Category Archives : Security



Just-in-Time VM Access is generally available

Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is Just-in-Time (JIT) VM Access. Today we are excited to announce the general availability of Just-in-Time VM Access, which reduces your exposure to network volumetric attacks by enabling you to deny persistent access while providing controlled access to VMs when needed.

When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed. The policy helps you stay in control of what users can do when they request access. Requests are logged in the Azure Activity Log, so you can easily monitor and audit access. The policy will also help you quickly identify existing virtual machines that have JIT enabled and virtual machines where JIT is recommended.

This feature is available in the standard pricing tier of Security Center, and you can try Security Center for free for the first 60 days.

To learn more about these features in Security Center, visit our public preview blog and documentation




Visibility into network activity with Traffic Analytics – now in public preview

Today, we are announcing the public preview of Traffic Analytics, a cloud-based solution that provides visibility into user and application traffic on your cloud networks.

Traffic Analytics analyzes NSG Flow Logs across Azure regions and equips you with actionable information to optimize workload performance, secure applications and data, audit your organization’s network activity and stay compliant.

With Traffic Analytics, you now can:

Gain visibility into network activity across your cloud networks. Solution provides insights on: traffic flows across your networks between Azure and Internet, in Azure,  public cloud regions, VNETs and subnets. inter-relationships between critical business services and applications. applications and protocols on your network, without the need for sniffers or dedicated flow collector appliances. Secure your network; Identify threats on your network, such as: flows between your VMs and rogue networks. network ports open to the Internet. applications attempting Internet access. anomalous network traffic behavior (e.g. back-end servers attempting connectivity, to servers outside your network etc.) Improve performance of your applications by: capacity planning – eliminate issues of over-provisioning or under utilization by monitoring utilization trends of VPN gateways and other services. analyzing in-bound and out-bound flows. understanding application access patterns (e.g. Where are




Microsoft releases automation for HIPAA/HITRUST compliance
Microsoft releases automation for HIPAA/HITRUST compliance

I am excited to share our new Azure Security and Compliance Blueprint for HIPAA/HITRUST – Health Data & AI. Microsoft’s Azure Blueprints are resources to help build and launch cloud-powered applications that comply with stringent regulations and standards. Included in the blueprints are reference architectures, compliance guidance and deployment scripts.

“The best part of the Azure Security & Compliance Blueprint is that it encompasses the exact Azure services architecture required to help customers meet their HIPAA and HITRUST security, privacy, and compliance obligations, along with supporting documentation and a fully-automated deployment process.”

– Tibi Popp, CTO, Archive360

Health organizations all over the world are looking to leverage the power of AI and the cloud to improve outcomes, accelerate performance, and enable the vision of precision medicine. “We are enthusiastic about the potential to foster multi-institutional collaborative environments for data sharing and machine learning,” said Chuck Mayo, PhD at the University of Michigan Medicine. Microsoft is working  to meet these challenges with Healthcare NExT, an initiative which aims to accelerate healthcare innovation through artificial intelligence and cloud computing, while at the same time working to protect the privacy and confidentiality of patients.

“We are entrusted with our customer’s




Security Center Playbooks and Azure Functions Integration with Firewalls

Every second counts when an attack has been detected. We have heard from you that you need to be able to quickly take action against detected threats. At Ignite 2017, we announced Azure Security Center Playbooks, which allow you to control how you want to respond to threats detected by Security Center. You can manually run a Security Center Playbooks when a Security Center alert is triggered, reducing time to response, and helping you stay in control of your security posture. Today, we are going to look at the specific example of how Azure Functions work with Security Center Playbooks to help you rapidly respond to detected threats against your Palo Alto VM-Series firewall.

In this scenario, Azure Security Center has detected and notified you of an RDP Brute Force attack. To help you block the source IP address of that attack in your Palo Alto VM-Series firewall, there are a couple steps you need to complete. You will first need to create an Azure Function which can be completed in the Functions Apps in the Azure portal, for HTTP Trigger using C# programming language. The Azure Function is what allows Security Center Playbooks to communicate with the Palo Alto




Spring Security Azure AD: Wire up enterprise grade authentication and authorization

We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.

With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.

Getting Started

Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user’s information using AAD Graph API.

Authorization Flow Chart

The authorization flow is composed of 3 phrases:

Login with credentials and get validated through Azure AD. Retrieve token and membership information from Azure AD Graph API. Evaluate the membership for role-based authorization.

Register a new application in Azure AD

To get started, first register a new




Microsoft Azure IP Advantage: Our first year
Microsoft Azure IP Advantage: Our first year

One year ago, we announced Azure IP Advantage, the industry’s leading program to help cloud service customers stay focused on their digital transformation journey and avoid IP issues. The program has been a tremendous success so far with many customers telling us that it is a key differentiator for Azure and that they choose Azure in part because of the value they get from these benefits.

Here are some of the highlights from our first year:

Customers around the world find that Azure IP Advantage has been a valuable deterrent against IP lawsuits, which is especially important as cloud-related patent litigation has increased over the past 4 years. Customers of our partner 21 Vianet like Mobike, the world’s largest bicycle sharing company headquartered in China, explain the benefits of offering IP protection programs to Azure clients. “Azure IP Advantage helps us by reducing potential IP risks as we march into new markets. From technologies to patent offerings, Microsoft is providing a comprehensive protection for us to thrive on cloud without worry.” Microsoft expanded Azure IP Advantage to China in partnership with 21Vianet, ensuring that Azure customers in China enjoy the same great IP protection benefits as customers in the rest




Integrate Azure Security Center alerts into SIEM solutions

We heard from several customers that you need a way to view your Azure Security Center alerts in your SIEM solution for a centralized view of your security posture across your organization. Today, we are excited to announce the public preview of a new feature called SIEM Export that allows you to export Azure Security Center alerts into popular SIEM solutions such as Splunk and IBM QRadar. We are continuing to invest in the number of partners we support. This feature is part of our on-going commitment to provide unified security management and protection for your cloud and on-premises workloads.

Security Center uses a variety of detection capabilities to alert you of potential threats to your environment. The alerts can tell you what triggered the alert, what in your environment was targeted, the source of the attack, and if necessary, remediation steps. You also have the flexibility to set up custom alerts to address specific needs in your environment.

Now you can take these alerts from Security Center and integrate them into your own SIEM solutions, so you can quickly view what needs your attention from one management place and take action.

To move your Azure Security Center alerts to a




Managing Azure Secrets on GitHub Repositories
Managing Azure Secrets on GitHub Repositories


An increasing number of developers across the globe use GitHub to host their projects, and many of them use GitHub public repositories for their open source work. While this is a great way to contribute and leverage the power of the community, it does come with a unique set of responsibilities. Particularly around managing credentials and other secrets.

Examples of Azure secrets are authentication credentials that should not be made public. These include things such as passwords, private keys, database connection strings, and storage account keys that are managed by Azure tenants.

In Azure, we take security very seriously. Azure secrets are considered sensitive and should not be made publicly available. An exposed secret could lead to the compromise of your Azure subscription, your cloud assets, as well as on-premises assets and data; putting your applications or services at significant risk.

Microsoft Credential Scanner Preview

To help protect our customers, Azure runs Credential Scanner aka CredScan. CredScan monitors all incoming commits on GitHub and checks for specific Azure tenant secrets such as Azure subscription management certificates and Azure SQL connection strings. 

Internally at Microsoft we’ve been developing and leveraging CredScan to protect Azure and our 1st party services and




Compliance assessment reports for Azure Stack are now available

A few months ago, we announced we were performing a compliance assessment on Microsoft Azure Stack, today we are happy to share that the compliance assessment is done and available to you.

Knowing that preparing compliance paperwork is a tedious task, we precompiled the documentation for our customers. Since Azure Stack is delivered as an integrated system through hardware partners, we are in a unique position to perform a formal compliance assessment of Azure Stack that applies to all our customers. This resulted in a set of precompiled compliance documents that customers can now use to accelerate their compliance certification process.

We are glad to announce that Coalfire, a Qualified Security Assessor (QSA) and independent auditing firm, has audited and evaluated Azure Stack Infrastructure against the technical controls of PCI-DSS and the CSA Cloud Control Matrix, and found that Azure Stack satisfies the applicable controls.

In the assessor’s words:

“It is Coalfire’s opinion that Microsoft Azure Stack integrated system, reviewed between July 2017 and October 2017, can be effective in creating a PCI DSS compliant infrastructure and to assist in a comprehensive program of compliance with PCI DSS version 3.2.”

“It is Coalfire’s opinion that Microsoft Azure Stack as deployed




How Azure Security Center helps analyze attacks using Investigation and Log Search

Every second counts when you are under attack. Azure Security Center (ASC) uses advanced analytics and global threat intelligence to detect malicious threats, and the new capabilities empower you to respond quickly. This blog post showcases how an analyst can leverage the Investigation and Log Search capabilities in Azure Security Center to determine whether an alert represents a security breach, and to understand the scope of that breach.

To learn more about the ASC Investigation feature in detail see the article Investigate Incidents and Alerts in Azure Security Center (Preview). Let’s drill into an alert and see what more we can learn using these new features.

Security Center Standard tier users can view a dashboard similar to one pictured below. You can select the Standard tier or the free 90 day trial from the Pricing Tier blade in the Security Center policy. On the below screen click on the Security Alerts graph for a list of alerts. This view will include alerts triggered by Security Center detections as well as integrated alerts from other security solutions. When possible, Security Center combines alerts that are part of chain of an attacker activity into incidents. The three interconnected dots icon highlighted in