Archives
- January 2022 (3)
- December 2021 (9)
- November 2021 (13)
- August 2021 (1)
- July 2021 (6)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (19)
- Host Protection (3)
- Identity & Access Control (9)
- Monitoring & Detection (22)
- Network Security (3)
- Secure Development (13)
- Security Automation (53)
- Security Operation (21)
- Service Overview (1)
Category Archives: Governance & Compliance
Audit Azure Web App against NotLegit vulnerability
Have you seen this research NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories from Wiz? So basically from their research, if you Azure App Service uses Local Git your source code may have been compromised. As a … Continue reading
Notes on Azure Policy Exemption
There are ways to exclude your resources from being evaluated by Azure Policy. You can add a condition in a policy rule set. You can also use exclusion from notScopes. In this article, let’s explore another feature in Azure Policy … Continue reading
Play with Tag on Azure Subscriptions
Tagging is often part of your cloud governance. You’d use tag to manage cost per subscription. You’d use it to distinguish environment type (e.g. non-production, production, test, development…) In this article, let’s play with tag a bit. You will learn … Continue reading
Use Azure Resource Graph to query Microsoft Defender for Cloud Plan on all subscriptions
As part of SOC work you may want to get information of Microsoft Defender for Cloud plan on each subscription so you can plan to roll out a defender plan on one that doesn’t have yet. While Azure PowerShell, REST … Continue reading
Count number of VMs & VMSS by OS type with Resource Graph Explorer
As part of SOC work you may want to check in your Azure environment the number of VMs or VM Scalesets by Operating System type so you can report to InfoSec leader. Moreover that helps plan security patching better. This … Continue reading
Trigger an on-demand Azure Policy evaluation scan at Management Group scope
If you are working with Azure Policy you must know about the on-demand Azure Policy evaluation scan that Azure allows you to trigger. Currently, you can only trigger the compliance evaluation at your current subscription context or for a resource … Continue reading
Get Vulnerability Assessment Setting of Azure SQL Server in tenant with PowerShell
Enabling and configuring vulnerability assessment (VA) feature on Azure SQL Server is needed in an environment where security and compliance is strictly followed. And now you are asked by InfoSec leader to provide status of VA configuration on all of … Continue reading
Demystify Azure DDoS Protection Azure Policy
There are two different policies in Azure Security Center/Azure Policy scan virtual network resources and DDoS protection plan. Your virtual network resources may fall into the list of non-compliant resources in one of these policies. In this article, let’s demystify … Continue reading
Deny Azure Role Assignment with Azure Policy
Giving unplanned role to users or groups is one of the reasons that lead to a security breach. In this article, let’s just look at how we can use Azure Policy to prevent role assignment from being assigned to unattended … Continue reading
Posted in Governance & Compliance
Tagged azure policy, azure rbac, azure role assignment
Leave a comment
ARM template for Azure VM with Guest Configuration
I’ve recently got some questions related to Azure Policy Guest Configuration and an ARM template to deploy pre-requisites in order to work with the feature. In this article, I’d like to share ARM template to deploy Azure Policy Guest Configuration … Continue reading