The Azure Security Podcast  

In this episode Michael, Sarah, Gladys and Mark talk with guest Chuck Enstall   ( ) about common security questions he's hearing from Azure customers and we delve into some practices around Azure Active Directory, Tenant and subscription level management and isolation. We also discuss Azure Security news for the following services: GitHub, Code QL, Storage, Iot Hub, SQL Server and Synapse, Event Grid, Media Services, Azure Communications Server, Redis, Key Vault, Azure Active Directory, App Service and Express Route as well as an update on PCI DSS certification and a beta of the SC-200 exam, "Microsoft Security Operations Analyst (beta)".

Links

• Episode 25 Recording   and transcript (draft)  
• Microsoft open sources CodeQL queries used to hunt for Solorigate activity
• GitHub Advanced Security: Introducing security overview beta and general availability of secret scanning for private repositories
• Encryption scopes in Azure Storage now generally available
• Directory scoped shared access signatures (SAS) generally available
• IoT Hub Azure portal extension update
• Dynamic data masking granular permissions for Azure SQL and Azure Synapse Analytics
• Media Services introduces new security features
• Azure Event Grid now provides support for delivery headers and additional advanced filters among other updates
• Azure Private Link for Azure Cache for Redis in general availability
• ExpressRoute monitoring in Azure Monitor network insights
• Networking for Key Vault references on Windows in App Service and Azure Functions
• App Service Managed Certificates now supports apex domains
• Azure expands PCI DSS certification
• Andreas Wolter: SQL Security: Delegation of Authority
• Azure Active Directory only authentication for Azure SQL
• Exam SC-200: Microsoft Security Operations Analyst (beta)
• 4 ways Microsoft is delivering security for all in a Zero Trust world
• Overview of provisioning logs in the Azure portal (preview)
• Azure Active Directory sign-in activity reports - preview

This episode is a little different, Sarah and Michael discuss the security news and updates from the Microsoft Ignite conference. Lots of security updates covering SQL Server, CosmosDB, Azure Security Center, Azure Kubernetes Service, Windows Server 2022, VM updates, Azure Sphere, Azure Backup, TypeScript, Azure Sentinel and Azure Purview.

Links

• Episode 24 Recording  
• Confidential computing nodes (DCSv2) on Azure Kubernetes Service (AKS) is generally available
• General availability: Just-In-Time Access support in AKS
• General availability: Encrypted customer managed keys policy for AKS
• General availability: Conditional Access feature integration with AKS
• Azure Security Center: General availability updates for February 2021
• Azure Security Center: Public preview updates for February 2021
• Azure Monitoring Demo Logs
• Azure Monitor Alerts for Azure Backup is in public preview
• Microsoft Ignite 2021: What's New in Azure Sentinel
• Microsoft Learn for Security
• Azure Sphere version 21.02 is now available
• Automatic VM guest patching is now in public preview for Linux VMs
• Role-based access control (RBAC) with Azure Active Directory (AAD) on Azure Cosmos DB in public preview
• Azure SQL auditing of Microsoft operations is now in general availability
• Azure SQL auditing to Log Analytics and Event Hub are now generally available
• Zone Redundant Storage (ZRS) option for Azure managed disks in limited preview
• Public preview: Automatic key rotation of customer-managed keys for encrypting Azure managed disks
• Windows Server 2022 is now available in preview
• Advance notifications for Azure SQL Database now in public preview
• Azure Defender for Storage powered by Microsoft threat intelligence
• Public preview: Scan and classify Amazon AWS S3 data using Azure Purview

In this episode Michael, Sarah, Gladys and Mark talk with guest Anthony Roman  ( ) who is a Senior Program Manager in the Azure Networking Security team. We cover topics such as low-level Azure networking security building blocks (VNets, subnets, NSGs, user-defined routes, hub-and-spoke etc.), Azure Firewall, Azure Frontdoor and more.
Mark has a public service announcement regarding Exchange on-prem - PLEASE PATCH. We also discuss Azure Security news for the following Azure topics: Azure Sentinel, Data Encryption SDK, Tables and Queues, TypeScript, Service Principals, Authentication and DataBricks.

Anthony's bio Anthony manages a team of Program Managers responsible for Azure Network Security deployment and product improvement. As part of Microsoft Cloud + AI Security Engineering, the Customer Experience (CxE) team works between customers and product groups to help build comprehensive NetSec solutions that integrate across the Azure Security stack

Links

• Episode 23 Recording  
• Exchange security details (webcast)
• Exchange security details (PowerPoint)
• What's new: User and Entity Behavior Analytics (UEBA) insights in the entity page!
• What's the difference between Azure Security Center, Azure Defender and Azure Sentinel?
• Microsoft Data Encryption SDK (Preview)
• TypeScript for Jupyter Notebooks
• Create an account that supports customer-managed keys for tables and queues
• Demystifying Service Principals – Managed Identities
• Azure Databricks Achieves DoD Impact Level 5 (IL5) on Microsoft Azure Government
• Authentication fundamentals: The basics | Azure Active Directory
• Authentication fundamentals: Native client applications- Part 1 | Azure Active Directory
• Authentication fundamentals: Native client applications- Part 2 | Azure Active Directory
• Authentication fundamentals: Federation | Azure Active Directory
• Authentication fundamentals: Web applications | Azure Active Directory
• Authentication fundamentals: Web single sign-on | Azure Active Directory
• Hub and Spoke Model
• Azure Network Security Github repo
• Azure Network Security Blog
• Azure Firewall Premium now in preview
• Azure Front Door enhances secure cloud CDN with intelligent threat protection
• Azure Network security Architectures

In this episode Michael, Sarah, Gladys and Mark talk with guests Craig Nelson ( ) and Leron Gray ( ) about Redteam security on Microsoft Azure. If you're new to red teams, blue teams and purple teams and want to learn more about how we test Azure for security issues, then this is the episode for you!

We also discuss Azure Security news for the following services: Azure Bicep, Storage accounts, API Management, Azure Firewall and Azure Sentinel. Gladys also discusses machine learning and Azure Synapse, Mark mentions his concerns about human-operated ransomeware and Michael explains why he prefers TypeScript to JavaScript and we add a new phrase to your lexicon: Homomorphic Encryption. You're welcome!

Finally, there's a new exam in beta, SC-900 "Microsoft Security, Compliance, and Identity Fundamentals."

Links

• Episode 22 Recording  
• Resource instance rules for access to Azure Storage now in public preview
• John Savill - Azure Storage New Resource Instance Rules!
• Project Bicep – Next Generation ARM Templates
• Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals (beta)
• John Savill - SC-900 Microsoft Security, Compliance, and Identity Fundamentals Study Cram
• Support for Azure API Management certificates in Azure Key Vault has reached general availability
• Secure backend services using client certificate authentication in Azure API Management
• Announcing TypeScript 4.2 RC
• The Top 10 Things Wrong with JavaScript (ie; Some reasons why Michael does not like JavaScript)
• Azure Firewall Premium now in preview
• USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers
• What's new in Azure Sentinel
• Human operated ransomware
• Password Monitor: Safeguarding passwords in Microsoft Edge
• Josh Benaloh - Senior Cryptographer, Microsoft Research
• What is homomorphic encryption and how can it help in elections?
• Azure DDoS Protection—2020 year in review
• Prevent dangling DNS entries and avoid subdomain takeover
• Azure Defender for App Service introduces dangling DNS protection
• Azure Stormspotter
• Azure Convex

In this episode Michael, Sarah, Gladys and Mark talk with guest Ofer Shezaf  ( ) about Azure Sentinel. Ofer is a Principal Product Manage in the Azure Sentinel team and has years of experience building Security Information and Events Management (SIEM) systems. Ofer also discusses the history of Azure Sentinel and shares some of his insightful philosophies about SIEMs. Make sure you stick around for his fascinating Final Thoughts.
We also discuss Azure Security news for the following services: Azure Security Center, HDInight, Azure Attestation and IaaS SQL Server using Secure Enclaves. Gladys covers some of the material she learned this week about Privileged Access Workstations (PAWs), especially in light of Solorigate. PAWs are not just for tier-0 admins, but also for developers. Mark covers Azure Security Benchmarks, extending threat and vulnerability management to macOS and shares details about Cybersecurity Maturity Model Certification (CMMC) Workbook.

Links

• Episode 21 Recording  
• Microsoft Azure Attestation is now generally available
• Confidential computing using Always Encrypted with secure enclaves now in public preview
• Azure HDInsight extends capabilities for encryption of data in transit and at rest
• Azure Security Center—Public preview updates for January 2021
• Azure Security Benchmark is now the default policy initiative for Azure Security Center
• Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook
• Extending threat and vulnerability management to more devices
• Azure Sentinel documentation
• What's new in Azure Sentinel
• Azure Sentinel Blog
• Become an Azure Sentinel Ninja: The complete level 400 training

In this episode Michael, Sarah, Gladys and Mark talk with guest Alex DeDonker  ( ) about his team's role in helping secure the Microsoft Azure cloud platform.
We also discuss the latest Azure Security news for the following services: Azure Sphere, Azure Backup, Managed Disks, Azure Security Center, Azure Policy, Azure Defender for SQL, Azure Health Bot and Azure Automation.
Mark also discusses some updated Solorigate resources, human operated ransomware and more.

Alex's bio Alex DeDonker is a Program Manager within Cloud and AI Security. Alex drives security awareness and education initiatives within the engineering communities at Microsoft. Specifically, as a part of a program called STRIKE; focused on Azure Security. Prior to joining Azure Security’s STRIKE Team, Alex was a technical recruiter at Microsoft in University Recruiting. Beyond that, he helps organize Microsoft BlueHat and can be spotted as a volunteer at many security conferences.

Links

• Episode 20 Recording  
• Azure Security Center—News and updates for December 2020
• Azure Defender for SQL (in Azure Security Center)—News and updates for December 2020
• Built-in Azure Policy support for NSG Flow Logs is now available
• Monitoring your Azure Data Explorer Clusters with Azure Monitor (Insights) - public preview
• View changes at-scale with Application Change Analysis now in public preview
• Backup for Azure Managed Disk is in limited preview
• Azure Backup: Encryption at rest using customer-managed keys is now generally available
• Public IP SKU upgrade generally available
• Azure Sphere OS version 21.01 is now available for evaluation
• Azure Health Bot is now generally available
• Private Link support for Azure Automation is now generally available
• Human operated ransomware
• Solorigate Resource Center – updated January 15, 2021
• Using Zero Trust principles to protect against sophisticated attacks like Solorigate
• Microsoft Security Practices
• PowerShell cmdlets for managing SQL Vulnerability Assessments
• Security Community Webinars
• Microsoft Cybersecurity Basics: Securing Yourself
• Securing you: Basics and beyond
• Microsoft Bug Bounty Program
• Threat Modeling
• Simone Curzi's Threat Manager Studio
• MITRE ATT&CK

Michael Howard, Gladys Rodriguez and Mark Simos with guest Suren Jamiyanaa  ( ) who is a Program Manager (PM) in the Azure Firewall team.
In this episode we cover recent security news including the latest on the SolarWinds attack and updates for Security Center, Azure Stream Analytics, Google's Web Signin, Power BI and BGP improvements.

Links

• Episode 19 Recording  
• Solorigate Resources
• Continuously export Security Center data
• Security Community Webinars
• Additional support for managed identity in Azure Stream Analytics now in public preview
• Deprecation of webview sign-in support announcement from Google
• Microsoft introduces steps to improve internet routing security
• Power BI: New Admin APIs and Service Principal authentication to make for better tenant metadata scanning
• What is Azure Firewall
• Azure Firewall - Cloud-native network security to protect your Azure Virtual Network resources
• What is cloud-native Azure Network Security | Azure Network Security Part 1

In this episode we chat to Miriam Wiesner ( ) who is a Program Manager in the Microsoft 365 team, about security, compliance and management using Microsoft 365. If you're confused about Azure Defender, Microsoft Defender or Microsoft 365 Defender, then this is the podcast for you!
Miriam also discusses her pet subject: Event Lists.
We also discuss current Azure security news, including US Government Cloud data classifications, IoT Hub and private link updates, Latest Azure Security Center news, Azure Databricks, Azure Policy and Unified Connection Monitor. Also, Gladys introduces a new product Azure Purview and announces her new role in Azure Engineering.

When talking about Microsoft 365, it might be useful to keep the following diagram handy! The second is when Miriam and Gladys discuss killchains.

  
Miriam's bio Miriam Wiesner works as a Security Program Manager for Microsoft Defender ATP with a focus on Secure Infrastructure and Threat Protection. In her spare time, she enjoys writing articles for her private blog as well as developing tools to support the community and speaks on international conferences and events like Black Hat, hack.lu, BSides, and many more. She's a life-long learner, always excited about new technologies and empowering others.

Links

• Episode 18 Recording  
• Transparent Data Encryption with customer-managed keys for SQL Database Hyperscale
• Private link for Azure SQL Data Sync on Azure SQL Database now in public preview
• The broadest range of cloud innovation across US Government data classifications
• IoT Hub private link now works with the built-in Event Hub compatible endpoint
• Azure Security Center—News and updates for November 2020
• Azure Databricks Achieves FedRAMP High Authorization on Microsoft Azure Government
• Export and manage Azure Policy as code with GitHub
• Unified Connection Monitor in Network Watcher is now generally available
• Enhancing mission resiliency for government
• Trust Azure Government Secret—built exclusively for classified data
• Microsoft Information Protection and Microsoft Azure Purview: Better Together
• Azure Purview
• EventList
• Introducing Microsoft 365
• Azure Defender
• Microsoft Defender for Endpoint for Linux
• The Lockheed Martin Cyber Kill Chain
• Sigma alerting
• Become a Microsoft 365 Defender Ninja

In this episode Michael and Sarah talk to Gary Buckmaster ( ) a Senior Architect in the Microsoft Technology Center in Sydney, Australia, about Azure Datacenter security, compliance and reliability. If you'd like to get a better understanding of the security-related lifecycle of a humble hard-drive, then this is the episode for you! We also cover security news about Azure Attestation, Confidential Computing, Storage and Virtual Machines.  

Links

• Episode 17 Recording   and transcript (raw)  
• Prevent Shared Key authorization for an Azure Storage account (preview)
• Microsoft Azure Attestation (preview)
• Azure Firewall Policy using Terraform
• Guest health feature in Azure Monitor for virtual machines
• Inside Azure Datacenters with Mark Russinovich: Part 1 | Ignite 2020
• Inside Azure Datacenters with Mark Russinovich: Part 2 | Ignite 2020
• Azure Service Trust (for access to SOC 1 and SOC 2 audit reports. You need to login with your Azure account to get access to the reports)

Michael Howard, Sarah Young and Mark Simos with guest Nick Fadziewicz who is a Principal Consultant at Microsoft working in the Azure and AI team.
In this episode we cover security news about Azure Datalake Storage Gen 2 ACLs, HDInsight and Azure Batch now support Private Link in preview, TLS protocol version support on Storage accounts, Azure Security Center vulnerability assessments and improved Kubernetes support, Azure Firewall DNS updates and more.
Of note is a free e-book "Azure for Architects 3rd Ed" is now available.

Links

• Episode 16 Recording   and transcript (raw)  
• Azure HDInsight now supports Private Link in preview
• Azure Batch account private endpoints
• Policy to control the minimum TLS version used with Azure Storage now generally available
• Azure Data Lake Storage Gen2 recursive access control list (ACL) update is generally available
• Episode 352 of the Azure Podcast - Michael interviewed
• AzureCrazy - Sarah Young Interview
• Azure Security Center—News and updates for October 2020
• New enhanced DNS features in Azure Firewall—now generally available
• Microsoft 365 Defender connector now in Public Preview for Azure Sentinel
• Azure for Architects, Third Edition
• Azure Policy – A Love Story
• Azure Policy
• Azure Policy at Ignite
• Azure Policy Exemptions
• Visual Studio Code Policy extension

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Tom Quinn   ( ) who is a Principal Technical Specialist in Azure to about the Azure Top 10 Security Practices.
In this episode we cover exciting news about new preview features in IoT, Zero Trust, Azure Key Vault and Log Analytics, and Mark opines about VPN technology.

Tom's bio Tom Quinn currently works as an Azure Security and Compliance technology specialist for the Americas. He leads Azure security and compliance discussions and designs with MSFT’s major enterprise customers across various industries including G-SIFI banks and financial services institutions, healthcare, pharma, manufacturing, and government contractors.

Links

• Episode 15 Recording  
• Integrate Azure Key Vault with Azure Policy
• Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control
• Addressing cybersecurity risk in industrial IoT and OT
• Security Community Webinars
• Configure a Site-to-Site VPN connection over ExpressRoute private peering
• FQDN support for site-to-site VPN
• Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections
• Log Analytics Linux Agent for Fall 2020 now available
• Azure Monitor Log Analytics data export is in public preview
• Azure Sphere update 20.10 is now available for compatibility testing
• Azure Space – cloud-powered innovation on and off the planet
• Introducing the Microsoft Azure Modular Datacenter
• The Azure Security Top 10 goes to 11
• Azure security best practices
• Top 10 Best Practices for Azure Security

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Amrita Satapathy  ( ) who works in the Azure Security team.
In this episode we discuss Azure security news, including a new member to the Azure Key Vault family, immutable storage, PowerBI and private endpoints, Azure Security Center updates and Azure Top 10 Security practices. Finally, the team chats with Amrita about the Azure Security Benchmark project.

Amrita's bio Amrita is a Principal Program Manager in the Azure Security team with 15+ years of experience in successfully delivering ambitious, innovative services at cloud scale such as Azure Security, Azure Active Directory, Office 365, and Information Protection services. Amrita deeply enjoys diving into technical challenges and building solutions that improve the lives of customers and enterprises. Her latest such endeavor is Azure Security Benchmark which is helping Azure customers to accelerate their cloud adoption journey.

Links

• Episode 14 Recording  
• Azure Key Vault Managed HSM available in public preview
• Azure Data Lake Storage immutable storage is now in preview
• Private links for accessing Power BI
• Azure Security Center—News and updates for September 2020
• Top 10 Best Practices for Azure Security
• Best practices for defending Azure Virtual Machines
• Becoming resilient by understanding cybersecurity risks: Part 1
• Cybersecurity Awareness #BeCyberSmart
• Azure Security Benchmark documentation
• Azure Security Benchmark v2 is now available with expanded security control assessments
• NIST Special Publication 800-53
• CIS Controls

In this special episode we cover the Azure security, compliance and governance news that came out of Microsoft Ignite 2020.
Michael Howard and Mark Simos sit down with guest Cyril Voisin  ( ) who is the Chief Security Advisor for Europe, Middle East and Africa, based in Paris, France.
The topics covered include updated news on the Microsoft Defender suite, Key Vault, SQL Server, Kubernetes, Data Loss Prevention, Azure Security Center, Zero Trust, Microsoft Information Governance and much more.

Cyril's bio Cyril advises C-level executives and security leaders from leading public and private sector organizations in France, Italy, Middle East, and Africa, on strategic security, risk, and business change issues and opportunities with digital transformation.

Links

• Episode 13 Recording  
• Microsoft Ignite 2020 Security, Compliance, and Identity Announcements: Key Takeaways
• PowerPoint summary
• The official Microsoft Ignite 2020 book of news
• Official Microsoft Ignite 2020 site
• Azure Defender for SQL
• Provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control (preview)

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Aeva Black   ( ) who is an Open Source Program Manager in the Confidential Computing group at Microsoft.
In this episode we discuss current Azure security news for VMs, IoT, Azure Arc, Sentinel and more. Mark gives his analysis of the latest Microsoft Digital Defense Report and then Sarah and Michael talk to Aeva about the technology, benefits and future of Confidential Computing on Azure at various levels of the hardware and software stack. To be honest, Michael geeks out in this one... :)

If you're new to Confidential Computing on Azure, then you should listen to this episode because Aeva does a magnificent job laying out the why of Confidential Computing.

Aeva's bio Aeva Black is a radically queer geek and lifelong student of the dharma, a Linux user since the mid '90s, and has been an advocate for Open Source since 2003. They pioneered the creation of the OpenStack Bare Metal Cloud project while working at HPE, and have contributed to projects such as MySQL, Ansible, and Kubernetes. Today, they are the Open Source Program Manager for the Azure Confidential Compute team, Azure’s representative to the Confidential Computing Consortium’s Outreach Committee, and a member of the Kubernetes Code of Conduct Committee.

Links

• Episode 12 Recording  
• New Azure Dedicated Hosts capabilities
• Azure Backup support for up to 32 disks is now generally available
• Selective disks backup for Azure Virtual Machines
• IoT Security updates for September 2020
• Logic Apps updated with new hosting options, improved performance and developer workflows
• Azure Arc enabled servers are now generally available
• Azure Sentinel launches new analytics, threat intelligence, and data collection features
• Azure Security Benchmark documentation
• Microsoft Digital Defense Report
• Open Enclave SDK
• Confidential Computing Consortium
• Confidential Computing in Azure
• Microsoft Research on Confidential Computing
• Confidential Inferencing with ONNX Runtime
• Confidential Containers Nodes Now Supported on Azure Kubernetes Service (AKS) – Public Preview
• BSides San Francisco 2020
• Trusted computing base
• Panel: Security Is Not A Unicorn... Jay Beale, Marlow Weston, Trupti Shiralkar, Aeva Black & Sarah Young

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Yina Arenas   ( ) who is a Principal Group Program Manager in the Microsoft Graph Team.
In this episode we discuss recent Azure security news including TLS in IoT (again!), Log Analytics REST APIs, Azure Information Protection, Azure Monitor and Confidential Computing. We then talk to Yina about the vision behind Microsoft Graph and how it can be used to help build security and IT management solutions.

Links

• Episode 11 Recording  
• How to Protect Office 365 with Azure Sentinel
• Azure Time Series Insights now supports AAD groups
• IoT Hub TLS certificate update
• Azure IoT TLS: Changes are coming! (…and why you should care)
• Azure Synapse SQL on-demand now enforces TLS 1.2 on outbound connections
• Automatic VM guest patching is now in public preview
• Azure Monitor Logs – Log Analytics REST APIs general availability
• Azure API Management will retire 5 legacy metrics in Azure Monitor on 31 August 2023
• Azure Private Link Service is now generally available in China
• Azure Virtual Machines DCsv2-series are now available in Southeast Asia
• Microsoft Ignite
• graph.microsoft.com
• Graph Explorer
• “30 Days of Microsoft Graph”

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Tali Ash   ( ) who works in the Microsoft Threat Protection team in Israel.
In this episode we cover current Azure security news. Sarah talks about the recent New Zealand DDoS attacks. Michael talks about vulnerabilities in wolfSSL impacting Azure Sphere. Mark explains what he's been up to around Zero Trust and Gladys explains some Azure Bastion changes and Azure Sentinel Ninjas. We then talk to Tali about threat hunting with Microsoft Threat Protection.
On a sidenote, this podcast was recorded in two chunks owing to timezone issues and Michael used the wrong microphone during the intro and news. He thought he was using his flashy mic, but he accidently used a webcam mic instead! He will be more attentive from now on!

Links

• Episode 10 Recording   and transcript (raw)  
• New Zealand’s stock exchange halts trading for third day in a row
• Ingestion data isolation in Log Analytics
• Azure Sphere OS version 20.08 is now available
• Monitoring Key Vault with Azure Event Grid (preview)
• Azure Data Lake Storage Gen2 access control list recursive update in public preview
• Azure Policy Compliance Scan Action for GitHub Workflows is in public preview
• Zero Trust Architecture Core Principles
• Upcoming billing changes to Azure Bastion
• Become an Azure Sentinel Ninja: The complete level 400 training
• Azure Sentinel Ninja Training: The July 2020 update
• Microsoft Security Community
• Microsoft Security Community Webinars
• Advanced Hunting series - Episode 1: Tracking the Adversary Episode 1: KQL Fundamentals
• Advanced Hunting series - Episode 2: Tracking the Adversary Episode 2: Joins
• Advanced Hunting series - Episode 3: Summarizing, Pivoting, and Visualizing Data
• Advanced Hunting series - Episode 4: Let’s hunt! Applying KQL to incident tracking
• Free KQL Course on Pluralsight
• Microsoft 365 security center

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Maryam Rahmani   ( ) who works with the Microsoft Security Partner Development Team, helping partners secure public sector customers. 
In this episode we cover the latest Azure security news and Mark chats about the role of threat models and shared responsibility in Azure. Maryam then discusses the Cybersecurity Maturity Model Certification (CMMC) and the role it plays in protecting Dept. of Defense (DoD) contractors from cyber attacks.

Links

• Episode 9 Recording   and transcript (raw)  
• Mark's Top Cloud Security Challenges
• Securing privileged access
• Revocation of non-compliant Certificate Authorities potentially impacting customer’s Azure service(s)
• Azure Database for MySQL data encryption with a customer-managed key
• Line numbers in Log Analytics query editor (How did we ever live without this?)
• Log Analytics new System Center configuration blade
• Build resilient applications with Kubernetes on Azure
• Microsoft Intelligent Security Association expands to include managed security service providers
• Built-in vulnerability assessment for VMs in Azure Security Center
• How to organize your security team: The evolution of cybersecurity roles and responsibilities
• What is CMMC?
• Accelerating Cybersecurity Maturity Model Certification (CMMC) compliance on Azure
• Accelerating CMMC compliance for Microsoft cloud (in depth review)
• CMMC with Microsoft Azure: Access Control (1 of 10)
• Azure Government Blog
• SP 800-171B - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Randy Campbell  () a Principal Consultant at Microsoft with a long history working in networking on Azure.
In this episode we cover the latest Azure security news. Gladys discusses some IT training available from Microsoft to help people looking for IT positions in the wake of COVID-19 job-related issues. Michael then talks to Randy about the history of network isolation in Azure, as well as some DNS gotchas when using private endpoints.

If your job has been affected by COVID-19, or you know someone who has been affected, please go to the Microsoft JobSeeker link below.

Links

• Episode 8 recording   and transcript (draft)  
• Double Key Encryption for Microsoft 365
• Azure Active Directory Registration Service is ending support for TLS 1.0 and 1.1
• OpenID Connect support for Azure App Service and Azure Functions (in preview)
• Secure Azure Kubernetes Service (AKS) pods with Azure Policy
• AKS-managed Azure Active Directory support is now generally available
• Azure Monitor for Containers now supports recommended alerts
• Azure Security Center—News and updates for July 2020
• Jobseeker: Microsoft's "Learn Skill for In-Demand Jobs"
• Hub and spoke network topology
• What is Private Endpoint?
• Virtual Network service endpoints
• Virtual network service endpoint policies for Azure Storage
• IMPORTANT: Azure Private Endpoint DNS configuration

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Ryen Macababbad  () a Senior Security Architect Manager at Microsoft.
In this episode we cover the latest Azure security news, Gladys discusses some security research findings about weak security caused by companies rushing to deploy solutions for their remote workers and finally, Sarah interviews Ryen about topics relating to identity, multi-factor authentication, the human element of security, why running many security agents on a computer is bad, password-less authentication and much more.

Links

• Episode #7 Recording  
• BLOOPER: Not Michael's proudest moment!
• Azure Kubernetes Service (AKS) now supports confidential workloads through DCSv2 SKUs (private preview)
• Data breach reports down by one‑third in first half of 2020
• One Million Online Student Records Exposed by E-Learning Sites
• Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms
• The psychology of social engineering—the “soft” side of cybercrime
• Security & Compliance Certifications on Azure Database for PostgreSQL
• Microsoft Graph Service: Deprecating TLS 1.0 and 1.1 and preparing for TLS 1.2 in US Gov Cloud
• Azure Government Secret extends partner opportunity with marketplace program for ISVs
• More Private Link support Azure Automation, Azure Site Recovery, Azure SignalR Service
• Booting Windows 10 in about 12secs because of streamlined end-point protection
• How it works: Azure Multi-Factor Authentication

Michael Howard, Sarah Young and Gladys Rodriguez with guest Jay Yuzwenko () who focuses on cybersecurity in the Asia-Pacific region for Microsoft.
In this episode we cover the latest Azure security news and then Sarah dives right in and discusses incident response and compromise recovery with respect to Azure, hybrid and on-prem scenarios.

Links

• Episode #6 Recording  
• BLOOPER: Sarah has a new microphone with a mute button!
• Azure Cosmos DB transport layer security (TLS) 1.2 enforcement starts on July 29, 2020
• Migrate your Azure WebApp to a new MySQL Database to use built-in threat detection
• Azure Data Lake Storage immutable storage is now in preview
• Azure Monitor for Key Vault is now in preview
• Azure Firewall Manager is now generally available
• New Azure Firewall features in Q2 CY2020
• Announcing Microsoft Defender ATP for Android
• Microsoft Defender ATP for Linux is now generally available
• Security Community Webinars
• Securing privileged access
• Securing privileged access for hybrid and cloud deployments in Azure AD
• Active Directory administrative tier model
• How to mitigate rapid cyberattacks such as Petya and WannaCrypt

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest David Sanchez  ()
In this episode we speak to David Sanchez, an Azure Global Black Belt, about recent security issues raised by customers. Topics includes DDoS, scaling, network isolation, bots and crypto-miners.

Links

• Episode #5 Recording  
• Misconfigured Kubeflow workloads are a security risk
• Azure Sentinel Hackathon (Now Closed)
• Web Application Firewall for Azure Front Door service logging enhancements
• Data encryption for Azure Database for PostgreSQL—single server
• Azure Monitor customer-managed key
• Microsoft acquires CyberX to accelerate and secure customers’ IoT deployments
• Public Preview for Azure Monitor for VMs on Arc Enabled Servers
• Private AKS clusters are now generally available in Azure Government
• Azure Monitor for Containers support for Azure Arc is in preview
• Azure Monitor for containers now supports log collection on AKS Windows node pools (in preview)
• Palo Alto Networks and WDATP ad-hoc integration
• Palo Alto Networks Integration with Azure Security Center
• Microsoft Information Protection showcases integrated partner solutions at Microsoft Ignite

Michael Howard, Sarah Young and Mark Simos with guests Thomas Weiss  ( ) and Tony Voellm ( )  from the CosmosDB Security team.
In this episode we speak to Thomas and Tony about CosmosDB security; we cover the basics of CosmosDB, encryption of data at rest, authentication, authorization, network isolation and monitoring. We also cover some near-term updates for client-side encryption and data-plane RBAC.

Links

• Episode #4 Recording  
• The Jacques Cousteau story
• Use system-assigned managed identities to access Azure Cosmos DB data
• Restrict user access to data operations only
• Configure customer-managed keys for your Azure Cosmos account with Azure Key Vault
• Configure Azure Private Link for an Azure Cosmos account
• Data modelling and partitioning in Azure Cosmos DB: What every relational database user needs to know
• IoT Hub Private Link
• Azure Custom Roles
• TLS 1.2 Minimum in Azure SQL DB, Azure Database for MariaDB, Azure Database for MySQL, Azure Database for PostgreSQL
• Azure Database for MySQL support for encryption at rest using customer-managed keys now in preview
• Key Vault bring your own key (BYOK)
• Azure HDInsight enterprise security enhancements
• Azure Log Analytics agent for Windows SHA-2 signing date has been extended
• Azure Monitor for VMs is now in preview in US Gov Virginia
• Azure Private Link for Azure Monitor is now available
• The Curious Case of the “Un-Enforced” Azure Key Vault RBAC Policy

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Yuri Diogenese.  ( )
In this episode Michael and Sarah chat about their experiences clearing the AZ-500 Azure Security Exam. Gladys talks more about Zero Trust, and Mark discusses his work on the Cloud Adoption Framework. Finally, Michael interviews Yuri Diogenes about some new Azure Security Center features announced at Microsoft Build.

Links

• Episode #3 Recording  
• C# Code for intro and outro voice using Azure Cognitive Services
• The Security Sentinel and Security Center meme Yuri and Sarah talked about at the 16min 45sec mark!
• ASC Alert Suppression
• ASC Secure Score
• Threat Protection in ASC
• Azure Security Center book
• Azure Security Center Training
• Exam AZ-500: Microsoft Azure Security Technologies
• Thoughts on Passing AZ-500
• Cloud Adoption Framework (CAF) - Getting Started
• CAF - Security Strategy
• CAF - Roles and Responsibilities
• Cross incident workspace views now in Preview in Sentinel
• Announcing Azure Front Door Rules Engine in preview

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Michael Withrow.
In this episode Sarah chats to Michael Withrow about in-depth container security on Azure.

Links

• Episode #2 Recording  
• Implementing a Zero Trust security model at Microsoft
• Zero Trust strategy—what good looks like
• Traditional perimeter-based network defense is obsolete—transform to a Zero Trust model
• Zero Trust: A new era of security
• Implementing Zero Trust with Microsoft Azure: Identity and Access Management (1/6)
• Protecting Cloud Workloads for Zero Trust with Azure Security Center (2/6)
• Monitoring Cloud Security for Zero Trust with Azure Sentinel (3/6)
• Enforcing Policy for Zero Trust with Azure Policy (4/6)
• Insider Threat Monitoring for Zero Trust with Microsoft Azure (5/6)
• Supply Chain Risk Management for Zero Trust with Microsoft Azure (6/6)
• Accelerating Cybersecurity Maturity Model Certification (CMMC) compliance on Azure
• Announcing the general availability of Windows Server containers and private clusters for Azure Kubernetes Service
• Cloud security functions
• Define a security strategy
• Get started: Implement security across the enterprise environment
• Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2
• Youth Code Jam

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos.
In this episode, we introduce the hosts and discuss Azure Security Center's ability to scan containers for malware as well as new Confidential Computing VMs that support Intel's SGX enclave technology.

Links

• Episode #1 Recording  
• Container Security in Azure Security Center
• Enable remote work faster with new Windows Virtual Desktop
• Azure Sentinel
• Protecting your Teams with Azure Sentinel
• Monitoring Zoom with Azure Sentinel
• Become an Azure Sentinel Ninja: The complete level 400 training
• DCsv2-series VM now generally available from Azure confidential computing
• Open Enclave SDK
• What's inside Microsoft security architecture recommendations?
• Microsoft Security documentation