SecureCloudBlog

Etusivu
About
Meta
Blog

Haku:

SecureCloudBlog

Haku:

Etusivu
About
Meta
Blog

Disclaimer: The information in this weblog is provided “AS IS” with no warranties and confers no rights.

Latest posts

MAD SCIENTIST / AZURE MVP EXPLORING THE REALMS OF AZURE, NODEJS, AZURE AD AND MICROSOFT SECURITY

Azure Service Authentication and Authorization table updated – Azure Policy to audit non-Azure AD Authentication and AKS management (1/23/2022)
App Service – ’Issuer validation failed’ – Troubleshooting (12/31/2021)
Authorize Logic Apps in Azure Functions with Logic App managed identity and Azure AD (12/31/2021)
Using Application.ReadWrite.OwnedBy and addKey methods for Graph API (12/29/2021)
Security Posture Management with Azure Policy and Microsoft Defender for Cloud (12/17/2021)
WSL2 – Use docker with VSCode without docker desktop (Windows 11) (12/7/2021)
Azure App Service – Authorize custom JWT tokens from API clients (12/2/2021)
Deep diver – Azure AD Federated Credentials (11/30/2021)
Azure AD deprecation of TLS 1.0 and 1.1 – how to investigate using Azure Monitor? (11/29/2021)
Azure Kubernetes Service – Enhanced Kubernetes cluster pod security baseline standards for Linux-based workloads (11/29/2021)
AKS – Policy reference: Overriding or disabling of containers AppArmor profile should be restricted (11/18/2021)
AKS – SSH to first node without VPN (11/17/2021)
AKS – Ensure public load balancer creation is audited or denied on Azure Kubernetes (11/15/2021)
MicroK8s notes on installation with Azure ARC (11/15/2021)
draft notes on installing Kubernetes on Ubuntu multipass setup (11/12/2021)
Azure Devops – Change from stakeholder to basic access level (10/18/2021)
Running Azure Cloud Shell without subscription level contributor (10/16/2021)
Dump Kudu logs from webapp with Nodejs or powershell (10/5/2021)
Node.js – Azure AD JWT verification key runtime caching (10/5/2021)
Nodejs – sharing mongoDb connection (10/3/2021)
Mitigation: APIM Policy – Protect API Management from WAF Bypass with Azure Front Door (9/30/2021)
Azure Functions Starter Kit Node.js on Linux (9/24/2021)
Azure Sentinel – Detect Service Connection use outside of pipeline (9/15/2021)
KQL example WAF (9/13/2021)
AKS Security Focused Architecture reference (network) with Azure Firewall (9/11/2021)
Picture – Managed Identity Locally in Node.JS (9/10/2021)
Demo: Accessing AZ CLI remotely via NodeJS express app (9/7/2021)
Blog Preview – Automatic enablement of diagnostic settings for security logs (9/1/2021)
Restricting Access to Azure Container Registry from AKS while allowing Azure Defender Access (8/26/2021)
Azure AKS – Reviewing recommendations from Security Center – Disabling Automounting API Credentials (8/17/2021)
End to end authentication &Authorization using Azure AD for Azure SQL Database (Node.JS) (8/14/2021)
Azure Integration baseline security: Network and authentication and authorization (8/13/2021)
NodeJS proxy router streams implementation example for ExpressJS (8/5/2021)
Named and trusted networks in Azure AD logs with Log Analytics (8/4/2021)
Using PowerShell to find dangling Redirect URI’s in Azure AD Tenant (5/28/2021)
Azure AD Client Credentials Architecture documentation for single tenant apps (5/25/2021)
Deep Diver – Azure AD Conditional Access authentication context setup for custom apps and MS Cloud App Security (5/22/2021)
Node.js and Azure Log Analytics Collector API – Sending data in pre-defined chunk sizes (5/21/2021)
Microsoft 365 – Double Key Encryption service configuration (5/10/2021)
Azure DevOps – Access Azure AD Protected API’s from pipeline (5/5/2021)
Demo: Conditional Access Automation with Azure DevOps and Node.JS (5/4/2021)
GitHub Apps and JWT based flow for server-to-server use (4/28/2021)
Testing: Conditional Access Automation with Node.JS and Github (4/27/2021)
Azure AD Delegated permissions one-slider (4/22/2021)
Add Directory Extension attribute to Azure AD Access Token (4/13/2021)
Azure DevOps – use certificate for Azure Service Connection SPN (4/13/2021)
Alert on indicators for the illegitimate use of by-design Azure AD Bypass for AKS cluster access (4/8/2021)
Azure API Management – What’s what in OAuth2 related settings? (3/28/2021)
Allowing Azure management access from cross-tenant SPN via Azure Lighthouse (3/25/2021)
PoC – Grant Azure AD OAuth2 Permissions without tenant-wide consent (3/9/2021)
Azure Resource Manager Logs: One-pager explaining core logging functionality (2/19/2021)
Find any multi-valued Directory Extension attribute via Graph API $search operator (2/18/2021)
Azure API Management – Call Azure Functions with Managed Identity (2/11/2021)
Deep-diver: Hardening authentication and authorization between logic apps and API management (2/9/2021)
Injecting data from Azure Functions to Log Analytics queries via Azure Monitor Workbooks (1/26/2021)
Project Log 0 : Monitor logins by accounts assigned Azure AD roles (1/20/2021)
Node.js GitHub Repo: Azure AD Client Credentials With Certificate (1/19/2021)
Azure API management – Enforce use of Certificate in Client Credentials Flow (1/15/2021)
Azure Active Directory Sign-Ins Using LegacyAuth fork to include Non-interactive logins (1/11/2021)
Log Analytics – normalizing different data types for analytics (1/11/2021)
Express.JS middlewares on Azure Functions via custom handlers (1/4/2021)
Azure Sentinel & Log Analytics – Cross correlate between data on Azure Blob Storage and Log Analytics (12/7/2020)
DynDNS endpoint on Azure Functions (11/30/2020)
Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP (11/25/2020)
Experimental testing: Updating source authority for existing B2B collaboration user to type ’Multiple’ by matching synced AD object (11/20/2020)
Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP’s and customers (11/13/2020)
Quick spin: Azure Managed Identity on non-Azure VM’s with Azure ARC and Node.JS Runtime (11/3/2020)
Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel (10/27/2020)
Brief testing: Converting internal on-premises accounts to B2B collaboration accounts (10/2/2020)
Covid19 Challenges for the remote enterprise: Allowing exceptions to Secure MFA enrollment (9/25/2020)
Debugging the switch to Monthly Active Users in Azure AD B2X Collaboration (9/11/2020)
Testing log – Blocking reverse shell from App Service (Linux) while allowing access to management and Azure Services (9/7/2020)
Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security (9/2/2020)
Azure Security Center – Exhibits from the field (8/31/2020)
Project Log Part 3: Automating Azure Security Reports – Combining Subscription and resource security results (8/29/2020)
’Quick and Dirty’ – ad-hoc ways of GETting data from Azure Management API (8/28/2020)
Poc Part 0 – Azure Blob Storage right click to share files! (8/24/2020)
Alternative take on Azure AD ‘Break Glass’ account (8/16/2020)
Project Log Part 2: Automating Azure Security Reports – NodeJS API for AZSK (8/14/2020)
Complete guide for Integrating Azure Security Center Alerts with MS Teams! (8/6/2020)
Azure Logic Apps – Handling retry behavior with response codes in NodeJS Function (HTTP 400, or 500) (8/4/2020)
Developer experience on steroids with Azure AD App Proxy and Azure Functions Host (8/2/2020)
Unobvious stuff about Azure services – App Service TLS termination (7/23/2020)
TOP3 Picks from Azure Security Center Standard (7/20/2020)
Updated screenshots: Experimental testing: Azure AD Application Proxy With Azure Application Gateway WA (7/17/2020)
Teams MessageCard authentication (Related to Azure Security Center integration) (7/12/2020)
PoC part 0 – Integrating Azure Security Center Alerts with MS Teams! (7/7/2020)
Mini-blog: Azure AD OAuth2 Single Logout/sign-out for browsers (6/12/2020)
Azure AD B2X is here ! (yes B2X, not B2C or B2B) – Debugging and insights (6/8/2020)
Deep Diver – Azure AD B2C – Azure Monitor integration, configuration and delegation explained (5/30/2020)
Experimental – Using Azure Function Proxy as Authenticating Reverse Proxy for NodeJS Docker App (5/24/2020)
App Service – Key Vault Vnet Service Endpoint access options explored + NodeJS runtime examples (5/22/2020)
Deep diver – NodeJS with Azure Web apps and Azure Blob Storage SAS Authorization options (5/18/2020)
Azure Functions with VSCode – Build, Test and Deploy your own GeoIP API to Azure (5/16/2020)
Deep Diver – Azure AD Groups/Roles claims for developers and IT pro’s with code examples (5/14/2020)
One Slider: Developer focused security options during code building and runtime testing in Azure (5/12/2020)
Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS (5/6/2020)
Ton of value with Azure Sentinel – Plotting Azure AD Sign-in locations to an map (5/1/2020)
Send Security Alerts From Microsoft Cloud To 3rd Party SIEM With Logic Apps and Event Hub (4/30/2020)
Hidden gem in Azure: Scan your docker images in ACR, view results in Sub Assessment API and Azure Security Center (4/24/2020)

Tykkää tästä:

Tykkää Lataa...

Joosua Santasalo

Security Consultant/ Azure MVP – working @nixu with Azure and NodeJS!

Collaborators

My colleagues append writes also to this blog!

Sami Lamppu, Lead Azure Consultant working @nixu

https://samilamppu.com/
Twitter

Markus Pitkäranta, Senior Azure Consultant working @nixu

Twitter

Disclaimer

Due to the ever evolving nature of these services the information in this weblog is provided “AS IS” with no warranties and confers no rights.

Pidä blogia WordPress.comissa. Teeman Nikau on tehnyt Elmastudio.

Seuraa Seurataan
- SecureCloudBlog
- Already have a WordPress.com account? Log in now.

%d bloggaajaa tykkää tästä: