When using PaaS services in a hub-and-spoke architecture a best-practice approach is to use Private Endpoints for accessing those services. This allows us to ensure that these services are only available internally in the Azure VNET and not publicly available. For instance, with this example below. Where we have a private endpoint to a storage …
Private Endpoints – SNAT – UDR and Azure Firewall Read More »
Last week I got contacted by a customer who was a bit stressed because someone had tampered with their environment in Azure, and they had no idea who it was and what they have been doing. Before I begin going through the details, it should be noted that in this environment I had little monitoring …
The curious case of Azure Managed Identity and a compromised virtual machine Read More »
I was working on a customer project recently where we started to investigate Azure Container Apps which is a new service that is currently in preview from Microsoft. The feature provides developers with a way to deliver containerized applications without the complexity of Kubernetes in an Azure-based environment. To summarize in a nutshell what Azure …
One of the great things with Terraform is the wealth of support for different providers and platforms. For instance, you have support for the major cloud providers, SaaS services like Cloudflare, and virtualization layers such as VMware. So, when I’m setting up a Kubernetes environment on a cloud provider such as with Azure, I can …
Deployment of Kubernetes, Helm and YAML files using Terraform Read More »
A while back a customer of ours got targeted with a phishing attack that came through Microsoft Teams. What happened was that the attackers created a new O365 organization and named the users in their tenant like the people working in the IT department in the customer organization. By default, Microsoft Teams has a federation …
Phishing attacks in Microsoft Teams and external federation Read More »
This is a summary blog post on a presentation that I hosted on the Microsoft Security User Group Norway a few weeks back (You can view the presentation here –> community/MSUGC-securing-virtual-machines-english.pptx at main · msandbu/community (github.com)) There are many security features within Microsoft Azure when it comes to securing virtual infrastructure. 1: Encrypting data and VM …
Securing Virtual Machine Infrastructure in Microsoft Azure Read More »
A couple of weeks ago, Microsoft introduced a new preview feature for AVD called ShortPath for Public Networks. This allows us to get UDP-based connections to our AVD machines instead of the traditional Reverse TCP-based connections. NOTE: This feature is still in preview This of course improves our end-user experience since we can push more content without needing to …
Azure Virtual Desktop and ShortPath for Public Networks Read More »
One of the things I’ve been working a lot with the latest 6 months are projects related to cloud-native and delivered Container-based workloads. One of the things I find fascinating about this is the surrounding cloud-native ecosystem. As a kid, I (was one of the few…) that subscribed to computer magazines, and one of the things I …
With more governmental requirements enforcing requirements that public-facing services need to support IPv6 a lot of customers that have started their cloud journey might be having some issues with adopting IPv6 on all their services. Especially with Microsoft Azure, not all services support IPv6 natively, therefore, I wanted to write this post to give an …
Last week, a hacker group called LAPSUS had able to gain access to NVIDIA and was able to collect a large amount of data from the internal fileservers, including code signing certificates. Now this week they also claim that they have hacked Samsung, and are providing a lot of claims/proof on what kind of data …
