MAD SCIENTIST / AZURE MVP EXPLORING THE REALMS OF AZURE, NODEJS, AZURE AD AND MICROSOFT SECURITY
- Add Directory Extension attribute to Azure AD Access Token (4/13/2021)
Azure DevOps – use certificate for Azure Service Connection SPN (4/13/2021)
Alert on indicators for the illegitimate use of by-design Azure AD Bypass for AKS cluster access (4/8/2021)- Azure API Management – What’s what in OAuth2 related settings? (3/28/2021)
Allowing Azure management access from cross-tenant SPN via Azure Lighthouse (3/25/2021)
PoC – Grant Azure AD OAuth2 Permissions without tenant-wide consent (3/9/2021)
Azure Resource Manager Logs: One-pager explaining core logging functionality (2/19/2021)
Find any multi-valued Directory Extension attribute via Graph API $search operator (2/18/2021)
Azure API Management – Call Azure Functions with Managed Identity (2/11/2021)
Deep-diver: Hardening authentication and authorization between logic apps and API management (2/9/2021)
Injecting data from Azure Functions to Log Analytics queries via Azure Monitor Workbooks (1/26/2021)
Project Log 0 : Monitor logins by accounts assigned Azure AD roles (1/20/2021)
Node.js GitHub Repo: Azure AD Client Credentials With Certificate (1/19/2021)
Azure API management – Enforce use of Certificate in Client Credentials Flow (1/15/2021)
Azure Active Directory Sign-Ins Using LegacyAuth fork to include Non-interactive logins (1/11/2021)
Log Analytics – normalizing different data types for analytics (1/11/2021)
Express.JS middlewares on Azure Functions via custom handlers (1/4/2021)
Azure Sentinel & Log Analytics – Cross correlate between data on Azure Blob Storage and Log Analytics (12/7/2020)- DynDNS endpoint on Azure Functions (11/30/2020)
Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP (11/25/2020)
Experimental testing: Updating source authority for existing B2B collaboration user to type ’Multiple’ by matching synced AD object (11/20/2020)
Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP’s and customers (11/13/2020)
Quick spin: Azure Managed Identity on non-Azure VM’s with Azure ARC and Node.JS Runtime (11/3/2020)
Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel (10/27/2020)
Brief testing: Converting internal on-premises accounts to B2B collaboration accounts (10/2/2020)
Covid19 Challenges for the remote enterprise: Allowing exceptions to Secure MFA enrollment (9/25/2020)
Debugging the switch to Monthly Active Users in Azure AD B2X Collaboration (9/11/2020)
Testing log – Blocking reverse shell from App Service (Linux) while allowing access to management and Azure Services (9/7/2020)
Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security (9/2/2020)
Azure Security Center – Exhibits from the field (8/31/2020)
Project Log Part 3: Automating Azure Security Reports – Combining Subscription and resource security results (8/29/2020)
’Quick and Dirty’ – ad-hoc ways of GETting data from Azure Management API (8/28/2020)
Poc Part 0 – Azure Blob Storage right click to share files! (8/24/2020)
Alternative take on Azure AD ‘Break Glass’ account (8/16/2020)
Project Log Part 2: Automating Azure Security Reports – NodeJS API for AZSK (8/14/2020)
Complete guide for Integrating Azure Security Center Alerts with MS Teams! (8/6/2020)
Azure Logic Apps – Handling retry behavior with response codes in NodeJS Function (HTTP 400, or 500) (8/4/2020)
Developer experience on steroids with Azure AD App Proxy and Azure Functions Host (8/2/2020)
Unobvious stuff about Azure services – App Service TLS termination (7/23/2020)
TOP3 Picks from Azure Security Center Standard (7/20/2020)
Updated screenshots: Experimental testing: Azure AD Application Proxy With Azure Application Gateway WA (7/17/2020)
Teams MessageCard authentication (Related to Azure Security Center integration) (7/12/2020)
PoC part 0 – Integrating Azure Security Center Alerts with MS Teams! (7/7/2020)
Mini-blog: Azure AD OAuth2 Single Logout/sign-out for browsers (6/12/2020)
Azure AD B2X is here ! (yes B2X, not B2C or B2B) – Debugging and insights (6/8/2020)
Deep Diver – Azure AD B2C – Azure Monitor integration, configuration and delegation explained (5/30/2020)
Experimental – Using Azure Function Proxy as Authenticating Reverse Proxy for NodeJS Docker App (5/24/2020)
App Service – Key Vault Vnet Service Endpoint access options explored + NodeJS runtime examples (5/22/2020)
Deep diver – NodeJS with Azure Web apps and Azure Blob Storage SAS Authorization options (5/18/2020)
Azure Functions with VSCode – Build, Test and Deploy your own GeoIP API to Azure (5/16/2020)
Deep Diver – Azure AD Groups/Roles claims for developers and IT pro’s with code examples (5/14/2020)
One Slider: Developer focused security options during code building and runtime testing in Azure (5/12/2020)
Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS (5/6/2020)
Ton of value with Azure Sentinel – Plotting Azure AD Sign-in locations to an map (5/1/2020)
Send Security Alerts From Microsoft Cloud To 3rd Party SIEM With Logic Apps and Event Hub (4/30/2020)
Hidden gem in Azure: Scan your docker images in ACR, view results in Sub Assessment API and Azure Security Center (4/24/2020)
NodeJS + Azure Key Vault + Injecting Secrets at runtime (or how to keep code clean of plaintext secrets) (4/15/2020)
Securing Client Credentials Flow with Certificate (2/27/2020)
Microsoft 365 – Security Monitoring (2/25/2020)
Post: Create Logic App for Azure Sentinel/Log Analytics (2/21/2020)
Hardening SalesForce Integration in Azure Logic Apps + Azure Secure Devops Kit Alignment of Logic Apps (2/20/2020)
Measuring Node Execution In VSCode with PowerShell (2/7/2020)
aadjwt / ExpressJS middleware for validating Azure AD JWT tokens on all routes (1/15/2020)
Azure AD Application Proxy – SSO and Authorization notes from the field (1/7/2020)- Experimental testing: Azure AD Application Proxy With Azure Application Gateway WAF (1/2/2020)
Reddit Thread Answer: Azure AD – Autologon endpoint (12/26/2019)
Azure AD App Proxy|Forward incoming JWT token to backend service: What are my choices? (12/21/2019)
NodeJS Logging integration with Azure Log Analytics/Sentinel (12/20/2019)
HelSec Azure AD write-up: Phishing on Steroids with Azure AD Consent Extractor (12/17/2019)
Deep Diver – Azure AD Identity Protection (IPC) Alerts (12/12/2019)
AAD Security made easy: Check your Azure AD Security with One-Liner (AZSK.AAD) (12/4/2019)
Advisories 1-2: Azure AD and Common WS-Trust MFA Bypass explained (10/8/2019)
Azure AD – Add Custom claims for WS-Federation applications (10/3/2019)
Defender ATP and Live Response (9/9/2019)
Azure Log Analytics – Permission Models (9/9/2019)
Identity and Access in Security Center? (8/30/2019)
LAB: Microsoft Defender ATP and Conditional Access (8/16/2019)
Deploy: Native Exchange ActiveSync with Conditional Access and Intune while blocking legacy auth? (6/10/2019)
Azure AD Directories and B2B user decision matrix – One-slider (6/6/2019)
Add sAMAccountName to Azure AD Access Token (JWT) with Claims Mapping Policy (and avoiding AADSTS50146) (6/6/2019)
Concept: Publish on-prem API using AAD App Proxy and API Management with Azure AD JWT Bearer Grant (6/1/2019)
Azure API Management – JWT validation for multiple Azure AD partner registrations (5/22/2019)
Deep Diver: Azure AD B2B (5/6/2019)
Office 365 & AAD baseline security one-sliders (2/25/2019)
Enable Microsoft Security Graph Alerts in Log Analytics (2/19/2019)
aka.ms/olsRockStars (2/18/2019)
Lab: Zero Trust Exchange 2016 with AAD oAuth2 and SAML (KEMP) (2/3/2019)
Best tip ever for Azure Security – Security Center built-in policies (12/9/2018)
You can’t hide things in AAD (10/16/2018)
Tips&Tricks- Securing Activesync Access to Exchange Online with 365 MDM (10/15/2018)
Demonstration – Illicit consent grant attack in Azure AD / Office 365 (10/2/2018)
Testing: Conditional Access: Strong Proof Up for Azure MFA in the cloud (9/5/2018)
Easy rundown for ’Your 2FA is mine also’ | CVE-2018-8340 | AD FS Security Feature Bypass Vulnerability (8/15/2018)- Risky IP’s and Traffic Analytics (6/21/2018)
Don’t try this at home (Or configuring AD FS against Azure AD Domain Services) (6/10/2018)
Cheat sheet: AD FS and Azure AD Hybrid Conditional Access (6/2/2018)- Don’t try this at home (or how to enable Core Server Remote Management for AD FS GUI) (5/25/2018)
Azure AD Federation with KEMP (5/21/2018)
Creating Custom Multi-Factor Authentication Client with Azure Functions (5/19/2018)
Going beyond specification (5/19/2018)
