Microsoft Azure and AKS Security
Tigera and Microsoft Azure together deliver active build, deploy, and runtime security with full-stack observability for securing, monitoring, and troubleshooting Linux and Windows containers on Azure and AKS

Overview
Calico helps Microsoft Azure and Azure Kubernetes Service (AKS) users protect their heterogeneous workload environments and Kubernetes, detect threats, and achieve continuous compliance. Users can apply a standard set of zero-trust workload access controls, enforce consistent security policies and have real-time visualization of services, namespaces, and pod communication for faster troubleshooting. AKS users can now run Calico CNI on their AKS clusters via the “Preview Mode” in Azure AKS. Whether using Calico CNI or Azure CNI for networking, users can deploy and manage a consistent set of security policies across both Windows and Linux servers hosting Kubernetes clusters on the Microsoft Azure cloud and AKS.
Benefits
Zero-Trust Workload Security
Protect your container and Kubernetes workloads running on Microsoft AKS and applications with zero-trust workload security
Container Security
Robust build-time security with safeguards for Microsoft AKS and Azure applications
Observability and Troubleshooting
Identify and resolve connectivity issues and security policy violations between namespaces, microservices, and pods in AKS and Microsoft Azure
Top Use Cases

Zero-Trust Workload Security
A Zero-Trust approach to application security is a must-have in today’s environment. But traditional network-based access controls are inadequate for containerized workloads as they don’t have a fixed network address. Instead, Zero-Trust Security controls must be implemented at the workload level.
What can you do with Calico?
Implement zero-trust workload access controls and protect containerized environments in Microsoft Azure and AKS from outside threats, while enabling applications and workloads to securely communicate with resources outside the cluster behind a firewall or other control point.
KEY FEATURES INCLUDE
- Zero-trust workload access controls
- Identity-aware microsegmentation
- Universal firewall integration
- Envoy-based app-level protection
- DNS policies to limit access to external resources

Container Security
Container security is the process of implementing security tools and policies to assure that everything in your container is running as intended, including protection of infrastructure, software supply chain, runtime, and everything in between.
What can you do with Calico?
Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.
KEY FEATURES INCLUDE
- Image assurance
- Configuration assessment
- Runtime threat defense

Compliance
Auditors need proof that you are enforcing these controls, but capturing the information required to show proof can be challenging, especially in a dynamic, distributed Kubernetes environment where workloads are ephemeral. For example, auditors will want to know what security controls are currently implemented, whether control changes be detected, and if compliance be verified for any given day and time.
What can you do with Calico?
Calico continuously monitors your cloud-native environment for compliance and retains a daily history of your compliance status. Calico also includes predefined compliance report formats, as well as a resource for creating customized reports.
KEY FEATURES INCLUDE
- Encryption
- Security controls
- Evidence and audit reports
- Configuration security

Observability and Troubleshooting
Traditional monitoring solutions create data silos at each level and stitch them together to provide a snapshot view of interactions and dependencies. This approach is not scalable for a distributed application running in a Kubernetes environment given the high volume of granular data generated at each level and lifespan of each interaction, due to the underlying infrastructure and the ephemeral nature of workloads within Kubernetes.
What can you do with Calico?
Enable faster troubleshooting of workloads and cloud-native applications with Dynamic Service and Threat Graph, Dynamic packet capture, anomaly detection, and performance hotspots, leading to shorter time-to-resolution, less application downtime, and improved QoS.
KEY FEATURES INCLUDE
- Dynamic Service and Threat Graph
- Dynamic packet capture
- Performance hotspot detection
Quick Start
Developers and administrators who want to apply security-policy enforcement to Microsoft Azure or AKS clusters can get started with Calico Cloud in just a few minutes. Calico Cloud provides a rich networking and security policy model for Windows and Linux containers and Kubernetes that helps secure communications by controlling traffic flows.
How It Works
Key Capabilities
Get Started
Getting started with Calico and Microsoft AKS is easy.
Whether running Calico policy alongside the Azure’s CNI, or using Calico CNI in AKS “Preview Mode”, everything you need to get Calico installed and configured in your Microsoft AKS cluster is available in the below links: