Security

Photo by @plhrmnn / Unsplash.com

Building a secure remote access solution using Azure Bastion Host

I wrote about my experiences and challenges when building a secure remote access solution for Azure-based virtual machines back in February 2019. It’s one of my more popular posts in this blog, and I guess it’s helpful for many because it travels through the options and provides justification for the choices. As that’s often one of the challenges when working with Azure and architectures – there is plenty of choices, and it might be burdensome and frustrating to understand the differences and best options on each. I was delighted to learn this Summer that Microsoft released a preview of Azure Bastion Host, which more or less resolves the issues I had back in February for building a remote access solution… Read More »Building a secure remote access solution using Azure Bastion Host
Photo by @bernardhermant / Unsplash.com

Understanding and getting started with Azure Sentinel

Today, Microsoft announced that Azure Sentinel is now Generally Available (GA). What this means, is that Azure Sentinel can be used in production, the pricing has been revealed and it’s stable for enterprise-grade usage. In this post, I’ll have a look at what Azure Sentinel is, how to get started and what to keep an eye for in the future. What is Azure Sentinel? Azure Sentinel is Microsoft’s vision of a cloud-based SIEM – which stands for Security Information and Event Management. The intention of a SIEM is usually to provide real-time analysis for security alerts throughout the enterprise. I hear consultants often referring to SIEM when they mean a centralized place to process logs, generate alerts and react to… Read More »Understanding and getting started with Azure Sentinel
Image by @raechelromero / Unsplash.com

Azure Lighthouse – managing customer Azure tenants as a Service Provider

Yesterday, Microsoft announced Azure Lighthouse. This post will walk you through what the service is, what benefits it brings, and why you should start using it. What is Azure Lighthouse? Azure Lighthouse is a new service from Microsoft, released on July 11th, 2019. It brings better management capabilities and flexibility for managing multiple Azure tenants through delegated access. It’s intended primarily for Managed Service Partners (MSPs), or companies that provide support, service desk and similar services for businesses. Others can – of course – use and benefit from it, but it’s essential to understand that the usage scenarios relate heavily to MSPs and multiple Azure tenants they need to access. Companies with multiple separate Azure subscriptions can also benefit from… Read More »Azure Lighthouse – managing customer Azure tenants as a Service Provider
Photo by @russn_fckr / Unsplash.com

Anonymizing and masking sensitive data in SQL databases before migrating to Azure SQL

Many companies I interact with have expressed an interest in migrating their legacy SQL Server databases to Azure. Typically this is due to End of Life for SQL Server 2008 (and 2008 R2) and other times it’s a desire to perform reporting and analytics on existing data in the cloud. (I wrote about migrating to Azure SQL previously here) Mostly this is all documented nicely on docs.microsoft.com (Dynamic Data Masking, Static Data Masking) but what isn’t clear to me is how to best anonymize and/or mask sensitive data before migrating to Azure. This is typically something that companies need to perform in on-premises infrastructure before moving a database outside the perimeter network. So I set to work and spent some… Read More »Anonymizing and masking sensitive data in SQL databases before migrating to Azure SQL
Photo by Rubén Bagüés @rubavi78 / Unsplash.com

One password to rule them all: Migrating to 1Password from KeePass and text files

I can’t quite remember when I started using a password manager, or which password manager it was at the time. As an IT Pro I’ve used everything from text files stored on Windows Desktop to encrypted Excel files to post-it notes to reusing the same password (“R3member1”, “R3m3mber2”..) to forgetting my password and resetting it. Repeatedly. I left Microsoft exactly 10 years ago, and we started our own company with my brother. I had amassed a formidable collection of passwords. Many systems at the time did not support Facebook authentication or Azure AD single sign-on so I had individual accounts to many systems. That’s when I started using KeePass. I’d dabbled with KeePass several times and while it was slightly… Read More »One password to rule them all: Migrating to 1Password from KeePass and text files
Photo by @florianklauer / Unsplash.com

Building a secure remote access solution for Azure-based virtual machines using Azure AD and Windows Admin Center

[Update October 1, 2019: I’ve published another blog post on Azure Bastion Host, which complements the findings and services I go through in this post. Perhaps have a look at it here!] I’ve had some fun times lately with Azure. It seems there really is a second wave of adoption for cloud-based infrastructure and services from organizations. This is especially true in the Nordics, where Azure is commonly accepted as a trusted option for data centers and PaaS services. This post stemmed from the idea of figuring out what options do we have for accessing and managing virtual machines remotely while enforcing a secure approach. Ideally, we’d like to secure authentication with Azure AD, and optionally enforce Multi-Factor Authentication (MFA)… Read More »Building a secure remote access solution for Azure-based virtual machines using Azure AD and Windows Admin Center