Microsoft Adds Threat Intelligence to Azure Firewall

Microsoft added a few improvements to Azure Firewall, its firewall-as-a-service security offering for organizations using Azure virtual machines.

Azure Firewall, which became generally available back in September, uses filtering rules for things like "source and destination IP address, port and protocol," which get used to protect Azure virtual network resources, according to a Microsoft document description. In a Monday announcement, Microsoft indicated that it has also added a new capability to Azure Firewall. It can now screen network traffic based on "malicious IP addresses and domains" as assessed by feeds from the Microsoft Threat Intelligence service.

The Microsoft Threat Intelligence service is powered by signals from the Microsoft Intelligent Security Graph, as well as assessments by security researchers. Microsoft has now turned on its Threat Intelligence service feeds by default "for all Azure Firewall deployments," according to the announcement, although IT pros can adjust its behavior.

Azure Firewall is integrated with Azure Monitor, Microsoft's management solution. Consequently, the added Microsoft Threat Intelligence information can be viewed in Azure Monitor dashboards, showing things like compromised virtual machines and blocked port scans, according to Microsoft's announcement.

A second addition to Azure Firewall is support for "service tags" to simplify the creation of network rules. Microsoft described a service tag as "a group of IP address prefixes for specific Microsoft services, such as SQL Azure, Azure Key Vault and Azure Service Bus." Microsoft lists the service tags that are currently supported in Azure Firewall in this document.

Lastly, Microsoft noted that a REST-based API for Azure Firewall can be tapped by non-Microsoft ("third party") software security management tools. The API can be used by those tools to manage "Azure Firewalls, Network Security Groups and network virtual appliances." Currently, the AlgoSec CloudFlow management product supports the API at the public beta stage. Security management products from Barracuda and Tufin also support the Azure Firewall API, but the support is currently at the private beta stage.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.