HashiCorp introcuded with Vault version 1.2 a new integrated Storage backend. It went into general availability with version 1.4 in April 2020. In November HashiCorp released Vault version 1.6 which includes further enhancements of the Raft storage backend. I took this opportunity to show how to create and restore Raft storage backend snapshots and share this with the community.
Read more...Continuing the Azure Image Builder Series, we take a closer look at performing image network security customizations using an externally hosted Shell script, enforcing a password policy, installing a specific docker version and finally deploying the image to a Azure Shared Images Gallery.
Read more...Azure Image Builder is a virtual machine image provisioning service on Microsoft Azure based on HashiCorp Packer. It has been designed to integrate natively with Microsoft Azure to allow customers to easily create and maintain virtual machine images for consistent deployments. This post is the first of a series to introduce the Azure Image Builder and its benefits by means of showing real-world examples.
Read more...The Secret Management Solution HashiCorp Vault allows the Integration of a variety of Identity Providers. Although currently no direct Implementation for Human Users of Azure AD exists, the JWT/OIDC Auth Method provides a way to enable authentication and authorization for Azure AD Users to HashiCorp Vault. This post shows how to configure HashiCorp Vault to enable User Login with Azure AD Credentials as well as assigning Permissions/Policies based on their Group Memberships.
Read more...Since the my first post about Azure Hybrid DNS, I ran into a few more scenarios that I want to share with you.
In this post, I will go over the scenario in which you can use Azure Private DNS Zones as a sub-domain of your locally hosted DNS Zones.
The Alert policies in O365 are an often overlooked or underestimated security feature for indicators of compromise (IOC). They enable especially administrators for smaller tenants to supervise their environments on a critical level in terms of security events. As part of a multilevel defense the O365 Alerts add a lot value, as they are easy to setup and part of every O365 and therefore free of additional costs.
Read more...At Microsoft Build 2020 lots of new updates and services were announced. Today we will take a look at a specific one that I am pretty excited about, Static Web Apps. Read on to learn what it is, how to use it and and why it helps us to reduce effort when deploying web applications to Microsoft Azure.
Read more...Azure private DNS is a great solution to simplify DNS resolution for cloud resources in Azure. However, chances are you have components in your infrastructure that do not natively integrate with Azure DNS zones. In this post, I will show you how you to enable your own DNS solution to resolve names from Azure private DNS zones with CoreDNS on Azure Kubernetes Service.
Read more...In this part of the series I want to talk about the most obvious and meaningful security measure for O365 – Multifactor authentication (MFA). The well-established technology can significantly reduce the attack surface of your organization and is easy to implement for O365 administrators. It should be your first line of defense against phishing and replay attacks in your security environment. In this article I want to talk about the technical/mathematical concept of the standard and show you how to activate the tool and its features in your tenant.
Read more...This part is focused once again on mail traffic and its attack vectors. Specifically, I wanted to tag all incoming mails in Office 365 Exchange, which are not coming from trusted domains. This is really easy to implement with Exchange Online rules and doesn’t even require any kind of powershell knowlegde, so every O365 should have implemented this policy in their environment.
Read more...