Frequently Asked Questions
About Microsoft Interflow
Q. What is Interflow?
Interflow is a security automation platform for the exchange of security and threat information based on the STIXTM (Structured Threat Information eXpression), TAXIITM (Trusted Automated eXchange of Indicator Information), and CybOXTM (Cyber Observable eXpression standards) specifications. It contributes to a collectively stronger security ecosystem by enabling action through information.
Q. What needs and opportunities does Interflow address?
Security automation is what currently stands between reactive and proactive use of security and threat information. The goal of Interflow is to help enable and facilitate security automation across the industry. Today, in the industry, security and threat information is primarily shared via email, Comma Separated Values (CSV) files, and web portals. Using community-driven specifications for the structure and exchange of information in a machine readable format allows for rapid, automated processing which helps enable organizations to build better protections and reduce the cost of defense.
Q. What are some of the capabilities of Interflow?
Interflow enables automated machine-to-machine exchange of security and threat information, using community-driven format and structure specifications. It allows users to create their own sharing communities, and define what to share and with whom. Interflow’s filtering capabilities enable users to create watch lists and prioritize rapid action, instead of manual compilation of data. Through Interflow’s watch lists, customers no longer have to look for needles in a haystack.
See more About Interflow FAQs
Q. How is Interflow different from other exchange platforms and data feeds?”
Firstly, Interflow is an engine designed and built for the greater good of the community, and it requires a Microsoft Azure subscription for use. It does not necessitate purchase of any propriety appliances, products or formats. Secondly, Interflow is designed to integrate into existing operational and analytical tools already in place and be compatible with various other systems via a simple plugin architecture. Finally, Interflow users can choose what communities to form and what data to share and with whom, due to its distributed architecture which provides users autonomy.
Q. Are there plans to make Interflow available on-premises and for private cloud use?
During the private preview, Interflow will only be available as a cloud service. During the private preview, we will seek input from early adopters in order to evaluate the need for an on-premises version.
Q. What level of control do users have on the security and threat data they bring to Interflow?
Users can determine what communities to form and what data to share with whom in their community. Users make the appropriate sharing decisions based on their needs.
Interflow Private Preview
Q. What is the goal of the private preview?
Interflow is created for the community, and we will continue to work closely with the community during the private preview stage. The private preview enables early adopters to give us valuable feedback and shape the product roadmap moving forward.
Q. Who can participate in the private preview?
Organizations and enterprises with dedicated security incident response teams can inquire about the private preview through their Technical Account Managers or by emailing
email@example.com. Microsoft plans to make Interflow available to all members of the Microsoft Active Protections Program (MAPP) in the future.
Q. Is there a cost to join the private preview?
During the private preview Interflow is free for Microsoft Azure subscribers. Users need an Azure subscription for compute and storage resources, and can get started with an Azure trial subscription at
https://azure.microsoft.com/en-us/pricing/free-trial/. During the private preview, there is no fee for the data feeds Microsoft is bringing to Interflow.
See more Interflow Private Preview FAQs
Q. What data feeds is Microsoft making available during the private preview?
Microsoft plans to provide lists of suspected malicious URLs, Microsoft Active Protections Program (MAPP) detection guidance (to eligible MAPP partners), and other information during the private preview.
Q. What level of support is Microsoft providing during the private preview?
For the private preview, Microsoft plans to provide deployment and configuration guidance for early adopters. In addition, at the Microsoft Connect site, preview participants can use forums to submit feedback and find additional information.
 STIXTM - Structured Threat Information eXpression
TAXIITM - Trusted Automated eXchange of Indicator Information
CybOXTM - Cyber Observable eXpression standards