IP Restrictions on Azure App Service as expected behavior

A method to 100% shutdown the public endpoint of an App Service running in the public tenant is not provided.  However, you can create an ILB ASE (which is not a public tenant) or you can restrict the access using an IP Restriction.  Here is some information on the detailed feature for setting this up…


Protecting our users from the ESLint NPM package breach

On the 12th of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their .npmrc file compromised. This may include credentials required to access package feeds hosted in Visual Studio Team Services. …


The SQL Server Defensive Dozen Part 2 – SQL Server Encryption, Key Management, And Data-At-Rest Encryption

Introduction In order to properly secure and harden SQL Server, the use of encryption provides many benefits including safeguarding data, separation of duties, and satisfying regulatory needs such as the Secure Technical Implementation Guide (STIG) or General Data Protection Regulation (GDPR). Within SQL Server there are several types of encryption: Channel encryption (encrypting login/data packets…


If I am a VSTS Stakeholder, can I also be an Admin?

Today, we’re excited to announce that users with the Stakeholder access level can now be administrators in Visual Studio Team Services (VSTS). With these upcoming changes, Stakeholders can administer access levels, permissions, and settings – if they have been granted permissions to do so. Previously, they were only able to invite users and assign them…


Key Differences between VM and Container Vulnerability Scanning

As we explore the various options for integrating vulnerability scanning into containers running in Azure, we encountered many different approaches and requests. I was initially writing a document for internal discussions, outlining some of our internal goals for how we want to think about container security, and why we might take one approach or another….


Announcing General Availability and Sovereign Cloud Support of Managed Service Identity for App Service and Azure Functions

Securing access between resources is an important part of modern cloud architectures, and we want to make that as simple as possible in Azure. Managed Service Identity (MSI) lets you securely connect to AAD-protected resources without needing to manage or rotate any secrets. If you need to work with a service that doesn’t support AAD,…


ANNOUNCING: Application whitelisting with “AaronLocker”

Announcing the pre-release (v0.9) of “AaronLocker:” robust and practical application whitelisting for Windows. AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple…

3

Azure OpenConnect VPN

Linux script to setup OpenConnect VPN server on Azure with auto-renewing Let’s Encrypt certificate. Steps: 1. Create Ubuntu VM on Azure 2. Open firewall ports 80 and 443 3. Run script with server URL and email for Let’s Encrypt certificate Details: azure-openconnect-vpn