Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure provides comprehensive threat protection through services such as Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Entra ID Protection, and Microsoft Defender for Cloud Apps. This collection of security services and capabilities offers advanced detection, response, and threat intelligence to protect your Azure deployments.
Microsoft Defender for Cloud
Microsoft Defender for Cloud helps protect your hybrid cloud environment. By performing continuous security assessments of your connected resources, it provides detailed security recommendations and threat detection for discovered vulnerabilities.
Defender for Cloud's recommendations are based on the Azure cloud security benchmark—the Microsoft-authored, Azure-specific set of guidelines for security and compliance best practices based on common compliance frameworks.
Enabling Defender for Cloud's enhanced security features brings advanced, intelligent protection of your Azure, hybrid, and multicloud resources and workloads through specialized plans including:
- Microsoft Defender for SQL - Protects databases against vulnerabilities, anomalous activities, and SQL injection threats
- Microsoft Defender for Containers - Secures containerized environments including Kubernetes clusters
- Microsoft Defender for App Service - Identifies attacks targeting applications running over App Service
- Microsoft Defender for Resource Manager - Monitors resource management operations in your organization
- Microsoft Defender for DNS - Detects suspicious activities and anomalous DNS queries
Security analytics and threat intelligence
Microsoft security researchers are constantly on the lookout for threats. They have access to an expansive set of telemetry gained from Microsoft's global presence in the cloud and on-premises. This wide-reaching and diverse collection of datasets enables Microsoft to discover new attack patterns and trends across its on-premises consumer and enterprise products, as well as its online services.
Defender for Cloud can rapidly update its detection algorithms as attackers release new and increasingly sophisticated exploits. This approach helps you keep pace with a fast-moving threat environment.
Defender for Cloud automatically collects security information from your resources, the network, and connected partner solutions. It analyzes this information, correlating data from multiple sources, to identify threats. Security alerts are prioritized in Defender for Cloud along with recommendations on how to remediate the threats.
Defender for Cloud employs advanced security analytics, which go far beyond signature-based approaches. Breakthroughs in big data and machine learning technologies are used to evaluate events across the entire cloud. Advanced analytics can detect threats that would be impossible to identify through manual approaches and predict the evolution of attacks.
For more information, see Introduction to Microsoft Defender for Cloud.
Microsoft Sentinel
Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel provides intelligent security analytics and threat intelligence across the enterprise, offering a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel helps you:
- Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence
- Investigate threats with artificial intelligence and hunt for suspicious activities at scale, tapping into years of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
Key capabilities include:
- Advanced threat detection using built-in machine learning, anomaly detection, and user and entity behavior analytics (UEBA)
- Threat intelligence integration from Microsoft and third-party sources to identify known threat actors and their techniques
- Investigation and hunting tools powered by AI to uncover hidden threats and pursue attackers across your environment
- Automated response through playbooks that can respond to threats in seconds
- Microsoft Sentinel data lake for scalable, cost-efficient long-term data retention and multi-modal analytics
- Microsoft Sentinel graph for unified graph analytics providing deeper context and threat reasoning
For more information, see What is Microsoft Sentinel?.
Microsoft Entra Privileged Identity Management
With Microsoft Entra Privileged Identity Management (PIM), you can manage, control, and monitor access within your organization. This feature includes access to resources in Microsoft Entra ID and other Microsoft online services, such as Microsoft 365 or Microsoft Intune.
PIM helps you:
- Get alerts and reports about Microsoft Entra administrators and just-in-time (JIT) administrative access to Microsoft online services
- Get reports about administrator access history and changes in administrator assignments
- Get alerts about access to a privileged role
For more information, see What is Microsoft Entra Privileged Identity Management?.
Microsoft Defender for SQL
Defender for SQL provides protection for databases against vulnerabilities, anomalous activities, and threats:
- Vulnerability assessment - Discovers, tracks, and helps remediate potential database vulnerabilities
- Advanced threat protection - Detects anomalous database activities indicating potential security threats such as SQL injection, brute-force attacks, and privilege abuse
For more information, see Microsoft Defender for Azure SQL.
Microsoft Antimalware
Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. You can deploy protection based on the needs of your application workloads, with either basic secure-by-default or advanced custom configuration.
Microsoft Antimalware for Azure provides:
- Real-time protection - Monitors activity to detect and block malware execution
- Scheduled scanning - Performs targeted scanning to detect malware
- Malware remediation - Automatically acts on detected malware
- Signature updates - Automatically installs the latest protection signatures
- Active protection - Reports telemetry metadata about detected threats to Microsoft Azure
For more information, see Microsoft Antimalware for Azure Cloud Services and Virtual Machines.
Azure Firewall
Azure Firewall is a cloud-native and intelligent network firewall security service that provides threat protection for your cloud workloads running in Azure. Azure Firewall inspects east-west and north-south traffic with built-in threat intelligence that can alert and deny traffic from/to known malicious IP addresses and domains.
Azure Firewall is available in three SKUs:
- Azure Firewall Basic - Simplified security for small to medium-sized businesses
- Azure Firewall Standard - Provides L3-L7 filtering and threat intelligence feeds from Microsoft Cyber Security
- Azure Firewall Premium - Advanced capabilities including signature-based IDPS, TLS inspection, and URL filtering
For more information, see What is Azure Firewall? and Azure network security overview.
Web Application Firewall
Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities. WAF is available through:
- Azure Application Gateway - Provides regional WAF protection
- Azure Front Door - Provides global WAF protection with protection against network-level DDoS attacks
WAF protects against common web vulnerabilities such as:
- SQL injection
- Cross-site scripting
- Other OWASP top 10 vulnerabilities
- Bot attacks
- HTTP protocol violations and anomalies
For more information, see What is Azure Web Application Firewall?.
Next steps
- Responding to today's threats - Identify active threats and respond quickly
- Azure security best practices and patterns - Collection of security best practices
- Microsoft Defender for Cloud documentation - Comprehensive guide to Defender for Cloud
- Microsoft Sentinel documentation - Complete documentation for Microsoft Sentinel