Upwind Expands Azure Integration With New Runtime Security Partnership With Microsoft

Key Takeaways

• Upwind launched a partnership with Microsoft to bring runtime security features into Azure
• The integration uses eBPF technology to provide behavioral visibility inside active workloads
• MSPs and MSSPs gain multi-tenant management capabilities through the Upwind partner program

Cloud security conversations often circle around misconfigurations or unpatched vulnerabilities. Those issues matter, of course, but they rarely tell the full story. What actually happens inside a running workload tends to be a blind spot. That gap is what Upwind says it is now filling through a new partnership with Microsoft.

The company confirmed that its runtime protection and visibility platform is now directly integrated into Microsoft Azure. The solution is available through the Azure Marketplace and connects with both Microsoft Sentinel and Microsoft Defender for Cloud. It is a fairly straightforward pitch aimed at organizations that already rely on Microsoft's ecosystem. Defender for Cloud gives them foundational posture management, while Upwind adds behavioral context that highlights what is happening inside workloads in real time.

Amiram Shachar, CEO and co-founder of Upwind, told ChannelE2E that Microsoft Defender for Cloud provides the baseline many enterprises depend on. Pairing the two gives customers a clearer picture of risks that are truly exploitable rather than only theoretically possible. It is an appeal to efficiency as much as it is to security outcomes. After all, who wants to chase endless alerts when only a handful represent real exposure?

Here is where things get interesting. Native tools inside cloud platforms typically lean on static scanning. That approach catches configuration issues but misses the dynamic behavior of workloads. Upwind takes a different route by monitoring in-memory execution, network flows, and API activity. Shachar said Azure customers gain a centralized view of risks across code, cloud resources, containers, and virtual machines. The goal is to show what an attacker could actually reach, not just what exists in the environment.

Part of this capability comes from eBPF, a Linux kernel-level framework that has become essential for modern observability. Upwind uses eBPF to gather workload behavior without requiring code modifications or invasive agents. Many vendors have started adopting eBPF in recent years, but Shachar emphasized that Upwind treated it as a foundational design element from the beginning. That claim is not unusual in the security market, yet the timing does matter since eBPF has rapidly evolved and now appears in everything from observability tools to cloud detection and response platforms.

What does this mean in practice? One result is how alerts are handled. Instead of generating single events that analysts need to stitch together, Upwind groups related data into structured Threat Stories. Each one includes a timeline, root cause details, and suggested response actions. This is meant to reduce noise for security teams that already struggle with limited headcount. Anyone who has spent time in a SOC knows how quickly alert fatigue sets in, so condensing related activity into a narrative format can make a noticeable difference.

There is another angle here, one that has less to do with workload internals and more to do with how partners operate. Upwind built its platform to support multi-tenant management, making it easier for MSPs and MSSPs to onboard clients and enforce policies across many environments. Shachar described the company as partner-first, and the collaboration with Microsoft allows for co-selling within the Azure ecosystem. That kind of alignment is often important for service providers who want predictable margins and minimal friction with vendor programs.

These partner programs typically include incentives, enablement resources, and joint go-to-market support. Service providers tend to care as much about the stability of revenue as the technology itself. In other words, having a predictable motion matters. High-margin managed services built around runtime security offer an appealing addition for providers seeking differentiation in a crowded market.

Something else worth noting is how cloud applications behave today. Workloads spin up and down quickly, containers interact with dozens of services, and ephemeral infrastructure makes static analysis feel dated. Security teams often ask a simple question: what is happening right now? It sounds basic, yet it has become surprisingly difficult to answer in distributed environments. Upwind argues that putting runtime visibility directly inside Azure eliminates extra data pipelines and shortens the path from detection to response.

The broader context is that cloud providers continue expanding their built-in security controls. At the same time, specialized vendors look for ways to integrate deeply rather than compete from the outside. This partnership fits that pattern. Customers remain inside the Azure ecosystem they already trust, while Upwind contributes visibility that native tools do not currently provide. Whether this becomes a model for other runtime security vendors remains to be seen, but it does reflect how the market is shifting.

What will be interesting is how quickly enterprises adopt runtime-based insights as part of their standard workflows. The need is certainly there. The real test is whether teams can use this additional context to respond faster and avoid drowning in yet another layer of data. For now, Upwind is betting that pairing its architecture with Microsoft's cloud footprint will give customers what they have been asking for, a clearer view of their most active and potentially vulnerable workloads.