Azure Firewall Capabilities
Azure Firewall is a cloud native firewall-as-a-service offering which enables customers to centrally govern all their traffic flows using a DevOps approach. The service supports both application (such as *.github.com), and network level filtering rules.
To protect against growing cyber threats, Azure users are recommended to install some type of firewall. While different types Azure Firewalls perform different functions within the Microsoft cloud, they predominantly act as monitors for interactions between a given section of the public cloud and the rest of the internet. By filtering packets and requests, these firewalls can block malicious software from getting access to applications, data, or the even the network itself. The Microsoft Azure Marketplace have firewalls that generally fall into two categories: Web Application Firewalls and Network Firewalls.
Cloud services are fundamental to internet infrastructure and storage – this requires robust security solutions that focus on operations and reliability. Firewall services designed for Microsoft Azure provide security and support to organizations looking to protect their data and applications – especially for those who do not have sophisticated requirements.
- Threat intelligence based filtering
Microsoft uses vast teams of data scientists and its cybersecurity experts are constantly mining this data to create a high confidence list of known malicious IP addresses and domains. Azure firewall can now be configured to alert and deny traffic to and from known malicious IP addresses and domains in near real-time. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. The Microsoft Intelligent Security Graph powers Microsoft Threat Intelligence and provides security in multiple Microsoft products and services, including Azure Security Center and Azure Sentinel.
Threat intelligence-based filtering is default-enabled in alert mode for all Azure Firewall deployments, providing logging of all matching indicators. Customers can adjust behavior to alert and deny.
- Service tags filtering
Along with threat intelligent-based filtering, MS is adding support for service tags. A service tag represents a group of IP address prefixes for specific Microsoft services such as SQL Azure, Azure Key Vault, and Azure Service Bus, to simplify network rule creation. Microsoft supports service tagging for a rich set of Azure services which includes managing the address prefixes encompassed by the service tag, and automatically updating the service tag as addresses change. Azure Firewall service tags can be used in the network rules destination field.