{"id":4019,"date":"2017-03-30T00:00:00","date_gmt":"2017-03-30T00:00:00","guid":{"rendered":""},"modified":"2025-06-17T08:22:00","modified_gmt":"2025-06-17T15:22:00","slug":"azure-network-security","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/","title":{"rendered":"Azure Network Security"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep commitment to security technology and processes that few individual organizations can provide. Decades of building enterprise software and running the world\u2019s largest online services such as Microsoft Azure, Bing, Dynamics 365, Office 365, OneDrive, and Xbox Live have formed Microsoft\u2019s unique perspective on security. Using threat intelligence developed from trillions of signals and billions of sources, Microsoft annually invests more than $1 billion into our security capabilities to provide a comprehensive approach called <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/default.aspx\">Microsoft Secure<\/a>. For more information, see the <a href=\"https:\/\/blogs.microsoft.com\/microsoftsecure\/2016\/07\/25\/introducing-the-microsoft-secure-blog\/#oPsVUTrbHAFGKfJu.99\">Microsoft Secure blog<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019ve applied our vast operational experience to create a secure platform and provide services to help build secure applications. The Microsoft promise is that you can use Azure to secure your applications, data, and identities. We back this promise with a broad set of <a href=\"https:\/\/azure.microsoft.com\/en-us\/support\/trust-center\/\">Azure compliance certifications<\/a>, making us the leader among cloud service providers. You can learn more about compliance and privacy at the <a href=\"https:\/\/www.microsoft.com\/en-us\/trustcenter\">Microsoft Trust Center<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this blog, I will focus on security from a network perspective and describe how you can use Azure network capabilities to build highly secure cloud services. Four distinct areas highlight how we provide a secure network to customers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">The foundation is <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/virtual-network\/\">Azure Virtual Network<\/a> to provide a secure network fabric that provides an isolation boundary for customer networks.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Virtual Network configuration and policies protect cloud applications.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Active monitoring systems and tools provide security validation.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">An underlying physical network infrastructure with built-in advanced security hardening protects the entire global network.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"isolating-customer-networks-in-single-shared-physical-network\">Isolating customer networks in single shared physical network<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To support the tremendous growth of our cloud services and maintain a great networking experience, <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/how-microsoft-builds-its-fast-and-reliable-global-network\/\">Microsoft owns and operates one of the largest dark fiber backbones<\/a> in the world\u2014it connects our datacenters and customers. In Azure, we run logical overlay networks on top of the shared physical network to provide isolated private networks for customers.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\" alt=\"ANS2\" title=\"ANS2\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 2. Isolated customer virtual networks run on the same physical network <\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The overlay networks are implemented by Azure\u2019s software defined networking (SDN) stack. Each overlay network is specifically created on demand for a customer via an API invocation. All configuration for building such networks is performed in software\u2014this is why Azure can scale up to create thousands of overlay networks in seconds. Each overlay network is its own Layer 3 routing domain that comprises the customer\u2019s Virtual Network (VNet).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"azure-virtual-network\">Azure Virtual Network<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure Virtual Network is a secure, logical network that provides network isolation and security controls that you treat like your on-premises network. Each customer creates their own structure by using: subnets\u2014they use their own private IP address range, configure route tables, network security groups, access control lists (ACLs), gateways, and virtual appliances to run their workloads in the cloud.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Figure 3 shows an example of two customer virtual networks. Customer 1\u2019s VNet has connectivity to an on premises corporate network, while Customer 2\u2019s VNet can be accessed only via Remote Desktop Protocol (RDP). Network traffic from the Internet to virtual machines (VMs) goes through the Azure load balancer and then to the Windows Server host that\u2019s running the VM. Host and guest firewalls implement network port blocking and ACL rules.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/1bd8c715-5657-4598-87e6-09272ca1ff48.webp\" alt=\"ANS3\" title=\"ANS3\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 3. Customer isolation provided by Azure Virtual Network<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The VMs deployed into the VNet can communicate with one another using private IP addresses. You control the IP address blocks, DNS settings, security policies, and routing tables. Benefits include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Isolation:<\/strong> VNets can be isolated from one another, so you can create separate networks for development, testing, and production. You can also allow your VNets to communicate with each other.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Security:<\/strong> By using network security groups, you can control the traffic entering and exiting the subnets and VMs.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Connectivity:<\/strong> All resources within the VNet are connected. You can use VNet peering to connect with other Virtual Networks in the same region. You can use virtual private network (VPN) gateways to enable IPsec connectivity to VNets via the Internet from on-premises sites and to VNets in other regions. ExpressRoute provides private network connectivity to VNets that bypasses the Internet.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>High availability:<\/strong> Load balancing is a key part of delivering high availability and network performance to customer applications. All traffic to a VM goes through the Azure Load Balancer.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"securing-your-applications\">Securing your applications<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/www.csoonline.com\/article\/3146995\/leadership-management\/security-pros-most-worried-about-clouds-mobile.html\">December 2016 survey<\/a> of security professionals showed that their biggest year-over-year drop in confidence was in \u201cthe security of web applications, [which was] down 18 points from 80 percent to 62 percent.\u201d Microsoft addresses potential vulnerabilities by building security into our applications and providing features and services to help customers enhance the security of their cloud-hosted applications from the development phase all the way to controlling access to the service.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure has a rich set of networking mechanisms that customers can use to secure their applications. Here are some examples.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Network ACLs can be configured to restrict access on public endpoint IP addresses. ACLs on the endpoint further restrict the traffic to only specific sources IP addresses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/network-security-groups\/\">Network Security Groups<\/a> (NSGs) control network access to VMs in your VNet. This collection of network ACLs allows a full five-tuple (source IP address, source port, destination IP address, destination port, protocol) set of rules to be applied to all traffic that enters or exits a subnet or a VM\u2019s network interface. The NSGs, associated to a subnet or VM, are enforced by the SDN stack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Network virtual appliances (NVAs) bolster VNet security and network functions, and they\u2019re available from numerous vendors via the <a href=\"https:\/\/azuremarketplace.microsoft.com\/en-us\">Azure Marketplace<\/a>. NVAs can be deployed for highly available firewalls, intrusion prevention, intrusion detection, web application firewalls (WAFs), WAN optimization, routing, load balancing, VPN, certificate management, Active Directory, and multifactor authentication.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Many enterprises have strict security and compliance requirements that require on-premises inspection of all network packets to enforce specific polices. Azure provides a mechanism called forced tunneling that routes traffic from the VMs to on premises by creating a custom route or by Border Gateway Protocol (BGP) advertisements through ExpressRoute or VPN.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Figure 4 shows an example of using NSG rules on segregated subnets and an NVA to protect the front end subnet.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/fdcff073-850e-4c5b-bd71-041fbe4d9ef3.webp\" alt=\"ANS4\" title=\"ANS4\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 4. A perimeter network architecture built using Network Security Groups<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/application-gateway\/application-gateway-introduction\">Application Gateway<\/a>, our Layer 7 load balancer, also provides <a href=\"https:\/\/go.microsoft.com\/fwlink\/?linkid=845983\">Web Application Firewall (WAF)<\/a> functionality to protect against the most common web vulnerabilities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Securely connecting from on-premises to Azure can be achieved via the Internet using IPsec to access our <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/vpn-gateway\/\">VPN Gateway<\/a> service or with a private network connection using <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/expressroute\/\">ExpressRoute<\/a>. Figure 4 illustrates a perimeter network\u2013style enhanced security design where Virtual Network access can be restricted using NSGs with different rules for the front end (Internet-facing) web server and the back-end application servers.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/dad065a9-132d-400b-9696-ac4296d1dc45.webp\" alt=\"ANS5\" title=\"ANS5\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 5. A secured VNet connected to an Internet front-end and back-end connected to on-premises<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For more examples and best practices, see <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/best-practices-network-security\">Microsoft cloud services and network security<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-validation\">Security validation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure offers many tools to monitor, prevent, detect, and respond to security events. Customers have access to the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-intro\">Azure Security Center<\/a>, which gives you visibility and control over the security of your Azure resources. It provides integrated security monitoring and policy management, helps detect threats, and works with a broad ecosystem of security solutions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We also provide <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/network-watcher\/\">Network Watcher<\/a> to monitor, diagnose, and gain insights into your Azure network. With diagnostic and visualization tools to monitor your network\u2019s security and performance, you can identify and resolve network issues. For example, to view information about traffic coming into and going out of an NSG, Network Watcher provides <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/network-watcher\/network-watcher-nsg-flow-logging-overview\">NSG flow logs<\/a>. You can verify that the NSGs are properly deployed, and see which unauthorized IPs are attempting to access your resources.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/f92fb10a-2f53-477f-8cdc-46d186dd508c.webp\" alt=\"ANS6\" title=\"ANS6\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 6. Capture NSG Flow Logs using Network Watcher<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/c8661550-0729-40ce-87a8-955b970f6fd7.webp\" alt=\"ANS7\" title=\"ANS7\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 7. Analyze NSG Flow Logs using Power BI<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"network-infrastructure-security-hardening\">Network infrastructure security hardening<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">According to a <a href=\"https:\/\/www.ponemon.org\/library\/2015-cost-of-cyber-crime-united-states?s=+cost+of+cyber\">2015 Ponemon study<\/a>, for businesses, the average cost per security breach is $15 million. To help protect your organization\u2019s assets, Microsoft Cloud datacenters are protected by layers of defense-in-depth security, including perimeter fencing, video cameras, security personnel, secure entrances, real-time communications networks, and all physical servers are monitored. These regularly audited security measures help Azure achieve our strong portfolio of compliance certifications.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For many years, we\u2019ve used <a href=\"https:\/\/blogs.microsoft.com\/blog\/2013\/12\/04\/protecting-customer-data-from-government-snooping\/#01svD48xbI8t3Cjs.99\">encryption in our products and services<\/a> to protect our customers from online criminals and hackers. We don\u2019t want to take any chances with customer data being breached and are addressing this issue head on. We have a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services. This effort will provide protection across the full lifecycle of customer-created content.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/how-microsoft-builds-its-fast-and-reliable-global-network\/\">Azure traffic between our datacenters<\/a> stays on our global network and does not flow over the Internet. This includes all traffic between Microsoft Azure public cloud services anywhere in the world. For example, within Azure, traffic between VMs, storage, and SQL stays on the Microsoft network, regardless of the source and destination region. Intra-region VNet-to-VNet, as well as cross-region VNet-to-VNet traffic, stays on the Microsoft network.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Distributed denial of service (DDoS) attacks are a continually rising threat. Protecting against the growing scale and complexity of such attacks requires significant infrastructure deployed at global scale. Azure has a built-in DDoS protection system to shield all Microsoft cloud services. Therefore, all Azure public IPs fall under this protection deployed across all Azure datacenters. Our DDoS system uses dynamic threat detection algorithms to prevent common DDoS volumetric attacks (such as UDP floods, SYN-ACK attacks, or reflection attacks). We monitor hundreds of daily mitigated attack attempts and continually expand our protection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure itself is also protected through active monitoring and intelligence gathering across the Internet. We continuously perform threat intelligence research into the dark web to identify and mitigate potential risks and attacks. This knowledge is applied to our protection techniques and mitigations. The <a href=\"https:\/\/blogs.microsoft.com\/microsoftsecure\/2017\/01\/17\/microsofts-cyber-defense-operations-center-shares-best-practices\/\">Microsoft Cyber Defense Operations Center<\/a>, highlighting our commitment, responds to security incidents.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Putting these investments together, we provide a layered security model, as shown in Figure 8 to protect your services running in Azure.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/b4288b7a-ffe9-48ce-a74f-92b6696cc11e.webp\" alt=\"ANS8\" title=\"ANS8\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 8. A layered approach to securing Azure<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-azure-networking\">Secure Azure Networking<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure has made significant investments in security. Customers can use Virtual Networks and our other security features and services to design, configure, and monitor their cloud applications. We aggressively monitor and continually harden our global infrastructure to address the ever-changing landscape of new cyber threats.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft continues to be a leader in the prevention of network security attacks. With our global footprint and experience running the most popular cloud services, we have both scale and a breadth of inputs to secure our network and help you secure your services. We will continue to invest in network security technologies so that you can safely\u2014and in a compliant manner\u2014build, deploy, monitor, and run your services in Azure. We are your partner to securely run your business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"read-more\">Read more<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To read more posts from this series please visit:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/networking-innovations-that-drive-the-cloud-disruption\/\">Networking innovations that drive the cloud disruption<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/sonic-the-networking-switch-software-that-powers-the-microsoft-global-cloud\/\">SONiC: The networking switch software that powers the Microsoft Global Cloud<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/how-microsoft-builds-its-fast-and-reliable-global-network\/\">How Microsoft builds its fast and reliable global network<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/lighting-up-network-innovation\/\">Lighting up network innovation<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1459],"tags":[],"audience":[3053,3056],"content-type":[],"product":[1798],"tech-community":[],"topic":[],"coauthors":[166],"class_list":["post-4019","post","type-post","status-publish","format-standard","hentry","category-security","audience-it-decision-makers","audience-it-implementors","product-azure-security-center","review-flag-1680286584-658","review-flag-1-1680286581-825","review-flag-2-1680286581-601","review-flag-3-1680286581-173","review-flag-4-1680286581-250","review-flag-5-1680286581-950","review-flag-6-1680286581-909","review-flag-7-1680286581-146","review-flag-8-1680286581-263","review-flag-anywh-1680286580-635","review-flag-fall-1680286584-980","review-flag-microsofts","review-flag-new-1680286579-546","review-flag-on-pr-1680286585-571","review-flag-partn-1680286579-901","review-flag-percent","review-flag-vm-1680286585-143"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Azure Network Security | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Network Security | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-30T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-17T15:22:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\" \/>\n<meta name=\"author\" content=\"Yousef Khalidi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yousef Khalidi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/yousef-khalidi\/\",\"@type\":\"Person\",\"@name\":\"Yousef Khalidi\"}],\"headline\":\"Azure Network Security\",\"datePublished\":\"2017-03-30T00:00:00+00:00\",\"dateModified\":\"2025-06-17T15:22:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\"},\"wordCount\":1856,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\",\"name\":\"Azure Network Security | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\",\"datePublished\":\"2017-03-30T00:00:00+00:00\",\"dateModified\":\"2025-06-17T15:22:00+00:00\",\"description\":\"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Azure Network Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Network Security | Microsoft Azure Blog","description":"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/","og_locale":"en_US","og_type":"article","og_title":"Azure Network Security | Microsoft Azure Blog","og_description":"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2017-03-30T00:00:00+00:00","article_modified_time":"2025-06-17T15:22:00+00:00","og_image":[{"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp","type":"","width":"","height":""}],"author":"Yousef Khalidi","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Yousef Khalidi","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/yousef-khalidi\/","@type":"Person","@name":"Yousef Khalidi"}],"headline":"Azure Network Security","datePublished":"2017-03-30T00:00:00+00:00","dateModified":"2025-06-17T15:22:00+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/"},"wordCount":1856,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp","articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/","name":"Azure Network Security | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp","datePublished":"2017-03-30T00:00:00+00:00","dateModified":"2025-06-17T15:22:00+00:00","description":"In Azure, security is built in at every step\u2014design, code development, monitoring, operations, threat intelligence, and response. We understand that the breadth and scale of the cloud demands a deep\u2026","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2017\/03\/5fa83b95-e4bd-4bcd-927d-02a669eb416f.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-network-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Azure Network Security"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/4019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=4019"}],"version-history":[{"count":1,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/4019\/revisions"}],"predecessor-version":[{"id":42078,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/4019\/revisions\/42078"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=4019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=4019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=4019"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=4019"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=4019"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=4019"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=4019"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=4019"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=4019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}