I am pleased to have received an invitation to speak at the upcoming Scottish Summit 2021. The Scottish Summit was estabhlished in 2020. This year the conference is becoming an online-only conference and will be streamed on all social media channels. The conference itself is growing into a really big conference with many parallel tracks with different language. The main conference starts on Saturday 27/02/21 and there will be many sessions on Microsoft Cloud services (like Azure, M365 and so on).
Azure Governance is an important topic for any customer using cloud resources. In my session, I will show the power of Azure Policy and Azure Security Center to define guardrails for your Azure environment and bring it into a compliant and secure state. I will go live with my session at Saturday 27/02/21 starting 1PM. If you are interested in how Azure Policy and Azure Security Center work together and how these services are handled, please feel free to join my session and ask questions.
In the past Thomas Naunheim (Thomas Blog) and I have worked on several Cloud projects focusing on Azure Governance and Enterprise Scale. We decided to create a session together to integrate the best of both worlds and our experiences and recommendations from the field.
Overview of Cloud Adoption Framework
Overview of Well-architecture Framework
Management of Compliance and Security Status
Azure Enterprise-Scale Landing Zone
Azure Ops: “Operationalize” Azure environment at scale
We are very happy to announce that our session was accepted by the Azure Saturday Hamburg Team on 20/02/2021. The Azure Saturday Hamburg is a full, free Azure conference day with lot of great sessions. The event will have two different tracks and the first speakers and sessions have been announced. Take a look at the agenda and sign up for this great conference across different sessions from the Azure Cosmos.
In the past Thomas Naunheim and I do a lot of architecture and designing prinicple for integrating Azure in company environments. We have the idea to create a Azure Governance Best Practices session in the last couple of months to give the community our insights and best practices for Starting/Integrating Azure environments. The goal is to give you insights, where you can find the best documentations to start with a Cloud journey and which technical Azure features help to bring and hold your environment in an compliant and secure state.
The session contains the following topics:
Cloud Adoption Framework
Insights about Azure Policies and Azure Security Center
Azure Enterprise Scale architecture
Identity and Access Management
We are exited to hold the session at the GermanyClouds Meetup on november 26. Did you interested in this topics or you are in the beginning or implementig phase, join us. We will happy to see you there and get your questions.
I´ve updated the article because the actual sign-in query only logs all login attempts of the break glass account (successfully, unsuccessfully, etc.) . I added the different IDs so that you can setup the alert mail based on a indivudal filter. Thank you goes out to Eric Soldierer for this note. I also updated some changed services that had left their preview status.
In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:
the MFA service is down
we create a Conditinal Access that with a wrong rule set and lost sign-in access
we do not regulary update our control list and the admin account goes lost
For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:
only use a generic account
create a complex password with more than 16 characters
for compliance reason divide the password into two parts
save each part in a different location
create a security group that contains the break glass accounts
create two break glass accounts with no standard username like breakglass@ or emergency
use the Tenant name for the account
do not use a custom domain name
in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)
Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.
Time has changed, and the actual situation around the globe has shifted many personally events to virtual events. Global Azure (formerly known as Global Azure Bootcamp) has also transformed the personally meetings around the globe into purely virtual events. This has prompted many community organizers to make their events virtual. The Global Azure Team decided to make an own global virtual event around the globe with a dedicated call for speakers. This has led to the beautiful result that now several global azure events are taking place simultaneously. Some are organized by local organizers and one event is organized by the Global Azure Team. This results in three Azure days of Azure sessions (Thursday to Saturday) around the globe with an awesome agenda, where you can pick the sessions that suit you perfectly 🙂
In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.
There are many new features and enhancements announced for Azure from the last Microsoft Ignite. I have written about many of them in the 1st part of this Article. This article will focus of the missed announcement in the first article.
Keep in mind our Meetup appointments in the next week in Thueringen and Cologne/Bonn.
The Microsoft Ignite is running since Monday and in this blog post I will give you a short overview about the new announcement in the range of Azure services.
To each service you have a headline link to additional information on the Microsoft Azure blog article or the update site. Did you have any questions about this announcements, please do not hesitate to contact me.
Don´t miss our MsIgnite Azure Recap Meetups in Thueringen and Bonn. Information about the Meetups at the end of the article.
Der Mai neigt sich langsam dem Ende und damit ein Monat voller Community Veranstaltungen. Vom Azure Global Bootcamp, zum Sharepoint und Azure Saturday, fand gestern der SQL Saturday statt. Dort durfte ich gleich zu Beginn eine Session zu Azure Governance halten.
Im ersten Teil habe ich vorgestellt, warum ein Azure Governance Konzept sinnvoll ist, wie sich Management Groups als organisatorisches Mittel in Azure dafür nutzen lassen und warum diese für Azure Blueprints als Vorraussetzung notwendig sind. Im 2. Teil werde ich nun zeigen, was Azure Blueprints sind, wie sich diese einrichten lassen und was beim erzeugen einer neuen Subscription passiert, wenn ein Azure Blueprint darauf angewandt wird.