Pen Testing Your Applications in Microsoft Azure

imageSeveral people in the Azure security community have been asking about pen testing applications that they’ve deployed in Microsoft Azure. It’s a good question and so I put together an answer for you that you can find over at Pen testing your applications hosted in Microsoft Azure.

If you have any questions, comments or ideas on that article, or want more information about something else regarding Azure security, let us know! Just add your questions and ideas in the Comments section below.


Program Manager – Azure Security

Comments (7)

  1. Justin says:

    Thanks for this information Tom. My client wants a 3rd party to carry out some penetration testing on the application hosted in our Azure subscription and, in my quest to find out how to initiate this, this post led me to the penetration test approval form. However, the tester is specifically requesting approval to test our SQL Azure endpoints and the form does not appear to cater for this. Is it just not allowed or is there a different approval route?

  2. Shantel says:

    How can an organization perform a MVM scan on your environment?

  3. Hi Shantel –

    I probably should know it, but what is an MVM scan?



  4. ddcosta says:

    McAfee Vulnerability Manager

  5. Ah, ok. I don't see any problems with you doing such a scan on your own deployments. Just make sure not to generate any DoS issues, and to let us know that you're doing the pen test.

  6. fsa says:

    Thanks for this information.
    A week ago, I sent the form and received the automatic mail from Microsoft Azure Security Team.
    But I still have no answer.
    How long does it take to receive approval ?
    Where is it possible to track the status of my request ?

    1. Hi FSA – please send an email to and I’ll see if we can find you an answer.

Skip to main content