Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

You don't have clearance for that: Microsoft ups the paranoia with a preview of Azure Firewall Premium

Reassuring the regulators

Richard Speed Wed 17 Feb 2021  //  16:30 UTC

Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments.

Azure Firewall was Microsoft's attempt to sling a virtual arm over the shoulders of harassed administrators while whispering "there now, don't worry about all that pesky firewall configuration stuff, let us take care of it" in its most seductive tone.

The result was a managed network security service, based in Microsoft's cloud, built to protect Azure Virtual Network resources from miscreants. Azure to on-premises traffic filtering was also supported.

The Premium version, which is very much a preview and thus not recommended for production workloads, ups the ante with extra features.

Alongside improvements in URL filtering (it is now possible to look at an entire URL rather than just the host and domain name as in the standard Firewall service) it is also possible to deny or allow user access by website category (eg, social networking, gambling).

While the standard Firewall service will categorise by fully qualified domain name (FQDN), it once again requires the premium version to be a little more granular and delve down into a complete URL.

More interesting is the intrusion detection and prevention system (IDPS), which will look for malicious network activity, report it and optionally try to block it. The service is signature-based and hunts for the patterns of known malware.

Finally, the service will terminate outbound and east-west TLS connections to permit inspection before the traffic is re-encrypted and sent on its way. Those still clinging to old versions of TLS and wishing to make use of the feature will need to upgrade to TLS 1.2 since Microsoft is serious about deprecating TLS 1.0 and 1.1.

In terms of management, a new Firewall policy tier has been added, comprising Standard and Premium policies. Although Firewall Classic rules remain supported, Microsoft is keen that customers use the Migrate to Firewall policy option to shift rules to the new tier.

"Migrating to Firewall Policy does not incur any downtime," said the company before sounding a cautious note with "but it is recommended that you migrate during maintenance hours."

Although the Firewall Policy Standard tier is Generally Available and provides a full SLA, the additional Premium toys remain in preview. There are also some known issues with Azure Firewall that merit consideration. These include the fact that rules are IPv4-address-only for the time being (IPv6 support "is under investigation") and the fact that configuration updates can take a leisurely five minutes on average. ®
Send us news
7 Comments

Microsoft foresees a new type of AI PC: A Surface designed with help from machines

For now, Redmond is dogfooding Azure for product simulations

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software

French lawmakers take a swing at cloud monopolies

Action gathers steam in the EU, US and UK as anti-trust teams collate market feedback

Researchers claim Windows Defender can be fooled into deleting databases

Two rounds of reports and patches may not have completely closed this hole

October 2025 will be a support massacre for a bunch of Microsoft products

Not just Windows 10. Don't forget about Exchange Server, Skype for Business, and all those Office installations

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer

Open source versus Microsoft: The new rebellion begins

Neither side can afford to lose, but one surely must

Microsoft breach allowed Russian spies to steal emails from US government

Affected federal agencies must comb through mails, reset API keys and passwords

AI gold rush continues as Microsoft invests $1.5B in UAE's G42

Can regulators keep up?

Microsoft shrinks AI down to pocket size with Phi-3 Mini

Language model focused on reasoning fits on a smartphone and runs offline

Microsoft aims to triple datacenter capacity to fuel AI boom

And it's far from the only hyperscaler getting in on the act

Microsoft claims it didn't mean to inject Copilot into Windows Server 2022 this week

AI assistant turns up via Edge update. It was an accident. This time...