I received a lot of queries if Trust Center is part of Microsoft Defender for Cloud. In this article you will find the answer and the reasoning behind it. The short answer is: Trust Center is NOT part of Microsoft Defender for Cloud. Why? Microsoft Defender for Cloud First let’s understand what Microsoft Defender for […]

Function Apps can bring a lot of functionality into your architecture yet most of the times Function Apps don’t work alone. They access other resources in Azure to read or write data, or push the workload to other compute solutions. But to do so – function apps would need some kind of credentials – for […]

Maintaining privacy and security compliance in your organization is a demanding task. One of the most important part is documentation of all the building blocks of your environment. And as a lot of the components are built and maintained by the organization itself – the public cloud is all about using resources offered by the […]

Microsoft treats compliance, security and privacy very seriously and where other big cloud providers may attract companies with faster networks or lower prices – there is no simpler way of keeping your environment compliant than going with Azure. The constant efforts of maintaining this level of compliance accessibility needs to be described and documented somewhere, […]

One of the encryption related Microsoft Defender for cloud recommendations is “Web Application should only be accessible over HTTPS”. HTTPS (in contrast to plain HTTP) is the current standard and it brings value to your security standpoint by encrypting web traffic. Also, serving all the content via HTTPS provides the “lock” icon next to the […]

The Defender’s recommendation of “FTPS should be required in web apps” is focused on security hardening of Web Apps. It is not about “how application is used” but more – “how is it deployed”. And even if you’re deploying your web application securely – following this recommendation will cut off the possibility of doing a […]

When Microsoft Defender for cloud finds a service which allows non-encrypted traffic – it creates a recommendation visible in the Defender for cloud, Security blade of the resource, or Azure Advisor. In this article you will learn how to act on recommendation “Function App should only be accessible over HTTPS”, fixing it both from Azure […]

You deployed your Function app, asked Defender for Cloud or Azure Advisor for some recommendations – and this recommendation “FIX: FTPS should be required in function apps” popped up on the top of the list? Don’t worry – this is a behavior which is there by default, and it takes just few clicks to correct. […]

Fixing recommendation “FTPS should be required in API apps” is one of the simplest recommendation to fix. Follow the step by step guide to enforce FTPS on your Azure Api App. 1) Go to your Api App in the Azure Portal and click the “Configuration” blade. 2) Proceed to “General settings” 3) Change the “FTPS […]