Netskope Help

Configure Microsoft Azure

Microsoft Azure is growing in popularity with developers and security professionals that build, deploy, and manage applications in the platform. This adoption comes with a shared responsibility model for cloud security, where customers are responsible for securing data stored in Azure. Due to the dynamic nature of Azure, organizations struggle to continuously monitor their environments for misconfigurations and vulnerabilities, leaving them without a clear and accurate view into their security posture. In addition, as more workloads move to Azure, the risk of sensitive data loss and threats like malware and ransomware persist. Netskope allows enterprises to safely enable Azure with 360° data protection, advanced threat protection, continuous security assessment, and real-time controls, all delivered from a cloud-native platform that secures SaaS, Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS).

With Netskope, you can:

  • Detect and secure your sensitive content en route to or from Azure with award-winning cloud DLP.

  • Gain granular visibility and control of activities being performed on both sanctioned and unsanctioned Azure instances. Know what’s going on with individual Azure instances and place activity-level restrictions for users, groups, and OU across a wide range of services within Azure.

  • Monitor and prevent network configuration changes, like checking if SSH access is enabled. And with the granular visibility over your Azure instances, you can place contextual policies on access and activities performed by users.

  • Block various strains of malware like ransomware going to and from Azure Blob storage. Netskope Threat Protect provides comprehensive threat defense for Azure with real-time, multi-layered threat detection and remediation.

Policies can be applied to real-time activities, such as uploads to and downloads from Azure Blob storage. Select which storage accounts and have those files scanned for DLP violations. Block certain users from downloading or uploading sensitive files stored in Azure Blob storage.

Azure environments are dynamic and need to be continuously monitored for misconfigurations and vulnerabilities. With Netskope, you can get a clear picture of your cloud security posture and see how the environment is performing against standards and best practices like CIS (Center for Internet Security) benchmarks.

There are three use cases supported for Azure. Based on your requirement, you can select the appropriate configuration options. 

  • Configure an Azure Subscription for Continuous Security Assessment

  • Configure Azure Blob storage for Storage Scanning, this includes DLP Scanning and Threat Protection (Malware Scanning)

  • Configure Azure Blob Storage as a Forensic Destination

Supported Azure regions

Continuous Security Assessment (CSA), Storage Scanning, and Forensics configurations are supported on all regions under AZURE_PUBLIC_CLOUD. CSA is also supported on AZURE_US_GOV_CLOUD.

For more information about Azure regions, see the Azure documentation.