For on-site deployments the whole responsibility of over hardware, infrastructure, operating system runtime and the application is all on the shoulders of the owning organization. When organization decides to make use of IaaS model, which is “Infrastructure as as Service” – the responsibility over hardware and infrastructure is transferred from the organization to the service […]
Azure
Trust Center is part of Microsoft Defender for Cloud? Question & Answer
I received a lot of queries if Trust Center is part of Microsoft Defender for Cloud. In this article you will find the answer and the reasoning behind it. The short answer is: Trust Center is NOT part of Microsoft Defender for Cloud. Why? Microsoft Defender for Cloud First let’s understand what Microsoft Defender for […]
KQL – Kusto Query Language in Log Analytics Tutorial
KQL, or “Kusto Query Language” is used to process queries in large datasets all across Azure. You can set up your own Azure Data Explorer cluster and use KQL there, but in this article we will focus on using it in querying and analyzing logs in Log Analytics Workspace. Creating Log Analytics workspace for future […]
FIX: Managed Identity should be used in Function Apps
Function Apps can bring a lot of functionality into your architecture yet most of the times Function Apps don’t work alone. They access other resources in Azure to read or write data, or push the workload to other compute solutions. But to do so – function apps would need some kind of credentials – for […]
Azure Compliance Documentation of Compliance Offerings
Maintaining privacy and security compliance in your organization is a demanding task. One of the most important part is documentation of all the building blocks of your environment. And as a lot of the components are built and maintained by the organization itself – the public cloud is all about using resources offered by the […]
Azure Trust Center – Microsoft Centre of trust
Microsoft treats compliance, security and privacy very seriously and where other big cloud providers may attract companies with faster networks or lower prices – there is no simpler way of keeping your environment compliant than going with Azure. The constant efforts of maintaining this level of compliance accessibility needs to be described and documented somewhere, […]
FIX: Unable to locate package azure-functions-core-tools-4
You can encounter error “Unable to locate package azure-functions-core-tools-4” while trying to install azure functions for local development of Azure Functions on your linux machine. It appears during following the official installation guide from Microsoft. Root cause of “Unable to locate package azure-functions-core-4” The reason for this error is below line of code from Azure […]
Microsoft Defender for Cloud Recommendations – Implementation instructions
FIX: Web Application should only be accessible over HTTPS
One of the encryption related Microsoft Defender for cloud recommendations is “Web Application should only be accessible over HTTPS”. HTTPS (in contrast to plain HTTP) is the current standard and it brings value to your security standpoint by encrypting web traffic. Also, serving all the content via HTTPS provides the “lock” icon next to the […]
FIX: FTPS should be required in web apps
The Defender’s recommendation of “FTPS should be required in web apps” is focused on security hardening of Web Apps. It is not about “how application is used” but more – “how is it deployed”. And even if you’re deploying your web application securely – following this recommendation will cut off the possibility of doing a […]