Azure firewall Logs and SKU Changes

Last Updated on June 19, 2023 by Arnav Sharma

Microsoft announced several Azure Firewall enhancements last week.

Microsoft’s firewall-as-a-service offering Azure Firewall can now enhance or downgrade between product tiers, also known as “stock-keeping units” (or SKUs). In addition, Azure Firewall has a new structured logs feature that promises to make log data simpler to locate and analyse.

Announcements: 

Announcing Azure Firewall Upgrade/Downgrade General Availability – Microsoft Community Hub

Announcing Azure Firewall Structured Logs General Availability – Microsoft Community Hub

Both capabilities were described as having achieved “general availability” (GA) status, which indicates that Microsoft considers them suitable for use in production environments.

Upgrade/Downgrade

Microsoft has made it simple to upgrade or downgrade between its Azure Firewall Standard and Premium product offerings “with a single click of a button.”

This feature, titled “Azure Firewall Easy Upgrade/Downgrade,” is accessible to IT professionals through the “Change SKU” option on the Azure Portal. IT professionals can also access it “via REST API, PowerShell, and Terraform.”

The GA release of Microsoft’s Azure Firewall Basic product occurred in March, but the Basic plan was not described as a downgrade option in the announcement. Microsoft’s three Azure Firewall SKUs were previously described as follows.

Basic is intended for small to medium-sized businesses requiring less than 250Mbps of throughput.
Standard is for organisations requiring a “Layer 3–Layer 7 firewall” with a maximum throughput of 30Gbps.
Premium is for organisations that need to “secure highly sensitive applications, such as payment processing,” with 100Gbps throughput support.
Microsoft marketed Azure Firewall Premium to businesses with “more complex network architectures, regulatory compliance, and security requirements.” It includes “URL filtering, intrusion detection and prevention, TLS inspection, and more comprehensive threat intelligence capabilities,” as explained in the announcement.

Microsoft’s announcement promised that the new upgrade or downgrade capability will alter the SKU between the Standard and Premium options “without service downtime.”

Structured Logs

Microsoft recommends that Azure Firewall users utilise its newly commercialised Structured Logs feature. Structured Logs are distinguished by their use of “a predefined schema to structure log data in a way that makes it easy to search, filter, and analyse,” according to Microsoft.

Microsoft describes why IT professionals should use Structured Logs as follows:

This [Structured Logs capability] is recommended because it simplifies working with the data in log queries, improves discoverability of schemas and their structure, enhances performance across ingestion latency and query times, and enables the assignment of Azure RBAC permissions to a specific table.

Microsoft suggested that IT professionals will find it simpler to search log data and integrate it with analysis tools, which will facilitate troubleshooting efforts. Additionally, it can aid in detecting security hazards.

Microsoft explained that Structured Logs are distinct because they use “Resource Specific Tables instead of the existing AzureDiagnostics table.”

To use Structured Logs, Microsoft indicates that organisations must “first configure a Log Analytics workspace in your Azure subscription” to store log data. Afterwards, it is activated using the “Diagnostic settings blade in the Azure Portal.”


Q: What is Azure Firewall?

A: Azure Firewall is a service that protects your Azure virtual network resources. It’s a firewall as a service that allows or denies traffic based on source and destination IP addresses, ports, and protocols. It has three different SKUs available – Basic, Standard and Premium

Q: How can I deploy Azure Firewall?

A: You can deploy Azure Firewall using Azure Portal or CLI.

Q: What is a Hub in Azure Firewall?

A: A Hub is a virtual network that connects other virtual networks to Azure Firewall.

Q: What is the difference between Azure Firewall Standard SKU and Azure Firewall Premium SKU?

A: Azure Firewall Premium SKU and Azure Firewall Standard SKU both have similar features and capabilities with Premium SKU offering additional features such as Threat Intelligence and outbound FQDN filtering.

Q: How can I configure Azure Firewall?

A: You can configure Azure Firewall using Azure Portal or through PowerShell and CLI commands.

Q: What is the role of Firewall Policy in Azure Firewall?

A: Firewall Policy is used to centrally manage and enforce organization-wide network security policies for Azure Firewall.

Q: How can I use Application Rule in Azure Firewall?

A: You can use Application Rule to allow or deny traffic based on specific application or services.

Q: How can I monitor network traffic in Azure Firewall?

A: You can monitor network traffic in Azure Firewall using Azure Monitor Logs.

Q: What is Outbound FQDN filtering in Azure Firewall?

A: Outbound FQDN filtering in Azure Firewall is used to block traffic based on Fully Qualified Domain Names (FQDNs) that appear in DNS queries made by your virtual network resources.

Q: Can I deploy Azure Firewall in Azure Virtual Network?

A: Yes, you can deploy Azure Firewall in Azure Virtual Network, it is the recommended method to use the Azure Firewall service.


keywords: firewall dns, firewall resource, azure services, azure services, peak traffic, microsoft azure, rule collection need to configure, web categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Toggle Dark Mode