Browsed by
Category: Cloud

Azure RBAC Notes

Azure RBAC Notes

Azure Roles and Azure AD Roles Azure roles are separate from the administrative roles found in Azure AD. For example, a user who is granted Global Administrator rights in Azure AD does not have permissions to create resources in Azure. They must be granted rights at a scope using a role with the ability to create resources such as the Contributor role. Creating Custom Roles Custom roles cannot be created through the Azure Portal, but they can be assigned after…

Read More Read More

Tagging Azure Resources

Tagging Azure Resources

Tag Limits Not all resource types support tags. This means that you will not be able to apply tags to everything in Azure. A resource or resource group is limited to 15 tags. Each resource can have different tags. Tag names cannot exceed 512 characters. For storage accounts, tag names are limited to 128 characters. Tag values cannot exceed 256 characters. VMs cannot exceed 2048 characters for all tag names and values combined. Tags are not inherited by child resources….

Read More Read More

Securing Azure Storage Account

Securing Azure Storage Account

In this post, we will look into possible options to secure an Azure storage account. I will describe security following two security controls Network-level security Access Security Storage Account Access Keys Access Keys Shared Account Signatures Encryption Azure Storage automatically encrypts your data with 256-bit AES encryption. Data in Azure Storage is encrypted and decrypted transparently. Azure Storage encryption is enabled for all new and existing storage accounts and cannot be disabled. All Azure Storage account tiers and deployment models…

Read More Read More

Secure DevOps Kit for Azure

Secure DevOps Kit for Azure

Today we will look at how to install and run Azure infrastructure assessment using Secure DevOps Kit for Azure which is developed by Microsoft to secure its Azure infrastructure. $PSVersionTable Install-Module AzSK -Scope CurrentUser Install-Module AzSK -Scope CurrentUser -AllowClobber Get-Module -Name Az.* -ListAvailable   The cmdlet below scans all Azure resources in the specified resource groups within a subscription and generates a status report: Get-AzSKAzureServicesSecurityStatus -SubscriptionId <SubscriptionId> -ResourceGroupNames <ResourceGroupNames> The parameters required are: SubscriptionId – Subscription ID is the identifier…

Read More Read More

Azure AD Roles

Azure AD Roles

There are three main types of administrative/security roles for Azure. These include classic subscription administrator roles, Azure role-based access control (RBAC) roles, and Azure AD administrator roles. Classic subscription administrator roles: – Historical administrator: Roles which were originally used by Azure Service Manager – Account administrator: Can manage/create/cancel subscriptions and change service administrator – Service administrator: Can manage services within the Azure portal and co-administrators – Co-administrator: Same permissions as service admin, but cannot manage classic admin roles Azure role-based…

Read More Read More