Azure is encrypted by default, both at rest and in transit, with multiple options for customers to control how encryption is implemented and managed. Azure uses industry\u2011standard encryption technologies across its services to help protect customer data from unauthorized access, whether the data is being stored, processed, or transmitted between systems.<\/p>\n

How Azure encryption works for data at rest<\/h3>\n

Azure encrypts data stored in its services in several ways.<\/p>\n

– Infrastructure\u2011level encryption<\/strong>\u00a0protects disks, storage, and databases using strong encryption (typically AES\u2011256).
\n– Most core services<\/strong>, such as Azure Storage, Azure SQL Database, Managed Disks, and Cosmos DB, have encryption at rest enabled by default, with no customer action required.
\n– Customer Managed Keys (CMK)<\/strong>\u00a0are supported for many services, allowing organizations to control their own encryption keys rather than relying on Microsoft\u2011managed keys.<\/p>\n

This ensures data remains unreadable if storage media is accessed or compromised.<\/p>\n

How Azure encryption works for data in transit<\/h3>\n

Azure also protects data as it moves between systems:<\/p>\n

– TLS (Transport Layer Security)<\/strong>\u00a0is used to encrypt data in transit between Azure services, users, and on\u2011premises systems.
\n– Secure communication<\/strong>\u00a0is enforced for service endpoints, APIs, and administrative access.
\n– Customers can require encrypted connections<\/strong>\u00a0for applications, storage accounts, and databases to prevent data interception.<\/p>\n

Key management and customer control<\/h3>\n

While encryption is turned on by default, Azure offers flexibility for organizations with advanced security or compliance needs. There are several ways customers can address these requirements.<\/p>\n

– Microsoft\u2011managed keys<\/strong>\u00a0(default) reduce complexity and operational overhead.
\n– Customer\u2011managed keys (CMK)<\/strong>\u00a0stored in Azure Key Vault or Azure Cloud HSM provide greater control, auditability, and key rotation.
\n– Bring Your Own Key (BYOK)<\/strong>\u00a0scenarios are supported for certain services and compliance frameworks.<\/p>\n

The bottom line on Azure data encryption<\/h3>\n

Azure encrypts data by default to provide a secure baseline, but customers can (and should) configure encryption policies, key ownership, and access controls to align with their organization\u2019s security posture and compliance requirements.<\/p>\n

 <\/p>\n

Is Azure secure enough for regulated data?<\/h2>\n

Yes, Microsoft Azure is widely considered secure enough for regulated data, provided Azure resources are configured and governed correctly. Azure is designed to support sensitive and regulated workloads such as those found in healthcare, financial services, government, and defense. The platform does so by offering strong security controls, extensive compliance certifications, and enterprise\u2011grade data protection.<\/p>\n

However, using Azure does not automatically make data compliant with a specific regulatory framework. Organizations must still apply appropriate security, governance, and operational controls.<\/p>\n

 <\/p>\n

Is Azure compliant with HIPAA, SOC 2, ISO 27001, PCI DSS, or CMMC?<\/h2>\n

Yes, at the platform level, Microsoft Azure is formally compliant with HIPAA, SOC 2, ISO\/IEC 27001, PCI DSS, and other frameworks. The platform also supports customers pursuing CMMC. However, compliance depends on how specific workloads and services are used, configured, and secured in Azure. Customers are still responsible for implementing required security, governance, and operational controls to meet their own regulatory obligations.<\/p>\n

Common Azure security controls that help with compliance<\/h3>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Security Control Area<\/strong><\/td>\nHIPAA<\/strong><\/td>\nSOC\u00a02<\/strong><\/td>\nISO\/IEC\u00a027001<\/strong><\/td>\nPCI\u00a0DSS<\/strong><\/td>\nCMMC<\/strong><\/td>\n<\/tr>\n
Identity & Access Management (RBAC<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Multi-Factor Authentication (MFA)<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
User & Admin Account Monitoring<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Network Security & Segmentation<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Encryption at Rest<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Encryption in Transit (TLS)<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Customer-Managed Keys \/ Key Control<\/strong><\/td>\n\u25d0<\/td>\n\u25d0<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Centralized Logging & Audit Trails<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Continuous Security Monitoring<\/strong><\/td>\n\u25d0<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Vulnerability Management & Patching<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Configuration Hardening \/ Baselines<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Incident Response Plan & Testing<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Backup, Recovery & Business Continuity<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Data Classification & Handling Policies<\/strong><\/td>\n\u2705<\/td>\n\u25d0<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n
Compliance Evidence & Reporting<\/strong><\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n\u2705<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/strong><\/p>\n

Legend<\/h4>\n
    \n
  • \u2705 = Explicitly required<\/li>\n
  • \u25d0 = Required or expected depending on scope, data type, or maturity level<\/li>\n<\/ul>\n

    How this maps to Azure controls<\/h4>\n

    These framework\u2011level requirements are typically implemented in Azure using:<\/p>\n

      \n
    • Microsoft Entra ID (formerly Azure AD)<\/strong>\u00a0\u2013 identity, MFA, conditional access<\/li>\n
    • Azure RBAC & Azure Policy<\/strong>\u00a0\u2013 least privilege, governance, enforcement<\/li>\n
    • Azure Firewall, NSGs, Private Endpoints<\/strong>\u00a0\u2013 network segmentation<\/li>\n
    • Azure Key Vault \/ Azure Cloud HSM<\/strong>\u00a0\u2013 key management and encryption control<\/li>\n
    • Microsoft Defender for Cloud<\/strong>\u00a0\u2013 posture management and threat detection<\/li>\n
    • Azure Monitor, Log Analytics, Microsoft Sentinel<\/strong>\u00a0\u2013 logging, auditing, SIEM<\/li>\n
    • Azure Backup, Azure Site Recovery, Azure regional and zonal location settings<\/strong>\u00a0\u2013 availability and business continuity.<\/li>\n<\/ul>\n<\/div>\n
      \"\"<\/div>\n
      <\/span><\/span><\/p>\n

      What are best practices to protect Microsoft Azure from misconfigurations?<\/h2>\n

      Protecting Microsoft Azure from misconfigurations requires proactive governance, enforced security baselines, and continuous monitoring rather than relying on default settings alone. Most Azure security incidents stem from human error, such as overly permissive access, exposed endpoints, and disabled or unreviewed logging. Consequently, the goal is to prevent unsafe configurations up front, detect drift quickly, and remediate automatically whenever possible.<\/p>\n

      Best practices to prevent misconfigurations in Azure<\/h3>\n

      – Enforce identity-first security
      \n– Lock down network exposure
      \n– Standardize and enforce configurations with policy
      \n– Continuously assess security posture and remediate
      \n– Centralize logging and monitoring in Microsoft Sentinel
      \n– Proactive misconfiguration detection with Microsoft Defender for Cloud
      \n– Harden deployments through automation such as templates and pipelines
      \n– Encrypt data by default
      \n– Apply secure baselines<\/p>\n

      How does Microsoft Entra ID secure user identities in Azure?<\/h2>\n

      Microsoft Entra ID (formerly Azure Active Directory) secures user and service principal identities by centralizing authentication, enforcing strong access controls, and continuously evaluating risk before granting access to cloud and on\u2011premises resources. Entra ID acts as Azure\u2019s identity control plane, protecting users, administrators, and applications through layered defenses that combine strong authentication, conditional access, and continuous monitoring aligned with Zero Trust principles.<\/p>\n

      Microsoft Entra ID Identity Controls for Azure<\/h3>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
      Identity Control<\/strong><\/td>\nWhat It Does<\/strong><\/td>\nPrimary Security Benefit<\/strong><\/td>\n<\/tr>\n
      Multi\u2011Factor Authentication (MFA)<\/strong><\/td>\nRequires additional verification beyond passwords (app, hardware key, biometrics, etc.)<\/td>\nPrevents account compromise from stolen or guessed credentials<\/td>\n<\/tr>\n
      Conditional Access<\/strong><\/td>\nGrants or blocks access based on user, device, location, risk, and application<\/td>\nEnforces Zero Trust by adapting security to real\u2011time risk<\/td>\n<\/tr>\n
      Role\u2011Based Access Control (RBAC)<\/strong><\/td>\nAssigns permissions based on roles rather than individual users<\/td>\nEnforces least privilege and reduces excessive access<\/td>\n<\/tr>\n
      Privileged Identity Management (PIM)<\/strong><\/td>\nProvides just\u2011in\u2011time, time\u2011limited admin access with approvals<\/td>\nMinimizes standing admin privileges and insider risk<\/td>\n<\/tr>\n
      Passwordless Authentication<\/strong><\/td>\nSupports sign\u2011in without passwords (FIDO2, Authenticator, biometrics)<\/td>\nEliminates password\u2011based attack vectors<\/td>\n<\/tr>\n
      Identity Protection<\/strong><\/td>\nDetects risky sign\u2011ins and compromised credentials using threat intelligence<\/td>\nIdentifies and mitigates identity threats early<\/td>\n<\/tr>\n
      Single Sign\u2011On (SSO)<\/strong><\/td>\nCentralizes authentication across Azure and SaaS applications<\/td>\nReduces credential sprawl and improves access visibility<\/td>\n<\/tr>\n
      Device\u2011Based Access Controls<\/strong><\/td>\nEvaluates device compliance and health during sign\u2011in<\/td>\nPrevents access from unmanaged or compromised devices<\/td>\n<\/tr>\n
      Access Reviews<\/strong><\/td>\nPeriodically reviews and certifies user access to resources<\/td>\nPrevents permission creep and orphaned access<\/td>\n<\/tr>\n
      Audit Logs & Sign\u2011In Logs<\/strong><\/td>\nRecords authentication events, access changes, and identity actions<\/td>\nEnables monitoring, forensics, and compliance evidence<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

       <\/p>\n

       <\/p>\n

      Do I need multi-factor authentication (MFA) for Azure, and how is it enforced?<\/h2>\n

      Yes! Multi\u2011factor authentication (MFA) is the #1 most strongly recommended best practice for Microsoft Azure. This control is effectively required for any environment that needs to meet modern security or compliance standards. Azure does not technically force MFA on all users by default, but Microsoft Entra ID (formerly Azure Active Directory) provides multiple built\u2011in mechanisms to require, enforce, and adapt MFA based on user role, risk, and context.<\/p>\n

      In practice, running Azure securely without MFA\u2014especially for administrators\u2014is considered a critical security gap.<\/p>\n

      MFA in Azure is enforced primarily through Entra ID Conditional Access policies, which allow organizations to define when and for whom MFA is required. Policies can mandate MFA for all users, specific groups, privileged roles, or access to sensitive applications and resources. Enforcement can also be contextual, for example, requiring MFA only when users sign in from unmanaged devices, unfamiliar locations, or high\u2011risk sessions. This approach aligns with Zero Trust principles by verifying identity continuously rather than relying on a one\u2011time login.<\/p>\n

      Azure also enforces MFA more strictly for privileged and high\u2011risk accounts. Using Privileged Identity Management (PIM), administrators must complete MFA before activating elevated roles, and that access is time\u2011bound and auditable. Additionally, Microsoft applies Security Defaults for many tenants, which automatically require MFA for administrators and block legacy authentication protocols that can\u2019t support MFA. These protections significantly reduce the most common attack vector in cloud breaches: \u00a0Compromised admin credentials.<\/p>\n

       <\/p>\n

      What are best practices to detect threats or suspicious behavior in Azure?<\/h2>\n

      Cloud administrators can detect threats or suspicious behavior in Azure by combining Microsoft-native security services that monitor identity activity, configuration risk, network traffic, workloads, and logs\u2014then correlating those signals centrally for alerting and response. Microsoft provides built\u2011in tools that continuously analyze behavior using threat intelligence, baselines, and anomaly detection, while giving customers control over what is monitored, how alerts are generated, and how incidents are investigated or escalated.<\/p>\n

      Here are the various Azure services that can assist with different types of threat detection.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n
      Security Capability<\/strong><\/td>\nAzure Service<\/strong><\/td>\nWhat It Detects<\/strong><\/td>\nPrimary Benefit<\/strong><\/td>\n<\/tr>\n
      Identity Threat Detection<\/strong><\/td>\nMicrosoft Entra ID Identity Protection<\/td>\nRisky sign\u2011ins, compromised credentials, impossible travel, anomalous behavior<\/td>\nStops account takeovers and identity\u2011based attacks early<\/td>\n<\/tr>\n
      Cloud Security Posture & Threat Detection<\/strong><\/td>\nMicrosoft Defender for Cloud<\/td>\nMisconfigurations, exposed resources, malware, lateral movement<\/td>\nIdentifies risks across subscriptions and workloads<\/td>\n<\/tr>\n
      Workload Protection (CWPP)<\/strong><\/td>\nDefender for Servers, Containers, Databases, Storage<\/td>\nMalware, exploits, suspicious process activity, unusual access patterns<\/td>\nDetects runtime threats inside Azure workloads<\/td>\n<\/tr>\n
      External Attack Surface Management (EASM)<\/strong><\/td>\nDefender EASM<\/td>\nVulnerabilities, shadow IT, and security risks in domains, IP blocks, hosts, web applications, SSL certificates, and WHOIS records<\/td>\nExternal threats that standard, internal-focused vulnerability scanners often miss<\/td>\n<\/tr>\n
      Network Threat Detection<\/strong><\/td>\nAzure Firewall, NSGs, Defender for Network<\/td>\nPort scanning, unusual traffic, command\u2011and\u2011control activity<\/td>\nReveals network\u2011based attacks and external probing<\/td>\n<\/tr>\n
      Centralized Log Analysis (SIEM)<\/strong><\/td>\nMicrosoft Sentinel<\/td>\nCorrelated attacks across identity, network, and workloads<\/td>\nProvides end\u2011to\u2011end threat visibility and investigation<\/td>\n<\/tr>\n
      Security Logging & Telemetry<\/strong><\/td>\nAzure Monitor & Log Analytics<\/td>\nAuthentication events, configuration changes, access activity<\/td>\nEnables detection, forensics, and audit trails<\/td>\n<\/tr>\n
      Behavior Analytics & UEBA<\/strong><\/td>\nSentinel UEBA<\/td>\nAbnormal user or entity behavior over time<\/td>\nDetects insider threats and subtle attacks<\/td>\n<\/tr>\n
      Threat Intelligence Integration<\/strong><\/td>\nMicrosoft Security signals & feeds<\/td>\nKnown malicious IPs, domains, and tactics<\/td>\nImproves detection accuracy and reduces false positives<\/td>\n<\/tr>\n
      Automated Alerting & Response<\/strong><\/td>\nSentinel Automation & Playbooks<\/td>\nHigh\u2011confidence security incidents<\/td>\nAccelerates response and reduces manual effort<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

       <\/p>\n

      The takeaway: Configure Azure security to meet your organization\u2019s needs<\/h2>\n

      Azure supports a wide range of security controls that can easily meet your needs. The challenge is configuring your settings properly and maintaining security over the long haul. If you need assistance, the Corsica Technologies team is here to help. We are a long-standing, proven Microsoft Solutions Partner for Security with specializations in Azure Infrastructure, Cloud Security, Identity and Access Management, and Threat Protection. We are also a member of the Microsoft Intelligent Security Association (MISA). Contact us today, and let\u2019s get started on your Azure security journey.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

      Whether you\u2019re\u00a0migrating to Microsoft Azure\u00a0or securing an existing environment, it\u2019s crucial to establish the right security controls in Azure. While Microsoft provides platform-level protection out of the box, customers need to configure additional security controls to meet their needs in terms of operations, security posture, and compliance. So, which best practices should you follow for[\u2026] Read<\/svg><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,5,24],"tags":[],"class_list":["post-1143","post","type-post","status-publish","format-standard","hentry","category-azure","category-cloud-journey","category-microsoft-cloud"],"_links":{"self":[{"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/posts\/1143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/comments?post=1143"}],"version-history":[{"count":3,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/posts\/1143\/revisions"}],"predecessor-version":[{"id":1205,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/posts\/1143\/revisions\/1205"}],"wp:attachment":[{"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/media?parent=1143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/categories?post=1143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudtango.net\/blog\/wp-json\/wp\/v2\/tags?post=1143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}