SOLVED

Azure Penetration Testing

Copper Contributor

Our firm has PaaS and IaaS resources deployed on Azure. We're undergoing a security audit by a prospective client who has asked how often Microsoft's security team conducts penetration tests of Azure systems and when the last test was performed. I have found various postings and white papers by Microsoft mentioning the internal penetration testing (https://technet.microsoft.com/en-us/security/mt346049.aspx, https://gallery.technet.microsoft.com/Cl...), but none that give specifics that would allow us to answer the audit team's questions. Where could we find answers to these questions?

 

Thanks.

2 Replies
best response confirmed by MichaelHolste (Microsoft)
Solution

I would take a look at Microsoft Trust Center:

 

here is a link to multiple Azure compliance audit reports, including latest pen test:

 

https://www.microsoft.com/en-us/trustcenter/guidance/risk-assessment?downloadDocument=nli&documentId...

Most recent penetration testing report is from early 2016 - I would like to see these produced more often (even in our on-premise solutions, we produce these quarterly).

 

1 best response

Accepted Solutions
best response confirmed by MichaelHolste (Microsoft)
Solution

I would take a look at Microsoft Trust Center:

 

here is a link to multiple Azure compliance audit reports, including latest pen test:

 

https://www.microsoft.com/en-us/trustcenter/guidance/risk-assessment?downloadDocument=nli&documentId...

View solution in original post