{"id":50657,"date":"2026-05-04T09:00:00","date_gmt":"2026-05-04T16:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/en-us\/blog\/?p=50657"},"modified":"2026-05-04T10:26:44","modified_gmt":"2026-05-04T17:26:44","slug":"azure-iaas-defense-in-depth-built-on-secure-by-design-principles","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/","title":{"rendered":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles"},"content":{"rendered":"<aside id=\"accordion-699d0749-1c04-4ae9-bfd0-d773a4d69e90\" class=\"table-of-contents-block accordion pb-0\" data-bi-aN=\"table-of-contents\">\n\t<button class=\"btn btn-collapse mb-0 display-flex justify-content-between w-100\" type=\"button\" data-mount=\"collapse\" data-target=\"#accordion-collapse-699d0749-1c04-4ae9-bfd0-d773a4d69e90\" aria-expanded=\"true\" aria-controls=\"accordion-collapse-699d0749-1c04-4ae9-bfd0-d773a4d69e90\">\n\t\t<span class=\"table-of-contents-block__label subtitle\">In this article<\/span>\n\t\t<span class=\"table-of-contents-block__current mr-4 text-gray-600 font-weight-normal\" aria-hidden=\"true\"><\/span>\n\n\t\t<svg class=\"table-of-contents-block__arrow\" aria-label=\"Toggle arrow\" width=\"18\" height=\"11\" viewBox=\"0 0 18 11\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n\t\t\t<path d=\"M15.7761 11L18 8.82043L9 0L0 8.82043L2.22394 11L9 4.35913L15.7761 11Z\" fill=\"currentColor\" \/>\n\t\t<\/svg>\n\t<\/button>\n\t<div id=\"accordion-collapse-699d0749-1c04-4ae9-bfd0-d773a4d69e90\" class=\"table-of-contents-block__collapse-wrapper collapse show\" data-parent=\"#accordion-699d0749-1c04-4ae9-bfd0-d773a4d69e90\">\n\t\t<div class=\"accordion-body p-0\">\n\t\t\t<ol class=\"table-of-contents-block__list\"><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#defense-in-depth-as-a-system\">Defense in depth as a system<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#secure-by-design-engineering-security-into-the-platform\">Secure by design: Engineering security into the platform<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#hardware-and-host-level-trust\">Hardware and host-level trust<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#virtual-machine-layer-trust\">Virtual machine-layer trust<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#secure-by-default-protection-enabled-without-friction\">Secure by default: Protection enabled without friction<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#secure-defaults-across-networking\">Secure defaults across networking<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#encryption-and-data-protection-by-default\">Encryption and data protection by default<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#compute-protection-defaults\">Compute protection defaults<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#secure-in-operation-continuous-protection-at-runtime\">Secure in operation: Continuous protection at runtime<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#monitoring-detection-and-signal-correlation\">Monitoring, detection, and signal correlation<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#identity-centric-control-and-least-privilege\">Identity-centric control and least privilege<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#bringing-defense-in-depth-and-sfi-together\">Bringing defense in depth and SFI together<\/a><\/li><li class=\"table-of-contents-block__list-item\"><a class=\"table-of-contents-block__list-item-link\" href=\"#security-as-an-ongoing-platform-commitment\">\u202fSecurity as an ongoing platform commitment<\/a><\/li><\/ol>\t\t<\/div>\n\t<\/div>\n\t<span class=\"table-of-contents-block__progress-bar\"><\/span>\n<\/aside>\n\n\n\n<p class=\"wp-block-paragraph\"><em>This blog post is the third part of a blog series called <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/tag\/azure-iaas\/\">Azure IaaS<\/a> which will share best practices and guidance to help you build a trusted infrastructure platform\u2014from performance, resiliency, and security to scalability and cost efficiency<\/em>.<\/p>\n\n\n\n<p class=\"has-text-align-left wp-block-paragraph\"><s>\u200b<\/s>Security for cloud infrastructure is no longer defined by a single control, product, or boundary. Modern threats target identity, software supply chains, control planes, networks, and data simultaneously. Addressing this reality requires two things to work together: <strong>a layered defense-in-depth architecture<\/strong> and\u202f<strong>security principles that are enforced consistently across the platform<\/strong>.<\/p>\n\n\n\n<p class=\"has-text-align-left wp-block-paragraph\">In <a href=\"https:\/\/azure.microsoft.com\/en-gb\/solutions\/azure-iaas\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Infrastructure as a Service (IaaS)<\/a>, security is built around these two reinforcing ideas. First, Azure implements <strong>defense in depth<\/strong>, applying multiple, independent layers of protection across\u202fcompute, networking, storage, and operations so that no single control stands alone. Second, those protections are guided by <a href=\"https:\/\/www.microsoft.com\/en-us\/trust-center\/security\/secure-future-initiative\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft\u2019s \u202fSecure Future Initiative (SFI)<\/a> principles: <strong>secure by design, secure by default, and secure in operation<\/strong>. Together, they define how <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a> is engineered, configured, and\u202foperated at scale.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-a89b3969 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/aka.ms\/azureIaaS\" target=\"_blank\" rel=\"noreferrer noopener\">Explore Azure IaaS solutions<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"defense-in-depth-as-a-system\">Defense in depth as a system<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Defense in depth is not a checklist of features\u2014it is a <strong>system-level security architecture<\/strong>. Each layer is designed with the assumption that another layer may fail, and that compromise at one point should not lead to platform-wide impact.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a>, defense in depth spans the full infrastructure stack:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Hardware and host integrity<\/strong><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Virtualized compute isolation<\/strong><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Network segmentation and traffic control<\/strong><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Data protection for storage<\/strong><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Continuous monitoring and response<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">These layers are intentionally independent. Hardware root-of-trust mechanisms validate host integrity before workloads ever start. Virtual machines (VM) run with strong isolation boundaries enforced by the hypervisor. Network controls limit lateral movement and restrict exposure. Storage services encrypt and protect data even if credentials are compromised. And telemetry and monitoring systems\u202foperate continuously, detecting and responding to anomalous behavior across the platform.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This layered approach ensures that Azure IaaS security does not rely on perimeter assumptions or a single \u201ccontrol plane defense,\u201d but instead applies <strong>multiple mutually reinforcing controls<\/strong> that work together.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-a89b3969 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-series-explore-new-resources-for-building-a-stronger-more-efficient-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Build a stronger cloud infrastructure with Azure IaaS<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-by-design-engineering-security-into-the-platform\">Secure by design: Engineering security into the platform<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cSecure by design\u201d means security is <strong>architected into the platform from the beginning<\/strong>, not added after deployment. In <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a>, this starts at the lowest layers of the stack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"hardware-and-host-level-trust\">Hardware and host-level trust<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure servers are built with <strong>hardware roots of trust<\/strong>, measured boot, and secure firmware validation. Technologies such as Trusted Platform Modules (TPMs) and secure boot validate\u202fthat host firmware, boot loaders, and operating systems have not been tampered with before the system joins the <a href=\"https:\/\/azure.microsoft.com\/en-us\" target=\"_blank\" rel=\"noreferrer noopener\">Azure<\/a> fleet. These mechanisms reduce exposure to firmware-level and boot-chain attacks that traditional software-only defenses cannot address.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure also offloads critical infrastructure functions\u2014such as storage, networking, and management operations\u2014into dedicated, hardened components like <strong><a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/virtual-machines\/boost\">Azure Boost<\/a><\/strong>, reducing the attack surface of the host operating system and improving isolation between customer workloads and platform services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"virtual-machine-layer-trust\">Virtual machine-layer trust<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">At the\u202fvirtual machine layer, Azure enforces strong virtualization boundaries using a hardened hypervisor. Features like <strong>Trusted Launch<\/strong> for Azure VM combine secure boot, virtual TPMs, and integrity monitoring to protect VMs against low-level attacks such as bootkits and kernel rootkits.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For highly sensitive workloads, <a href=\"https:\/\/azure.microsoft.com\/en-us\/solutions\/confidential-compute\" target=\"_blank\" rel=\"noreferrer noopener\">\u202f<strong>Azure confidential computing<\/strong><\/a> extends defense in depth by using trusted execution environments (TEEs) backed by hardware-based memory encryption (such as AMD SEV\u2011SNP or Intel TDX). These technologies help ensure that data remains protected even while in use and inaccessible to the host or hypervisor.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security here is not a bolt-on\u2014it is a <strong>design property<\/strong> of how Azure compute infrastructure is built and operated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-by-default-protection-enabled-without-friction\">Secure by default: Protection enabled without friction<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Secure-by-default controls reduce risk by <strong>making the safest option the standard configuration<\/strong>, without requiring customers to assemble security from scratch.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-a89b3969 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-keep-critical-applications-running-with-built-in-resiliency-at-scale\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn how to keep critical applications running with built-in resiliency at scale with Azure IaaS<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-defaults-across-networking\">Secure defaults across networking<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a>, networking defaults are aligned with least-privilege and Zero Trust principles. Virtual networks are isolated by default. Inbound traffic to VM is blocked unless explicitly allowed. Network security groups (NSGs) enforce stateful filtering, while <a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/azure-firewall\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Firewall<\/a> provides centralized policy enforcement and traffic inspection when deployed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Private connectivity options such as <a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/private-link\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Azure Private Link<\/strong><\/a> and <strong>private endpoints<\/strong> allow services to be accessed without exposing them to the public internet. DDoS protection is automatically applied at the platform edge, helping protect workloads from volumetric attacks without additional configuration.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These defaults limit exposure by design, narrowing the attack surface before workload-specific rules are added.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"encryption-and-data-protection-by-default\">Encryption and data protection by default<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure IaaS storage services encrypt data <strong>at rest by default<\/strong>, using platform-managed keys, with options to use customer-managed keys via <a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/key-vault\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Azure Key Vault<\/strong><\/a> or <strong>Managed HSM<\/strong>. Disk encryption protects operating system and data disks for VM, and secure snapshots protect point-in-time copies of data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Encryption in transit is enforced across Azure backbone networks, ensuring traffic between services within the platform is protected without requiring per-workload configuration.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Secure-by-default encryption ensures that data protections are always on, not optional.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"compute-protection-defaults\">Compute protection defaults<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Signed and measured Azure host boot, secure host operating system (OS) hardening, host\u2011level monitoring and patching by Microsoft, and hypervisor-enforced isolation between tenants are all enabled by default and cannot be disabled by Azure tenants.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Trusted Launch is enabled by default for newly created Azure Gen2 VMs and VM scale sets, when using supported OS images, VM sizes, and deployment methods. Supported deployments methods include deployment via the Azure Portal, ARM templates, Bicep, Terraform, and\u202fAzure SDKs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-in-operation-continuous-protection-at-runtime\">Secure in operation: Continuous protection at runtime<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security does not\u202fstop at deployment. The <em>secure in operation<\/em> principle focuses on maintaining protection continuously as threats evolve.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"monitoring-detection-and-signal-correlation\">Monitoring, detection, and signal correlation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure integrates telemetry from compute, network, and storage layers into centralized monitoring systems such as <a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/monitor\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Azure Monitor<\/strong><\/a> and <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/cloud-security\/microsoft-defender-cloud\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft Defender for Cloud<\/strong><\/a>. These systems continuously analyze behavior to identify misconfigurations, detect threats, and surface actionable security recommendations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For IaaS workloads, Defender for Cloud helps identify exposed management ports, missing disk encryption, and insecure network configurations, while also correlating threat signals across the environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"identity-centric-control-and-least-privilege\">Identity-centric control and least privilege<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Operational security depends heavily on identity. <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a> integrates with <a href=\"https:\/\/www.microsoft.com\/en-ie\/security\/business\/identity-access\/microsoft-entra-id\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft Entra ID<\/strong><\/a> to enforce identity-based access controls, reduce standing privileges, and apply conditional access policies. Features like <strong>Just-In-Time (JIT) VM access<\/strong> limit administrative exposure by only opening management ports when needed and only for approved identities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By minimizing persistent access and rotating privileges dynamically, Azure reduces the impact of credential compromise.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bringing-defense-in-depth-and-sfi-together\">Bringing defense in depth and SFI together<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Defense in depth provides the <strong>technical structure<\/strong> of Azure IaaS security. Secure by design, secure by default, and secure in operation provide the <strong>engineering and operational discipline<\/strong> that governs how those controls are built, deployed, and maintained.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Together, they ensure that Azure IaaS security is:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Layered<\/strong>: No single control is assumed to be sufficient.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Intrinsic<\/strong>: Security is part of the platform architecture, not an add-on.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Consistent<\/strong>: Defaults and policies\u202freduce\u202fconfiguration drift.<\/li>\n\n\n\n<li class=\"wp-block-list-item\"><strong>Adaptive<\/strong>: Continuous monitoring and operational controls evolve with the\u202fthreat\u202flandscape.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This combination allows Azure to protect IaaS workloads across compute, network, and storage while maintaining compatibility with diverse operating systems, workload types, and deployment models.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-as-an-ongoing-platform-commitment\">\u202fSecurity as an ongoing platform commitment<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure IaaS security is not defined by a static set of features. It is the result of <strong>ongoing engineering investment<\/strong>, guided by clear principles, and reinforced through layered technical controls.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Defense in depth ensures that failures are contained. <a href=\"https:\/\/info.microsoft.com\/ww-landing-top-11-factors-in-cloud-and-ai-security.html?lcid=en-us\">Secure-by-design architecture reduces attack surfaces<\/a> from the start. Secure-by-default configurations minimize exposure without adding friction. And secure-in-operation practices ensure the platform continues to adapt as threats evolve.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Together, these principles define how <a href=\"https:\/\/aka.ms\/azureIaaS\">Azure IaaS<\/a> delivers infrastructure security that is systematic, scalable, and aligned with modern threat realities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To go deeper, explore the <a href=\"https:\/\/apc01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Faka.ms%2FazureIaaS&amp;data=05%7C02%7Cestela.virko%40wipro.com%7C8976f285132449ccf94a08dea4a9504b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C639129244599856580%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=HuTEBGrGMZAwSbxzDSdazucmpQyeVFfO7N3koO6A5OA%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">Azure IaaS Resource Center<\/a> for tutorials, best practices, and guidance across compute, storage, and networking to help you design and operate resilient infrastructure with greater confidence.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Did you miss these posts in the <\/strong><a href=\"https:\/\/apc01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Ftag%2Fazure-iaas%2F&amp;data=05%7C02%7Cestela.virko%40wipro.com%7C8976f285132449ccf94a08dea4a9504b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C639129244599871621%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=7z40Y9l8L2kOr%2BKYg9GW4Wg4pq3RCiLudZ%2BwUWVxehY%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Azure IaaS series<\/strong><\/a><strong>?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/apc01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fazure-iaas-series-explore-new-resources-for-building-a-stronger-more-efficient-infrastructure%2F&amp;data=05%7C02%7Cestela.virko%40wipro.com%7C8976f285132449ccf94a08dea4a9504b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C639129244599886403%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=BZDQPpYZDcD5Vj%2FXqr%2FTQPuMYX8m0SXySkHrj5L8NYo%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">Explore new resources for building a stronger, more efficient infrastructure<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/apc01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fazure-iaas-keep-critical-applications-running-with-built-in-resiliency-at-scale%2F&amp;data=05%7C02%7Cestela.virko%40wipro.com%7C8976f285132449ccf94a08dea4a9504b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C639129244599900207%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=FeptOA3GUJp8KJAyc3FNvPVM2SYlbBYHHahuvuvvv2s%3D&amp;reserved=0\" target=\"_blank\" rel=\"noreferrer noopener\">Keep critical applications running with built-in resiliency at scale<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-group is-vertical is-layout-flex wp-container-core-group-is-layout-fe9cc265 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group alignwide is-layout-constrained wp-block-group-is-layout-constrained\">\n<aside class=\"cta-block cta-block--align-left cta-block--has-image wp-block-msx-cta\" data-bi-an=\"CTA Block\">\n\t<div class=\"cta-block__content\">\n\t\t\t\t\t<div class=\"cta-block__image-container\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"270\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/04\/image-5.png\" class=\"cta-block__image\" alt=\"person holding a tablet and looking at it\" srcset=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/04\/image-5.webp 936w, https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/04\/image-5-300x87.webp 300w, https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/04\/image-5-768x222.webp 768w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\" \/>\t\t\t<\/div>\n\t\t\n\t\t<div class=\"cta-block__body\">\n\t\t\t<h2 class=\"cta-block__headline\">Create a resilient infrastructure with Azure<\/h2>\n\t\t\t<p class=\"cta-block__text\">Visit the Azure IaaS Resource Center to start building a stronger, more efficient infrastructure today.<\/p>\n\t\t\t\t\t\t\t<div class=\"cta-block__actions\">\n\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"https:\/\/aka.ms\/azureIaaS\"\n\t\t\t\t\t\tclass=\"btn cta-block__link btn-link\"\n\t\t\t\t\t\ttarget=\"_blank\"\t\t\t\t\t>\n\t\t\t\t\t\tGet started with Azure\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/aside>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security for cloud infrastructure is no longer defined by a single control, product, or boundary. Modern threats target identity, software supply chains, control planes, networks, and data simultaneously.<\/p>\n","protected":false},"author":58,"featured_media":50663,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1467,1456,1466,1506,1482,1457,1459],"tags":[2588,3365,1811],"audience":[3055,3053],"content-type":[1511],"product":[1480,1533,1617,1515,1569,1627,1455],"tech-community":[],"topic":[],"coauthors":[1386],"class_list":["post-50657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compute","category-devops","category-hybrid-multicloud","category-identity","category-management-and-governance","category-networking","category-security","tag-azure-built-in-security","tag-azure-iaas","tag-zero-trust","audience-developers","audience-it-decision-makers","content-type-best-practices","product-azure-firewall","product-azure-monitor","product-azure-private-link","product-microsoft-defender-for-cloud","product-microsoft-entra-id","product-sdks","product-virtual-machines","review-flag-alway-1680286580-106","review-flag-disabled","review-flag-microsofts","review-flag-new-1680286579-546","review-flag-vm-1680286585-143"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-04T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-04T17:26:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Narayan Annamalai\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Narayan Annamalai\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/\"},\"author\":[{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/author\\\/narayan-annamalai\\\/\",\"@type\":\"Person\",\"@name\":\"Narayan Annamalai\"}],\"headline\":\"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles\",\"datePublished\":\"2026-05-04T16:00:00+00:00\",\"dateModified\":\"2026-05-04T17:26:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/\"},\"wordCount\":1348,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/Azure-IaaS-Security.jpg\",\"keywords\":[\"Azure Built-In Security\",\"Azure IaaS\",\"Zero Trust\"],\"articleSection\":[\"Compute\",\"DevOps\",\"Hybrid + multicloud\",\"Identity\",\"Management and governance\",\"Networking\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/\",\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/\",\"name\":\"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/Azure-IaaS-Security.jpg\",\"datePublished\":\"2026-05-04T16:00:00+00:00\",\"dateModified\":\"2026-05-04T17:26:44+00:00\",\"description\":\"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#primaryimage\",\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/Azure-IaaS-Security.jpg\",\"contentUrl\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/Azure-IaaS-Security.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Profile of a person with text: Built-in protection. Your digital core runs stronger on Azure IaaS.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compute\",\"item\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/category\\\/compute\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/microsoft_logo.webp\",\"contentUrl\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/microsoftazure\",\"https:\\\/\\\/x.com\\\/azure\",\"https:\\\/\\\/www.instagram.com\\\/microsoftdeveloper\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/16188386\",\"https:\\\/\\\/www.youtube.com\\\/user\\\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/#\\\/schema\\\/person\\\/54b59a5a84f0bbb4a04c14daac8cf771\",\"name\":\"Estela Virko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=ge79ba33f176c2122a103010d5e208f8b\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=g\",\"caption\":\"Estela Virko\"},\"url\":\"https:\\\/\\\/azure.microsoft.com\\\/en-us\\\/blog\\\/author\\\/estelavirko\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog","description":"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/","og_locale":"en_US","og_type":"article","og_title":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog","og_description":"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2026-05-04T16:00:00+00:00","article_modified_time":"2026-05-04T17:26:44+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","type":"image\/jpeg"}],"author":"Narayan Annamalai","twitter_card":"summary_large_image","twitter_image":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Narayan Annamalai","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/narayan-annamalai\/","@type":"Person","@name":"Narayan Annamalai"}],"headline":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles","datePublished":"2026-05-04T16:00:00+00:00","dateModified":"2026-05-04T17:26:44+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/"},"wordCount":1348,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","keywords":["Azure Built-In Security","Azure IaaS","Zero Trust"],"articleSection":["Compute","DevOps","Hybrid + multicloud","Identity","Management and governance","Networking","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/","name":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","datePublished":"2026-05-04T16:00:00+00:00","dateModified":"2026-05-04T17:26:44+00:00","description":"Explore how Azure IaaS\u00a0uses defense in depth and secure-by-design principles to deliver layered, scalable cloud security across compute, network, and data.","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2026\/05\/Azure-IaaS-Security.jpg","width":1920,"height":1080,"caption":"Profile of a person with text: Built-in protection. Your digital core runs stronger on Azure IaaS."},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-iaas-defense-in-depth-built-on-secure-by-design-principles\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Compute","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/compute\/"},{"@type":"ListItem","position":3,"name":"Azure IaaS: Defense in\u00a0depth\u00a0built on\u00a0secure-by-design\u00a0principles"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/54b59a5a84f0bbb4a04c14daac8cf771","name":"Estela Virko","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=ge79ba33f176c2122a103010d5e208f8b","url":"https:\/\/secure.gravatar.com\/avatar\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e0c80aef45905808b531834966f343f124eab0a088eaf8c5091c92e213cf58e5?s=96&d=mm&r=g","caption":"Estela Virko"},"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/estelavirko\/"}]}},"msxcm_animated_featured_image":null,"bloginabox_display_generated_audio":true,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/50657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=50657"}],"version-history":[{"count":59,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/50657\/revisions"}],"predecessor-version":[{"id":50809,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/50657\/revisions\/50809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media\/50663"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=50657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=50657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=50657"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=50657"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=50657"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=50657"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=50657"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=50657"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=50657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}