Achieve Excellence with Lessons from Stoicism, featuring Massimo Pigliucci
David Cross

David Cross, GM of Security, Microsoft Azure

If you have questions about Microsoft Azure Security you will love this interview with David Cross.

David Cross is the General Manager in charge of Security with Microsoft Azure. He has been the primary inventor of over 25 security patents and is the author of numerous publications and white papers. Prior to Microsoft, he served 5 years with the aviation electronic warfare community with the US Navy. He has a BS in CIS and a MBA.

One of the really fun parts of this interview is actually learning about his invention process as I was very curious about it since he has so many patents!


Learning opportunities are below that include, information show notes, links for videos to access specific Azure related information from the interview.

The Future of Information Sharing and Security

Competitors (eg Microsoft and Google) sharing information – Microsoft founded Interflow to explore this and build sharing capabilities via TAXII and STIX.

Scaling Information Security Expertise

Why “Assuming the Breach” is the right stance to have with IT Security.
To Microsoft this means that the philosophy, mentality and mindset:

  • They are always testing themselves
  • Perform War-game exercises
  • Red Team – to find holes and weaknesses, Identify gaps, points of entry, risks and take them on
  • Blue Team – to detect and remediate attacks (planned and unplanned – stealth/ military exercises)
  • Compliance – third party outside entities

A Day In the Life of an Incident Responder at Azure

How Microsoft works in partnership with the customer. Listen to examples @13:30
Joint support and help is a big advantage with Microsoft and

Microsoft’s approach to privacy and trust

Microsoft has no visibility into their VMs
They only watch what is going “out”
Your VMs and Apps are private unless you (ASK) Microsoft.

@16:50 – Integrating Third Party Security Service Providers into the Azure Data Center

You can export data into you log management system or SIEM as well.
Or you can use Microsoft to do this
Do it yourself in Azure or Hybrid on their own premise.

@19:00 Integrating your own own logs into Azure
Combine Microsoft OMS Ops Management Services

Combine On-premise logs and Azure logs into a common tool sets
Focus on making tools work with customer tools

Who owns the data?

You chose location and replication of your data.
The key is Customer has this option of choice where it is stored and replicated.

Can the FBI / Law enforcement walk in and demand to see your data?

@21:40 note from host – “ I love his response here” that is there data and Microsoft refers them to who owns the data. They don’t have persistent access to customer data unless it is approved by the customer.

Mentioned – New Office 365 ‘lockbox’ functionality to enhance and ensure user control

Read More

Microsoft Appliance Support on Azure @23:30

Consistency is key for Azure.
Integration of Services match Azure integration
On premise functions have to be same as Cloud

Identity Management Options

Enforce ADFS Active Directory Federation Services for Azure employees accessing resources
Multi-factor access for Azure employees is 100% enforced and (inside or outside the company)

The Two Most Common Intrusions and the two Most Powerful Method to Ensure Security

Against most common hacks of

  • Phishing Attack Malware designed to steal your credentials
  • Drive By Malware (via web surfing)– compromise your machine to launch attack once you are online

David discusses how Microsoft Azure uses Multi-factor authentication using ADFS or Azure AD is a huge Spread Bump for potential hackers!

Multi-Factor Capabilities

  • ADFS – lots of options are available
  • Azure Active Directory – uses phone multi factor

DDOS Prevention Capabilities

Individual protection of applications and tenants and IPs need specific capabilities from partners.

Microsoft Azure focus related to DDoS is more global in scope as it relates to protecting Azure customers in a DDoS situation (consumption of bandwidth etc).

Microsoft Azure Security Center – Microsoft is looking at threats around world (MSN, Xbox, Bing, Skype, etc) so they can combine threat intelligence around world.

Azure Marketplace


What is Azure Jit @37:00 Critical Learning Highlights

  • A Microsoft Azure tech has No elevated permissions into customer environment
  • Internal Jit (just in time) approvals needed to to do troubleshooting. Also refer to PDF slide presentation David gave on this topic at RSA 2015. It is wonderful. Jit explanation is on slide #28 of 47.
  • Jit access has to be tied to a customer incident
  • Mandatory – Multi-factor access
  • Must Define scope
  • Only admin functions are allowed for a specified time

Secure Admin workstations

  • @38:15 – Azure employees must use secured, signed tools that can access Azure
  • They are locked down machines.
  • No access to internet
  • Prevents ‘drive by’ infections
  • Risk is reduced significantly

Machine Learning via Azure – Context is King – Critical tool set for many things @38:30

  • Context is critical
  • The focus for Microsoft is not to just look for anomalous behavior but to combine multiple context points in order to detect anomalous behavior.
  • Context provides power.
  • Just looking for anomalies is not good. Context is the missing component.

How David Comes up with great ideas for his security patents @48:45

How to get in touch with David Cross

Follow him on Twitter: @DavidCross_MS

David’s Website

Great Research Resources:

David’s Presentation at RSA Conference 2015

David Cross at RSA 2015


David’s Azure and Security Blog Posts

David’s post on Azure Security Center

David’s blog post on Microsoft Data Protection


Love this episode? Leave a Review 

Share it on your LinkedIn feed.

If you haven’t already, please make sure you leave us a review on iTunes.

About Bill Murphy 

Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader. 

Connect With Us On Social Media

Connect with Bill on LinkedIn.

Join The CIO Innovation Mastermind Community

We invite the top 20% of Business IT Leaders for my CIO Innovation Mastermind Events group to participate in monthly discussions on things like VR, AI, and other disruptive & emerging technologies. If you want to become a member, email Chief of Staff, Jamie Luber for more information.

Subscribe To Bill Murphy’s RedZone Podcast