Azure network security
Discover advanced cloud-native solutions for protecting your applications, networks and workloads
Take a zero-trust approach to help secure your workloads
Design enterprise-grade cloud networks and secure them using a principled approach. Perform network micro-segmentation using cloud-native controls and services. Apply threat protection to applications and virtual networks, and integrate network security into your DevOps model to build your infrastructure in the cloud. Learn more.
Set up the best possible protection for your infrastructure. Help protect and scale your web apps with Azure Front Door, and use Azure Firewall to help secure your Windows Virtual Desktop while enabling a corporate desktop experience.
Augment your security strategy with cloud-native network security services. These are easy to set up, fully managed, scalable to accommodate peak demands – and they require no virtual machine maintenance such as network virtual appliance maintenance.
Use built-in AI and machine learning for intelligent threat protection that’s integrated into cloud-native services. Filter threats based on threat intelligence with Azure Firewall. Continually monitor traffic patterns using intelligent traffic profiling in Azure DDoS Protection.
Access a rich set of APIs to seamlessly integrate with your DevOps model to build your infrastructure in the cloud. Deeply integrate network security services with other cloud-native services, such as Azure Monitor, Azure Sentinel, Azure Security Center and Azure Active Directory.
Pay for Azure services as you would a utility, such as electricity or gas, based on consumption. Only pay for what you use each month, with no upfront commitment. Cancel at any time.
Learn more about products and services for Azure network security
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal
Azure DDoS Protection
Protect your Azure resources from Distributed Denial of Service (DDoS) attacks with always-on monitoring
Protect your Azure virtual networks using a managed firewall with controls and log access to apps and resources
Azure Front Door
Deliver scalable and secure dynamic web apps using the massive Azure global network
Azure Network Watcher
Azure Network Watcher provides tools to monitor, diagnose, view metrics and enable or disable logs for resources in an Azure virtual network
Learn more through Azure network security solution architectures
Discover how you can secure your networks from attacks by following best practices
Secure a hybrid network that extends an on-premises network to Azure for hybrid applications where workloads run both on-premises and in Azure.
Implement a hub-spoke network topology in Azure where the hub is a virtual network in Azure that acts as a central point of connectivity to your on-premises network. The spokes are virtual networks that peer with the hub, and can be used to isolate workloads.
Deploy secure applications using the Azure App Service Environment and learn guidance about continuous integration and continuous deployment (CI/CD) for App Service Environments using Azure DevOps.
Learn to set rules for traffic from/to software-defined perimeters in order to have different security postures for various parts your network.
Create a secure virtual connection over the Internet by connecting an on-premises standalone server to Azure Virtual Networks by using the Azure Network Adapter that you deploy through Windows Admin Center (WAC).
Design a hybrid Domain Name System (DNS) solution to resolve names for workloads that are hosted on premises and in Azure.
Get the latest Azure network security news and resources
Watch Sinead O’Donovan present on securing the cloud perimeter with Azure network security, at Ignite 2019.
Azure Firewall is the first cloud-based firewall to attain ICSA Labs Corporate Firewall Certification.
The Microsoft Security Intelligence Report helps you to dig into data related to DDoS attacks.
Trusted by companies of all sizes
University of Phoenix
University of Phoenix improves online security and reduces facilities and operating costs.
BP adopts hybrid cloud and moves applications and data centre operations to Azure.
Darren Gourley, Chief Technology Officer, CYTI
"We're now saving about 30 percent a year on infrastructure costs just by moving to Azure, with more flexibility, better servers, greater customization, and more freedom to do what we want."
Frequently asked questions
Azure Web Application Firewall and Azure DDoS Protection help you protect your web apps from malicious attacks, bots and common web vulnerabilities.
Use Azure Firewall to protect your Azure virtual networks with controls and log access to apps and resources. If you’re creating a hub-and-spoke architecture, explore Azure Firewall Manager.
Learn more with this video and report.
Start using Azure Web Application Firewall
Learn how to protect your web apps using Web Application Firewall with Azure Front Door.
Turn on Azure DDoS Protection for every public IP
Learn how to defend against denial of service attacks with Azure DDoS Protection.
Use Azure Firewall to govern traffic
Learn how to use Azure Firewall with a five-minute quick-start tutorial