Microsoft Security Intelligence Report

Welcome to the interactive Microsoft Security Intelligence Report. We created this site as a complement to our annual report to enable you to dig into the data in more detail.

Some key highlighted takeaways may differ from the written report as we add new data monthly. Come back and visit often to check in on the latest security trends.

For a deeper assessment and recommendations on how to protect against threats, download the Microsoft Security Intelligence Report at

Cloud provider related incoming attacks

Cloud providers such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponize virtual machines and other resources.

The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, to deliver spam campaigns that can be used for email phishing attacks, for reconnaissance such as port scanning to identify new attack targets, and for other malicious activities. The geographical map shows incoming attacks on Azure—specifically the IP addresses where the attacks originated – detected by Azure Security Center.

Next section

Click to interact with Cloud Incoming Attacks dashboard
Click to interact with dashboard