Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
To help you meet your own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings) and depth (number of customer-facing services in assessment scope). For service availability, see Products available by region.
Azure Firewall audit scope
Microsoft retains independent, third-party auditing firms to conduct audits of Microsoft cloud services. The resulting compliance assurances apply to both Azure and Azure Government cloud environments. Compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region or country/region specific. Azure compliance certificates and audit reports clearly state which cloud services are in scope for independent third-party audits. Different audits might have different cloud services in audit scope.
Azure Firewall is included in many Azure compliance audits. The following list shows the key certifications by category:
Global, industry, and regional:
- CSA STAR
- ISO/IEC 27001, 27017, and 27018
- SOC 1 Type 2, SOC 2 Type 2, and SOC 3
- PCI DSS Level 1
- HIPAA BAA
- HITRUST CSF
- GSMA
US government:
- FedRAMP High
- DoD IL2, IL4, IL5, and IL6 (Azure Government)
For the authoritative and up-to-date list of which Azure services are in each audit scope, see Cloud services in audit scope.
Next steps
For more information about Azure compliance, see the following information.