Security services and technologies available on Azure

In our discussions with current and future Azure customers, we're often asked "do you have a list of all the security-related services and technologies that Azure has to offer?"

When you evaluate cloud service provider options, it's helpful to have this information. So we have provided this list to get you started.

Over time, this list will change and grow, just as Azure does. Make sure to check this page on a regular basis to stay up-to-date on our security-related services and technologies.

General Azure security

Service Description
Microsoft Defender for Cloud A cloud workload protection solution that provides security management and advanced threat protection across hybrid cloud workloads.
Microsoft Sentinel A scalable, cloud-native solution that delivers intelligent security analytics and threat intelligence across the enterprise.
Azure Key Vault A secure secrets store for the passwords, connection strings, and other information you need to keep your apps working.
Azure Monitor logs A monitoring service that collects telemetry and other data, and provides a query language and analytics engine to deliver operational insights for your apps and resources. Can be used alone or with other services such as Defender for Cloud.
Azure Dev/Test Labs A service that helps developers and testers quickly create environments in Azure while minimizing waste and controlling cost.

Storage security

Service Description
Azure Storage Service Encryption A security feature that automatically encrypts your data in Azure storage.
Azure StorSimple Virtual Array An integrated storage solution that manages storage tasks between an on-premises virtual array running in a hypervisor and Microsoft Azure cloud storage.
Client-Side encryption for blobs A client-side encryption solution that supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client.
Azure Storage shared access signatures A shared access signature (SAS) provides delegated access to resources in your storage account.
Azure Storage Account Keys An access control method for Azure storage that is used authorize requests to the storage account using either the account access keys or a Microsoft Entra account (default).
Azure File shares A storage security technology that offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST AP.
Azure Storage Analytics A logging and metrics-generating technology for data in your storage account.

Database security

Service Description
Azure SQL Firewall A network access control feature that protects against network-based attacks to database.
Azure SQL Connection Encryption To provide security, SQL Database controls access with firewall rules limiting connectivity by IP address, authentication mechanisms requiring users to prove their identity, and authorization mechanisms limiting users to specific actions and data.
Azure SQL Always Encrypted Protects sensitive data, such as credit card numbers or national/regional identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database, Azure SQL Managed Instance, and SQL Server databases.
Azure SQL transparent data encryption A database security feature that helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest.
Azure SQL Database Auditing An auditing feature for Azure SQL Database and Azure Synapse Analytics that tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace, or Event Hubs.
Virtual network rules A firewall security feature that controls whether the server for your databases and elastic pools in Azure SQL Database or for your dedicated SQL pool (formerly SQL DW) databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks.

Identity and access management

Service Description
Azure role-based access control An access control feature designed to allow users to access only the resources they are required to access based on their roles within the organization.
Microsoft Entra ID A cloud-based identity and access management service that supports a multi-tenant, cloud-based directory and multiple identity management services within Azure.
Azure Active Directory B2C A customer identity access management (CIAM) solution that enables control over how customers sign-up, sign-in, and manage their profiles when using Azure-based applications.
Microsoft Entra Domain Services A cloud-based and managed version of Active Directory Domain Services that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.
Microsoft Entra multifactor authentication A security provision that employs several different forms of authentication and verification before allowing access to secured information.

Backup and disaster recovery

Service Description
Azure Backup An Azure-based service used to back up and restore data in the Azure cloud.
Azure Site Recovery An online service that replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location to enable recovery of services after a failure.

Networking

Service Description
Network Security Groups A network-based access control feature to filter network traffic between Azure resources in an Azure virtual network.
Azure VPN Gateway A network device used as a VPN endpoint to allow cross-premises access to Azure Virtual Networks.
Azure Application Gateway An advanced web traffic load balancer that enables you to manage traffic to your web applications.
Web application firewall (WAF) A feature that provides centralized protection of your web applications from common exploits and vulnerabilities
Azure Load Balancer A TCP/UDP application network load balancer.
Azure ExpressRoute A feature that lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
Azure Traffic Manager A DNS-based traffic load balancer.
Microsoft Entra application proxy An authenticating front-end used to secure remote access to on-premises web applications.
Azure Firewall A cloud-native and intelligent network firewall security service that provides threat protection for your cloud workloads running in Azure.
Azure DDoS protection Combined with application design best practices, provides defense against DDoS attacks.
Virtual Network service endpoints Provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Azure Private Link Enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.
Azure Bastion A service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.
Azure Front Door Provides web application protection capability to safeguard your web applications from network attacks and common web vulnerabilities exploits like SQL Injection or Cross Site Scripting (XSS).

Next steps

Learn more about Azure's end-to-end security and how Azure services can help you meet the security needs of your business and protect your users, devices, resources, data, and applications in the cloud.