Phew! I just trawled through all 600+ sessions for this year's online Microsoft Build 2020 and pulled out what I think are the not-to-miss sessions for developers. I've put together the following list which encompasses the smaller, sometimes interactive sessions that will be on offer. You will be able to catch big keynote moments elsewhere … Continue reading Build 2020 – Recommended Sessions for Australian Developers
I've blogged in the past about Azure Active Directory B2C and how you can use it as a secure turnkey consumer identity platform for your business. In this post I'm going to walk through how you can debug JWT-protected APIs where those JWTs are being issued by AAD B2C. Note that a lot of what … Continue reading Developer toolkit for working with Azure AD B2C JWT-protected APIs
Note: since originally authoring this piece Microsoft has built secure deployments into the platform using Deployment Groups which you should go and read about. Read on if you're interested in how you can do this without that feature. One of the neat features of Azure Pipelines Release capability is the ability to deploy to Virtual … Continue reading Secure your Azure DevOps Release Management Azure VM deployments with NSGs and PowerShell
Azure Functions is one of those services in Azure that is seeing a massive amount of uptake. People are using it for so many things, some of which require access to sensitive information at runtime. At time of writing this post there is a pending Feature Request for Functions to support storing configuration items in … Continue reading Azure Functions: Access KeyVault Secrets with a Cert-secured Service Principal
If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 662 more words
A big part of where Microsoft Azure is going is being driven by template-defined environments that leverage the Azure Resource Manager (ARM) for deployment orchestration. If you've spent any time working with ARM deployments you will have gotten used to seeing this pattern in your templates when deploying Virtual Machines (VMs): https://gist.github.com/sjwaight/243204a0840e38d76d3c The adminPassword property … Continue reading No More Plaintext Passwords: Using Azure Key Vault with Azure Resource Manager
I'm continuing my Kloud blog series on the security fundamentals for various Microsoft Azure services with my most recent post being for Azure SQL Database. Please go and have a read!