NASAN
Posts Tags Categories Youtube
NASAN
/images/nasan-avatar.jpeg

Securing Resources in Azure VMs with Microsoft Entra Private Access in a Hub-and-Spoke Architecture

 published on  included in Azure MicrosoftEntraPrivateAccess

I did a little Microsoft Entra Private Access Test setup.
My goal was to test access to some private Resources hosted on Azure Virtual Machines with Microsoft Entra Private Access instead of VPN.

Overview

The test setup is illustrated below:

/images/MicrosoftEntraPrivateAccess-AzurVM.drawio.png
Preview

I have one Virtual Machine (VM) with a Windows File Share that I wish to access from my endpoint and I also want to be able to access this VM via RDP.
Additionaly in another Spoke VNET I have a simple Web Server which I also would like to access via Private Access.

Read More
 GlobalAccessPrivateAccessMicrosoftEntraMicrosoftEntraVPNAlternativeHubSpoke

AzureAD App Registrations explained

 published on  included in Azure Security

Azure AD App registration

Recently I had some talks with developers which made me to realize that I didn’t fully understand how App Registrations are working. I was aware that we are registering an app and allowing the app certain permissions but in detail I didn’t understand it.

Why Azure AD App registration?

Basically for every app where you want to use the Microsoft Identity Platform, you need to register your app. So you want to login into a certain webapp with your Microsoft Account? This app needs to be registered in Azure AD. After you logged in into your application, this app maybe also need some data of your Microsoft Account and you maybe need to grant perrmissions.

Read More
 MindMapMicrosoftAppRegistration

SC-100 - Microsoft Certified Cybersecurity Architect Expert - MindMap Collection

 published on  included in Azure Security MindMap

Studying SC-100

In my recent self-study, I have been working through the Microsoft SC-100 learning path. One of the ways that I have been organizing and consolidating my learning is by creating mind maps of the key concepts and topics covered in the course.

You can find some of those mind maps below:

Design a Zero Trust strategy and architecture

Build an overall security strategy and architecture:

Read More
 MindMapMicrosoftSecuritySC-100

Stop Azure Backup for multiple SQL on Azure VM Databases with Powershell

 published on  included in Azure

link: https://learn.microsoft.com/en-us/azure/backup/backup-azure-sql-automation#stop-protection

I had a case where I did need to migrate a lot of databases from one SQL Server on a Azure VM to another VM. After the successful migration there were a lot of old databases on the “old SQL Server” offline and I got a lot of Azure Backup Alerts. Because I was to lazy to disable the backup for each database by hand, I created the following small script which will do that job.

Read More
 PowershellAzureAzureBackupSQLonAzureVM

Azure - Create a Custom RBAC Role to allow Stop - Start of all Azure Virtual Machines in a Subscription with Terraform

 published on  included in Azure

Yes… its annoying there is no built in role to only allow restarting of Azure Virtual Machines… The Virtual Machine Contributor Role allows to much. With this role you are able to destory and create VMs..

So what I want to do in this case is creating a custom role which only allows to start / stop / restart Virtual Machines. And I want to do that with terraform because I’m doing the whole Azure Resource Deployment with terraform anyway.

Read More
 TerraformAzureRBAC