What is the procedure to be followed in performing prohibited activities in Azure Penetration Testing?

N Roshini M Dhana Lakshmi 0 Reputation points
2024-03-15T10:06:06.3433333+00:00

Do we need to get authorization from the Azure team by producing any documents before starting to test for the prohibited activities mentioned in Azure Penetration Testing https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement? If so can you please share the template for the document?

Also I wanted to know that can we perform testing for DDoS Attack, Fuzzing directly onto our client account without any authorization from the Azure team? Is it in compliance with the Azure Policy?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,683 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ben Gimblett 3,410 Reputation points Microsoft Employee
    2024-03-15T10:54:13.7033333+00:00

    Hi thanks for the question

    As per the linked document; I do not believe it is possible to get authorization to perform prohibited Penetration-Test activities (as detailed in the rules of engagement) as by definition the actions listed would be in violation of policy terms & conditions and (as also noted in the doc) may also have legal consequence

    For further clarification you could raise a request through your Account representative or support.

    For DDoS simulation/testing please refer to https://learn.microsoft.com/en-us/azure/ddos-protection/test-through-simulations

    Hope this comment helps

    0 comments No comments