This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 79%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
We recevied an alert on defender for cloud stating vulnerability scanner detected. while checking the owner of the IP, it's MICROSOFT-CORP-MSN-AS-BLOCK and it is scanning for world press related stuffs on my azure app services.
Is it some sort of intenal scanning or do we have to report abuse on it?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello @AzureGladiator
Thank you for posting your query on Microsoft Q&A.
It is most likely an internal scan, either as part of Microsoft's security assessments, vulnerability scanning, or proactive measures like the Azure Security Center or associated services performing their checks, since it originates from an IP range owned by Microsoft.
To improve client security, Microsoft frequently performs internal security scans on all of its cloud infrastructure, including Azure-hosted apps, to find vulnerabilities. This scan might be a valid way to look for possible WordPress vulnerabilities, like out-of-date plugins or customizations.
If the scan seems unusual or doesn't appear to be related to any of your Microsoft services, or if you suspect malicious activity, you can consider reporting it through Microsoft's Abuse Reporting channels. They take abuse reports seriously and will investigate any suspicious behavior: https://learn.microsoft.com/en-us/defender-office-365/submissions-report-messages-files-to-microsoft
Although it's likely an internal Microsoft security scan, it's recommended to double-check and keep an eye out for any unusual activities. You can report the scan if it doesn't match your configured services or if it worries you, but given the IP range, it most likely is a part of Microsoft's routine checks.
Ref: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-vulnerability-assessment
I hope this clarifies things. Please contact us if you have any additional questions.
If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.
Best regards,
Sakshi Devkante
Hello @AzureGladiator
I am following up to see if the suggestion provided above was helpful to you. If you have any further questions or need additional assistance, please don’t hesitate to reach out.
Best regards,
Sakshi Devkante
Hello @AzureGladiator
I am following up to see if the suggestion provided above was helpful to you. If you have any further questions or need additional assistance, please don’t hesitate to reach out.
Best regards,
Sakshi Devkante