TLS/SSL Cipher Suite Enhancements and Perfect Forward Secrecy

In December, we announced our commitment to further increase the security of our customers’ data. Today, Azure is announcing additional enhancements that honor our commitments to security and increased transparency. These changes include use of stronger cryptography, including enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites and enabling Perfect Forward Secrecy (PFS). PFS uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections. This encryption work builds on the existing protections already in many of our products and services, such as Microsoft Office 365, Skype and OneDrive.

The TLS/SSL cipher suite enhancements and Perfect Forward Secrecy are being made available to customers, by default, in the 2014 August Azure Guest OS release and will apply to all Azure subscriptions using a Guest OS.

For more detailed information regarding these security enhancements, please see the upcoming changes in the MSDN article, Differences between Azure Guest OS and Default Windows Server.