Note: My Microsoft Cybersecurity Architect MindMap covers already a lot of topics mentioned here: SC-100 MindMap Collection

This MindMap is based on the MS Learning path: AZ-500

I did a little Microsoft Entra Private Access Test setup.
My goal was to test access to some private Resources hosted on Azure Virtual Machines with Microsoft Entra Private Access instead of VPN.

Overview

The test setup is illustrated below:

I have one Virtual Machine (VM) with a Windows File Share that I wish to access from my endpoint and I also want to be able to access this VM via RDP.
Additionaly in another Spoke VNET I have a simple Web Server which I also would like to access via Private Access.

Based on Mark’s List of cybersecurity Resources, I created the following Mind Map:

MindMap with Top 10 Active Directory Attack methods and How to Protect against them:

MindMap for the Book
Factfulness: Ten Reasons We’re Wrong About The World - And Why Things Are Better Than You Think - by Hans Rosling

Azure AD App registration

Recently I had some talks with developers which made me to realize that I didn’t fully understand how App Registrations are working. I was aware that we are registering an app and allowing the app certain permissions but in detail I didn’t understand it.

Why Azure AD App registration?

Basically for every app where you want to use the Microsoft Identity Platform, you need to register your app. So you want to login into a certain webapp with your Microsoft Account? This app needs to be registered in Azure AD. After you logged in into your application, this app maybe also need some data of your Microsoft Account and you maybe need to grant perrmissions.