Stronger Cloud Security in Azure Function Using Custom Cloud Container<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.html\"><br \/>\n<meta property=\"og:title\" content=\"Stronger Cloud Security in Azure Function Using Custom Cloud Container\"><br \/>\n<meta property=\"og:description\" content=\"In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/stronger-cloud-security-in-azure-function%20using-custom-cloud-container.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Stronger Cloud Security in Azure Function Using Custom Cloud Container\"><br \/>\n<meta name=\"twitter:description\" content=\"In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/stronger-cloud-security-in-azure-function%20using-custom-cloud-container.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"49.892788768347\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"930799670\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.7530487804878\">\n<div class=\"article-details\" role=\"heading\" readability=\"36.957317073171\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Cloud<\/p>\n<p class=\"article-details__description\">In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions.<\/p>\n<p class=\"article-details__author-by\">By: David Fiser, Alfredo Oliveira <time class=\"article-details__date\">September 29, 2022<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"39.468247248095\">\n<div readability=\"28.453852667231\">\n<p>We have written extensively on the security gaps in <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/crafting-an-azure-app-services-threat-model\">Azure Functions<\/a> and <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/crafting-an-azure-app-services-threat-model\">Azure App Services,<\/a> including their consequences. One way developers can enhance <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/cloud-security-key-concepts-threats-and-solutions\">cloud security<\/a> and minimize these gaps is to create custom <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/container\">container image<\/a> and use the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/i\/enhancing-cloud-security-by-reducing-container-images-through-di.html\">Distroless approach<\/a>. In this entry, we veer the conversation toward what skilled developers can do to minimize the impact of these security gaps, specifically in Azure Function.<\/p>\n<p><span class=\"body-subhead-title\">Azure Functions<\/span><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-overview\" target=\"_blank\" rel=\"noopener\">Azure Functions<\/a> is a serverless solution aimed at simplifying the deployment and maintenance of applications for developers.<\/p>\n<p>At its surface, we have the App Service plan, which guarantees physical hardware allocation and which we could imagine as a virtual machine. Inside that, we can find a Docker container engine installed. This engine executes a container image that is built with Azure-function-host runtime. Azure-function-host, by its name, effectively manages the Azure Function Runtime, making it responsible for communication with Azure back ends.<\/p>\n<p>This architecture executes azure-functions-worker when serverless function execution is triggered, which in turn executes the actual serverless application with the provided function code.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-1-azure-function.jpg\" alt=\"Figure 1. Simplified architecture of Azure Functions\"><figcaption>Figure 1. Simplified architecture of Azure Functions<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p><span class=\"body-subhead-title\">Creating a custom container in Azure Function<\/span><\/p>\n<p>The default container image for chosen stack could be replaced by a custom container image. In such a case the image must contain the <b>azure-function-host<\/b> so it can work properly with Azure Functions. It\u2019s worth mentioning that the option to create a custom container is only available for the Linux platform on Azure Functions Premium plan.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-2-function-app.jpg\" alt=\"Figure 2. Creating Azure Function with custom Docker container\"><figcaption>Figure 2. Creating Azure Function with custom Docker container<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.343220338983\">\n<div readability=\"10.114406779661\">\n<p>For this blog entry, we followed <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-create-function-linux-custom-image?tabs=in-process%2Cbash%2Cazure-cli&pivots=programming-language-python\" target=\"_blank\" rel=\"noopener\">Azure documentation<\/a> for creating a custom container using Python as our code interpreter. However, we made a slight modification where we chose private container registry inside Azure for the deployment.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-3.jpg\" alt=\"Figure 3. Setting private registry for Azure custom container serverless deployment\"><figcaption>Figure 3. Setting private registry for Azure custom container serverless deployment<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>We built the container image locally, then pushed it into private registry that we configured to be linked with serverless function.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-4.jpg\" alt=\"Figure 4. The deployment diagram\"><figcaption>Figure 4. The deployment diagram<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.169176262179\">\n<div readability=\"21.92028343667\">\n<p><span class=\"body-subhead-title\">Building the image<\/span><\/p>\n<p>For our base image, we chose <i>mcr.microsoft.com\/azure-functions\/python:4-python3.9<\/i> from the <a href=\"https:\/\/mcr.microsoft.com\/en-us\/product\/azure-functions\/base\/about\" target=\"_blank\" rel=\"noopener\">Azure Functions Base list<\/a> available inside <a href=\"https:\/\/mcr.microsoft.com\/en-us\/catalog\" target=\"_blank\" rel=\"noopener\">Microsoft Container Registry<\/a>.<\/p>\n<p>Now we go back to our aim for this blog entry, which is to better secure the use of Azure Functions without affecting its functionality. This aim can be broken down into three goals:<\/p>\n<ol>\n<li><span>To remove sensitive environmental variables inside the serverless application executing context <\/span><\/li>\n<li><span>To reduce the container image and limit permissions needed for our application <\/span><\/li>\n<li><span>To minimize the impact of our changes on the functionality of Azure Functions<\/span><\/li>\n<\/ol>\n<p>It\u2019s important to note that some environmental variables will likely be required for function-host to run and thus for the whole serverless application to work. However, we want to ensure that our serverless application does not have access to such sensitive variables.<\/p>\n<p>Before we start, we need to identify the differences in the Python stack chosen when creating Azure function based on azure-functions\/mesh:3.7.1-python3.9 and when creating the same function using the Azure Function Base-Python image.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-5.jpg\" alt=\"Figure 5. Comparison of container images\"><figcaption>Figure 5. Comparison of container images<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38.5\">\n<div readability=\"22\">\n<p>As illustrated in Figure 5, the mesh container image executes initialization wrapper script under the root user before executing the WebHost.dll binary under the app user using sudo command, thereby passing all the environmental variables to WebHost.dll. In comparison, base images execute WebHost.dll binary under root user by default. The WebHost.dll then executes the python-worker, the process that will then execute the serverless code itself.<\/p>\n<h2><span class=\"body-subhead-title\">Removing sensitive environmental variables<\/span><\/h2>\n<p>Sensitive environmental variables are needed inside the WebHost.dll for it to run. Because of this nature, sensitive information is inherited into the python-worker process and the serverless code executed out of it. Since the variables are part of process memory, our options for removing them are limited. In addition, we can print other process environmental variables running under the same user by using read permissions and the nature of \/proc\/ file system.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-6.jpg\" alt=\"Figure 6. Accessing other process environmental variables\"><figcaption>Figure 6. Accessing other process environmental variables<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>Because of this feature, the best option is to alter the functionality of WebHost.dll binary (or its configuration) to execute the language-worker under a different user and without the sensitive environmental variables.<\/p>\n<p>Since we already have the container image build process in our hands, we can investigate what is the best alteration point. Since our interpreter is Python, the easiest way to inject our code is to rename the Python binary inside the container image and replace it with a custom shell script under the original name. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-7-environmental-analysis-container.jpg\" alt=\"Figure 7. Environmental analysis of the container\"><figcaption>Figure 7. Environmental analysis of the container<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>The content of our shell script will be simple. We execute the Python worker as a different user using the <b>sudo -u www-data<\/b> command without passing environmental variables.<\/p>\n<p>If a developer would want to pass environmental variables, they can limit access to sensitive variables using unset command and the E parameter of sudo. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-8-executing-the-python-under-user.jpg\" alt=\"Figure 8. Executing the python under user www-data passing all other parameters\"><figcaption>Figure 8. Executing the python under user www-data passing all other parameters<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>As Figure 9 shows, we were able to get rid of environmental variables and limit access to sensitive ones when needed.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-9-running-python-worker.jpg\" alt=\"Figure 9. Running python worker without additional environmental variables\"><figcaption>Figure 9. Running python worker without additional environmental variables<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-10-denying-access-to-sensitive-environmental-variables.jpg\" alt=\"Figure 10. Denying access to sensitive environmental variables\"><figcaption>Figure 10. Denying access to sensitive environmental variables<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>We also tested whether the changes we made still allowed us to run our serverless function within Azure environment successfully. Figure 11 shows the result of this test.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-11-container-running-at-azure-without-env-variables.jpg\" alt=\"Figure 11. Custom container running at Azure without environmental variables\"><figcaption>Figure 11. Custom container running at Azure without environmental variables<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.525032092426\">\n<div readability=\"18.756097560976\">\n<h2><span class=\"body-subhead-title\">The distroless approach: Reducing the container image and limiting permissions<\/span><\/h2>\n<p>Our second goal was to reduce the container binaries and image size to their bare minimum (the application and its dependencies), a method which is better known as the <a href=\"https:\/\/github.com\/GoogleContainerTools\/distroless\" target=\"_blank\" rel=\"noopener\">distroless<\/a> approach. Using this approach, we will reduce our custom container by removing binaries that are not essential for running the application and could provide useful tools for attackers in the event of a successful exploit.<\/p>\n<p>The binaries we removed from the container image are all binaries from the <b>\/bin<\/b> directory, which includes the shell as well. We would therefore need to update our environmental tweak later. We also removed <b>curl<\/b>, <b>wget,<\/b> and <b>perl<\/b> binaries located in the <b>\/usr\/bin<\/b> directory in our demonstration example.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-12.jpg\" alt=\"Figure 12. Example of a distroless container Dockerfile\"><figcaption>Figure 12. Example of a distroless container Dockerfile<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.770547945205\">\n<div readability=\"15.671232876712\">\n<h2><span class=\"body-subhead-title\">Minimizing the impact of our changes<\/span><\/h2>\n<p>We now need to minimize the effects of our changes and ensure functionality. Because we had removed the shell interpreter, our script wouldn\u2019t have worked, so instead we replaced the script with a custom compiled binary that does the same job. Instead of using shell interpreter, however, we used the <a href=\"https:\/\/linux.die.net\/man\/3\/execve\" target=\"_blank\" rel=\"noopener\"><b>execve<\/b><\/a> system function. This function lets us set environmental variables for the new process, allowing us to specify the non-sensitive environmental variables we need in our application, which we can obtain dynamically using <a href=\"https:\/\/cplusplus.com\/reference\/cstdlib\/getenv\/\" target=\"_blank\" rel=\"noopener\">getenv<\/a> function.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-13-custom-binary-poc.jpg\" alt=\"Figure 13. Custom binary PoC\"><figcaption>Figure 13. Custom binary PoC<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/figure-14-successfully-deployed-custom-container.jpg\" alt=\"Figure 14. Successfully deployed custom image inside Azure Serverless environment, specifying environmental variables available to the executed serverless code\"><figcaption>Figure 14. Successfully deployed custom image inside Azure Serverless environment, specifying environmental variables available to the executed serverless code<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38.405315614618\">\n<div readability=\"27.109634551495\">\n<h3><span class=\"body-subhead-title\">Conclusion<\/span><\/h3>\n<p>In previous blog entries, we discussed the architectural design flaws we saw in the cloud, which could allow malicious actors to abuse environmental variables upon successful exploitation.<\/p>\n<p>In our entry on the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/crafting-an-azure-app-services-threat-model\">Azure App Services threat model<\/a>, we showed gaps in the architectural design, such as the use of master root password for the container and environmental variables that contained sensitive information. We explained why it is <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/analyzing-the-risks-of-using-environmental-variables-for-serverless-management\">a bad idea to store sensitive information inside environmental <\/a>variables, even if the DevOps community might think otherwise. We also described the consequences of keeping <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/h\/analyzing-hidden-danger-of-environment-variables-for-keeping-secrets.html\">sensitive information inside environmental variables<\/a>.<\/p>\n<p>As mentioned, we are shifting our discussion toward what developers can do to minimize the impact of security gaps in the cloud. We aim to do this by introducing little tweaks to the container image that developers are allowed to produce. Developers should know not only what runs beneath the surface but also that trusting default images has its limits. They should evaluate services carefully and learn to remain vigilant even when using trustworthy services. <\/p>\n<p>Hardening security and maintaining application functionality can be difficult. We proved that it is possible to get rid of environmental variables and transfer non-sensitive environmental variable to the low privileged language worker through proper container image design, so it is not far-fetched to see such security measures performed by platform developers as well.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/i\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Function. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":48644,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9520,9509],"class_list":["post-48643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-research"],"yoast_head":"\n<title>Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-29T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/stronger-cloud-security-in-azure-function%20using-custom-cloud-container.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Stronger Cloud Security in Azure Function Using Custom Cloud Container\",\"datePublished\":\"2022-09-29T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/\"},\"wordCount\":1422,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/\",\"name\":\"Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg\",\"datePublished\":\"2022-09-29T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg\",\"width\":1250,\"height\":1250},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Stronger Cloud Security in Azure Function Using Custom Cloud Container\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/","og_locale":"en_US","og_type":"article","og_title":"Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-09-29T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/22\/stronger-cloud-security-in-azure-function%20using-custom-cloud-container.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Stronger Cloud Security in Azure Function Using Custom Cloud Container","datePublished":"2022-09-29T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/"},"wordCount":1422,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/","url":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/","name":"Stronger Cloud Security in Azure Function Using Custom Cloud Container 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg","datePublished":"2022-09-29T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/stronger-cloud-security-in-azure-function-using-custom-cloud-container.jpg","width":1250,"height":1250},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Stronger Cloud Security in Azure Function Using Custom Cloud Container"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48643"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48643\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48644"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":48643,"date":"2022-09-29T00:00:00","date_gmt":"2022-09-29T00:00:00","guid":{"rendered":"urn:uuid:18a52dea-e0fc-8143-0006-d661d9d8b092"},"modified":"2022-09-29T00:00:00","modified_gmt":"2022-09-29T00:00:00","slug":"stronger-cloud-security-in-azure-function-using-custom-cloud-container","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/stronger-cloud-security-in-azure-function-using-custom-cloud-container\/","title":{"rendered":"Stronger Cloud Security in Azure Function Using Custom Cloud Container"},"content":{"rendered":"