How Tokens and Scope Maps for Azure Container Registry introduces great repository-level access restrictions

How Tokens and Scope Maps for Azure Container Registry introduces great repository-level access restrictions

I have previously written about various Container-topics on this site. Recently, I also published a post about "Best Practices for security in Azure Container Registry." In this post, I want to bring awareness to how we can make use of one of the tips from that post, namely the Repository-scoped permissions. We can now create more fine-grained permission for our ACR. Time-limited access to help block any access after a specific point in time.Granular permission control helps restrict or allow specific actions on the registry. Actions are usually things like Read (pull), Write (push), Delete.Help your organization delegate…

Read More

A few tips for securing your remote workforce in a Microsoft cloud landscape

A few tips for securing your remote workforce in a Microsoft cloud landscape

Are you a CIO, CISO, or are you at any level responsible for security in your organization? Are you just getting started with Azure and the cloud, and having a remote workforce - or are you seasoned in the cloud, but your users are not? Here's a couple of tips from the field that I hope can help. Work From Home, or #WFH, is a thing today. I have been successfully working remotely for more than seven years, and I have enjoyed every minute of it - but it isn't without challenges. I get questions regularly now, both from family…

Read More

Best Practices for building and designing Azure Functions

Best Practices for building and designing Azure Functions

The years fly by, and we continue to evolve how we design and architect our systems. As we learn more, and technology evolves, so does our processes and design considerations. In this post I want to make notes of a few best practices I've adopted and keep at the top of mind when I engage in new projects that require reliable serverless executions at scale. There are a ton of other things I would want to add to this post as well, but I've chosen the things I consider to be "a-ha" moments for myself throughout my years of building…

Read More

Embrace a Secure Software Development Lifecycle (SDLC) for Azure

Embrace a Secure Software Development Lifecycle (SDLC) for Azure

While threats are ever-increasing, so are the capabilities, methodologies, and technologies we have at our disposal to mitigate risks at a higher cadence than ever before. In this article, I'll talk about the responsibility we have as developers, solution architects, DevOps engineers, and anyone else involved in your teams. Security is a team effort, and everyone needs to get on board on what processes and rules to follow. Today we can automate a lot of the things we do for code quality and security, so the road to increasing the security posture doesn't have to be a long one. Regardless…

Read More

Use the new Azure SDKs with Managed Identities

Use the new Azure SDKs with Managed Identities

Over the years there's been a plethora of API's and approaches to work with artifacts and resources in Azure. In July this year (2019), Microsoft announced the availability of the new Azure SDK API Standards, which is a new set of SDK's in the following languages: Python, Java, JavaScript and .NET. These SDK's are supposed to be a unified approach to building the SDK's, and whatever goes into one API goes into all of them, so there's no disconnect between capabilities in different programming languages. Now that some Azure services have matured and been adopted into ¬†business-critical enterprise applications, we…

Read More

Azure Functions and secure Configuration with built-in integration to Azure Key Vault

Azure Functions and secure Configuration with built-in integration to Azure Key Vault

Azure Functions are usually tied to an Azure Storage Account by using App Settings. Unfortunately, when launching a new Function App project in Visual Studio, or watching demos and examples online, the connection string usually is in App Settings in plain text. In this post I'm sharing a quick tip on how to protect sensitive configuration values in App Settings by using Secrets from a Key Vault, and you can even reference the default Storage Account connection string this way, completely avoiding any type of sensitive data in App Settings, from scratch. Microsoft have some good documentation (links in the…

Read More