This article outlines the security and identity services variations and considerations for the Azure Government environment. Preview features available in the Azure Security Center commercial environment may not be supported in Azure Government. For details on this service and how to use it, see the Azure Security Center public documentation. Note Security Center internal assessments are provided to discover security misconfigurations, based on Common Configuration Enumeration such as password policy, windows FW rules, local machine audit and security policy, and additional OS hardening settings.
Threat detection Specific detections Detections based on VM log periodic batches, Azure core router network logs, threat intelligence reports, and detections for app services are not available.
Note Near real-time alerts generated based on security events and raw data collected from the VMs are captured and displayed. Security incidents The aggregation of alerts for a resource, known as a security incident, is not available. Threat intelligence enrichment Geo-enrichment and the threat intelligence option are not available. Server protection OS Security Configuration Vulnerability specific metadata, such as the potential impact and countermeasures for OS security configuration vulnerabilities, is not available.
The Standard tier of Azure Security Center is free for the first 30 days. Should you choose to continue to use public preview or generally available Standard features beyond 30 days, we automatically start to charge for the service. What features are available for Azure Security Center government customers? A detailed list of feature variations in the Azure Security Center government offering can found in the variations section of this article. Azure resources created in DoD regions can still utilize Security Center capabilities.
However, using it will result in Security Center collected data being moved out from DoD regions and stored in Azure Government regions. By default, all Security Center features which collect and store data are disabled for resources hosted in DoD regions. The type of data collected and stored varies depending on the selected feature. Customers who want to enable Azure Security Center features for DoD resources are recommended to consider data residency before doing so.
For details on this service and how to use it, see the Azure Key Vault public documentation. Service Type.
You can purchase and associate Azure Active Directory (Azure AD) Premium editions with your Azure subscription. If you need to create a new Azure subscription, you'll also need to activate your licensing plan and Azure AD service access. Azure Active Directory Premium is available in Azure Government. For details on this service and how to use it, see the Azure Active Directory Documentation. For a list of features in Azure Active Directory Premium P1, see Azure Active Directory Features for a list of all capabilities available. Azure Active Directory (Azure AD) is Microsoft's multi-tenant, cloud-based directory, and identity management service that combines core directory services, application access management, and identity protection into a single solution.
This new Premium offering is a collection of features for Microsoft's identity management as a service IDaaS platform - the identity backbone for all Microsoft Online Service products - that takes a large step towards making it a viable cloud partner to Windows Server Active Directory. In addition to its new features, the offering guarantees a Why would you want Azure AD Premium? How might it be useful to you? In keeping with Microsoft's scenario-driven product design , the Azure AD Premium feature set was developed to support four scenarios: