Articles
Exempt Azure Security Center recommendations from your secure score on subscription and management group level
Some time ago I wrote about the possibility to exclude a specific resource from an Azure Security Center (ASC) security recommendation (Create an exemption rule to exclude a resource from a security recommendation). With which you can ensure that...
Get insight into your Azure RBAC role assignments
Recently several attacks have been in the news. As a result of this, I received various questions from people with regards to role assignments in their Azure environment: Who exactly has which rights within my Azure environment?At which level are...
How Azure Managed Identity works explained. A special type of Enterprise Application.
"A special type of Enterprise Application" you may ask. Aren't we talking about Azure Managed Identities here? You are absolutely right! And yet, we cannot avoid talking about Enterprise Applications. I will explain below how this works. If you are...
Default AzureAD Enterprise Applications explained, where do they come from?
Last week I posted an article (The difference between AzureAD App Registrations and Enterprise Applications explained) to which I received many responses. For many people, the difference between App Registrations and Enterprise Applications has...
The difference between AzureAD App Registrations and Enterprise Applications explained
The lack of clarity regarding app registrations and enterprise applications is regularly discussed. Both terms are used interchangeably by people and to make it even more unclear, different terminology is used within the Azure portal and for...
Monitor resource management operations and run advanced security analytics to improve resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for Resource Manager
Azure Defender provides security alerts and advanced threat protection for all kinds of workloads, like virtual machines, SQL databases, containers and web applications. New plans within Azure Defender are regularly introduced, recently for Key...
Enhance your resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for DNS
Azure Defender provides security alerts and advanced threat protection for all kinds of workloads, like virtual machines, SQL databases, containers and web applications. New plans within Azure Defender are regularly introduced, recently for Key...
Secure remote VM access with Azure Bastion and vNet peering
Azure Bastion is a platform-managed PaaS service that allows you to connect to a virtual machine using your browser and the Azure portal. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal...
Provide access to your Key Vault with Azure role-based access control (RBAC) now
Key Vault access policies allow you to set very specifically what rights an identity has on keys, secrets, and certificates. However, you have to set this per key vault, and you cannot use the resource hierarchy within Azure (e.g. Management...
Enforce or audit Key Vault requirements of certificates, secrets, and keys by leveraging Azure Policy
During discussions about Azure security, Azure Key Vault is regularly discussed. More and more organizations are aware that sensitive data such as secrets and keys can be stored here, while other resources can make use of it. But also the next...