Hi Louis,
Please take a look at
Security best practices for developing Windows Azure applications, it does not give internal details of "how" (for obvious reasons) but it talks about DDOS attack and its mitigated partially by infrastructure in Azure (load balancers)
/************************************/
Windows Azures load balancing will partially mitigate Denial of Service attacks from the Internet and internal networks. This mitigation is done in conjunction with the developer
defining an appropriate Service Definition VM instance count scale-out. On the Internet, Windows Azure VMs are only accessible through public Virtual IP Addresses (VIPs). VIP traffic is routed through Windows Azures load-balancing infrastructure.
Windows Azure monitors and detects internally initiated Denial of Service attacks and removes offending VMs/accounts from the network. As a further protection, the root host OS that controls guest VMs in the cloud is not directly addressable internally
by other tenants on the Windows Azure network and the root host OS is not externally addressable.
Windows Azure is also reviewing additional Distributed Denial of Service (DDoS) solutions available from Microsoft Global Foundation Services to help further protect against Denial
of Service attacks.
/************************************/
This guide also goes in detail of Spoofing, Eves dropping and Information Disclosure on a network level, and explains the Hypervisors role and network structure of the hosted solution.
Also look at
this Microsoft case study of Ddanzi Group and how they could not handle increasing traffic and security using their regular network and how Azure helped, what was found as lessons learnt.
You could take advatage of SharedKeys and SAS to implement something that can be custom solution for MITM type attacks
http://social.msdn.microsoft.com/forums/windowsazure/zh-tw/8bf2c19b-f367-4d14-a833-0bc1fdfa29be/conflict-between-systemnetcachinghttprequestcachepolicy-and-cloudblobfetchattributes
Hope this helps
---------------------------------------------
Please mark as answered if it helped