MAD SCIENTIST / AZURE MVP EXPLORING THE REALMS OF AZURE, NODEJS, AZURE AD AND MICROSOFT SECURITY

---

• Azure Sentinel – Detect Service Connection use outside of pipeline (9/15/2021)
• KQL example WAF (9/13/2021)
• AKS Security Focused Architecture reference (network) with Azure Firewall (9/11/2021)
• Picture – Managed Identity Locally in Node.JS (9/10/2021)
• Demo: Accessing AZ CLI remotely via NodeJS express app (9/7/2021)
• Blog Preview – Automatic enablement of diagnostic settings for security logs (9/1/2021)
• Restricting Access to Azure Container Registry from AKS while allowing Azure Defender Access (8/26/2021)
• Azure AKS – Reviewing recommendations from Security Center – Disabling Automounting API Credentials (8/17/2021)
• End to end authentication &Authorization using Azure AD for Azure SQL Database (Node.JS) (8/14/2021)
• Azure Integration baseline security: Network and authentication and authorization (8/13/2021)
• NodeJS proxy router streams implementation example for ExpressJS (8/5/2021)
• Named and trusted networks in Azure AD logs with Log Analytics (8/4/2021)
• Using PowerShell to find dangling Redirect URI’s in Azure AD Tenant (5/28/2021)
• Azure AD Client Credentials Architecture documentation for single tenant apps (5/25/2021)
• Deep Diver – Azure AD Conditional Access authentication context setup for custom apps and MS Cloud App Security (5/22/2021)
• Node.js and Azure Log Analytics Collector API – Sending data in pre-defined chunk sizes (5/21/2021)
• Microsoft 365 – Double Key Encryption service configuration (5/10/2021)
• Azure DevOps – Access Azure AD Protected API’s from pipeline (5/5/2021)
• Demo: Conditional Access Automation with Azure DevOps and Node.JS (5/4/2021)
• GitHub Apps and JWT based flow for server-to-server use (4/28/2021)
• Testing: Conditional Access Automation with Node.JS and Github (4/27/2021)
• Azure AD Delegated permissions one-slider (4/22/2021)
• Add Directory Extension attribute to Azure AD Access Token (4/13/2021)
• Azure DevOps – use certificate for Azure Service Connection SPN (4/13/2021)
• Alert on indicators for the illegitimate use of by-design Azure AD Bypass for AKS cluster access (4/8/2021)
• Azure API Management – What’s what in OAuth2 related settings? (3/28/2021)
• Allowing Azure management access from cross-tenant SPN via Azure Lighthouse (3/25/2021)
• PoC – Grant Azure AD OAuth2 Permissions without tenant-wide consent (3/9/2021)
• Azure Resource Manager Logs: One-pager explaining core logging functionality (2/19/2021)
• Find any multi-valued Directory Extension attribute via Graph API $search operator (2/18/2021)
• Azure API Management – Call Azure Functions with Managed Identity (2/11/2021)
• Deep-diver: Hardening authentication and authorization between logic apps and API management (2/9/2021)
• Injecting data from Azure Functions to Log Analytics queries via Azure Monitor Workbooks (1/26/2021)
• Project Log 0 : Monitor logins by accounts assigned Azure AD roles (1/20/2021)
• Node.js GitHub Repo: Azure AD Client Credentials With Certificate (1/19/2021)
• Azure API management – Enforce use of Certificate in Client Credentials Flow (1/15/2021)
• Azure Active Directory Sign-Ins Using LegacyAuth fork to include Non-interactive logins (1/11/2021)
• Log Analytics – normalizing different data types for analytics (1/11/2021)
• Express.JS middlewares on Azure Functions via custom handlers (1/4/2021)
• Azure Sentinel & Log Analytics – Cross correlate between data on Azure Blob Storage and Log Analytics (12/7/2020)
• DynDNS endpoint on Azure Functions (11/30/2020)
• Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP (11/25/2020)
• Experimental testing: Updating source authority for existing B2B collaboration user to type ’Multiple’ by matching synced AD object (11/20/2020)
• Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP’s and customers (11/13/2020)
• Quick spin: Azure Managed Identity on non-Azure VM’s with Azure ARC and Node.JS Runtime (11/3/2020)
• Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel (10/27/2020)
• Brief testing: Converting internal on-premises accounts to B2B collaboration accounts (10/2/2020)
• Covid19 Challenges for the remote enterprise: Allowing exceptions to Secure MFA enrollment (9/25/2020)
• Debugging the switch to Monthly Active Users in Azure AD B2X Collaboration (9/11/2020)
• Testing log – Blocking reverse shell from App Service (Linux) while allowing access to management and Azure Services (9/7/2020)
• Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security (9/2/2020)
• Azure Security Center – Exhibits from the field (8/31/2020)
• Project Log Part 3: Automating Azure Security Reports – Combining Subscription and resource security results (8/29/2020)
• ’Quick and Dirty’ – ad-hoc ways of GETting data from Azure Management API (8/28/2020)
• Poc Part 0 – Azure Blob Storage right click to share files! (8/24/2020)
• Alternative take on Azure AD ‘Break Glass’ account (8/16/2020)
• Project Log Part 2: Automating Azure Security Reports – NodeJS API for AZSK (8/14/2020)
• Complete guide for Integrating Azure Security Center Alerts with MS Teams! (8/6/2020)
• Azure Logic Apps – Handling retry behavior with response codes in NodeJS Function (HTTP 400, or 500) (8/4/2020)
• Developer experience on steroids with Azure AD App Proxy and Azure Functions Host (8/2/2020)
• Unobvious stuff about Azure services – App Service TLS termination (7/23/2020)
• TOP3 Picks from Azure Security Center Standard (7/20/2020)
• Updated screenshots: Experimental testing: Azure AD Application Proxy With Azure Application Gateway WA (7/17/2020)
• Teams MessageCard authentication (Related to Azure Security Center integration) (7/12/2020)
• PoC part 0 – Integrating Azure Security Center Alerts with MS Teams! (7/7/2020)
• Mini-blog: Azure AD OAuth2 Single Logout/sign-out for browsers (6/12/2020)
• Azure AD B2X is here ! (yes B2X, not B2C or B2B) – Debugging and insights (6/8/2020)
• Deep Diver – Azure AD B2C – Azure Monitor integration, configuration and delegation explained (5/30/2020)
• Experimental – Using Azure Function Proxy as Authenticating Reverse Proxy for NodeJS Docker App (5/24/2020)
• App Service – Key Vault Vnet Service Endpoint access options explored + NodeJS runtime examples (5/22/2020)
• Deep diver – NodeJS with Azure Web apps and Azure Blob Storage SAS Authorization options (5/18/2020)
• Azure Functions with VSCode – Build, Test and Deploy your own GeoIP API to Azure (5/16/2020)
• Deep Diver – Azure AD Groups/Roles claims for developers and IT pro’s with code examples (5/14/2020)
• One Slider: Developer focused security options during code building and runtime testing in Azure (5/12/2020)
• Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS (5/6/2020)
• Ton of value with Azure Sentinel – Plotting Azure AD Sign-in locations to an map (5/1/2020)
• Send Security Alerts From Microsoft Cloud To 3rd Party SIEM With Logic Apps and Event Hub (4/30/2020)
• Hidden gem in Azure: Scan your docker images in ACR, view results in Sub Assessment API and Azure Security Center (4/24/2020)
• NodeJS + Azure Key Vault + Injecting Secrets at runtime (or how to keep code clean of plaintext secrets) (4/15/2020)
• Securing Client Credentials Flow with Certificate (2/27/2020)
• Microsoft 365 – Security Monitoring (2/25/2020)
• Post: Create Logic App for Azure Sentinel/Log Analytics (2/21/2020)
• Hardening SalesForce Integration in Azure Logic Apps + Azure Secure Devops Kit Alignment of Logic Apps (2/20/2020)
• Measuring Node Execution In VSCode with PowerShell (2/7/2020)
• aadjwt / ExpressJS middleware for validating Azure AD JWT tokens on all routes (1/15/2020)
• Azure AD Application Proxy – SSO and Authorization notes from the field (1/7/2020)
• Experimental testing: Azure AD Application Proxy With Azure Application Gateway WAF (1/2/2020)
• Reddit Thread Answer: Azure AD – Autologon endpoint (12/26/2019)
• Azure AD App Proxy|Forward incoming JWT token to backend service: What are my choices? (12/21/2019)
• NodeJS Logging integration with Azure Log Analytics/Sentinel (12/20/2019)
• HelSec Azure AD write-up: Phishing on Steroids with Azure AD Consent Extractor (12/17/2019)
• Deep Diver – Azure AD Identity Protection (IPC) Alerts (12/12/2019)
• AAD Security made easy: Check your Azure AD Security with One-Liner (AZSK.AAD) (12/4/2019)
• Advisories 1-2: Azure AD and Common WS-Trust MFA Bypass explained (10/8/2019)
• Azure AD – Add Custom claims for WS-Federation applications (10/3/2019)
• Defender ATP and Live Response (9/9/2019)
• Azure Log Analytics – Permission Models (9/9/2019)
• Identity and Access in Security Center? (8/30/2019)
• LAB: Microsoft Defender ATP and Conditional Access (8/16/2019)
• Deploy: Native Exchange ActiveSync with Conditional Access and Intune while blocking legacy auth? (6/10/2019)