Audit Windows AD security group changes with Azure Log Analytics

Azure Log Analytics can help you to audit security breaches not only in the cloud but also in onprem Windows Active Directory environments. With this article I give you an idea on how custom views in Azure Log Analytics can help you to see changes at a glance.

I’ve recently been asked to analyze admin behavior in an onprem Windows AD forest. Question was if I knew of a cloud-based solution that could do the job. Me: “Hold my beer…!” Continue reading “Audit Windows AD security group changes with Azure Log Analytics”

Azure AD login for Linux VMs from a security perspective

Hello Azure enthusiasts,

have you heard about Azure AD login for Linux VMs, a new preview feature on Azure AD? Have you given it a try? Well, I have and currently, I’m not yet fully convinced if it’s a curse or blessing in terms of governance and security. But first things first…

Continue reading “Azure AD login for Linux VMs from a security perspective”

How to use stored secrets from Azure Key Vault while deploying ARM VMs

Server deployments can be very challenging when it comes to delegating deployments to admins that must not know local admin credentials. Learn how to automate deployments without giving your passwords away using Azure Key Vault.

Who does not know this scenario? You want a trainee to deploy a Windows Server but you do not want to give him or her access to your secret administrator passwords at all. Or you want to delegate deployments to a service provider but you need your passwords to stay save? Azure Key Vault could be what makes your life way easier.

Continue reading “How to use stored secrets from Azure Key Vault while deploying ARM VMs”

How to protect Azure resources from accidental deletion

Accidental deletion of Azure RM resources might be one of the biggest issues you might face in your career as Azure administrator. With that blog post I want to explain how to avoid losing your Azure resources after running a “Whipe All” PowerShell script against your productive cloud environment. Continue reading “How to protect Azure resources from accidental deletion”

How to secure data in Microsoft’s enterprise cloud – Part 2

Hello and welcome to part 2 of my series about security in Microsoft’s enterprise cloud. In my previous blog post you learned about how to implement Azure Multi-Factor Auth in your cloud scenario. Today I’m going to show you how to protect your files against being duplicated, altered, printed or accessed by persons who are not authorized.

Continue reading “How to secure data in Microsoft’s enterprise cloud – Part 2”

How to secure data in Microsoft’s enterprise cloud – Part 1

[…]It went up to the cloud!
And you can’t get it down from the cloud?!
Nobody understands the cloud. It’s a f*** mystery.[…]
Continue reading “How to secure data in Microsoft’s enterprise cloud – Part 1”