I've blogged in the past about Azure Active Directory B2C and how you can use it as a secure turnkey consumer identity platform for your business. In this post I'm going to walk through how you can debug JWT-protected APIs where those JWTs are being issued by AAD B2C. Note that a lot of what … Continue reading Developer toolkit for working with Azure AD B2C JWT-protected APIs
One of the neat features of VSTS' Release Management capability is the ability to deploy to Virtual Machine hosted in Azure (amongst other environments) which I previously walked through setting up. One thing that you need to configure when you use this deployment approach is an open TCP port to the Virtual Machines to allow … Continue reading Secure your VSTS Release Management Azure VM deployments with NSGs and PowerShell
Azure Functions is one of those services in Azure that is seeing a massive amount of uptake. People are using it for so many things, some of which require access to sensitive information at runtime. At time of writing this post there is a pending Feature Request for Functions to support storing configuration items in … Continue reading Azure Functions: Access KeyVault Secrets with a Cert-secured Service Principal
If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 355 more words
A big part of where Microsoft Azure is going is being driven by template-defined environments that leverage the Azure Resource Manager (ARM) for deployment orchestration. If you've spent any time working with ARM deployments you will have gotten used to seeing this pattern in your templates when deploying Virtual Machines (VMs): https://gist.github.com/sjwaight/243204a0840e38d76d3c The adminPassword property … Continue reading No More Plaintext Passwords: Using Azure Key Vault with Azure Resource Manager
I'm continuing my Kloud blog series on the security fundamentals for various Microsoft Azure services with my most recent post being for Azure SQL Database. Please go and have a read!