Azure Network Security topics Azure Network Security topics Sun, 17 Oct 2021 04:37:12 GMT AzureNetworkSecurity 2021-10-17T04:37:12Z New Blog Post | Improve your Azure Network Infrastructure Security with Complementary Services <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_0-1630348124521.jpeg" style="width: 615px;"><img src="" width="615" height="346" role="button" title="AshleyMartin_0-1630348124521.jpeg" alt="AshleyMartin_0-1630348124521.jpeg" /></span></P> <P><A href="" target="_blank" rel="noopener">Improve your Azure Network Infrastructure Security with Complementary Services - Microsoft Tech Community</A></P> <P>Given the rising number of cyber-attacks and data breaches in recent times, security has become paramount. For a while now, it’s been clear that securing only your network’s perimeter is simply not enough. The idea that we can inherently trust systems or users in “internal networks” is a recipe for disaster.&nbsp; Not to mention, it’s likely that many of your systems and users are not even in an internal network anymore.</P> <P>&nbsp;</P> <P>In this ever-changing world, attackers are constantly finding new ways to exploit vulnerabilities. This is one of the reasons to consider the strategy of defense-in-depth: if there are multiple layers of protection in place and one of them fails, another security mechanism exists to stand in the way of an attack.</P> <P>&nbsp;</P> <P>Besides a multi-layered approach to security, having a<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Zero Trust</A><SPAN>&nbsp;</SPAN>mindset is important. We focus on three principles when pursuing Zero Trust practices: verify explicitly, use least privileged access, and assume breach.</P> <P>Original Post:&nbsp;<A href="" target="_blank" rel="noopener">New Blog Post | Improve your Azure Network Infrastructure Security with Complementary Services - Microsoft Tech Community</A></P> Mon, 30 Aug 2021 18:31:37 GMT AshleyMartin 2021-08-30T18:31:37Z New Blog Post | Hunting Queries and Response Automation in Azure Firewall Solution for Sentinel <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AshleyMartin_1-1630080173595.png" style="width: 727px;"><img src="" width="727" height="377" role="button" title="AshleyMartin_1-1630080173595.png" alt="AshleyMartin_1-1630080173595.png" /></span></P> <P><A href="" target="_blank" rel="noopener">New Detections, Hunting Queries and Response Automation in Azure Firewall Solution for Azure Sentinel (</A></P> <P><A href="#" target="_blank" rel="noopener nofollow noreferrer">Recent breaches</A><SPAN>&nbsp;</SPAN>surface the need for all organizations to adopt an assume breach mindset to security.&nbsp; While organizations continue to invest heavily in the products and technology to prevent breaches, having automated threat detection and response capabilities to identify malicious actors and actions in your environment has become the need of the hour.&nbsp; To enable these capabilities at scale, organizations need to have cutting-edge monitoring and response tools along with the detection logic to identify threats.</P> <P>&nbsp;</P> <P>The cloud native Azure Firewall provides protection against network-based threats. &nbsp;Azure Sentinel is the cloud native SIEM and SOAR solution which provides threat detection, hunting, and automated response capabilities for Azure Firewall.&nbsp; While this is great, customers must go through multiple blades and steps in Azure Sentinel to deploy and configure all the detections, hunting queries, workbooks, and automation, which can be an overhead.</P> <P>&nbsp;</P> <P>Readers of this post will hopefully be aware of the ever-growing integration between Azure Firewall and Azure Sentinel<STRONG><SUP>1</SUP></STRONG>. At Microsoft, we continue to innovate best security detection and response experiences for you, and we are excited to present the<SPAN>&nbsp;</SPAN><STRONG>Azure Firewall Solution for Azure Sentinel</STRONG>, as announced in the blog post<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Optimize security with Azure Firewall solution for Azure Sentinel</A><STRONG><SUP>2</SUP></STRONG>. The Azure Firewall Solution<STRONG><SPAN>&nbsp;</SPAN>provides Azure Firewall specific net new detections and hunting queries</STRONG>. The solution also contains a new firewall workbook and automation components, which can now be deployed in a single, streamlined method.</P> <P>Original Post:&nbsp;<A href="" target="_blank" rel="noopener">New Blog Post | Hunting Queries and Response Automation in Azure Firewall Solution for Sentinel - Microsoft Tech Community</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 27 Aug 2021 16:06:27 GMT AshleyMartin 2021-08-27T16:06:27Z How to disable WAF mandatory rule or add an exception to the rule <P>Hi All,</P><P>&nbsp;</P><P>A website is getting blocked when I enable WAF in Prevention mode, and log says "Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)" but not able to see policy rule 949110 to disable or add an exception. Is there any way to solve this?</P> Thu, 05 Aug 2021 10:43:33 GMT dbagade 2021-08-05T10:43:33Z Unable to block my website in specific countries with Azure WAF custom rulea Hi All,<BR />Recently I got a requirement from my client to block the access of the website from specific countries. I've gone through lot of documentation over the Internet and found that we can use restrict access by blocking IP ranges and Azure WAF custom rules. I've created custom rules because I had to block almost 60 countries. But that is not working somehow. Can anyone help me on this? Sat, 31 Jul 2021 00:54:02 GMT Wrishav 2021-07-31T00:54:02Z New Azure Network Security and Azure Sentinel Blog Posts | Integrating Azure Sentinel/Azure Firewall <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1623177042058.jpeg" style="width: 999px;"><img src=";px=999" role="button" title="JasonCohen1892_0-1623177042058.jpeg" alt="JasonCohen1892_0-1623177042058.jpeg" /></span></P> <P>&nbsp;</P> <P>We’re excited to announce a seamless integration between&nbsp;<A href="#" target="_blank" rel="noopener">Azure Firewall</A>&nbsp;and&nbsp;<A href="#" target="_blank" rel="noopener">Azure Sentinel</A>. Now, you can get both detection, prevention and response automation in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel. Combining these capabilities allow you to ensure that you both prevent sophisticated threats when you can, while also maintaining an “assume breach mentality” to detect and quickly/automatically respond to cyberattacks.</P> <P>&nbsp;</P> <P><EM>The Azure Firewall Solution for Azure Sentinel is now available.&nbsp; Please see the security community blog to learn about the new threat detections, hunting queries and automation for Azure Firewall that are included in this new solution &lt;<A href="#" target="_blank" rel="noopener">Optimize security with Azure Firewall solution for Azure Sentinel - Microsoft Security</A>&gt;.</EM></P> <P>&nbsp;</P> <P>The automation capability for Azure Firewall with&nbsp;Azure Sentinel is provided with the new Logic App Connector and Playbook Templates.&nbsp;&nbsp;With this integration, you can automate response to Azure Sentinel incidents which contains IP addresses (IP entity), in Azure Firewall. &nbsp;The&nbsp;new Connector and Playbook templates allow&nbsp;security teams to&nbsp;get&nbsp;threat detection alerts&nbsp;directly in a Microsoft Teams Channel when one of the Playbooks attached to an Automation Rule triggers based on a Sentinel detection rule.&nbsp; Security&nbsp;incident&nbsp;response&nbsp;teams can&nbsp;then&nbsp;triage, perform&nbsp;one click response and&nbsp;remediation in Azure Firewall to block or allow IP address sources and destinations based on these alerts.&nbsp;</P> <P><EM>&nbsp;</EM></P> <P><EM>To learn more about deploying, configuring and using the automation for Azure Firewall with the new Custom Logic App connector and Playbooks, please review the instructions in the blog here &lt;<A href="" target="_blank" rel="noopener">Automated Detection and Response for Azure Firewall with the New Logic App Connector and Playbooks (</A>&gt;.</EM></P> <P>&nbsp;</P> <P>Original Post: <A href="" target="_blank" rel="noopener">New Azure Network Security and Azure Sentinel Blog Posts | Integrating Azure Sentinel/Azure Firewall - Microsoft Tech Community</A></P> Tue, 08 Jun 2021 20:07:48 GMT JasonCohen1892 2021-06-08T20:07:48Z May 11 | Webinar questions <P><STRONG>Azure Network Security</STRONG><SPAN>&nbsp;</SPAN><STRONG>| Central DNS Management and Logging with Azure Firewall</STRONG></P> <P>&nbsp;</P> <P>Please post your questions here.</P> Tue, 11 May 2021 15:23:51 GMT Valon_Kolica 2021-05-11T15:23:51Z Webinar Questions <P>Hi Folks,&nbsp;</P> <P>&nbsp;</P> <P>The Q&amp;A feature on our webinar is having some technical difficulties right now. Feel free to ask your questions here. We are monitoring in real time. You can reply to this post, or you can create a new post.&nbsp;</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 04 May 2021 15:08:35 GMT Ryan Heffernan 2021-05-04T15:08:35Z New Blog Post | Enabling Central Visibility For DNS Using Azure Firewall Custom DNS and DNS Proxy <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1619544949732.png" style="width: 400px;"><img src=";px=400" role="button" title="JasonCohen1892_0-1619544949732.png" alt="JasonCohen1892_0-1619544949732.png" /></span></P> <P><A href="" target="_blank" rel="noopener">Enabling Central Visibility For DNS Using Azure Firewall Custom DNS and DNS Proxy - Microsoft Tech Community</A></P> <P>In this blog, we will see how Azure Firewall can help our customers overcome this challenge and provide visibility not only to Azure DNS logging but also to control the traffic flows both east-west and to the internet for their Azure resources. Azure Firewall recently added Custom DNS and DNS proxy capabilities which was a big ask from all of our customers and, these are the features which we will explore in this blog and how it can help you.</P> Tue, 27 Apr 2021 17:37:10 GMT JasonCohen1892 2021-04-27T17:37:10Z New Blog Post | Azure Web Application Firewall: WAF config versus WAF policy <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1618590020480.png" style="width: 400px;"><img src=";px=400" role="button" title="JasonCohen1892_0-1618590020480.png" alt="JasonCohen1892_0-1618590020480.png" /></span></P> <P><A href="" target="_blank" rel="noopener">Azure Web Application Firewall: WAF config versus WAF policy - Microsoft Tech Community</A></P> <P>&nbsp;</P> <P><STRONG><SPAN>What is Web Application Firewall (WAF) config?</SPAN></STRONG></P> <P><SPAN>WAF config is the built-in method to configure WAF on Azure Application Gateway, and it is local to each individual Azure Application Gateway resource. When you create an Azure Application Gateway with either the WAF or the WAF_v2 SKU, you will see a new item on the menu blade called "Web application firewall" that displays WAF configuration options.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>The biggest drawback of using WAF config is that not all WAF settings are displayed in the portal UI. For example, you cannot configure or manage custom rules in the portal: you must use PowerShell or Azure CLI for that. Additionally, WAF config is a setting within an Azure Application Gateway resource. For this reason, each WAF config must be managed individually, and its configuration applies globally for everything within that specific Azure Application Gateway resource. WAF config does not exist on Azure Front Door.</SPAN></P> Fri, 16 Apr 2021 16:22:37 GMT JasonCohen1892 2021-04-16T16:22:37Z How to monitor database level firewall rules <P>As documented at&nbsp;<A href="#" target="_blank">IP firewall rules - Azure SQL Database and Azure Synapse Analytics | Microsoft Docs</A>, Azure database-level firewall rules are overriding server-level firewall rules. Since the database-level firewall rules can be created by a user that is given a contributor role on the database, how can an Azure administrator monitor these rules and be fully aware of the actual effective firewall rules on multiple Azure databases?</P> Fri, 09 Apr 2021 09:31:54 GMT MilanBanjac 2021-04-09T09:31:54Z Use cases for encryption over Expressroute? <P>I understand the basics of Expressroute being a private link from on-prem to Azure and hence more secure, but what would be the use cases to enable encryption on Expressroute via an Azure VPN gateway or a 3rd party gateway?</P><P>&nbsp;</P><P>Thx</P> Mon, 05 Apr 2021 14:55:34 GMT Jeff Walzer 2021-04-05T14:55:34Z New Blog Post | Role Based Access Control for Azure Firewall <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1617215675250.png" style="width: 400px;"><img src=";px=400" role="button" title="JasonCohen1892_0-1617215675250.png" alt="JasonCohen1892_0-1617215675250.png" /></span></P> <P><A href="" target="_blank">Role Based Access Control for Azure Firewall - Microsoft Tech Community</A></P> <P>In this article, we discuss the actions that may be used to create security conscious roles and templates that you can use to create and assign roles for Azure Firewall. Once you understand the boundaries for the role you are trying to create, you can use the template below or modify it by carefully selecting the actions required and assigning it to the user.</P> <P>There are various levels of administrative roles you might be looking to assign, and this may be done at a management group level, subscription level, resource group level or resource level. Azure RBAC focuses on managing user <A href="#" target="_blank" rel="noopener noreferrer">actions</A>  at these different scopes.</P> Wed, 31 Mar 2021 18:35:27 GMT JasonCohen1892 2021-03-31T18:35:27Z New Blog Post | New Detections for Azure Firewall in Azure Sentinel <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1617215559797.jpeg" style="width: 400px;"><img src=";px=400" role="button" title="JasonCohen1892_0-1617215559797.jpeg" alt="JasonCohen1892_0-1617215559797.jpeg" /></span></P> <P><A href="" target="_blank" rel="noopener">New Detections for Azure Firewall in Azure Sentinel (</A></P> <P><SPAN>Readers of this post will hopefully be familiar with both Azure Firewall which provides protection against network-based threats, and Azure Sentinel which provides SEIM and SOAR (security orchestration, automation, and response) capabilities.&nbsp; In this blog, we will discuss the new detections for Azure Firewall in Azure Sentinel.&nbsp; These new detections allow security teams to get Sentinel alerts if machines on the internal network attempt to query/connect to domain names or IP addresses on the internet that are associated with known IOCs, as defined in the detection rule query.&nbsp; True positive detections should be considered as Indicator of Compromise (IOC).&nbsp; Security incident response teams can then perform response and appropriate remediation actions based on these detection signals.</SPAN></P> Wed, 31 Mar 2021 18:33:08 GMT JasonCohen1892 2021-03-31T18:33:08Z New Blog Post | ANS Visibility and Control using ASC integration with Azure Firewall Manager <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonCohen1892_0-1616511200217.jpeg" style="width: 400px;"><img src=";px=400" role="button" title="JasonCohen1892_0-1616511200217.jpeg" alt="JasonCohen1892_0-1616511200217.jpeg" /></span></P> <P><A href="" target="_blank" rel="noopener">Azure Network Security Visibility and Control using ASC integration with Azure Firewall Manager - Mi...</A></P> <P>With the integration of Azure Firewall Manager with the Azure Security Center, you can now visualize all-up status of their infrastructure and network security in one place.&nbsp;The Firewall Manager tile in<SPAN>&nbsp;</SPAN><STRONG>Azure Security Center<SPAN>&nbsp;</SPAN></STRONG>dashboard<STRONG>,<SPAN>&nbsp;</SPAN></STRONG>under the<STRONG><SPAN>&nbsp;</SPAN>Overview</STRONG><SPAN>&nbsp;</SPAN>blade provides an all-up status of Azure Network Security across all Virtual Networks and Virtual Hubs spread across different regions in Azure.&nbsp; With a single glance, you can see the number of Azure Firewalls, Firewall Policies and Azure regions where Azure Firewalls are deployed.</P> <P>With a single click on the Firewall Manager tile or on the left-hand navigation pane in the ASC dashboard, you can get to the familiar Azure Firewall Manager dashboard to drill down deeper into different aspects of Network Security.</P> Tue, 23 Mar 2021 14:53:49 GMT JasonCohen1892 2021-03-23T14:53:49Z Azure WAF Security Protection and Detection Lab now Available <TABLE style="border-style: hidden; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="100%"><A href="" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="WAF.jpg" style="width: 999px;"><img src=";px=999" role="button" title="WAF.jpg" alt="WAF.jpg" /></span></A></TD> </TR> <TR> <TD width="100%"> <P class="xmsonormal"><STRONG>Azure Web Application Firewall Security Protection and Detection Lab is now available</STRONG>.&nbsp;</P> <P class="xmsonormal">The intent of this lab is to allow customers to easily test and validate the security capabilities of Azure WAF against common web application vulnerabilities/attacks.&nbsp; A significant amount of work has been put into developing the lab environment and the playbooks for our customers, and we are incredibly proud of the teamwork, collaboration, and support throughout the various stages of the process.</P> <P class="xmsonormal">&nbsp;</P> <P class="xmsonormal">The lab is now available on Azure Tech Community blog space and is organized in 5 sections.&nbsp; The step by step instructions in the lab allows anyone to rapidly deploy the lab environment and test Azure WAF’s protection capabilities against common web application attacks such as <STRONG>Reconnaissance, Cross-Site Scripting, and SQL Injection</STRONG> with no or minimal know-how of offensive security testing methodology.&nbsp; The lab also demonstrates how to use Azure WAF Workbook to understand how WAF handles malicious traffic and payloads.</P> <P class="xmsonormal">&nbsp;</P> <P class="xmsonormal"><A href="" target="_blank" rel="noopener">Click here</A> for a&nbsp;<STRONG>Tutorial Overview </STRONG>an introduction to the testing framework used in the lab, and the <STRONG>four-part instructions one the lab setup</STRONG>.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> Fri, 15 Jan 2021 23:09:36 GMT Valon_Kolica 2021-01-15T23:09:36Z Security Community | Private Preview form short link correction <P>This is just a quick update on the short-link to the Private Preview form. The correct link is&nbsp;<A href="#" target="_blank" rel="noopener"></A>&nbsp;You can<SPAN>&nbsp;apply to join our private preview program, where you can get early access to changes in exchange for your feedback, and review our product roadmap.</SPAN></P> <P>&nbsp;</P> <P>Thank you and I apologize for the inconvenience caused by the old broken link.</P> Tue, 01 Dec 2020 17:18:20 GMT Valon_Kolica 2020-12-01T17:18:20Z Web Application Firewall in Prevention Mode <P>Hi Team,</P> <P>&nbsp;</P> <P>My application is a ASP.NET web application built on standard .NET Framework features. It works well when Web App Firewall (WAF) is off or set to “Detection”. However, once the WAF set to “Prevention”, most requests to the web servers (both internet and intranet) will be blocked. Can I have your advice on what to be set on the firewall rule to resolve this?</P> Mon, 23 Nov 2020 04:25:58 GMT vijaycloud 2020-11-23T04:25:58Z Azure Advance Threat Protection Sensor Service unable to start <P>The Azure Advanced Threat Protection Sensor service terminated unexpectedly. It has done this 67 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.</P> Fri, 16 Oct 2020 17:19:12 GMT ifernandez 2020-10-16T17:19:12Z Azure Network Security | 2020 FREE Public Webinar series <TABLE style="border-style: hidden; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="100%"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="AzNetSec_Poster2.png" style="width: 999px;"><img src=";px=999" role="button" title="AzNetSec_Poster2.png" alt="AzNetSec_Poster2.png" /></span></TD> </TR> <TR> <TD width="100%"> <P>I am excited to announce the eight-part FREE public webinar series for Azure Network Security! Kick-off is on October 15. Looking forward to hosting you all! For details and registration, visit us at <A title="Register here" href="#" target="_blank" rel="noopener"></A></P> </TD> </TR> </TBODY> </TABLE> Thu, 24 Sep 2020 17:56:15 GMT Valon_Kolica 2020-09-24T17:56:15Z Suggestions for Network Security Blog Content <P>Please use this thread as a place to suggest topics we can write about on <A href="" target="_blank" rel="noopener">our blog</A>. These could be deep dives on particular features, how-to guides for implementing certain architectures, or any other network security concept. Thanks in advance!</P> Tue, 24 Nov 2020 16:57:35 GMT Anthony_Roman 2020-11-24T16:57:35Z