Azure Logging/Auditing Series (1) – Activity Logs

Azure logging and auditing series

Azure logging and auditing play a critical role in the security and compliance strategy of any serious organization.  Collecting detailed information on events that happened and changes made to resources is the foundation of areas like security monitoring and digital forensics and the Azure platform is not different in this respect. The Azure platform delivers […]

Blind spot fixed! Azure AD new sign-in logs improvement

azure blind spot

In a previous blog post on Securing Azure Service Bus, I highlighted the blind spot of not being able to audit sign in events when using Azure AD for Service Bus authentication. This is because the authentication is non-interactive and requires the sender or receiver of the brokered message to use either a service principal […]

Infrastructure as Code Security for Azure (Part 1) – Secure DevOps Kit for Azure (AzSK) ARM Template Checker

Infrastructure as code (IaC) is a core component of many modern DevOps adoption. It allows organizations to automate the deployment, scaling, and management of infrastructure, using machine-readable template files. It eliminates manual deployment, configuration, as well as the need to use ad-hoc imperative scripts to automate infrastructure changes. Instead, it allows infrastructure to be managed […]

Azure Blue Team Series: Securing Azure Service Bus

One of the major shifts in application development in recent times is the widespread adoption of microservice-based architecture (message driven or event driven computing). The benefits it offers over a traditional monolithic approach includes flexibility, resilience and scalability. But adopting microservices architecture often creates new risks of its own. The very characteristics that make microservices […]

What?!! Public Blob not allowed on this storage account?!

I was teaching an Azure developer course last week when one of the delegates had issues building some C# code that I tested a few days before. The error message “Public Blob not allowed on this storage account“. My first stop was to review Azure policy and see if there is an offending policy assigned. […]

Microsoft Ignite 2019 Announcements – Day One

Azure ARC Azure has Azure Stack for on-premises DCs; AWS has Outposts to bring AWS services to companies’ own DCs; Google introduced Anthos, to let companies run Google cloud software in their DCs. Azure Stack is available. Neither Outposts nor Anthos is available yet. Now Azure has Azure ARC to extend to other cloud infrastructure.  […]

Azure Hangout Demo Series – Governance 1a – RBAC and Azure Policy

Link Scenario Adatum Corporation wants to use Azure Role Based Access Control and Azure Policy to control provisioning and management of their Azure resources. It also wants to be able to automate and track provisioning and management tasks. Objectives Configure delegation of provisioning and management of Azure resources by using built-in Role-Based Access Control […]

Azure Storage Options

The Azure storage account service is “sort of” a parent service that supports multiple “sub-services” for different types of data and use cases. The different services that an Azure storage account can provide are below: Blob File Table Queue Data Lake Gen2 The services that we can use with an Azure storage account depends on […]

The Four Pillars of Azure Billing Administration

Introduction/Overview The goal of billing in general is to have cost clarity and to understand your spending. So that you’re not being over charged and you don’t understand where the costs are coming from…Basically, to fulfill the following: Cost planning Cost visibility Cost monitoring Cost optimization Cost Issues In Azure Many old habits/behaviors will create […]