Azure infrastructure includes hardware, software, administrative and operations staff, and physical data centers. Azure addresses security risks across its infrastructure with continuous intrusion detection and prevention systems, denial of service attack prevention, regular penetration testing, and forensic tools that help identify and mitigate threats. With Azure, customers can reduce the need to invest in these capabilities on their own and benefit from economies of scale in Microsoft datacenter infrastructure.
24-hour monitored physical security. Microsoft datacenters are physically constructed, managed, and monitored 24 hours a day to shelter data and services from unauthorized access as well as environmental threats.
Monitoring and logging. Centralized monitoring, correlation, and analysis systems manage the large amount of information generated by devices within the Azure environment, providing continuous visibility and timely alerts to the teams that manage the service. Additional monitoring, logging, and reporting capabilities provide visibility to customers.
Patch management. Security patches help protect systems from known vulnerabilities. Integrated deployment systems manage the distribution and installation of security updates for the Azure service. Customers can apply similar update management processes for virtual machines (VMs) deployed on Azure.
Anti-Virus/Anti-Malware protection.
Microsoft Antimalware is built-in to Cloud Services and can be enabled for Virtual Machines to help identify and remove viruses, spyware and other malicious software and provide real time protection. Customers can also run antimalware solutions from partners on their VMs. For added assurance, VMs can be routinely reimaged to clean out intrusions that may have gone undetected.
Intrusion detection/Distributed Denial of Service (DDoS) Defense.
Azure uses standard detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits to protect against DDoS attacks. The Azure DDoS defense system is designed to withstand attacks from outside the system as well as attacks staged by other customers.
Penetration testing. Microsoft conducts regular penetration testing to improve Azure security controls and processes. Customers can carry out authorized penetration testing on their applications hosted in Azure.
