Turn on protection you need
Azure is secured by wide variety of physical, infrastructure, and operational controls—but there are additional actions you need to take to help safeguard your workloads. Turn on Security Center to quickly strengthen your security posture and protect against threats.
Security posture management for your cloud workloads
Quickly assess your security posture with Secure Score. This feature provides recommendations with numeric values to help you prioritize your responses.
Ensure you’re following best practices and fix common misconfigurations for Azure infrastructure as a service (IaaS) and platform as a service (PaaS) resources that may include:
- Failure to deploy system updates on virtual machines (VMs).
- Unnecessary exposure to the Internet through public-facing endpoints.
- Unencrypted data in transit or storage.
Customize your security policy to focus on what you need to—for example, check for web application firewalls or storage encryption—and apply your policy to multiple Azure subscriptions. Gain visibility across your environment to verify compliance with regulatory requirements, such as CIS, PCI DSS, SOC, and ISO.
Get enhanced threat protection with Security Center Standard tier
Security Center gives you defense in depth with its ability to both detect and help protect against threats. Using machine learning to process trillions of signals across Azure services and systems, Security Center alerts you of threats to your environments, such as remote desktop protocol (RDP) brute-force attacks and SQL injections. And it provides actionable recommendations for mitigating these threats.
Standard Tier also provides features to help you reduce your attack surface area. Our more than 3,500 security experts use Standard tier and recommend that you do, too.
Protect your Linux and Windows servers
Security Center helps safeguard Windows servers and clients with Windows Defender Advanced Threat Protection and helps protect Linux servers with behavioral analytics. For every attack attempted or carried out, you receive a detailed report and recommendations for remediation.
Safeguard servers running in Azure and other clouds with advanced controls. Just-in-Time VM Access reduces your surface area exposed to RDP/SSH brute-force attack—one of the most common threats with more than 100,000 attack attempts on Azure VMs per month. Turn on Standard tier to mitigate this threat.
As you add applications to VMs in Azure, block malicious apps, including those not mitigated by antimalware solutions, by using adaptive application controls. Machine learning automatically applies new application whitelisting policies across your VMs.