Category Archives : Security



Announcing the public preview for Adaptive Application Controls

At Microsoft Ignite, we announced new adaptive applications controls that protect your applications from malware by using whitelisting rules. Today, we are excited to share that these capabilities are available for public preview in Azure Security Center. 

Application controls, such as whitelisting, can help limit exposure to malicious and vulnerable applications. Instead of trying to keep pace with rapidly evolving malware and new exploits, application control simply blocks all but known good applications. For purpose-built servers that typically run a fixed set of application, whitelisting can add significant protection. Application control solutions have existed for some time now, but organizations usually find it too complex and hard to manage, especially when unique rules are required per server or group of servers, and in large scale.

Adaptive Application Controls leverages machine learning to analyze the behavior of your Azure virtual machines, create a baseline of applications, group the virtual machines, and recommend and automatically apply the appropriate whitelisting rules. You can view, modify, and receive alerts for these rules in Azure Security Center.

Adaptive application controls are currently available for Windows virtual machines running in Azure (all versions, classic or Azure Resource Manager). To get started, open Security Center and select




How Azure Security Center detects vulnerabilities using administrative tools

This blog post is authored  by Dotan Patrich, Senior Software Engineer, Azure Security Center and by Yossi Weizman, Security Software Engineer Intern, Azure Security Center.

Earlier this year, Rob Mead wrote a great article on the techniques used at scale by Azure Security Center to detect threats. In this post, we’ll go into the details on one such example, enabling Azure Security Center to detect usage of backdoor user account creation.

Backdoor user accounts are those accounts that are created by an adversary as part of the attack, to be used later in order to gain access to other resources in the network, open new entry points into the network as well as achieve persistency. MITRE lists the create account tactic as part of the credentials access intent of stage and lists several toolkits that uses this technique.

While it might seem at first glance that detecting such malicious account creation actions is easy, it is not often the case as creation of new accounts are mostly part of a legitimate administrative operation. Therefore, security products usually won’t alert on it as most organizations will have hard time coping with the volume of alerts to be triaged. This makes the




Reference Architecture and automation for Financial Services web applications

Today we are pleased to announce the release of a new Azure Financial Services Regulated Workloads Blueprint.

The Azure Security and Compliance Blueprint Program provides automated solutions and guidance for rapid deployment of Azure services that meet specific regulatory requirements from weeks to a few hours. The new Financial Services Regulated Workloads Blueprint gives you an automated solution that will help guide you in storing and managing sensitive financial information such as payment data in Azure. The Financial Services Blueprint is designed to help customers meet compliance requirements outlined in the American Institute of Certified Public Accountants (AICPA) SOC 1 and SOC 2 standards, the Payment Card Industry Data Security Standard (PCI DSS) version 3.2, as well as the Federal Financial Institutions Examination Council (FFIEC), and Gramm-Leach-Bliley Act (GLBA).

Using the Financial Services Blueprint, you can deploy and securely configure an Azure SQL Database, a web application protected by security services such as Azure App Service Environment (ASE), the Web Application Firewall (WAF), and Azure Security Center (ASC). Automated templates and reference architectures are provided to help you implement the technical controls required to achieve a trusted and more secure end to end compliant deployment.

The Financial Services




Microsoft expands scope of Singapore MTCS certification

I am pleased to announce the renewal of the Singapore Multi-Tier Could Security (MTCS) Certification Level 3. As part of its commitment to customer satisfaction, Azure has adopted the MTCS standard to meet different cloud user needs for data sensitivity and business criticality. Azure has maintained its MTCS certification for the fourth consecutive year. This year, the scope has increased by 30% catching up with the latest ISO 27001 scope covering the latest data storage and analytics services including Data Lake Store, Data Lake Analytics, SQL Server Stretch Database, Azure Cosmos DB, Azure Container Service, etc.

Developed by the Infocomm Media Development Authority (IMDA) of Singapore, the MTCS Standard 584:2015 is the world’s first cloud security standard that covers three different tiers of security requirements spanning different service types including PaaS, IaaS and SaaS.  The standard comprises a total of 535 controls closely mapped to ISO 27001 Information Security Management System (ISMS) standard, covering basic security in Level 1, more stringent governance and tenancy controls in Level 2, and reliability and resiliency for high-impact information systems in Level 3.

The MTCS standard seeks to drive cloud adoption across industries by giving clarity around the security service levels of Cloud Service