How to securely deploy Azure infrastructures with Terraform

Recently, I have intensely been using Terraform for infrastructure-as-code deployments. Since I’m always looking for security in automation I decided to start a blog series in which I explain how to configure and use Terraform to get the best out of it. This article describes the initial config of an Azure storage account as Terraform remote backend. Happy reading.

Howdy folks,

if you have recently attended one of my talks or workshops you know that in my opinion, DevOps, infrastructure as code, and automated deployments are essential for security in cloud environments. For example, you can only access an Azure KeyVault secret during your VM deployment if you do not use Azure portal. You can chose whatever tool you want, however, in this post I’m going to focus on PowerShell, ARM templates and Terraform. Continue reading “How to securely deploy Azure infrastructures with Terraform”

Microsoft Ignite 2018 – my sessions

Good morning, folks, from beautiful Orlando. It’s T-1 day for Microsoft Ignite Pre-Day to start and I wanted to give you a short heads-up about where you can find and see me speak during the conference week. Continue reading “Microsoft Ignite 2018 – my sessions”

Microsoft Ignite 2018 Session Scheduler is online

Since August 15, Microsoft Ignite 2018 is sold out! As of now, the Schedule Builder is live so make sure you fill your schedule with lots of awesome sessions now! For Microsoft Ignite first-timers I’ve written down some tips to make the most out of their trip to Orlando.

Hey folks,

I’m still more than happy that I have been selected to be part of Microsoft Ignite’s awesome speaker lineup for this year! The conference is sold out since mid of August and as of now more than 1.100 sessions have been published on Microsoft’s TechCommunity. If you want to make sure not to miss my theatre sessions about Azure Governance and Security you can simply filter the session scheduler by my surname or the session codes THR2102 and THR1068. You will only have access to the scheduler after you login with your registration account, though. Continue reading “Microsoft Ignite 2018 Session Scheduler is online”

Audit Windows AD security group changes with Azure Log Analytics

Azure Log Analytics can help you to audit security breaches not only in the cloud but also in onprem Windows Active Directory environments. With this article I give you an idea on how custom views in Azure Log Analytics can help you to see changes at a glance.

I’ve recently been asked to analyze admin behavior in an onprem Windows AD forest. Question was if I knew of a cloud-based solution that could do the job. Me: “Hold my beer…!” Continue reading “Audit Windows AD security group changes with Azure Log Analytics”

Azure AD login for Linux VMs from a security perspective

Hello Azure enthusiasts,

have you heard about Azure AD login for Linux VMs, a new preview feature on Azure AD? Have you given it a try? Well, I have and currently, I’m not yet fully convinced if it’s a curse or blessing in terms of governance and security. But first things first…

Continue reading “Azure AD login for Linux VMs from a security perspective”