Category Archives : Security



Azure Security Center and discovery of partner solutions
Azure Security Center and discovery of partner solutions

Azure Security Center offers integration with various 3rd party security solutions which provide a unified view for alerting and monitoring of your Azure and non-Azure workloads. For integrated partner solutions, Security Center scans Azure resources and provides recommendations to install the solution while automating the deployment. In addition to these features, we are excited to announce the general availability of auto discovery of partner solutions that have already been deployed in the subscription.

Security Center will now automatically discover partner solutions for Next-Generation Firewalls (NGFW) and Web Application Firewalls (WAF), prompting connection while allowing the integration of logs and alerts. Discovered partner solutions will be displayed in security solutions panel. To allow interoperability with many security vendors, Security Center supports log ingestion using industry standard Common Event Format (CEF) on top of Syslog messages.

Once integrated, Security Center provides visibility into the health of partner solutions and provides links to its management console. Partner solution logs are indexed and stored in customer workspace, they are also enriched with threat intelligence to help with security investigations. Partner solution logs are available to setup custom alerts and be displayed in Security Center alerts page. Custom alerts allow user defined queries to scope



Heuristic DNS detections in Azure Security Center
Heuristic DNS detections in Azure Security Center

We have heard from many customers about their challenges with detecting highly evasive threats. To help provide guidance, we published Windows DNS server logging for network forensics and the introduction of the Azure DNS Analytics solution. Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks.

These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. This is especially important in the case of targeted attacks, where time to detection of such activity is typically measured in months. The longer an attacker has access to a network, the more expensive the eventual clean-up and removal process becomes. Similarly, while rule-based detection of ransomware is normally available within a few days of an outbreak, this is often too late to avoid significant brand and financial damage for many organizations.

These analytics, along with many more, are enabled through Azure Security Center



Azure’s layered approach to physical security

We have heard from many customers that cloud security is one of their top concerns. Another thing we’ve heard from customers is that they want clarity around what they are responsible for securing in Azure and what Azure will do. Azure helps provide a highly secure foundation, built from the ground up, to host your infrastructure, applications, and data.

We understand the importance of protecting customer data, which is why we are committed to helping secure the datacenters that contain your data. Microsoft has invested over a billion dollars into security, including the physical security of the Azure platform, so you can devote your time and resources towards other business initiatives. Over the next few months, as part of the secure foundation blog series, we’ll discuss the components of physical, infrastructure (logical) and operational security that help make up Azure’s platform. Today, we are focusing on physical security.

Physical security refers to how Microsoft designs, builds and operates datacenters in a way that strictly controls physical access to the areas where customer data is stored. Our datacenters are certified to comply with the most comprehensive portfolio of internationally-recognized standards and certifications of any cloud service provider. We have an entire



Just-in-Time VM Access is generally available

Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is Just-in-Time (JIT) VM Access. Today we are excited to announce the general availability of Just-in-Time VM Access, which reduces your exposure to network volumetric attacks by enabling you to deny persistent access while providing controlled access to VMs when needed.

When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed. The policy helps you stay in control of what users can do when they request access. Requests are logged in the Azure Activity Log, so you can easily monitor and audit access. The policy will also help you quickly identify existing virtual machines that have JIT enabled and virtual machines where JIT is recommended.

This feature is available in the standard pricing tier of Security Center, and you can try Security Center for free for the first 60 days.

To learn more about these features in Security Center, visit our public preview blog and documentation



Visibility into network activity with Traffic Analytics – now in public preview

Today, we are announcing the public preview of Traffic Analytics, a cloud-based solution that provides visibility into user and application traffic on your cloud networks.

Traffic Analytics analyzes NSG Flow Logs across Azure regions and equips you with actionable information to optimize workload performance, secure applications and data, audit your organization’s network activity and stay compliant.

With Traffic Analytics, you now can:

Gain visibility into network activity across your cloud networks. Solution provides insights on: traffic flows across your networks between Azure and Internet, in Azure,  public cloud regions, VNETs and subnets. inter-relationships between critical business services and applications. applications and protocols on your network, without the need for sniffers or dedicated flow collector appliances. Secure your network; Identify threats on your network, such as: flows between your VMs and rogue networks. network ports open to the Internet. applications attempting Internet access. anomalous network traffic behavior (e.g. back-end servers attempting connectivity, to servers outside your network etc.) Improve performance of your applications by: capacity planning – eliminate issues of over-provisioning or under utilization by monitoring utilization trends of VPN gateways and other services. analyzing in-bound and out-bound flows. understanding application access patterns (e.g. Where are



Microsoft releases automation for HIPAA/HITRUST compliance
Microsoft releases automation for HIPAA/HITRUST compliance

I am excited to share our new Azure Security and Compliance Blueprint for HIPAA/HITRUST – Health Data & AI. Microsoft’s Azure Blueprints are resources to help build and launch cloud-powered applications that comply with stringent regulations and standards. Included in the blueprints are reference architectures, compliance guidance and deployment scripts.

“The best part of the Azure Security & Compliance Blueprint is that it encompasses the exact Azure services architecture required to help customers meet their HIPAA and HITRUST security, privacy, and compliance obligations, along with supporting documentation and a fully-automated deployment process.”

– Tibi Popp, CTO, Archive360

Health organizations all over the world are looking to leverage the power of AI and the cloud to improve outcomes, accelerate performance, and enable the vision of precision medicine. “We are enthusiastic about the potential to foster multi-institutional collaborative environments for data sharing and machine learning,” said Chuck Mayo, PhD at the University of Michigan Medicine. Microsoft is working  to meet these challenges with Healthcare NExT, an initiative which aims to accelerate healthcare innovation through artificial intelligence and cloud computing, while at the same time working to protect the privacy and confidentiality of patients.

“We are entrusted with our customer’s



Security Center Playbooks and Azure Functions Integration with Firewalls

Every second counts when an attack has been detected. We have heard from you that you need to be able to quickly take action against detected threats. At Ignite 2017, we announced Azure Security Center Playbooks, which allow you to control how you want to respond to threats detected by Security Center. You can manually run a Security Center Playbooks when a Security Center alert is triggered, reducing time to response, and helping you stay in control of your security posture. Today, we are going to look at the specific example of how Azure Functions work with Security Center Playbooks to help you rapidly respond to detected threats against your Palo Alto VM-Series firewall.

In this scenario, Azure Security Center has detected and notified you of an RDP Brute Force attack. To help you block the source IP address of that attack in your Palo Alto VM-Series firewall, there are a couple steps you need to complete. You will first need to create an Azure Function which can be completed in the Functions Apps in the Azure portal, for HTTP Trigger using C# programming language. The Azure Function is what allows Security Center Playbooks to communicate with the Palo Alto



Spring Security Azure AD: Wire up enterprise grade authentication and authorization

We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.

With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.

Getting Started

Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user’s information using AAD Graph API.

Authorization Flow Chart

The authorization flow is composed of 3 phrases:

Login with credentials and get validated through Azure AD. Retrieve token and membership information from Azure AD Graph API. Evaluate the membership for role-based authorization.

Register a new application in Azure AD

To get started, first register a new



Microsoft Azure IP Advantage: Our first year
Microsoft Azure IP Advantage: Our first year

One year ago, we announced Azure IP Advantage, the industry’s leading program to help cloud service customers stay focused on their digital transformation journey and avoid IP issues. The program has been a tremendous success so far with many customers telling us that it is a key differentiator for Azure and that they choose Azure in part because of the value they get from these benefits.

Here are some of the highlights from our first year:

Customers around the world find that Azure IP Advantage has been a valuable deterrent against IP lawsuits, which is especially important as cloud-related patent litigation has increased over the past 4 years. Customers of our partner 21 Vianet like Mobike, the world’s largest bicycle sharing company headquartered in China, explain the benefits of offering IP protection programs to Azure clients. “Azure IP Advantage helps us by reducing potential IP risks as we march into new markets. From technologies to patent offerings, Microsoft is providing a comprehensive protection for us to thrive on cloud without worry.” Microsoft expanded Azure IP Advantage to China in partnership with 21Vianet, ensuring that Azure customers in China enjoy the same great IP protection benefits as customers in the rest



Integrate Azure Security Center alerts into SIEM solutions

We heard from several customers that you need a way to view your Azure Security Center alerts in your SIEM solution for a centralized view of your security posture across your organization. Today, we are excited to announce the public preview of a new feature called SIEM Export that allows you to export Azure Security Center alerts into popular SIEM solutions such as Splunk and IBM QRadar. We are continuing to invest in the number of partners we support. This feature is part of our on-going commitment to provide unified security management and protection for your cloud and on-premises workloads.

Security Center uses a variety of detection capabilities to alert you of potential threats to your environment. The alerts can tell you what triggered the alert, what in your environment was targeted, the source of the attack, and if necessary, remediation steps. You also have the flexibility to set up custom alerts to address specific needs in your environment.

Now you can take these alerts from Security Center and integrate them into your own SIEM solutions, so you can quickly view what needs your attention from one management place and take action.

To move your Azure Security Center alerts to a