Microsoft employs security and technology practices to ensure that Azure is resilient to attack, to safeguard user access to the Azure environment, and to keep customer data secure.
- Encrypting communications and operation processes:
- For data in transit, Azure uses industry-standard transport protocols between user devices and Microsoft data centers, and also inside data centers. For data at rest, Azure provides a wide range of encryption capabilities up to AES-256.
- Securing networks:
- Azure has the infrastructure necessary to securely connect virtual machines to one another and to connect on-premises data centers with Azure VMs. Azure uses various technologies to block unauthorized traffic to Microsoft data centers and inside data centers. Azure Virtual Network extends your on-premises network to the cloud with site-to-site VPN.
- Managing threats:
- To protect against online threats, Azure uses Microsoft Anti-Malware for cloud services and virtual machines. Microsoft also employs intrusion detection, denial-of-service (DDoS) attack prevention, regular penetration testing, data analytics and machine learning tools to mitigate threats to the Azure platform.