Category Archives: Governance & Compliance

Count number of VMs & VMSS by OS type with Resource Graph Explorer

As part of SOC work you may want to check in your Azure environment the number of VMs or VM Scalesets¬† by Operating System type so you can report to InfoSec leader. Moreover that helps plan security patching better. This … Continue reading

Posted in Governance & Compliance, Security Operation | Tagged , | Leave a comment

Trigger an on-demand Azure Policy evaluation scan at Management Group scope

If you are working with Azure Policy you must know about the on-demand Azure Policy evaluation scan that Azure allows you to trigger. Currently, you can only trigger the compliance evaluation at your current subscription context or for a resource … Continue reading

Posted in Governance & Compliance, Security Automation | Tagged | Leave a comment

Get Vulnerability Assessment Setting of Azure SQL Server in tenant with PowerShell

Enabling and configuring vulnerability assessment (VA) feature on Azure SQL Server is needed in an environment where security and compliance is strictly followed. And now you are asked by InfoSec leader to provide status of VA configuration on all of … Continue reading

Posted in Governance & Compliance, Security Automation | Tagged | Leave a comment

Demystify Azure DDoS Protection Azure Policy

There are two different policies in Azure Security Center/Azure Policy scan virtual network resources and DDoS protection plan. Your virtual network resources may fall into the list of non-compliant resources in one of these policies. In this article, let’s demystify … Continue reading

Posted in Governance & Compliance | Tagged , | Leave a comment

Deny Azure Role Assignment with Azure Policy

Giving unplanned role to users or groups is one of the reasons that lead to a security breach. In this article, let’s just look at how we can use Azure Policy to prevent role assignment from being assigned to unattended … Continue reading

Posted in Governance & Compliance | Tagged , , | Leave a comment

ARM template for Azure VM with Guest Configuration

I’ve recently got some questions related to Azure Policy Guest Configuration and an ARM template to deploy pre-requisites in order to work with the feature. In this article, I’d like to share ARM template to deploy Azure Policy Guest Configuration … Continue reading

Posted in Governance & Compliance | Tagged | Leave a comment

Add custom Azure Policy to Azure Security Center Recommendation

You know that Azure Security Center recommendation is powered by Azure Policy and you can disable recommendation that may not be applicable to your environment. Along with that, you can even add a custom Azure Policy into Azure Security Center … Continue reading

Posted in Governance & Compliance | Tagged , | Leave a comment

Query Azure Security Security Recommendation by different ways

If you work with Azure Security Center you probably know about Azure Security Center Recommendation that periodically analyzes security state of Azure resources. In the past Azure Security Center Recommendation was executed by private Azure back-end service internally. Microsoft then … Continue reading

Posted in Azure Security Center, Governance & Compliance | Tagged , , | Leave a comment

Quick notes on the use of securestring in Azure Blueprints

Azure Blueprint does support secureString and secureObject type when you create artifact and blueprint definition. So far there is not much of information about the use of secureString with Azure Blueprint. This article would hopefully clarify somewhat about secureString.

Posted in Governance & Compliance | Tagged , | 1 Comment

Essential tips for building a large Azure blueprint

Azure Blueprint allows an organization to design and build a standardized and repeatable cloud templates in Azure that meet pre-defined reference architecture as well as corporate compliance and policy for cloud deployment. Building a simple blueprint shouldn’t take time. However … Continue reading

Posted in Governance & Compliance | Tagged , | 8 Comments