Apr 17 2017
- last edited on
Feb 19 2021
Our firm has PaaS and IaaS resources deployed on Azure. We're undergoing a security audit by a prospective client who has asked how often Microsoft's security team conducts penetration tests of Azure systems and when the last test was performed. I have found various postings and white papers by Microsoft mentioning the internal penetration testing (https://technet.microsoft.com/en-us/security/mt346049.aspx, https://gallery.technet.microsoft.com/Cl...), but none that give specifics that would allow us to answer the audit team's questions. Where could we find answers to these questions?
Apr 17 2017 03:09 PMSolution
I would take a look at Microsoft Trust Center:
here is a link to multiple Azure compliance audit reports, including latest pen test:
Aug 14 2017 08:40 AM
Most recent penetration testing report is from early 2016 - I would like to see these produced more often (even in our on-premise solutions, we produce these quarterly).