Changing the pink for the blue pill – my next adventure

During the past decade, I have been working in several architect and consulting roles with different focus areas, starting with Windows Server 2003 to 2016, passing Hyper-V, Active Directory, Exchange Server, and ending with Microsoft Azure, Office 365 and Microsoft 365. What they all had in common was my dedication to enterprise and cloud security and, looking back, I can say that it was a wild trip. Now, in spring 2020, the time has come for me to move ahead and leave the MVP community. Wait…what?!

One afternoon in Winter 2019/2020, I had a long conversation with somebody from Microsoft’s Azure Security Center product team. We chatted about current features, features to come (or not to come), customers’ needs, basically, the (NDA) stuff I’ve been enjoying as a Microsoft Most Valuable Professional (MVP) for all the years. Being a Microsoft MVP means a very lot to me. Continue reading “Changing the pink for the blue pill – my next adventure”

Mastering Azure Security – my latest adventure

I hope, all of you are safe and sound during these challenging times. With this article, I want to inform you about my newest release – a book about Azure Security which I’ve co-authored with my friend Mustafa Toroman.

One day in early summer 2019, when I was sitting in my home office working on some Azure Security Center demos, my friend Mustafa sent me a message to tell me about his idea of writing a book about Azure Security. He already had an initial plan, however, he didn’t want to write the whole book on his own and so he asked me if I was interested in co-writing. Well, I was, and now I’m very excited that we are at the final stage of publishing our work within the next few weeks. Continue reading “Mastering Azure Security – my latest adventure”

RBAC in a modern DevOps world

As I can see in my blog’s stats, and as I can hear from feedback I get from attendees of my talks, Terraform, ARM Templates, and Infrastructure as code obviously are some of the hottest topics to talk and write about nowadays. In this context, I’ve recently often been asked how identity governance, role-based access control, the principle of least privilege, segregation of duties, and security come together in a modern DevOps world. Well, hold my beer…

Howdy folks!

Infrastructure-as-code tools like ARM templates and Terraform are more and more used to deploy infrastructure solutions. In general, these tools run within the context of a service principal so there needs to be an account with high privileges – at least high enough to deploy a given type of resource in your cloud environment. However, in terms of security, it seems to be hard to adhere to the principles security experts tend to suggest, like segregation of duties, role-based access control, the principle of least privilege, and so on. Really? Well, let’s first have a closer look at some of these principles. Continue reading “RBAC in a modern DevOps world”

Terraform – use Azure KeyVault secrets during deployments

In the second part of my Terraform blog series I explain how to access Azure KeyVault secrets during deployments and how to get your external IP address to refer to in a Network Security Group rule. Happy deploying.

Howdy folks,

in my last article I explained how to configure Terraform so you can use it to securely deploy Azure resources. Today I want to go one step further and provide you some information about how to deploy an Azure VM including all depending resources using Terraform. Continue reading “Terraform – use Azure KeyVault secrets during deployments”

How to securely deploy Azure infrastructures with Terraform

Recently, I have intensely been using Terraform for infrastructure-as-code deployments. Since I’m always looking for security in automation I decided to start a blog series in which I explain how to configure and use Terraform to get the best out of it. This article describes the initial config of an Azure storage account as Terraform remote backend. Happy reading.

Howdy folks,

if you have recently attended one of my talks or workshops you know that in my opinion, DevOps, infrastructure as code, and automated deployments are essential for security in cloud environments. For example, you can only access an Azure KeyVault secret during your VM deployment if you do not use Azure portal. You can chose whatever tool you want, however, in this post I’m going to focus on PowerShell, ARM templates and Terraform. Continue reading “How to securely deploy Azure infrastructures with Terraform”

Microsoft Ignite 2018 – my sessions

Good morning, folks, from beautiful Orlando. It’s T-1 day for Microsoft Ignite Pre-Day to start and I wanted to give you a short heads-up about where you can find and see me speak during the conference week. Continue reading “Microsoft Ignite 2018 – my sessions”

Audit Windows AD security group changes with Azure Log Analytics

Azure Log Analytics can help you to audit security breaches not only in the cloud but also in onprem Windows Active Directory environments. With this article I give you an idea on how custom views in Azure Log Analytics can help you to see changes at a glance.

I’ve recently been asked to analyze admin behavior in an onprem Windows AD forest. Question was if I knew of a cloud-based solution that could do the job. Me: “Hold my beer…!” Continue reading “Audit Windows AD security group changes with Azure Log Analytics”