Security

Image by @raechelromero / Unsplash.com

Azure Lighthouse – managing customer Azure tenants as a Service Provider

Yesterday, Microsoft announced Azure Lighthouse. This post will walk you through what the service is, what benefits it brings, and why you should start using it. What is Azure Lighthouse? Azure Lighthouse is a new service from Microsoft, released on July 11th, 2019. It brings better management capabilities and flexibility for managing multiple Azure tenants through delegated access. It’s intended primarily for Managed Service Partners (MSPs), or companies that provide support, service desk and similar services for businesses. Others can – of course – use and benefit from it, but it’s essential to understand that the usage scenarios relate heavily to MSPs and multiple Azure tenants they need to access. Companies with multiple separate Azure subscriptions can also benefit from… Read More »Azure Lighthouse – managing customer Azure tenants as a Service Provider
Photo by @russn_fckr / Unsplash.com

Anonymizing and masking sensitive data in SQL databases before migrating to Azure SQL

Many companies I interact with have expressed an interest in migrating their legacy SQL Server databases to Azure. Typically this is due to End of Life for SQL Server 2008 (and 2008 R2) and other times it’s a desire to perform reporting and analytics on existing data in the cloud. (I wrote about migrating to Azure SQL previously here) Mostly this is all documented nicely on docs.microsoft.com (Dynamic Data Masking, Static Data Masking) but what isn’t clear to me is how to best anonymize and/or mask sensitive data before migrating to Azure. This is typically something that companies need to perform in on-premises infrastructure before moving a database outside the perimeter network. So I set to work and spent some… Read More »Anonymizing and masking sensitive data in SQL databases before migrating to Azure SQL
Photo by Rubén Bagüés @rubavi78 / Unsplash.com

One password to rule them all: Migrating to 1Password from KeePass and text files

I can’t quite remember when I started using a password manager, or which password manager it was at the time. As an IT Pro I’ve used everything from text files stored on Windows Desktop to encrypted Excel files to post-it notes to reusing the same password (“R3member1”, “R3m3mber2”..) to forgetting my password and resetting it. Repeatedly. I left Microsoft exactly 10 years ago, and we started our own company with my brother. I had amassed a formidable collection of passwords. Many systems at the time did not support Facebook authentication or Azure AD single sign-on so I had individual accounts to many systems. That’s when I started using KeePass. I’d dabbled with KeePass several times and while it was slightly… Read More »One password to rule them all: Migrating to 1Password from KeePass and text files
Photo by @florianklauer / Unsplash.com

Building a secure remote access solution for Azure-based virtual machines using Azure AD and Windows Admin Center

I’ve had some fun times lately with Azure. It seems there really is a second wave of adoption for cloud-based infrastructure and services from organizations. This is especially true in the Nordics, where Azure is commonly accepted as a trusted option for datacenters and PaaS services. This post stemmed from the idea of figuring out what options do we have for accessing and managing virtual machines remotely, while enforcing a secure approach. Ideally, we’d like to secure authentication with Azure AD, and optionally enforce Multi-Factor Authentication (MFA) – especially for guest users. Business problem I needed to set up a few Windows Server 2016-based virtual machines in Azure. They will be provisioned in a new VNET together and both will… Read More »Building a secure remote access solution for Azure-based virtual machines using Azure AD and Windows Admin Center