Azure Security – Get Practical

Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene

Are you running Azure subscriptions and want a quick, human-friendly overview of your governance, compute, storage, network and Key Vault hygiene?
The Azure Health Check PowerShell script gives you exactly that — scanning multiple subscriptions, flagging weak spots, and producing a clean interactive HTML report (with charts!).

Why this matters

Large and growing Azure estates can easily drift into insecure or unsupported configurations: unprotected VMs, public storage blobs, missing resource locks, orphaned disks, exposed network ports — all of which can lead to security, availability or compliance issues.

Yet manually auditing each subscription is time-consuming. That’s where automation helps. With this script, you get a multi-subscription health summary, scored, visualised and exportable — ideal for periodic reviews, customer readiness checks, or even compliance audits.

Continue reading “Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene”

Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)

Accidental deletion or modification of critical resources in Azure is more common than most teams would like to admit. And unlike on-prem environments, where layers of approvals or access barriers might slow someone down, Azure’s agility can sometimes be its own worst enemy — especially when production workloads are one click away from disappearing.

Enter: Azure Resource Locks — your environment’s seatbelt.

What Are Azure Resource Locks?

Azure Resource Locks are a built-in feature that allow you to restrict operations on resources, resource groups, or subscriptions. These locks act as a last line of defense — even if someone has Contributor or Owner permissions, a lock will block unwanted actions like deletion or configuration changes.

Continue reading “Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)”

Microsoft Announces Mandatory MFA for All Azure Users

Microsoft has recently announced a significant change that will impact all Azure users: the mandatory implementation of Multifactor Authentication (MFA). This update aims to enhance security across the Azure platform by requiring additional verification for users accessing various Azure services.

Official Announcement: Read Microsoft’s MFA Requirement for Azure Users

Understanding the Changes

This update will affect all users interacting with the Azure Portal, Azure CLI, Azure PowerShell Modules, and Terraform when deploying to Azure. This includes guest accounts, service accounts, and break glass accounts.

Continue reading “Microsoft Announces Mandatory MFA for All Azure Users”

Migrating Risk Policies to Conditional Access: A Strategic Guide for Enhanced Security

Azure AD Conditional Access Best Practices

As the digital security landscape continues to evolve, organizations utilizing Microsoft Azure are encouraged to migrate their Identity Protection risk policies to Conditional Access. With Microsoft’s announcement that legacy risk policies in Microsoft Entra ID Protection will be retired on October 1, 2026, now is the crucial time to plan and execute this transition. This guide not only walks you through the migration process but also incorporates Microsoft’s recommended practices for configuring risk policies to protect your organization effectively.

Understanding the Importance of Migration

The retirement of the old risk policies necessitates a shift to a more robust and integrated system. Conditional Access provides a more dynamic framework that allows for real-time assessments and adaptive responses to identity-based threats, making it a superior choice for managing security risks in Azure.

Preparing for Migration

Begin by auditing your existing risk policies in Microsoft Entra ID Protection. Identify which configurations are active and understand their implications to ensure that all critical aspects of your security setup are transitioned without loss of coverage.

Continue reading “Migrating Risk Policies to Conditional Access: A Strategic Guide for Enhanced Security”

Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines

Introduction

In the world of software development, Continuous Integration (CI) and Continuous Deployment (CD) practices are crucial for automating the testing and deployment of code. Azure DevOps provides a powerful platform for implementing CI/CD pipelines. While Azure DevOps offers hosted agents for running pipelines, there are scenarios where you might need to deploy your own agents in Azure. These scenarios can range from requiring a specific environment setup to needing to run pipelines on-premises or in a private network. This blog post guides you through the process of deploying your own agents in Azure to work with Azure DevOps CI/CD pipelines.

Why Deploy Your Own Agents?

Customization: You can customize your agents to have any software and configuration you need.
Performance: You can choose the size and performance characteristics of the VMs that host your agents.
Control: You have more control over the environment and can implement stricter security measures.

Continue reading “Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines”