Recently I was confronted with the fact that a subscription with a spending limit was suddenly turned off by exceeding the budget. Because I did not know what caused this, I immediately delved into the cost analysis. Where I found … Read More
Some time ago I wrote about the possibility to exclude a specific resource from an Azure Security Center (ASC) security recommendation (Create an exemption rule to exclude a resource from a security recommendation). With which you can ensure that this … Read More
Recently several attacks have been in the news. As a result of this, I received various questions from people with regards to role assignments in their Azure environment: Who exactly has which rights within my Azure environment?At which level are … Read More
“A special type of Enterprise Application” you may ask. Aren’t we talking about Azure Managed Identities here? You are absolutely right! And yet, we cannot avoid talking about Enterprise Applications. I will explain below how this works. If you are … Read More
Last week I posted an article (The difference between AzureAD App Registrations and Enterprise Applications explained) to which I received many responses. For many people, the difference between App Registrations and Enterprise Applications has become a lot clearer. I am … Read More
The lack of clarity regarding app registrations and enterprise applications is regularly discussed. Both terms are used interchangeably by people and to make it even more unclear, different terminology is used within the Azure portal and for example PowerShell or … Read More
Azure Defender provides security alerts and advanced threat protection for all kinds of workloads, like virtual machines, SQL databases, containers and web applications. New plans within Azure Defender are regularly introduced, recently for Key Vault and now also for Resource … Read More
Azure Defender provides security alerts and advanced threat protection for all kinds of workloads, like virtual machines, SQL databases, containers and web applications. New plans within Azure Defender are regularly introduced, recently for Key Vault and now also for DNS … Read More
Azure Bastion is a platform-managed PaaS service that allows you to connect to a virtual machine using your browser and the Azure portal. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over … Read More
Key Vault access policies allow you to set very specifically what rights an identity has on keys, secrets, and certificates. However, you have to set this per key vault, and you cannot use the resource hierarchy within Azure (e.g. Management … Read More