This is a managed, cloud-based network security service that can be used to protect your network resources.
It has features such as Threat intelligence This can filter incoming requests and alert or deny traffic from/to malicious IP addresses and domains.
The firewall itself has built-in high availability.
It can scale automatically based on network traffic flows.

Here you can ensure that all traffic from machines in an Azure virtual network flows via the Azure Firewall service.

This service helps protect against Distributed denial of service attacks.
This is probably the biggest security concern for companies when they expose their applications to the Internet.
You have 2 plans for Azure DDoS protection.

Basic This is automatically enabled. This continuously monitors traffic in real time and looks at mitigation of common network-level attacks.

Standard This is a paid plan. But you get many benefits

Here you can get real time attack metrics and diagnostic logs via Azure Monitor

You can get help from DDoS Experts during a live attack

This is a solution that can help an organization classify and protect its documents and email by applying labels.
The labels can be applied automatically by administrators through the use of rules and conditions.
The labels can use visual markers on documents to tell the user the classification of the document

This is a cloud-based security tool that can be used to identify, detect and investigate advanced threats, compromised identities.
This service can be used to protect identities and credentials stored in Active Directory.
When monitoring your on-premise Active Directory domain controllers, you need to install an Azure ATP sensor on the domain controller.
It can be used to identify and investigate suspicious user activities and advanced attacks.

Helps you perform Secrets management Here you can securely store your tokens, passwords , certificates , API keys and other secrets
You can use this service to create encryption keys. You can then use these encryptions keys to encrypt your data.
You can also easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates
All of the secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs).
You can also monitor all the key vault activity by enabling logging. The logs can be sent to an Azure storage account, to an event hub or to Azure Monitor logs.

This service can be used to create, assign and manage policies.
You can use these policies to ensure that resources in your Azure account remain compliant with corporate standards and service level agreements.
You can use in-built policies or even define your own policies

This can be used to assign access to resources in Azure.
For example if you wanted to give access to a user to manage virtual machines in your subscription, you can use role based access control

Roles can be accessed at different scopes - Subscription, Resource groups and resources

To understand the data that gets collected from Microsoft when you use their products, you can refer to the Microsoft Privacy statement