Trace Id is missing
Skip to main content

Azure network security

Protect your applications and cloud workloads from network-based cyberattacks with network security services

Take a ZeroTrust approach to help secure your workloads

Whether you're moving workloads or modernizing apps on Azure, using cloud-native controls and network security services improves business agility and saves costs on security infrastructure. Improve cloud network security using a Zero Trust approach to perform network segmentation and apply intelligent threat protection and traffic encryption.

A person programming a racing game at their desk

Azure Kubernetes Service (AKS)

Increase development speed by integrating network security management and development with DevSecOps. Implement infrastructure as code and incorporate security controls directly into application development workflows to accelerate development and time to market.

Hands using a mobile phone over a laptop

Application services

Improve security for your Azure workloads with automated network security management and upgrades, and increase visibility into your environment. Azure network security reduces the likelihood of a security breach, as well as the associated costs of a breach.

A data storage room with many cables and wires

Data services

Help IT teams deliver network-related work more efficiently and with faster deployments.

Hands typing on a laptop

Data services

Save on costs for the maintenance of on-premises security tools and time-consuming vendor management.

Back to tabs

Learn more through Azure network security solution architectures

Discover how to secure your networks from attacks by following best practices

Azure network security proof of concept part one: planning

Understand the risk and potential exposure of a conceptual network design and how to use Azure services and tools for network security improvement.

Azure best practices for network security

Learn about Azure best practices to enhance your network security.

Network security and containment

Learn best-practice recommendations for network security management and containment.

Secure and govern workloads with network level segmentation

Explore the best way to implement a secure hybrid network footprint using Azure tools.

Hub-spoke network technology in Azure

The benefits of using a hub-and-spoke configuration include cost savings, overcoming subscription limits, and workload isolation.

Securely managed web applications

Use Azure Application Gateway and Azure Web Application Firewall to restrict application access from the internet.

Learn more about Azure network security

Azure Firewall

Azure Firewall

Protect your Azure Virtual Network resources with a cloud-native, next-generation firewall.

Azure DDoS Protection

Azure DDoS Protection

Protect Azure resources from DDoS attacks with monitoring and automatic network mitigation.

Azure Web Application Firewall

Azure Web Application Firewall

Protect web applications from malicious attacks, bots, and common web vulnerabilities.

Azure Bastion

Azure Bastion

Get seamless remote access to your virtual machines without any exposure through public IP addresses.

Azure Firewall Manager

Azure Firewall Manager

Centrally configure and manage network security policies across multiple regions.

Azure Front Door

Azure Front Door

Get a fast, reliable, and more secure cloud CDN with intelligent threat protection.

Azure Network Watcher

Azure Network Watcher

Monitor, diagnose, view metrics, and enable logs for resources in virtual networks.


Azure Content Delivery Network

Ensure secure, reliable content delivery with global reach.

Trusted by companies of all sizes

BP adopts a hybrid cloud and moves its applications and datacenter operations to Azure.

Workers on an oil rig in the ocean

Frequently asked questions

  • Cloud-native is all about speed, scale and agility. When you choose a cloud-native network security service, you can deploy a service much quicker, with auto-scaling capability and at a lower cost. In addition, a cloud-native service provides better integration with other Azure services that you are using, thus giving you a lot more agility to move workloads to the cloud.

  • Azure Firewall and Azure DDoS Protection are two services you should start with if you are moving workloads that has external IP addresses. This will ensure that you have network traffic filtering and protection from denial of service attacks that could cause service disruption to your workload.

  • Azure Web Application Firewall and Azure DDoS Protection are two services that can help protect your web applications from malicious attacks, bots, and common web vulnerabilities.

  • Try Azure Bastion, a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses.

  • Visit the Zero Trust website to find everything you need to know about proactive security with Zero Trust, including the Zero Trust Maturity Model and Zero Trust Adoption Report.

Use Azure Firewall to govern traffic

Learn how to use Azure Firewall with a five-minute quick-start tutorial.