RBAC in a modern DevOps world

As I can see in my blog’s stats, and as I can hear from feedback I get from attendees of my talks, Terraform, ARM Templates, and Infrastructure as code obviously are some of the hottest topics to talk and write about nowadays. In this context, I’ve recently often been asked how identity governance, role-based access control, the principle of least privilege, segregation of duties, and security come together in a modern DevOps world. Well, hold my beer…

Howdy folks!

Infrastructure-as-code tools like ARM templates and Terraform are more and more used to deploy infrastructure solutions. In general, these tools run within the context of a service principal so there needs to be an account with high privileges – at least high enough to deploy a given type of resource in your cloud environment. However, in terms of security, it seems to be hard to adhere to the principles security experts tend to suggest, like segregation of duties, role-based access control, the principle of least privilege, and so on. Really? Well, let’s first have a closer look at some of these principles. Continue reading “RBAC in a modern DevOps world”

Audit Windows AD security group changes with Azure Log Analytics

Azure Log Analytics can help you to audit security breaches not only in the cloud but also in onprem Windows Active Directory environments. With this article I give you an idea on how custom views in Azure Log Analytics can help you to see changes at a glance.

I’ve recently been asked to analyze admin behavior in an onprem Windows AD forest. Question was if I knew of a cloud-based solution that could do the job. Me: “Hold my beer…!” Continue reading “Audit Windows AD security group changes with Azure Log Analytics”

Azure AD login for Linux VMs from a security perspective

Hello Azure enthusiasts,

have you heard about Azure AD login for Linux VMs, a new preview feature on Azure AD? Have you given it a try? Well, I have and currently, I’m not yet fully convinced if it’s a curse or blessing in terms of governance and security. But first things first…

Continue reading “Azure AD login for Linux VMs from a security perspective”

Join me at Microsoft Tech Summit 2018 in Frankfurt

Hey folks,

I hope you’re all doing well. Join me at Microsoft Tech Summit 2018 in Frankfurt and build your cloud skills at this free technical learning event with Microsoft’s top cloud engineers across Azure and Microsoft 365. Tech Summit will offer several different learning options from breakout and theater session to workshops and on-demand labs. More information is provided here.

You can find me during the event in different roles across the venue: Continue reading “Join me at Microsoft Tech Summit 2018 in Frankfurt”

Azure Saturday 2018

Save the date and spread the word: we will launch the second Azure Saturday on May, 26th 2018 at Microsoft Germany’s headquarter in Munich. For those of you who haven’t heard about it: Azure Saturday Munich is a free community-focused Azure conference dedicated to educating and engaging members of the local technical community. Azure Saturday draws upon the expertise of local Azure IT professionals, developers and solutions architects who come together to share their real world experiences, lessons learned, best practices, and general knowledge with other like-minded individuals.

Eventbrite - Azure Saturday 2018

Continue reading “Azure Saturday 2018”