Tag Archives: Azure Governance

Speaking with Thomas Naunheim at GermanyClouds Meetup about Azure Governance Best Practices

In the past Thomas Naunheim and I do a lot of architecture and designing prinicple for integrating Azure in company environments. We have the idea to create a Azure Governance Best Practices session in the last couple of months to give the community our insights and best practices for Starting/Integrating Azure environments. The goal is to give you insights, where you can find the best documentations to start with a Cloud journey and which technical Azure features help to bring and hold your environment in an compliant and secure state.

The session contains the following topics:

  • Cloud Adoption Framework
  • Well-architecture Framework
  • Insights about Azure Policies and Azure Security Center
  • Azure Enterprise Scale architecture
  • Azure Ops
  • Identity and Access Management

We are exited to hold the session at the GermanyClouds Meetup on november 26. Did you interested in this topics or you are in the beginning or implementig phase, join us. We will happy to see you there and get your questions.

The session will not been recorded.

Howto Setup and Monitor the Break Glass Account in your Tenant

In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:

  • the MFA service is down
  • we create a Conditinal Access that with a wrong rule set and lost sign-in access
  • we do not regulary update our control list and the admin account goes lost

For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:

  • only use a generic account
  • create a complex password with more than 16 characters
  • up to 256 characters possible – the limit of 16 character is removed
  • for compliance reason divide the password into two parts
  • save each part in a different location
  • create a security group that contains the break glass accounts
  • create two break glass accounts with no standard username like breakglass@ or emergency
  • use the Tenant name for the account
  • do not use a custom domain name
  • in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)

Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.

Continue reading Howto Setup and Monitor the Break Glass Account in your Tenant

Global Azure Virtual 2020 is close including two sessions from me

Time has changed, and the actual situation around the globe has shifted many personally events to virtual events. Global Azure (formerly known as Global Azure Bootcamp) has also transformed the personally meetings around the globe into purely virtual events. This has prompted many community organizers to make their events virtual. The Global Azure Team decided to make an own global virtual event around the globe with a dedicated call for speakers. This has led to the beautiful result that now several global azure events are taking place simultaneously. Some are organized by local organizers and one event is organized by the Global Azure Team. This results in three Azure days of Azure sessions (Thursday to Saturday) around the globe with an awesome agenda, where you can pick the sessions that suit you perfectly ­čÖé

Continue reading Global Azure Virtual 2020 is close including two sessions from me

How I pass the Azure Security Exam Az-500

In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.

Continue reading How I pass the Azure Security Exam Az-500

MSIgnite 2019 Azure News and Announcements Part 2

There are many new features and enhancements announced for Azure from the last Microsoft Ignite. I have written about many of them in the 1st part of this Article. This article will focus of the missed announcement in the first article.

Keep in mind our Meetup appointments in the next week in Thueringen and Cologne/Bonn.

Continue reading MSIgnite 2019 Azure News and Announcements Part 2

MSIgnite 2019 Azure News and Announcements Part 1

The Microsoft Ignite is running since Monday and in this blog post I will give you a short overview about the new announcement in the range of Azure services.

To each service you have a headline link to additional information on the Microsoft Azure blog article or the update site. Did you have any questions about this announcements, please do not hesitate to contact me.

Don┬┤t miss our MsIgnite Azure Recap Meetups in Thueringen and Bonn. Information about the Meetups at the end of the article.

Continue reading MSIgnite 2019 Azure News and Announcements Part 1

Azure Governance Slides zur SQLSatRheinland Session

Der Mai neigt sich langsam dem Ende und damit ein Monat voller Community Veranstaltungen. Vom Azure Global Bootcamp, zum Sharepoint und Azure Saturday, fand gestern der SQL Saturday statt. Dort durfte ich gleich zu Beginn eine Session zu Azure Governance halten.

SQL Sat Rheinland 856 Opening Keynote
SQL Sat Rheinland 856 Opening Keynote
Continue reading Azure Governance Slides zur SQLSatRheinland Session

Azure Management Groups und Blueprints – Ueberblick und Einrichtung – Teil 2

Im ersten Teil habe ich vorgestellt, warum ein Azure Governance Konzept sinnvoll ist, wie sich Management Groups als organisatorisches Mittel in Azure daf├╝r nutzen lassen und warum diese f├╝r Azure Blueprints als Vorraussetzung notwendig sind. Im 2. Teil werde ich nun zeigen, was Azure Blueprints sind, wie sich diese einrichten lassen und was beim erzeugen einer neuen Subscription passiert, wenn ein Azure Blueprint darauf angewandt wird.

Continue reading Azure Management Groups und Blueprints – Ueberblick und Einrichtung – Teil 2

Azure Management Groups und Blueprints – ├ťberblick und Einrichtung – Teil 1

Der Weg in die Cloud ist eigentlich simpel, ein Konto im Azure Portal angelegt, die Kreditkartendaten hinterlegt und schon k├Ânnen alle verf├╝gbaren Azure Ressourcen ausgerollt werden. Dies mag f├╝r Testumgebungen durchaus ein m├Âglicher (wenn auch nicht empfohlener) weg sein. F├╝r Produktiv Workloads, unabh├Ąngig ob Cloud only oder Hybrid-Szenario, sind Regeln erforderlich und sinnvoll. Um die Umgebung zu Strukturieren, um Kostenexplosionen zu vermeiden und um die Umgebung abzusichern.

Solche Richtlinien und Regeln lassen sich mit einem Governance Konzept erstellen und festlegen. So k├Ânnen bereits simple Fragen, wie ein zentrales Namensschema f├╝r Azure Services, das Design der Netzwerke oder die maximal erlaubten VM-Gr├Â├čen, gekl├Ąrt werden. Ein Governance Konzept ist f├╝r den gesamten Tenant gedacht und damit Subscriptions ├╝bergreifend g├╝ltig. Die Subscriptions wiederrum eignen sich um unterschiedliche Kostenstellen zu erfassen oder Projektgrenzen zu definieren.

Bisher war es nicht einfach m├Âglich, zentrale Einstellungen f├╝r neue Subscriptions vorzugeben. Dies hat sich mit der Einf├╝hrung von Azure Blueprints ge├Ąndert. Mit Azure Blueprints lassen sich zentrale Einstellungen vorgeben, die beim Rollout einer neuen Subscription auf diese angewandt werden. Um Azure Blueprints einsetzen zu k├Ânnen sind Management Groups notwendig. Management Groups geben die M├Âglichkeit den Azure Tenant aus Organisatorischer Sicht zu strukturieren.

Dieser zweiteilige Beitrag wird zun├Ąchst die notwendigen Management Groups als Voraussetzungen von Azure Blueprints erl├Ąutern und anschlie├čend die M├Âglichkeiten von Azure Blueprints und deren Rollout vorstellen.

Continue reading Azure Management Groups und Blueprints – ├ťberblick und Einrichtung – Teil 1

#Azure #MSIgnite News 2018 Teil 1

Gestern um 15 Uhr (MEZ) fand die Keynote der #MSIgnite in Orlando statt. Anschlie├čend folgten einige Sessions und Ank├╝ndigungen zu Neuerungen in Azure, einige wurden im Vorfeld bereits erwartet andere waren ├╝berraschend. In diesem Beitrag werde ich euch einen kurzen ├ťberblick ├╝ber einige Neuigkeiten des 1. Tages vermitteln.┬á

Die ├ťberschriften sind mit Links zum jeweiligen Artikel versehen, damit ihr schnell und einfach zum Originalartikel gelangt.┬á

Continue reading #Azure #MSIgnite News 2018 Teil 1