Azure Security – Get Practical

Migrating Risk Policies to Conditional Access: A Strategic Guide for Enhanced Security

Azure AD Conditional Access Best Practices

As the digital security landscape continues to evolve, organizations utilizing Microsoft Azure are encouraged to migrate their Identity Protection risk policies to Conditional Access. With Microsoft’s announcement that legacy risk policies in Microsoft Entra ID Protection will be retired on October 1, 2026, now is the crucial time to plan and execute this transition. This guide not only walks you through the migration process but also incorporates Microsoft’s recommended practices for configuring risk policies to protect your organization effectively.

Understanding the Importance of Migration

The retirement of the old risk policies necessitates a shift to a more robust and integrated system. Conditional Access provides a more dynamic framework that allows for real-time assessments and adaptive responses to identity-based threats, making it a superior choice for managing security risks in Azure.

Preparing for Migration

Begin by auditing your existing risk policies in Microsoft Entra ID Protection. Identify which configurations are active and understand their implications to ensure that all critical aspects of your security setup are transitioned without loss of coverage.

Continue reading “Migrating Risk Policies to Conditional Access: A Strategic Guide for Enhanced Security”

Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines

Introduction

In the world of software development, Continuous Integration (CI) and Continuous Deployment (CD) practices are crucial for automating the testing and deployment of code. Azure DevOps provides a powerful platform for implementing CI/CD pipelines. While Azure DevOps offers hosted agents for running pipelines, there are scenarios where you might need to deploy your own agents in Azure. These scenarios can range from requiring a specific environment setup to needing to run pipelines on-premises or in a private network. This blog post guides you through the process of deploying your own agents in Azure to work with Azure DevOps CI/CD pipelines.

Why Deploy Your Own Agents?

Customization: You can customize your agents to have any software and configuration you need.
Performance: You can choose the size and performance characteristics of the VMs that host your agents.
Control: You have more control over the environment and can implement stricter security measures.

Continue reading “Deploying Your Own Agents (VMs) in Azure for Azure DevOps CI/CD Pipelines”

Automating Device Wipe in Microsoft 365 with PowerShell and Azure

In today’s digitally connected world, organizations often need to manage and secure their devices efficiently. This includes the ability to remotely wipe devices in case they are lost or stolen. Microsoft 365 offers powerful tools for device management and security, and with PowerShell and Azure, you can automate the process of wiping devices when needed.

In this blog post, we will walk you through a PowerShell script that utilizes Azure and Microsoft Graph API to search for a user and remotely wipe their devices if necessary. We will also include some Azure screenshots to help you visualize the process.

Prerequisites

Before we begin, make sure you have the following prerequisites in place:

Azure AD App Registration: You will need to register an Azure AD App and obtain the AppID and AppSecret for authentication.

Microsoft 365 Tenant: You should have access to a Microsoft 365 tenant, and you’ll need to know the tenant ID (e.g., $Tenant = “YourTenantName”).

Microsoft Graph API: Make sure you have permissions to use the Microsoft Graph API and can authenticate with the provided App ID and App Secret.

Continue reading “Automating Device Wipe in Microsoft 365 with PowerShell and Azure”

Creating a Self-Signed Certificates for Azure

When it comes to configuring applications or services that require SSL/TLS communication, having a self-signed certificate for testing or development purposes becomes almost indispensable. This is even more relevant when you’re dealing with services on Azure, where security is paramount.

Today, I’ll walk you through a PowerShell script that not only creates a self-signed certificate but also exports it in both .pfx and .cer formats.
Setting the Scene

Let’s start by defining some custom variables:

$friendlyName = “Azure SelfSigned Cert Name”
$subjectName = “CertificateName”
$certStorePath = “cert:\LocalMachine\My”
$exportPath = “C:\Temp\”
$passwordPlainText = “YourPasswordHere”

Here, $friendlyName is a descriptor for your certificate. $subjectName will serve as the Common Name (CN) for the certificate, and $certStorePath specifies the certificate store location in your system. Finally, $exportPath indicates where you want to save your certificate, and $passwordPlainText will be the password for your .pfx file.

Continue reading “Creating a Self-Signed Certificates for Azure”