Month: October 2022

Microsoft Ignite 2022 – START HERE

https://news.microsoft.com/ignite-2022-book-of-news/

https://ignite.microsoft.com/en-US/home

The list of Ignite presentation topics is HUGE!!!

Fortunately, Microsoft provides MVPs with an quick reference sheet so we can share our top picks with you.

So here are my top picks for security topics from Microsoft Ignite (and a few other non-security topics):

Rob Lefferts, CVP of PM, Modern Protection and SOC

https://ignite.microsoft.com/en-US/speakers/66804f79-fa68-4762-8f82-45798387e70e?source=/speakers

Shawn Bice, CVP, Cloud Security

https://ignite.microsoft.com/en-US/speakers/0e6b8553-7111-4422-94e0-04a8dddbd678?source=/speakers

What’s new in SIEM and XDR: Attack disruption and SOC empowerment

https://ignite.microsoft.com/en-US/sessions/e1f4b983-55d3-4048-8e90-9c22c4362e6b

Zero Trust as Business Driver: 3 Discrete Scenarios

https://ignite.microsoft.com/en-US/sessions/9974d5a2-b241-4ede-ab2d-c2cd1b7a83be

From Code to Cloud: A new Approach to Integrating Multicloud Security

https://ignite.microsoft.com/en-US/sessions/28f61a40-f1e6-43d8-9fd0-e3c8c6267bac

Secure access and improve efficiency with Microsoft Entra

https://ignite.microsoft.com/en-US/sessions/538bf946-a7bf-46dc-809f-9fbda241f918

Protect Everything, Everywhere With Comprehensive Security

https://ignite.microsoft.com/en-US/sessions/17bbd01d-4e26-4e2e-9eec-3a060b477eda?source=sessions

Azure Arc

https://ignite.microsoft.com/en-US/sessions/50f1092f-6209-4349-b02e-9ad2872ad136?source=sessions

https://azure.microsoft.com/en-us/products/azure-arc/hybrid-data-services/#overview

https://techcommunity.microsoft.com/t5/azure-stack-blog/what-s-new-for-azure-arc-and-azure-stack-hci-at-microsoft-ignite/ba-p/3650949

Azure Monitor

https://techcommunity.microsoft.com/t5/azure-observability-blog/bg-p/AzureObservabilityBlog

Azure – Postman integrations

https://techcommunity.microsoft.com/t5/apps-on-azure-blog/enhanced-api-developer-experience-with-the-microsoft-postman/ba-p/3650304

Supply Chain Management Certification

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/announcing-a-new-dynamics-365-supply-chain-management-functional/ba-p/3250813

Microsoft Cloud for Sustainability

https://cloudblogs.microsoft.com/industry-blog/sustainability/2022/10/12/driving-innovation-for-esg-progress-with-microsoft-cloud-for-sustainability/

Power Automate

https://powerautomate.microsoft.com/en-us/blog/new-ways-to-innovate-with-ai-and-microsoft-power-automate/

Top 5 Cybersecurity Capabilities

5 cybersecurity capabilities announced at Microsoft Ignite 2022

Microsoft Entra

https://ignite.microsoft.com/en-US/sessions/538bf946-a7bf-46dc-809f-9fbda241f918?source=sessions

https://www.microsoft.com/en-us/security/business/microsoft-entra

Microsoft Sentinel

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-what-s-new-at-microsoft-ignite/ba-p/3649968

Microsoft Purview

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-purview-information-protection-showcase-of-new/ba-p/3647934

Making Security Fun with Microsoft Cloud Games

This is a really fun way to learns some practical skills with Microsoft Cloud security tools.

I would recommend this for anyone who has a Microsoft E5 license or anyone using Microsoft cloud based products who is ready to get serious about securing their cloud and on-prem environment with Microsoft security tools.

https://www.youtube.com/watch?v=m-5qUPhhRV0

This is not for beginners.

It’s expected you have at least a basic understanding of what these security tools are shown in this screenshot from the game:

Expect to spend at least a couple of hours playing the game.

Have fun!

Performing a Security Audit on Logic Apps

As DevOps move toward no-code apps in the cloud, there becomes a need for security reviews and controls to prevent risky

This is nothing new, but the need for better security reviews is becoming clear as more people try to rush to get their apps done in the easiest way possible.

Here’s a simple approach to identifying security risks in your logic apps:

  1. Create an architecture diagram of your logic app. This can be a simplified version that just shows the high level logic.
  2. Break down the logic app by it’s components:
  • The individual logic app components – you likely won’t find too many security problems here.
  • all the parameters – don’t hardcode passwords into parameters!
  • connectors – Often the culprit of weak security in logic apps. Really understand what these connectors are communicating with. Don’t allow public access. Limit the roles/permissions.
  • app registrations – another culprit of weak security. If app registrations are needed for your logic apps, be sure permissions are set to their most restrictive settings. avoid read.all readwrite.all settings.
  • managed identities – if possible, use managed identities instead of user accounts for your connectors. Many logic apps don’t yet support managed identities, so those apps will require additional monitor and possibly frequent password/secret changes.

3. Use Resource Locks to prevent changes. If someone tries to turn off resource logs be sure it’s logged and alerted on.

4. Restrict user/admin access to your logic apps. Some apps can have really powerful permissions/access, so you don’t want users to ever have the ability to change logic apps unless they’ve been given specific short-term permissions to do so.

5. LOG EVERYTHING – wherever possible, enable logging within logic apps and connectors. Store logs in a Log Analytics Workspace. Use Azure Monitor alerts ore Microsoft Sentinel to monitor/report/alert on all activities.

6. Perform ‘attack simulations‘. Run your logic apps through test conditions which will trigger your alerts. Validate your alerts work as expected.

7. Build a ‘logic app security audit’ spreadsheet. Use this as a template for repeated audits for future logic app security testing. Use the above ideas as the initial framework for your spreadsheet.