Microsoft Azure

What is Microsoft Azure?

Microsoft Azure is Microsoft's cloud computing platform, offering a broad portfolio of infrastructure, platform, and software services used by enterprises worldwide. From a security operations perspective, Azure generates extensive telemetry through its native security services: Azure Monitor captures platform-level metrics and logs, Microsoft Defender for Cloud provides vulnerability assessments and security recommendations across Azure workloads, and Azure Active Directory logs record every authentication event, conditional access evaluation, and directory change. For SOC teams, Azure's activity logs are a critical data source for detecting unauthorized resource creation, privilege escalation within the cloud environment, and lateral movement between cloud services. The tight integration between Azure's native security tools and Microsoft Sentinel makes it a natural anchor for organizations building a Microsoft-centric security stack.

How does Microsoft Azure work with Qevlar?

Qevlar integrates with Microsoft Azure to ingest activity logs and security signals during cloud-focused investigations. When an alert involves suspicious Azure resource activity, unusual service principal behavior, or an anomalous authentication pattern, Qevlar can query Azure logs directly to reconstruct the sequence of events and determine the impact.