Yesterday Thomas and I was really honored to be invited to the Azure APE XXL event in Appeldorn, Netherlands.
Tag Archives: Azure Governance
Guest on Geeksprech Podcast about FinOps and/or Azure Cost Management (Governance)
In 2023 I was at some conferences where I held a session about Azure Cost Management and I´ve discussed this topic also a couple of times with my best buddy Eric Berg.
He invited me to his podcast Geeksprech where we talked and discuss what FinOps is and why in some cases it`s the same as cloud governance and cost management without the melodious and modern name 🙂
Continue reading Guest on Geeksprech Podcast about FinOps and/or Azure Cost Management (Governance)My favorite Microsoft Ignite 2022 Fall Highlights
After the pandemic beguns Microsoft switched the both big conference Microsoft Build and Microsoft Ignite to virtual only events. The Ignite was two times a year in 2020 and 2021. For 2022 it was long time not clear will it go back to an in-person event or still stay as a virtual event.
The Microsoft Ignite 2022 has start 2 hours ago as an hybrid event delivered from Seattle with 6 Spotlight events around the globe and delivered as before virtually. I’m a little disappointed because a lot of the content is pre-recorded and even great speakers like Donovan Brown don’t hold their sessions live in Seattle but are only shown there virtually as well.
In this article I will share the important announcements from my perspective from the Microsoft Ignite 2022. Most of you know me as an Azure Governance, (Hybrid) Infrastructure and Security guy, so please forgive me for focusing on these things.
Continue reading My favorite Microsoft Ignite 2022 Fall HighlightsSpeaking at Scottish Summit 2021 about Azure Policy and Azure Security Center
I am pleased to have received an invitation to speak at the upcoming Scottish Summit 2021. The Scottish Summit was estabhlished in 2020. This year the conference is becoming an online-only conference and will be streamed on all social media channels. The conference itself is growing into a really big conference with many parallel tracks with different language. The main conference starts on Saturday 27/02/21 and there will be many sessions on Microsoft Cloud services (like Azure, M365 and so on).
Azure Governance is an important topic for any customer using cloud resources. In my session, I will show the power of Azure Policy and Azure Security Center to define guardrails for your Azure environment and bring it into a compliant and secure state. I will go live with my session at Saturday 27/02/21 starting 1PM. If you are interested in how Azure Policy and Azure Security Center work together and how these services are handled, please feel free to join my session and ask questions.
There are quite a few Microsoft Cloud sessions planned for the Conference. Go to the website, plan your agenda and grab your ticket. There’s also an App available for iOS and Android. I hope to see you there.
Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim
In the past Thomas Naunheim (Thomas Blog) and I have worked on several Cloud projects focusing on Azure Governance and Enterprise Scale. We decided to create a session together to integrate the best of both worlds and our experiences and recommendations from the field.
Our agenda:
- Overview of Cloud Adoption Framework
- Overview of Well-architecture Framework
- Management of Compliance and Security Status
- Azure Enterprise-Scale Landing Zone
- Azure Ops: “Operationalize” Azure environment at scale
We are very happy to announce that our session was accepted by the Azure Saturday Hamburg Team on 20/02/2021. The Azure Saturday Hamburg is a full, free Azure conference day with lot of great sessions. The event will have two different tracks and the first speakers and sessions have been announced. Take a look at the agenda and sign up for this great conference across different sessions from the Azure Cosmos.
Continue reading Speaking at Azure Saturday Hamburg 2021 together with Thomas NaunheimSpeaking with Thomas Naunheim at GermanyClouds Meetup about Azure Governance Best Practices
In the past Thomas Naunheim and I do a lot of architecture and designing prinicple for integrating Azure in company environments. We have the idea to create a Azure Governance Best Practices session in the last couple of months to give the community our insights and best practices for Starting/Integrating Azure environments. The goal is to give you insights, where you can find the best documentations to start with a Cloud journey and which technical Azure features help to bring and hold your environment in an compliant and secure state.
The session contains the following topics:
- Cloud Adoption Framework
- Well-architecture Framework
- Insights about Azure Policies and Azure Security Center
- Azure Enterprise Scale architecture
- Azure Ops
- Identity and Access Management
We are exited to hold the session at the GermanyClouds Meetup on november 26. Did you interested in this topics or you are in the beginning or implementig phase, join us. We will happy to see you there and get your questions.
The session will not been recorded.
Howto setup and monitor Break Glass Accounts in your Tenant
09/07/2024 – Update 2
Microsoft enforce since 1st of July 2024 the need for Multifactor Authentication if a account access the Azure Portal. This also affects Break Glass accounts when the will use to access the Azure Portal. To reflect this new requirements classic Breakglass Accounts which only have a password enabled for login will won`t work after the rollout.
Microsoft recommend to use FIDO2 or certificate based authentication for these accounts. I`ve updated the article to enable FIDO2 for Breakglass accounts.
19/01/2022 – Update 1
I´ve updated the article because the actual sign-in query only logs all login attempts of the break glass account (successfully, unsuccessfully, etc.) . I added the different IDs so that you can setup the alert mail based on a indivudal filter. Thank you goes out to Eric Soldierer for this note. I also updated some changed services that had left their preview status.
In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:
- the MFA service is down
- we create a Conditinal Access that with a wrong rule set and lost sign-in access
- we do not regulary update our control list and the admin account goes lost
For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:
- only use a generic account
- create a complex password with more than 16 characters
- use a seperate FIDO2 key for every breakglass account
- up to 256 characters possible – the limit of 16 character is removed
- for compliance reason divide the password into two parts
- save each part in a different location
- create a security group that contains the break glass accounts
- create two break glass accounts with no standard username like breakglass@ or emergency
- use the Tenant name for the account
- do not use a custom domain name
in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)
Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. The use of a generic name can be a risk and the usage of this account most be transparenet for every tenant admin. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.
Global Azure Virtual 2020 is close including two sessions from me
Time has changed, and the actual situation around the globe has shifted many personally events to virtual events. Global Azure (formerly known as Global Azure Bootcamp) has also transformed the personally meetings around the globe into purely virtual events. This has prompted many community organizers to make their events virtual. The Global Azure Team decided to make an own global virtual event around the globe with a dedicated call for speakers. This has led to the beautiful result that now several global azure events are taking place simultaneously. Some are organized by local organizers and one event is organized by the Global Azure Team. This results in three Azure days of Azure sessions (Thursday to Saturday) around the globe with an awesome agenda, where you can pick the sessions that suit you perfectly 🙂
Continue reading Global Azure Virtual 2020 is close including two sessions from meHow I pass the Azure Security Exam Az-500
In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.
Continue reading How I pass the Azure Security Exam Az-500MSIgnite 2019 Azure News and Announcements Part 2
There are many new features and enhancements announced for Azure from the last Microsoft Ignite. I have written about many of them in the 1st part of this Article. This article will focus of the missed announcement in the first article.
Keep in mind our Meetup appointments in the next week in Thueringen and Cologne/Bonn.
Continue reading MSIgnite 2019 Azure News and Announcements Part 2