Azure Bastion On-demand

Azure Bastion is a fantastic service for securely accessing virtual machines deployed in Azure, relying on the capabilites of Azure AD and the Azure portal like Multi-Factor Authentication. In terms of cost, it isn't prohibitive for an organization that needs such a capability. However, when you're working in a significantly constrained subscription for the purposes … Continue reading Azure Bastion On-demand


Emergency Access Account Use Alerting in Azure Active Directory

When implementing broader security controls in Azure Active Directory, it is a best practice to create an “emergency access” or “break the glass” account that is not subjected to those controls. The purpose of this account is to use for remediating issues with those controls. If Azure MFA is broken, for instance, a privileged account … Continue reading Emergency Access Account Use Alerting in Azure Active Directory

Pester for Infrastructure Validation

I have been using Pester and integrated it with my dxExchange.WebServices module following HDD/TDD practices. I have wanted to start incorporating Pester testing into cloud configuration validation and management for some time, but never really got around to it. A couple of weeks ago, I participated in a Network DevOps course facilitated by Nick Russo … Continue reading Pester for Infrastructure Validation

The Time for MFA is NOW

During Microsoft Ignite 2017, Microsoft was promoting the #DeathToPasswords hash tag rather aggressively and socializing the problems that exist with passwords. Many of the highlights focus on the ineffectiveness of passwords, policies, and updated guidelines from NIST. One very interesting session involved a demo showing a Password Spray tool. Password Spraying is a nuanced means … Continue reading The Time for MFA is NOW