Using TOTP Tokens with Azure AD – Part 2/2: Programmable Tokens

In the first part of this series I explained and demonstrated the process how non-programmable TOTP tokens can be used as a possible alternative to the Microsoft Authenticator app. In this second post I will cover programmable tokens. Non-programmable tokens are simple to use because the secrets are pre-loaded onto the tokens and cannot be changed. But at the same time that also means, that another party – the token vendor – knows your secrets. Using programmable tokens, this can be changed because it’s now you that loads the secrets onto the tokens. And they offer some more flexibility and configuration options based on your exact needs

Continue reading
Posted in Azure, Security | Tagged , , , , , | 1 Comment

Using TOTP Tokens with Azure AD – Part 1/2: Non-programmable Tokens

If password-based authentication is in place, the additional use of a second factor (or multi-factor (MFA) authentication) is highly recommended to enhance the security of identities and to strengthen the authentication process. The Microsoft Authenticator app running on a smartphone is commonly used as a second factor because it’s simple to use and allows to store multiple accounts. However, there are situations where employees might not have a company smartphone and don’t want to use their private smartphone for company-based authentication. And sometimes you also have to use MFA for non-personal accounts or accounts that are rarely used. A common example of this are break glass accounts that are only used in emergencies. How to deal with such situations?

Continue reading
Posted in Azure, Security | Tagged , , , , , , , | 1 Comment

Microsoft Cloud App Security – Manual Import of custom Log Files (GUI)

Microsoft Cloud App Security (MCAS) is Microsoft’s CASB (cloud access security broker). It is a service that sits between your cloud app consumers and the cloud apps they are using and acts as a security and compliance enforcement point. Before any analysis can happen or policies can be applied, the service needs connection data to understand what services are used by whom. MCAS offers a variety of options to get this data into the service such as using service connectors, log forwarders or custom uploads. In this post I will focus on custom log data that comes from a device that is not natively supported by MCAS.

Continue reading
Posted in Security | Tagged , , , , , , , | Leave a comment

AWS Single Sign-On with Azure AD – Walk-through Part 1/2

If you are using Azure AD as your main Identity Provider (IDP), then you know that you can integrate/federate lots of cloud apps with it. This not only gives you better control over cloud app usage, but also allows users to use these apps with a single login (exact details depend on the app). In this blog post I will demo how you can configure AWS to use your Azure AD identities for single Sign-On.

Continue reading
Posted in Azure | Tagged , , , , , , , , , , , , | 1 Comment

Azure Front Door Health Probes

If you are using Azure Front Door to optimize global access to your apps, you might recognize a lot of health probes in your app logs. This article explains what this means and why these are used.

Continue reading
Posted in Azure | Tagged , , , , , , , | Leave a comment

How to master Azure resources? Watch my new recording!

How to master resources in Azure? This is a question I receive a lot. We all agree that deploying resources in Azure is a simple process: You just go to the marketplace, fill out some form, hit next, next, finish, done. That is indeed very straightforward, but not the approach you should take in an enterprise environment if you want to end up with a compliant, secure and manageable result. But how to do it right then?

Continue reading
Posted in Azure, DevOps | Tagged , , , , , , , , , , , | Leave a comment

The live stream recording “ARM Templates Deployment Scripts” is now available!

On October 19, 2020 I did a live stream together with Microsoft Azure MVP Martin Ehrnst to talk about Deployment Scripts in ARM templates. We talked about the need for deployment scripts for the “last mile configuration” and how they can be used to add some imperative magic to ARM template deployments.

Continue reading
Posted in Azure, DevOps | Tagged , , , , , , , , , | Leave a comment

The live stream recording “Nested & linked ARM templates” is now available!

On October 12, 2020 I did a live stream together with Microsoft Azure MVP Martin Ehrnst to talk about nested and linked ARM templates. We covered topics such as nesting, expression evaluation handling, multi-scoping and decomposing strategies. And we quickly mentioned something that is coming soon from the Microsoft bakery: Tempalte specs.

Continue reading
Posted in Azure, DevOps | Tagged , , , , , , , , , , , , | Leave a comment

The live stream recording “More complex ARM templates” is now available!

On October 4, 2020 I did a live stream together with Microsoft Azure MVP Martin Ehrnst to talk about more complex ARM templates. We covered topics such as parameters, variables, dependencies, functions, conditions and copy. And we gave a quick intro into Bicep, a new DSL that makes ARM templates authoring easier.

Continue reading
Posted in Azure, DevOps | Tagged , , , , , , , | Leave a comment