Secure and protect your virtual machines

  • Encrypt your sensitive data
  • Protect virtual machines from viruses and malware
  • Secure network traffic
  • Identify and detect threats
  • Meet compliance requirements

Protect your virtual machines from viruses and malware

We offer anti-malware software from major security vendors such as Microsoft, Symantec, Trend Micro, McAfee, and Kaspersky to protect your virtual machines from malicious files, adware, and other threats. It’s also easy to install, configure, and maintain anti-malware solutions on your virtual machines remotely through the Azure portal, Azure PowerShell, and from the command line.

Read the Microsoft Antimalware white paper

Secure sensitive data on your virtual machines

Your data is critical to your business—and to us. So we monitor it 24/7 and build datacenters designed to shelter your data and services from unauthorized access. For extra protection, we also offer industry-leading encryption solutions from CloudLink and Trend Micro for your virtual machines and all the data on them. You can also leverage Microsoft SQL Server’s transparent data encryption (TDE) for real-time application-level protection.

Read the Microsoft Data Protection white paper

Centralize keys and secrets with Key Vault

Simplify the management and security of your critical secrets and keys by storing them in Azure Key Vault. Key Vault provides the option to store your keys in hardware security modules (HSMs) certified to FIPS 140-2 Level 2 standards. Your SQL Server encryption keys for backup or TDE and your CloudLink SecureVM keys can all be stored in Key Vault with any keys or secrets from your applications. Permissions and access to these protected items are managed through Azure Active Directory.

Learn more about Key Vault

Encrypt your Linux and Windows virtual machine disks

Azure Disk Encryption helps you address organizational security and compliance requirements, by encrypting your VM disks with keys and policies that you control in your Azure Key Vault. Azure Disk Encryption enables you to encrypt your virtual machine disks, including the boot and the data disks. It works for both Linux and Windows operating systems. The solution uses Azure Key Vault to help you safeguard your disk encryption keys, manage key access policies, and audit use of your keys. All the data in the VM disks are encrypted at rest using industry standard encryption technology in your Azure storage accounts. The Azure Disk Encryption solution for Windows is based on proven Microsoft BitLocker Drive Encryption and the Linux solution is based on dm-crypt.

Azure Disk Encryption is available only on Standard Tier virtual machines. It is not currently supported for DS virtual machines (Premium Storage).

Learn more

Build more compliant solutions

Azure Virtual Machines is certified for FISMA, FedRAMP, HIPAA, PCI DSS Level 1, and other key compliance programs—which makes it easier for your own Azure applications to meet compliance requirements and for your business to address a wide range of domestic and international regulatory requirements.

See all Azure compliance certifications

Shield network traffic from threats

Use Azure Virtual Networks to create a secure VPN connection to your virtual machines—or bypass the Internet entirely with a private ExpressRoute connection. Virtual Networks can isolate network traffic between applications and give your more control over your network configuration, including subnets and preferred DNS IPs. Set access controls on your endpoints to help prevent unauthorized access, and leverage Azure Marketplace for easy-to-deploy web application firewalls from partners including aiScaler, Alert Logic, Barracuda, Check Point, and Cohesive.

Learn more about Virtual Networks

Get started with ExpressRoute

How to control access to virtual machine endpoints

Read the Azure Network Security white paper

Create a virtual machine in seconds