How to Conduct Azure Penetration Testing Without Violating Microsoft’s Policies Keep in mind that Microsoft has very specific regulations regarding penetration testing if a security audit of your Azure environment is being considered. Tools are not a free for all – they cannot be abused. Microsoft’s Penetration Testing Rules Microsoft does allow testing of Microsoft owned resources you possess (Azure resources), however, there are restrictions. Based on the newest rules: • Most services no longer require check - based approval. • Microsoft services are still off limits for DDoS and phishing simulations. • Tests must abide by the rules set in Microsoft Cloud Penetration Testing Rules of Engagement. Best Practices for Safe Azure Pen Testing • Use Staging Environments : Production systems should not be used as they could cause a disruption in service. • Read the Rules : Microsoft’s governed official documents of best practices must be followed. • Document Everything : A comprehensive file containing test details, methods and rationale for chosen methods must be maintained. • Collaborate With a Certified Partner : It may be worthwhile to engage an Azure pen testing vendor with compliance specialties. Conclusion Conducting penetrative testing on Azure is not possible; it is an imperative strategy. Doing it in the proper manner, however, preserves compliance while defending your cloud assets from genuine threats. Source: https://joyrulez.com/blogs/77286/How - to - Conduct - Azure - Penetration - Testing - Without - Violating - Microsoft - s