Tag Archives: Azure Governance

Speaking at Scottish Summit 2021 about Azure Policy and Azure Security Center

I am pleased to have received an invitation to speak at the upcoming Scottish Summit 2021. The Scottish Summit was estabhlished in 2020. This year the conference is becoming an online-only conference and will be streamed on all social media channels. The conference itself is growing into a really big conference with many parallel tracks with different language. The main conference starts on Saturday 27/02/21 and there will be many sessions on Microsoft Cloud services (like Azure, M365 and so on).

Azure Governance is an important topic for any customer using cloud resources. In my session, I will show the power of Azure Policy and Azure Security Center to define guardrails for your Azure environment and bring it into a compliant and secure state. I will go live with my session at Saturday 27/02/21 starting 1PM. If you are interested in how Azure Policy and Azure Security Center work together and how these services are handled, please feel free to join my session and ask questions.

There are quite a few Microsoft Cloud sessions planned for the Conference. Go to the website, plan your agenda and grab your ticket. There’s also an App available for iOS and Android. I hope to see you there.

Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim

In the past Thomas Naunheim (Thomas Blog) and I have worked on several Cloud projects focusing on Azure Governance and Enterprise Scale. We decided to create a session together to integrate the best of both worlds and our experiences and recommendations from the field.

Our agenda:

  • Overview of Cloud Adoption Framework
  • Overview of Well-architecture Framework
  • Management of Compliance and Security Status
  • Azure Enterprise-Scale Landing Zone
  • Azure Ops: “Operationalize” Azure environment at scale

We are very happy to announce that our session was accepted by the Azure Saturday Hamburg Team on 20/02/2021. The Azure Saturday Hamburg is a full, free Azure conference day with lot of great sessions. The event will have two different tracks and the first speakers and sessions have been announced. Take a look at the agenda and sign up for this great conference across different sessions from the Azure Cosmos.

Continue reading Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim

Speaking with Thomas Naunheim at GermanyClouds Meetup about Azure Governance Best Practices

In the past Thomas Naunheim and I do a lot of architecture and designing prinicple for integrating Azure in company environments. We have the idea to create a Azure Governance Best Practices session in the last couple of months to give the community our insights and best practices for Starting/Integrating Azure environments. The goal is to give you insights, where you can find the best documentations to start with a Cloud journey and which technical Azure features help to bring and hold your environment in an compliant and secure state.

The session contains the following topics:

  • Cloud Adoption Framework
  • Well-architecture Framework
  • Insights about Azure Policies and Azure Security Center
  • Azure Enterprise Scale architecture
  • Azure Ops
  • Identity and Access Management

We are exited to hold the session at the GermanyClouds Meetup on november 26. Did you interested in this topics or you are in the beginning or implementig phase, join us. We will happy to see you there and get your questions.

The session will not been recorded.

Howto Setup and Monitor the Break Glass Account in your Tenant

In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:

  • the MFA service is down
  • we create a Conditinal Access that with a wrong rule set and lost sign-in access
  • we do not regulary update our control list and the admin account goes lost

For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:

  • only use a generic account
  • create a complex password with more than 16 characters
  • up to 256 characters possible – the limit of 16 character is removed
  • for compliance reason divide the password into two parts
  • save each part in a different location
  • create a security group that contains the break glass accounts
  • create two break glass accounts with no standard username like breakglass@ or emergency
  • use the Tenant name for the account
  • do not use a custom domain name
  • in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)

Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.

Continue reading Howto Setup and Monitor the Break Glass Account in your Tenant

Global Azure Virtual 2020 is close including two sessions from me

Time has changed, and the actual situation around the globe has shifted many personally events to virtual events. Global Azure (formerly known as Global Azure Bootcamp) has also transformed the personally meetings around the globe into purely virtual events. This has prompted many community organizers to make their events virtual. The Global Azure Team decided to make an own global virtual event around the globe with a dedicated call for speakers. This has led to the beautiful result that now several global azure events are taking place simultaneously. Some are organized by local organizers and one event is organized by the Global Azure Team. This results in three Azure days of Azure sessions (Thursday to Saturday) around the globe with an awesome agenda, where you can pick the sessions that suit you perfectly ­čÖé

Continue reading Global Azure Virtual 2020 is close including two sessions from me

How I pass the Azure Security Exam Az-500

In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.

Continue reading How I pass the Azure Security Exam Az-500

MSIgnite 2019 Azure News and Announcements Part 2

There are many new features and enhancements announced for Azure from the last Microsoft Ignite. I have written about many of them in the 1st part of this Article. This article will focus of the missed announcement in the first article.

Keep in mind our Meetup appointments in the next week in Thueringen and Cologne/Bonn.

Continue reading MSIgnite 2019 Azure News and Announcements Part 2

MSIgnite 2019 Azure News and Announcements Part 1

The Microsoft Ignite is running since Monday and in this blog post I will give you a short overview about the new announcement in the range of Azure services.

To each service you have a headline link to additional information on the Microsoft Azure blog article or the update site. Did you have any questions about this announcements, please do not hesitate to contact me.

Don┬┤t miss our MsIgnite Azure Recap Meetups in Thueringen and Bonn. Information about the Meetups at the end of the article.

Continue reading MSIgnite 2019 Azure News and Announcements Part 1

Azure Governance Slides zur SQLSatRheinland Session

Der Mai neigt sich langsam dem Ende und damit ein Monat voller Community Veranstaltungen. Vom Azure Global Bootcamp, zum Sharepoint und Azure Saturday, fand gestern der SQL Saturday statt. Dort durfte ich gleich zu Beginn eine Session zu Azure Governance halten.

SQL Sat Rheinland 856 Opening Keynote
SQL Sat Rheinland 856 Opening Keynote
Continue reading Azure Governance Slides zur SQLSatRheinland Session

Azure Management Groups und Blueprints – Ueberblick und Einrichtung – Teil 2

Im ersten Teil habe ich vorgestellt, warum ein Azure Governance Konzept sinnvoll ist, wie sich Management Groups als organisatorisches Mittel in Azure daf├╝r nutzen lassen und warum diese f├╝r Azure Blueprints als Vorraussetzung notwendig sind. Im 2. Teil werde ich nun zeigen, was Azure Blueprints sind, wie sich diese einrichten lassen und was beim erzeugen einer neuen Subscription passiert, wenn ein Azure Blueprint darauf angewandt wird.

Continue reading Azure Management Groups und Blueprints – Ueberblick und Einrichtung – Teil 2