Ports That Haven't Been Properly Secured

Customers have taken advantage of a feature in the Azure Security Center called Just-in-Time that shuts down ports while concurrently enabling virtual machines, according to Scott Woodgate, senior director of Microsoft Azure Management and Security Marketing.

The feature dramatically decreases Azure's susceptibility to super-common threat vectors like RDP (remote desktop protocol)-based attacks by making it so that a legitimate user has access only from a specific IP address for just one-to-three hours, Woodgate said. Just-In-Time was introduced 18 months ago, Woodgate said, and can be turned on with the click of a button.

The fundamental benefit of Just-in-Time is the additional layer of protection it provides on virtual machines, Woodgate said. In addition, Woodgate said the feature should reduce the responsibilities of the SOC (security operations center) around patching or upgrading tools, which in turn would provide them with more time to focus on hunting threats.