Uncategorized
-
Cloud Security: Azure Firewall Overview and WAF comparison
Today, I’m focusing on Azure Firewall, a service that often causes confusion—especially when compared to Azure Web Application Firewall (WAF). Both have “firewall” in their names, but they serve completely different purposes in cloud security architecture. WAF is commonly deployed… Continue reading
-
Hands-on with Azure Bicep @onlyIfNotExists decorator
With the release of Bicep v0.38.3, comes a much desired feature going GA, which is the @onlyIfNotExists() resource decorator. This is a much requested feature that adds a clean way to skip deploying a resource if it already exists. This… Continue reading
-
Implementing a Azure Managed DevOps Pools Automated Solution
Full Azure DevOps solution can be found here. If you’re a developer using Azure DevOps as your DevOps tool of choice, chances are you’ve encountered situations where setting up a self-hosted agent became necessary. Microsoft-hosted agents work well for many… Continue reading
-
Cloud Security: Understanding and Applying the Microsoft Cloud Security Benchmark
I’ve recently been looking into various methods to improve the security posture of an Azure environment using the various frameworks available. One area that often causes confusion is understanding which security benchmark to use as a foundation for Azure environments.… Continue reading
-
“Implementing Passwordless Service-to-Service Auth with Azure Managed Identities and APIM”
GitHub Solution: https://github.com/AddEleven/apim-oauth When first implementing Azure API Management (APIM), the default approach is often using subscription keys for client authentication. You might start with the built-in all-access subscription key, then graduate to creating specific products with dedicated subscription keys… Continue reading
-
Let’s Encrypt Powered TLS: Creating a GitHub Action Automated System for Azure Web Applications
TLDR– Github solution to set this up: https://github.com/AddEleven/lets-encrypt-azure-automation I recently set up an Azure App Service with an Application Gateway frontend. Everything was working smoothly with Azure App Service Managed Certificates until I hit a major roadblock: you can’t export… Continue reading
-
Azure Application Gateway WAF’s Dirty Secret: The –request-body-check parameter
In a recent scenario, I encountered an issue with my Azure Application Gateway WAF policy that highlighted the importance of understanding all parameters involved in configuration commands via the Azure CLI. Specifically, I was toggling my WAF policy between Detection… Continue reading
-
Extracting Outputs from Azure DevOps Terraform Tasks
I’ve recently started using the Microsoft DevLabs Terraform Extension for Azure DevOps to deploy terraform to Azure, switching from other third party terraform extensions or just using CLI commands. This is a great extension, and I find it especially useful… Continue reading
-
Cloud Security: Tracking and Storing Azure RBAC Activity with Azure Log Analytics
Azure Role-Based Access Control (RBAC) is a critical aspect of managing access to your resources in Azure. RBAC helps you manage who has access to Azure resources, what they can do with those resources and what areas they have access… Continue reading
-
Cloud Security: Monitoring Azure with Alerts: Essential Metrics and Best Practices
How many times have you been at a company, and every day you seem to be getting alerts or notifications for the same resource. Maybe its for high cpu or memory usage or application high response times. Your inbox ends… Continue reading
Alex D'Antico Tech 