Differences between Azure Guest OS and Default Windows Server
Updated: November 13, 2014
The following page lists the differences between default installations of Windows Server and the Microsoft Azure Guest Operating System (OS) used with Azure Cloud Services. For more information on the Guest OS, see Manage Upgrades to the Azure Guest Operating System (Guest OS). The Guest OS only applies to Azure Cloud Services. It does not apply to Azure Virtual Machines (IaaS).
None at this time
Additional Audit and Local Group Policy Security Settings – Introduced June 2013
TLS/SSL Cipher Suite Enhancements – Introduced August 2014
Additional FAQ information will be provided on the Guest OS Security FAQ page
You must be running the August Guest OS or later to have these changes.
As part of Microsoft’s promise to protecting customer data from government snooping, Azure is implementing stronger cryptography to protect communications, including Perfect Forward Secrecy (PFS). The following Transport Layer Security (TLS)/Secure Socket Layer (SSL) Cipher Suite enhancements are implemented in the August 2014 updates of the Azure Guest OS. These changes are available in versions 4.11, 3.18, 2.30, and 1.38 (if released) of the Azure Guest OS.
Cipher Suite Order determines the cipher suites used by the Transport Layer Security (TLS)/Secure Socket Layer (SSL).
This setting prioritizes use of the following TLS/SSL cipher suites in the order specified, with the most secure options being first on the list.
This change disables weaker TLS/SSL protocols, (for example, SSL 2.0) in addition to those that are already disabled. The change will also ensure that the stronger protocols are enabled in all Azure Guest OS families (SSL 3.0, TLS 1.0, 1.1 and 1.2).
The details of this change are documented in Knowledge Base article 2859054.