{"id":93748,"date":"2021-06-08T09:00:40","date_gmt":"2021-06-08T16:00:40","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=93748"},"modified":"2023-05-15T23:07:38","modified_gmt":"2023-05-16T06:07:38","slug":"optimize-security-with-azure-firewall-solution-for-azure-sentinel","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/","title":{"rendered":"Optimize security with Azure Firewall solution for Azure Sentinel"},"content":{"rendered":"<p>Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection.<\/p>\n<p>That\u2019s why we\u2019re excited to announce a seamless integration between <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-firewall\/\" target=\"_blank\" rel=\"noopener\">Azure Firewall<\/a> and <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener\">Azure Sentinel<\/a>. Now, you can get both detection and prevention in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel.<\/p>\n<p>Combining prevention and detection allows you to ensure that you both prevent sophisticated threats when you can, while also maintaining an \u201cassume breach mentality\u201d to detect and quickly respond to cyberattacks.<\/p>\n<h2>Azure Sentinel and Azure Firewall: Better together<\/h2>\n<p>The seamless integration of Azure Firewall and Azure Sentinel enables security operations with three key capabilities:<\/p>\n<ol>\n<li>Monitoring and visualizing Azure Firewall activities.<\/li>\n<li>Detecting threats and leveraging AI-assisted investigation capabilities.<\/li>\n<li>Automating response and correlation to other sources.<\/li>\n<\/ol>\n<p>The whole experience is packaged as a solution in the <a href=\"https:\/\/azuremarketplace.microsoft.com\/en-us\/marketplace\/apps\/sentinel4azurefirewall.sentinel4azurefirewall?tab=Overview\" target=\"_blank\" rel=\"noopener\">Azure Sentinel marketplace<\/a>, which means it can be deployed in just a few clicks.<\/p>\n<h2>How do you deploy and enable the Azure Firewall solution for Azure Sentinel?<\/h2>\n<p>Deploying the solution is simple. You can find it in the \u201cSolutions\u201d blade in your Azure Sentinel workspace, called the \u201cAzure Firewall Solution for Azure Sentinel.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-93759 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/06\/Figure-1-Azure-Sentinel.png\" alt=\"The Azure Firewall solution as displayed in Azure Sentinel portal UI in the solution section.\" width=\"1390\" height=\"669\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Figure-1-Azure-Sentinel.png 1390w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Figure-1-Azure-Sentinel-300x144.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Figure-1-Azure-Sentinel-1024x493.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Figure-1-Azure-Sentinel-768x370.png 768w\" sizes=\"(max-width: 1390px) 100vw, 1390px\" \/><\/p>\n<p><em>Figure 1: Azure Sentinel solutions preview.<\/em><\/p>\n<p>Once you open the Azure Firewall solution, simply hit the \u201ccreate\u201d button, follow all the steps in the wizard, pass validation, and create the solution. With just a few clicks, all content\u2014including connectors, detections, workbooks, and playbooks that we\u2019ll cover below\u2014will be deployed in your Azure Sentinel workspace.<\/p>\n<h2>Monitoring and visualizing Azure Firewall activities<\/h2>\n<p>The Azure Firewall workbook allows you to visualize Azure Firewall events. With this workbook, you can:<\/p>\n<ul>\n<li>Learn about your application and network rules.<\/li>\n<li>See statistics for firewall activities across URLs, ports, and addresses.<\/li>\n<li>Filter by firewall and resource group.<\/li>\n<li>Dynamically filter per category with easy-to-read data sets when investigating an issue in the logs.<\/li>\n<\/ul>\n<p>The workbook provides a single dashboard for ongoing monitoring of your firewall activity. When it comes to threat detection, investigation, and response, the Azure Firewall solution also provides built-in detection and hunting capabilities.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-93752 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/06\/Azure-Firewall-workbook..png\" alt=\"The Azure Firewall workbook overview screen, which is part of the Azure Firewall solution for Azure Sentinel.\" width=\"1474\" height=\"662\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-workbook..png 1474w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-workbook.-300x135.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-workbook.-1024x460.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-workbook.-768x345.png 768w\" sizes=\"(max-width: 1474px) 100vw, 1474px\" \/><\/p>\n<p><em>Figure 2. Azure Firewall workbook.<\/em><\/p>\n<h2>Detecting threats and leveraging AI-assisted investigation capabilities<\/h2>\n<h3>Built-in Threat Detection\u2014analytics<\/h3>\n<p>The solution\u2019s detection rules provide Azure Sentinel a powerful method for analyzing Azure Firewall signals to detect traffic representing malicious activity patterns traversing through the network. This allows rapid response and remediation of the threats.<\/p>\n<p>The attack stages an adversary will pursue within the firewall solution are segmented based on the <a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"noopener\">MITRE ATT&amp;CK framework<\/a>. The MITRE framework is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The framework helps defenders understand and combat ransomware, security breaches, and advanced attacks.<\/p>\n<p>The solution includes detections for common scenarios an adversary might use as part of the attack\u2014Spanning from the discovery stage (gaining knowledge about the system and internal network) through the command-and-control (C2) stage (communicating with compromised systems to control them) to the exfiltration stage (adversary trying to steal data from the organization).<\/p>\n<figure class=\"wp-block-table is-style-regular\">\n<table style=\"height: 556px;\" width=\"868\">\n<tbody>\n<tr>\n<td><strong><u>Detection rule<\/u><\/strong><\/td>\n<td><strong><u>What does it do?<\/u><\/strong><\/td>\n<td><strong><u>What does it indicate?<\/u><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Port scan<\/strong><\/td>\n<td>Identifies a source IP scanning multiple open ports on the Azure Firewall.<\/td>\n<td>Malicious scanning of ports by an attacker, trying to reveal open ports in the organization that can be compromised for initial access.<\/td>\n<\/tr>\n<tr>\n<td><strong>Port sweep<\/strong><\/td>\n<td>Identifies a source IP scanning the same open ports on the Azure Firewall different IPs.<\/td>\n<td>Malicious scanning of a port by an attacker trying to reveal IPs with specific vulnerable ports open in the organization.<\/td>\n<\/tr>\n<tr>\n<td><strong>Abnormal deny rate for source IP<\/strong><\/td>\n<td>Identifies an abnormal deny rate for a specific source IP to a destination IP based on machine learning done during a configured period.<\/td>\n<td>Potential exfiltration, initial access, or C2, where an attacker tries to exploit the same vulnerability on machines in the organization but is being blocked by the Azure Firewall rules.<\/td>\n<\/tr>\n<tr>\n<td><strong>Abnormal Port to protocol<\/strong><\/td>\n<td>Identifies communication for a well-known protocol over a non-standard port based on machine learning done during an activity period.<\/td>\n<td>Malicious communication (C2) or exfiltration by attackers trying to communicate over known ports (SSH, HTTP) but don\u2019t use the known protocol headers that match the port number.<\/td>\n<\/tr>\n<tr>\n<td><strong>Multiple sources affected by the same TI destination<\/strong><\/td>\n<td>Identifies multiple machines that are trying to reach out to the same destination blocked by threat intelligence (TI) in the Azure Firewall.<\/td>\n<td>An attack on the organization by the same attack group trying to exfiltrate data from the organization.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-93753 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel.png\" alt=\"The Azure Firewall solution detections as they appear in the Azure Sentinel detection section after installing the solution.\" width=\"1824\" height=\"802\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel.png 1824w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel-300x132.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel-1024x450.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel-768x338.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Azure-Firewall-threat-detections-in-Sentinel-1536x675.png 1536w\" sizes=\"(max-width: 1824px) 100vw, 1824px\" \/><\/p>\n<p><em>Figure 3. Azure Firewall threat detections in Sentinel.<\/em><\/p>\n<h3>Hunting queries<\/h3>\n<p>Hunting queries are a tool for the security researcher to look for threats in the network of an organization, either after an incident has occurred or proactively to discover new or unknown attacks. To do this, security researchers will look at several indicators of compromise (IOCs). The built-in Azure Sentinel hunting queries in the Azure Firewall solution give security researchers the tools they need to find high-impact activities from the firewall logs. Several examples include:<\/p>\n<figure class=\"wp-block-table\">\n<table>\n<tbody>\n<tr>\n<td><strong><u>Hunting query<\/u><\/strong><\/td>\n<td><strong><u>What does it do?<\/u><\/strong><\/td>\n<td><strong><u>What is it based on? What does it indicate?<\/u><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>First time a source IP connects to destination port<\/strong><\/td>\n<td>Helps to identify a common indication of an attack (IOA) when a new host or IP tries to communicate with a destination using a specific port.<\/td>\n<td>Based on learning the regular traffic during a specified period.<\/td>\n<\/tr>\n<tr>\n<td><strong>First time source IP connects to a destination<\/strong><\/td>\n<td>Helps to identify an IOA when malicious communication is done for the first time from machines that never accessed the destination before.<\/td>\n<td>Based on learning the regular traffic during a specified period.<\/td>\n<\/tr>\n<tr>\n<td><strong>Source IP abnormally connects to multiple destinations<\/strong><\/td>\n<td>Identifies a source IP that abnormally connects to multiple destinations.<\/td>\n<td>Indicates initial access attempts by attackers trying to jump between different machines in the organization, exploiting lateral movement path or the same vulnerability on different machines to find vulnerable machines to access.<\/td>\n<\/tr>\n<tr>\n<td><strong>Uncommon port for the organization<\/strong><\/td>\n<td>Identifies abnormal ports used in the organization network.<\/td>\n<td>An attacker can bypass monitored ports and send data through uncommon ports. This allows the attackers to evade detection from routine detection systems.<\/td>\n<\/tr>\n<tr>\n<td><strong>Uncommon port connection to destination IP<\/strong><\/td>\n<td>Identifies abnormal ports used by machines to connect to a destination IP.<\/td>\n<td>An attacker can bypass monitored ports and send data through uncommon ports. This can also indicate an exfiltration attack from machines in the organization by using a port that has never been used on the machine for communication.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h3>Automating response and correlation to other sources<\/h3>\n<p>Lastly, the Azure Firewall also includes Azure Sentinel playbooks, which enable you to automate response to threats. For example, if the firewall logs an event where a particular device on the network is trying to communicate with the internet via HTTP protocol over a non-standard TCP port, this action will trigger a detection in Azure Sentinel. The playbook will automate a notification to the security operations team via Microsoft Teams, and the security analysts can block the source IP of the device with a single click\u2014preventing it from accessing the internet until an investigation can be completed. Playbooks allow this process to be much more efficient and streamlined.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-93754 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/06\/Playbook-automation-configuration.png\" alt=\"An example of the Azure Firewall automation playbook, which is part of the solution, as it would appear once opening the playbook in Sentinel.\" width=\"1114\" height=\"921\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Playbook-automation-configuration.png 1114w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Playbook-automation-configuration-300x248.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Playbook-automation-configuration-1024x847.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/Playbook-automation-configuration-768x635.png 768w\" sizes=\"(max-width: 1114px) 100vw, 1114px\" \/><\/p>\n<p><em>Figure 4. Playbook automation configuration.<\/em><\/p>\n<h3>Seeing the integrated solution in action: Seamless hunting with pre-configured Azure Firewall hunting queries<\/h3>\n<p>Let\u2019s look at what the fully integrated solution looks like in a real-world scenario.<\/p>\n<h4>The attack and initial prevention by Azure Firewall<\/h4>\n<p>A sales representative in the company has accidentally opened a phishing email and opened a PDF file containing malware. The malware immediately tried to connect to a malicious website but was blocked by the Azure Firewall, which detected the domain due to the Microsoft threat intelligence feed it consumes.<\/p>\n<h4>The security analyst response based on the Azure Firewall solution for Azure Sentinel<\/h4>\n<p>The connection attempt triggered a detection in Azure Sentinel and started the playbook automation process to notify the security operations team via a Teams channel, where, with a click of a button, the analyst was able to block the computer from communicating with the internet. The security operations team then notified the IT department which removed the malware from the sales representative\u2019s computer. However, taking the proactive approach and looking deeper, the security researcher leveraged the Azure Firewall hunting queries and ran the \u201cSource IP abnormally connects to multiple destinations\u201d query. This reveals that the malware on the infected computer tried to communicate with several other devices on the broader network and tried to access several of them. One of those access attempts succeeded, as there was no proper network segmentation to prevent the lateral movement in the network, and the new device had a known vulnerability the malware exploited to infect it.<\/p>\n<h4>The result<\/h4>\n<p>The security researcher removed the malware from that new device, completed mitigating the attack, and discovered a network weakness in the process.<\/p>\n<h4>Conclusion<\/h4>\n<p>Integrating threat prevention and threat detection is key to properly securing your organization and enabling your security operations team to monitor and respond to threats.<\/p>\n<p>Enabling the Azure Firewall solution on your Azure Sentinel workspace is just a few clicks away. <a href=\"https:\/\/aka.ms\/AzureFirewallSentinelSolution\" target=\"_blank\" rel=\"noopener\">Start now<\/a>.<\/p>\n<h2>Learn more<\/h2>\n<p>In addition to the Azure Firewall solution, we announced several new Azure Sentinel innovations at the RSA Conference 2021. Learn more about these announcements, including new integrations, machine learning features, collaboration capabilities, and more on the <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/rsa-conference-2021-new-innovations-for-azure-sentinel\/ba-p\/2346834\" target=\"_blank\" rel=\"noopener\">Azure Sentinel announcement blog<\/a>.<\/p>\n<p>To learn more about Microsoft Security solutions, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener\">visit our\u00a0website<\/a>.\u00a0Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019re excited to announce seamless integration between Azure Firewall and Azure Sentinel. Now, you can get both detection and prevention in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel.<\/p>\n","protected":false},"author":106,"featured_media":93755,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3681,3685],"products":[3726],"threat-intelligence":[],"tags":[3742],"coauthors":[2577,2578,2530],"class_list":["post-93748","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-risk-management","topic-siem-and-xdr","products-microsoft-sentinel","tag-azure"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"We\u2019re excited to announce seamless integration between Azure Firewall and Azure Sentinel. Now, you can get both detection and prevention in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-08T16:00:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:07:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark Gakman, Yossi Hasson, Yoav Daniely\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Gakman, Yossi Hasson, Yoav Daniely\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-gakman\/\",\"@type\":\"Person\",\"@name\":\"Mark Gakman\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yossi-hasson\/\",\"@type\":\"Person\",\"@name\":\"Yossi Hasson\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yoav-daniely\/\",\"@type\":\"Person\",\"@name\":\"Yoav Daniely\"}],\"headline\":\"Optimize security with Azure Firewall solution for Azure Sentinel\",\"datePublished\":\"2021-06-08T16:00:40+00:00\",\"dateModified\":\"2023-05-16T06:07:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\"},\"wordCount\":1608,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\",\"keywords\":[\"Azure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\",\"name\":\"Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\",\"datePublished\":\"2021-06-08T16:00:40+00:00\",\"dateModified\":\"2023-05-16T06:07:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg\",\"width\":1200,\"height\":800,\"caption\":\"Female office worker at workstation near window, looking at desktop monitor (screen not shown). Open laptop also on desk (screen not shown).\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Optimize security with Azure Firewall solution for Azure Sentinel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/","og_locale":"en_US","og_type":"article","og_title":"Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog","og_description":"We\u2019re excited to announce seamless integration between Azure Firewall and Azure Sentinel. Now, you can get both detection and prevention in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-06-08T16:00:40+00:00","article_modified_time":"2023-05-16T06:07:38+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","type":"image\/jpeg"}],"author":"Mark Gakman, Yossi Hasson, Yoav Daniely","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","twitter_misc":{"Written by":"Mark Gakman, Yossi Hasson, Yoav Daniely","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-gakman\/","@type":"Person","@name":"Mark Gakman"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yossi-hasson\/","@type":"Person","@name":"Yossi Hasson"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/yoav-daniely\/","@type":"Person","@name":"Yoav Daniely"}],"headline":"Optimize security with Azure Firewall solution for Azure Sentinel","datePublished":"2021-06-08T16:00:40+00:00","dateModified":"2023-05-16T06:07:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/"},"wordCount":1608,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","keywords":["Azure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/","name":"Optimize security with Azure Firewall solution for Azure Sentinel | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","datePublished":"2021-06-08T16:00:40+00:00","dateModified":"2023-05-16T06:07:38+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/06\/CLO18_workingSolo_001.jpg","width":1200,"height":800,"caption":"Female office worker at workstation near window, looking at desktop monitor (screen not shown). Open laptop also on desk (screen not shown)."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/06\/08\/optimize-security-with-azure-firewall-solution-for-azure-sentinel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Optimize security with Azure Firewall solution for Azure Sentinel"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93748"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=93748"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93748\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/93755"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=93748"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=93748"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=93748"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=93748"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=93748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=93748"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=93748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}