Category Archives: Security

Enabling Security Defaults in Azure AD

Posted on by
Reply

For organisations or admins who do not want to or are unable to use Conditional Access Policies to enforce MFA or are not able to use some of the Azure Identity Protection Features, there is a simple solution.

A very easy way to enforce some basic security controls in Azure AD is to enable the Security Defaults setting. This is a very simple process and will provide the following functionality.

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to do multi-factor authentication.
  • Requiring users to do multi-factor authentication when necessary.
  • Blocking legacy authentication protocols.
  • Protecting privileged activities like access to the Azure portal.

To do this, open the Azure Portal and navigate to your Azure Active Directory blade. Once there, select the properties menu item on the left and at the bottom of the screen is a small link with the title “Manage Security Defaults”, clicking on this link will open the dialog box.

Just click on the “Enable Security Defaults” toggle and select save, and you will have enabled the functionality listed above. To test this, simply log out of the Azure portal and when attempting to sign in with an admin account, you will be prompted for the second-factor authentication that you registered.

For more information on this, please review the Microsoft post or the accompanying video to this post below or on Youtube.

This week in Microsoft Azure: 6th May 2022

Posted on by
Reply

Virtual Network NAT health checks generally available via Resource Health

Support for Resource Health checks with VNet Network Address Translation (NAT) helps organisations monitor the health of their NAT gateways as well as diagnose or troubleshoot outbound connectivity. 

With Azure Resource Health, you can: 

  • View a personalized dashboard of the health of your NAT gateway 
  • Set up customizable resource health alerts to notify you in near real-time of when the health status of your NAT gateway changes 
  • See the current and past health history of your NAT gateway to help you mitigate issues 
  • Access technical support when you need help with Azure services, such as diagnosing and solving issues.

For more information please refer to the Microsoft Docs page at https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/resource-health

Improvements to Microsoft Azure Web Application Firewall is generally available.

Microsoft has announced a series of enhancements to the regional WAF service, which follows on from the announcements in March around improvements to the global WAF service.

These enhancements allow organisations to take advantage of a range of new functionality, including:

  • Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favour of the newer rulesets.
  • Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
  • Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
  • Advanced customization with per rule exclusion and attribute by names support on regional WAF
  • Native consistent experience with WAF policy – new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
  • Advanced analytics capabilities with new Azure Monitor metrics on regional WAF

For more information please refer to the original blog post, which can be found here https://aka.ms/AzureWAF/updatesmay22

The ability to enable user authorisation for creating partner topics is in Public Preview

From roughly June of this year, Microsoft’s Event Grid service will start requiring authorisations to create partner topics or partner destinations. To enable this feature prior to the above date you will need to opt-in.

Please note this feature does not apply to custom topics, domains, or system topics.

For more information on this upcoming change, please refer to this post https://docs.microsoft.com/en-us/azure/event-grid/subscribe-to-partner-events#authorize-partner-to-create-a-partner-topic

The ability to deploy Static Web App environments to preview environments in Azure DevOps is in Public Preview.

With Static Web Apps, you can now configure Azure pipelines to deploy your application to preview environments. The Azure DevOps task for Azure Static Web Apps intelligently detects and builds your app’s frontend and API and deploys the entire application to Azure. 

For more information please refer to the following link https://aka.ms/devopspreview.

News: Azure Premium Firewall now generally available.

Posted on by
Reply

20th July 2021, The Azure Premium Firewall Service available in Preview since February 2021 is now GA.

Microsoft announced the General availability of the premium version of the standard PaaS Azure Firewall Service. This offers several features not available to the standard version and hopefully should enable more organisations to leverage the Azure native tools rather than relying on third party NVAs.

Key features include:

  • TLS (Transport Layer Security) Inspection
  • IDPS (Intrusion Detection and & Prevention Service)
  • Web Categorisation
  • URL Filtering

For users who are currently using the standard version there is an option to upgrade in place. For everyone else you can create a new Premium Firewall and connect it to any existing policies you may have.

Apparently the new service is roughly 40% more than the standard Azure firewall service.

For more information please see the Microsoft Announcement.