McAfee Skyhigh Security Cloud for Azure

Protect your Azure infrastructure from security threats and compliance risks with comprehensive monitoring, auditing, and remediation

Download Datasheet

Audit Azure security and compliance configuration

McAfee continuously monitors and audits the security configuration of all managed and unmanaged Azure subscriptions to reduce risk and ensure compliance with external regulations and internal policies. McAfee uses field-tested industry best practices to suggest corrective measures to harden Azure security settings.


Detect internal and external threats to Azure infrastructure

McAfee captures a complete audit trail of all user activity in managed and unmanaged Azure subscriptions across multiple heuristics, detects threats, automatically takes risk-mitigating action, and supports post-incident forensic investigations. As threats are resolved, McAfee automatically incorporates this data into its behavioral models to improve detection accuracy.

Compromised accounts

McAfee detects compromised account activity in Azure based on brute force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel – even if the two logins occur across multiple cloud services – to support immediate remediation and limit exposure.

Insider and privileged user threats

McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and group to identify activity indicative of insider threat. Privileged user analytics identifies risk from inactive administrator accounts, excessive permissions, and unwarranted escalation of privileges and user provisioning.

Download the Datasheet

Download the McAfee Skyhigh Security Cloud for Azure datasheet for a complete list of product capabilities

Download Now

Prevent unauthorized regulated data from being stored in Azure storage services

McAfee Skyhigh Security Cloud for Azure enforces DLP policies across data at rest and in motion to ensure compliance with regulations and internal policies. McAfee supports DLP rules based on keywords, data identifiers, user groups, and regular expressions. Enforcement actions include coach users, notify administrator, block, quarantine, and delete. Leverage pre-built industry templates, create custom policies in McAfee, or leverage policies in an existing on-premises DLP solution.


“McAfee continues to expand its security controls beyond SaaS to help companies cover their custom-built applications running in IaaS including the IaaS platforms themselves.”

David Smoley, Chief Information Officer

“McAfee helps us understand how employees use the cloud to identify insider threats, compromised credentials, and excessive privileged user access.”

Mike Bartholomy, Senior Manager, Information Security

“In an environment with millions of unique events each day, McAfee does a nice job of cutting through the noise and directing us to the areas of greatest security concern.”

Ralph Loura, Chief Information Officer

“McAfee allows us to have more control over data security by adding an additional layer of protection beyond what the typical cloud service provider can offer.”

Jenai Marinkovic, Chief Security Officer

Standardize on a corporate Azure subscription

McAfee identifies all Azure subscriptions in use by employees and enables enterprises to standardize on their corporate Azure subscriptions. Using McAfee, you can enforce governance controls and coach users to corporate Azure subscriptions for centralized visibility and policy enforcement.

Key Features

Azure Usage Discovery

Identifies Azure usage across unmanaged and corporate subscriptions and enables enterprises to enforce a uniform set of policies on all Azure subscriptions.

Security Configuration Audit

Discovers current cloud application security settings and suggests modifications to improve security based on industry best practices.

Compliance Audit

Continuously monitors Azure configuration against regulatory requirements to streamline internal and external audits.

Cloud Activity Monitoring

Leverages Azure APIs to capture a complete audit trail of all user and administrator activities to support post-incident investigations and forensics.

User Permissions Audit

Audits the identity and access management (IAM) permissions assigned individually to each user account and inherited from group membership.

Account Access Analytics

Identifies inactive user accounts and former employees who retain access to Azure so their accounts can be deleted to reduce latent risk.

Azure SOC

Delivers a threat dashboard and incident-response workflow to review and remediate insider threats, privileged user threats, and compromised accounts.

Threat Modeling

Correlates multiple anomalous events within Azure or across Azure and other cloud services to accurately separate true threats from simple anomalies.

User Behavior Analytics

Automatically builds a self-learning model based on multiple heuristics and identifies patterns of activity indicative of a malicious or negligent insider threat.

Privileged User Analytics

Identifies excessive user permissions, inactive accounts, inappropriate access, and unwarranted escalation of privileges and user provisioning.

Account Compromise Analytics

Analyzes login attempts to identify impossible cross-region access, brute-force attacks, and untrusted locations indicative of compromised accounts.

Guided Learning

Provides human input to machine learning models with real-time preview showing the impact of a sensitivity change on anomalies detected by the system.

Ground Link

Facilitates integration with firewalls, proxies, SIEMs, directory services via LDAP, on-premises DLP, HSMs, and EMM/MDM solutions and tokenizes sensitive data.

Privacy Guard

Leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.

Integration with SIEMs

Collects log files from SIEMs and provides the ability to report on incidents and events from Skyhigh in SIEM solutions via syslog and API integration.

Integration with IDM

Leverages identity management (IDM) solutions for pervasive and seamless traffic steering through Skyhigh Gateway and contextual authentication.

Let’s unleash the power of the cloud

Request a Demo Request a Cloud Audit