Skip Navigation
Get a Demo
Resources Blog Product updates

Red Canary brings MDR expertise to Microsoft Azure Cloud

Red Canary directly ingests telemetry data and alerts from Azure Audit logs and Defender for Cloud, performing deeper investigations to detect threats others miss.

Kevin Gee
Originally published . Last modified .

Red Canary is excited to announce we are bringing 24×7 monitoring and unparalleled threat detection and response capabilities to Microsoft’s Azure Cloud. Our security operations platform combined with our security experts will help you secure your Azure cloud environment with comprehensive coverage and in-depth threat investigations.

So here’s the scenario. You’re deployed on Microsoft’s Azure Cloud and you’ve set up your admin accounts and users, spun up resources running critical company infrastructure in cloud workloads, and stored a bunch of data in Azure blob storage. Through this experience you’ve recognized the complexity of managing a cloud environment and now wonder about how to best protect your investment. Are you prepared for the tactics and techniques adversaries will use to breach your Azure environment? Let’s dive into the anatomy of an attack and how Red Canary helps you stay ahead of the malicious actors out to breach your cloud.

The adversaries

Adversaries consistently look for ways to gain access to your Azure Cloud environment and then find ways to monetize that access. The majority of cloud threats begin with direct attacks on your users or by exploiting their mistakes.


  • Phishing / social engineering
  • Credential theft
  • Brute force attacks
  • Cloud token theft
Accidental :
  • Cloud policy or setting misconfiguration
  • Account and role permission misconfiguration
  • Unmanaged attack surface—unpatched vulnerabilities and risks

Whether these bad actors actively target your admin and user accounts or exploit accidental misconfigurations, noticing suspicious activity and identifying threats can still pose a challenge to even the most experienced security experts.

Cloud-native threats are exploding

As seen in both the IBM 2023 Cost of a Databreach report and Verizon’s 2023 Data Breach Investigation Report, 75 percent of breaches stem from the human element, with 50 percent directly targeting users and their accounts and the other 25 percent exploiting human error and misconfigurations related to the complex way cloud environments and their resources are set up and maintained. Even knowing this is the case, many organizations struggle to effectively monitor the activity within their expansive cloud environment. It’s difficult to analyze all of the log data to parse regular user activity from real indicators of compromise. Many orgs find they don’t have the time, necessary resources and manpower, or the expertise in-house to stay on top of all the data and confidently identify and respond to threats.

Introducing Red Canary MDR for Azure

In addition to integrating with Microsoft Defender for Cloud alerts, Red Canary now ingests telemetry log data from Microsoft Azure Audit logs (including Azure AD Audit, Signin, Activity, Key Vault Diagnostics, and Storage logs), empowering our experts to conduct even deeper threat investigations within your cloud environment. We take in all that telemetry log data to monitor and analyze behavioral activity. We’ll correlate that information with alert signals from Defender for Cloud, including misconfiguration data, to spot malicious activity and stop threats.

By leveraging both Defender for Cloud’s built-in security insights and combining it with our own human-powered threat hunting expertise, Red Canary creates a layered defense against sophisticated cyber attacks, delivering unparalleled protection for your Azure cloud environment.

Here’s what this integration means for you:

  • Enhanced visibility: Red Canary taps into your Azure telemetry logs, giving you a deeper, holistic view of your cloud activity with added context and security insights.
  • Faster threat detection: We’ll analyze all that data alongside other security signals, helping you pinpoint suspicious activity and detect threats quickly and accurately.
  • Deeper threat investigations: When we identify something suspicious, we’ll perform targeted investigations to confirm or disprove threats while filtering out the noise.
  • Streamlined response: If a threat is confirmed, our team of threat hunting experts will work alongside your security team to contain and remediate the issue, minimizing damage and downtime.

By combining the power of Microsoft Azure and Red Canary MDR, you can be confident that your cloud environment is under constant watch by a dedicated team of security experts ready to respond to any suspicious activity.


Teaming with Microsoft Copilot for Security


Introducing Red Canary’s multicloud launch


Red Canary teams up with Wiz as its first certified MDR partner


Look beyond processes with Linux EDR

Subscribe to our blog

Back to Top