The Azure Security Podcast  

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Yina Arenas   ( ) who is a Principal Group Program Manager in the Microsoft Graph Team.
In this episode we discuss recent Azure security news including TLS in IoT (again!), Log Analytics REST APIs, Azure Information Protection, Azure Monitor and Confidential Computing. We then talk to Yina about the vision behind Microsoft Graph and how it can be used to help build security and IT management solutions.

Links

• Episode 11 Recording  
• How to Protect Office 365 with Azure Sentinel
• Azure Time Series Insights now supports AAD groups
• IoT Hub TLS certificate update
• Azure IoT TLS: Changes are coming! (…and why you should care)
• Azure Synapse SQL on-demand now enforces TLS 1.2 on outbound connections
• Automatic VM guest patching is now in public preview
• Azure Monitor Logs – Log Analytics REST APIs general availability
• Azure API Management will retire 5 legacy metrics in Azure Monitor on 31 August 2023
• Azure Private Link Service is now generally available in China
• Azure Virtual Machines DCsv2-series are now available in Southeast Asia
• Microsoft Ignite
• graph.microsoft.com
• Graph Explorer
• “30 Days of Microsoft Graph”

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Tali Ash   ( ) who works in the Microsoft Threat Protection team in Israel.
In this episode we cover current Azure security news. Sarah talks about the recent New Zealand DDoS attacks. Michael talks about vulnerabilities in wolfSSL impacting Azure Sphere. Mark explains what he's been up to around Zero Trust and Gladys explains some Azure Bastion changes and Azure Sentinel Ninjas. We then talk to Tali about threat hunting with Microsoft Threat Protection.
On a sidenote, this podcast was recorded in two chunks owing to timezone issues and Michael used the wrong microphone during the intro and news. He thought he was using his flashy mic, but he accidently used a webcam mic instead! He will be more attentive from now on!

Links

• Episode 10 Recording   and transcript (raw)  
• New Zealand’s stock exchange halts trading for third day in a row
• Ingestion data isolation in Log Analytics
• Azure Sphere OS version 20.08 is now available
• Monitoring Key Vault with Azure Event Grid (preview)
• Azure Data Lake Storage Gen2 access control list recursive update in public preview
• Azure Policy Compliance Scan Action for GitHub Workflows is in public preview
• Zero Trust Architecture Core Principles
• Upcoming billing changes to Azure Bastion
• Become an Azure Sentinel Ninja: The complete level 400 training
• Azure Sentinel Ninja Training: The July 2020 update
• Microsoft Security Community
• Microsoft Security Community Webinars
• Advanced Hunting series - Episode 1: Tracking the Adversary Episode 1: KQL Fundamentals
• Advanced Hunting series - Episode 2: Tracking the Adversary Episode 2: Joins
• Advanced Hunting series - Episode 3: Summarizing, Pivoting, and Visualizing Data
• Advanced Hunting series - Episode 4: Let’s hunt! Applying KQL to incident tracking
• Free KQL Course on Pluralsight
• Microsoft 365 security center

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Maryam Rahmani   ( ) who works with the Microsoft Security Partner Development Team, helping partners secure public sector customers. 
In this episode we cover the latest Azure security news and Mark chats about the role of threat models and shared responsibility in Azure. Maryam then discusses the Cybersecurity Maturity Model Certification (CMMC) and the role it plays in protecting Dept. of Defense (DoD) contractors from cyber attacks.

Links

• Episode 9 Recording   and transcript (raw)  
• Mark's Top Cloud Security Challenges
• Securing privileged access
• Revocation of non-compliant Certificate Authorities potentially impacting customer’s Azure service(s)
• Azure Database for MySQL data encryption with a customer-managed key
• Line numbers in Log Analytics query editor (How did we ever live without this?)
• Log Analytics new System Center configuration blade
• Build resilient applications with Kubernetes on Azure
• Microsoft Intelligent Security Association expands to include managed security service providers
• Built-in vulnerability assessment for VMs in Azure Security Center
• How to organize your security team: The evolution of cybersecurity roles and responsibilities
• What is CMMC?
• Accelerating Cybersecurity Maturity Model Certification (CMMC) compliance on Azure
• Accelerating CMMC compliance for Microsoft cloud (in depth review)
• CMMC with Microsoft Azure: Access Control (1 of 10)
• Azure Government Blog
• SP 800-171B - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Randy Campbell  () a Principal Consultant at Microsoft with a long history working in networking on Azure.
In this episode we cover the latest Azure security news. Gladys discusses some IT training available from Microsoft to help people looking for IT positions in the wake of COVID-19 job-related issues. Michael then talks to Randy about the history of network isolation in Azure, as well as some DNS gotchas when using private endpoints.

If your job has been affected by COVID-19, or you know someone who has been affected, please go to the Microsoft JobSeeker link below.

Links

• Episode 8 recording   and transcript (draft)  
• Double Key Encryption for Microsoft 365
• Azure Active Directory Registration Service is ending support for TLS 1.0 and 1.1
• OpenID Connect support for Azure App Service and Azure Functions (in preview)
• Secure Azure Kubernetes Service (AKS) pods with Azure Policy
• AKS-managed Azure Active Directory support is now generally available
• Azure Monitor for Containers now supports recommended alerts
• Azure Security Center—News and updates for July 2020
• Jobseeker: Microsoft's "Learn Skill for In-Demand Jobs"
• Hub and spoke network topology
• What is Private Endpoint?
• Virtual Network service endpoints
• Virtual network service endpoint policies for Azure Storage
• IMPORTANT: Azure Private Endpoint DNS configuration

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Ryen Macababbad  () a Senior Security Architect Manager at Microsoft.
In this episode we cover the latest Azure security news, Gladys discusses some security research findings about weak security caused by companies rushing to deploy solutions for their remote workers and finally, Sarah interviews Ryen about topics relating to identity, multi-factor authentication, the human element of security, why running many security agents on a computer is bad, password-less authentication and much more.

Links

• Episode #7 Recording  
• BLOOPER: Not Michael's proudest moment!
• Azure Kubernetes Service (AKS) now supports confidential workloads through DCSv2 SKUs (private preview)
• Data breach reports down by one‑third in first half of 2020
• One Million Online Student Records Exposed by E-Learning Sites
• Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms
• The psychology of social engineering—the “soft” side of cybercrime
• Security & Compliance Certifications on Azure Database for PostgreSQL
• Microsoft Graph Service: Deprecating TLS 1.0 and 1.1 and preparing for TLS 1.2 in US Gov Cloud
• Azure Government Secret extends partner opportunity with marketplace program for ISVs
• More Private Link support Azure Automation, Azure Site Recovery, Azure SignalR Service
• Booting Windows 10 in about 12secs because of streamlined end-point protection
• How it works: Azure Multi-Factor Authentication

Michael Howard, Sarah Young and Gladys Rodriguez with guest Jay Yuzwenko () who focuses on cybersecurity in the Asia-Pacific region for Microsoft.
In this episode we cover the latest Azure security news and then Sarah dives right in and discusses incident response and compromise recovery with respect to Azure, hybrid and on-prem scenarios.

Links

• Episode #6 Recording  
• BLOOPER: Sarah has a new microphone with a mute button!
• Azure Cosmos DB transport layer security (TLS) 1.2 enforcement starts on July 29, 2020
• Migrate your Azure WebApp to a new MySQL Database to use built-in threat detection
• Azure Data Lake Storage immutable storage is now in preview
• Azure Monitor for Key Vault is now in preview
• Azure Firewall Manager is now generally available
• New Azure Firewall features in Q2 CY2020
• Announcing Microsoft Defender ATP for Android
• Microsoft Defender ATP for Linux is now generally available
• Security Community Webinars
• Securing privileged access
• Securing privileged access for hybrid and cloud deployments in Azure AD
• Active Directory administrative tier model
• How to mitigate rapid cyberattacks such as Petya and WannaCrypt

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest David Sanchez  ()
In this episode we speak to David Sanchez, an Azure Global Black Belt, about recent security issues raised by customers. Topics includes DDoS, scaling, network isolation, bots and crypto-miners.

Links

• Episode #5 Recording  
• Misconfigured Kubeflow workloads are a security risk
• Azure Sentinel Hackathon (Too late to enter, but public voting opens on July 8th)
• Web Application Firewall for Azure Front Door service logging enhancements
• Data encryption for Azure Database for PostgreSQL—single server
• Azure Monitor customer-managed key
• Microsoft acquires CyberX to accelerate and secure customers’ IoT deployments
• Public Preview for Azure Monitor for VMs on Arc Enabled Servers
• Private AKS clusters are now generally available in Azure Government
• Azure Monitor for Containers support for Azure Arc is in preview
• Azure Monitor for containers now supports log collection on AKS Windows node pools (in preview)
• Palo Alto Networks and WDATP ad-hoc integration
• Palo Alto Networks Integration with Azure Security Center
• Microsoft Information Protection showcases integrated partner solutions at Microsoft Ignite

Michael Howard, Sarah Young and Mark Simos with guests Thomas Weiss  ( ) and Tony Voellm ( )  from the CosmosDB Security team.
In this episode we speak to Thomas and Tony about CosmosDB security; we cover the basics of CosmosDB, encryption of data at rest, authentication, authorization, network isolation and monitoring. We also cover some near-term updates for client-side encryption and data-plane RBAC.

Links

• Episode #4 Recording  
• The Jacques Cousteau story
• Use system-assigned managed identities to access Azure Cosmos DB data
• Restrict user access to data operations only
• Configure customer-managed keys for your Azure Cosmos account with Azure Key Vault
• Configure Azure Private Link for an Azure Cosmos account
• Data modelling and partitioning in Azure Cosmos DB: What every relational database user needs to know
• IoT Hub Private Link
• Azure Custom Roles
• TLS 1.2 Minimum in Azure SQL DB, Azure Database for MariaDB, Azure Database for MySQL, Azure Database for PostgreSQL
• Azure Database for MySQL support for encryption at rest using customer-managed keys now in preview
• Key Vault bring your own key (BYOK)
• Azure HDInsight enterprise security enhancements
• Azure Log Analytics agent for Windows SHA-2 signing date has been extended
• Azure Monitor for VMs is now in preview in US Gov Virginia
• Azure Private Link for Azure Monitor is now available
• The Curious Case of the “Un-Enforced” Azure Key Vault RBAC Policy

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Yuri Diogenese.  ( )
In this episode Michael and Sarah chat about their experiences clearing the AZ-500 Azure Security Exam. Gladys talks more about Zero Trust, and Mark discusses his work on the Cloud Adoption Framework. Finally, Michael interviews Yuri Diogenes about some new Azure Security Center features announced at Microsoft Build.

Links

• Episode #3 Recording  
• C# Code for intro and outro voice using Azure Cognitive Services
• The Security Sentinel and Security Center meme Yuri and Sarah talked about at the 16min 45sec mark!
• ASC Alert Suppression
• ASC Secure Score
• Threat Protection in ASC
• Azure Security Center book
• Azure Security Center Training
• Exam AZ-500: Microsoft Azure Security Technologies
• Thoughts on Passing AZ-500
• Cloud Adoption Framework (CAF) - Getting Started
• CAF - Security Strategy
• CAF - Roles and Responsibilities
• Cross incident workspace views now in Preview in Sentinel
• Announcing Azure Front Door Rules Engine in preview

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Michael Withrow.
In this episode Sarah chats to Michael Withrow about in-depth container security on Azure.

Links

• Episode #2 Recording  
• Implementing a Zero Trust security model at Microsoft
• Zero Trust strategy—what good looks like
• Traditional perimeter-based network defense is obsolete—transform to a Zero Trust model
• Zero Trust: A new era of security
• Implementing Zero Trust with Microsoft Azure: Identity and Access Management (1/6)
• Protecting Cloud Workloads for Zero Trust with Azure Security Center (2/6)
• Monitoring Cloud Security for Zero Trust with Azure Sentinel (3/6)
• Enforcing Policy for Zero Trust with Azure Policy (4/6)
• Insider Threat Monitoring for Zero Trust with Microsoft Azure (5/6)
• Supply Chain Risk Management for Zero Trust with Microsoft Azure (6/6)
• Accelerating Cybersecurity Maturity Model Certification (CMMC) compliance on Azure
• Announcing the general availability of Windows Server containers and private clusters for Azure Kubernetes Service
• Cloud security functions
• Define a security strategy
• Get started: Implement security across the enterprise environment
• Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2
• Youth Code Jam

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos.
In this episode, we introduce the hosts and discuss Azure Security Center's ability to scan containers for malware as well as new Confidential Computing VMs that support Intel's SGX enclave technology.

Links

• Episode #1 Recording  
• Container Security in Azure Security Center
• Enable remote work faster with new Windows Virtual Desktop
• Azure Sentinel
• Protecting your Teams with Azure Sentinel
• Monitoring Zoom with Azure Sentinel
• Become an Azure Sentinel Ninja: The complete level 400 training
• DCsv2-series VM now generally available from Azure confidential computing
• Open Enclave SDK
• What's inside Microsoft security architecture recommendations?
• Microsoft Security documentation