Tag Archives: Security

Kubernetes network policies on Azure Kubernetes Service with Azure NPM

Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM. -> https://github.com/Azure/azure-container-networking/tree/master/npm The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes Service, Read more [...]

Azure Kubernetes Service and Azure Active Directory integration

Last week Microsoft announced the GA of Azure Kubernetes Service. Since then we can integrate Azure Active Directory with Azure Kubernetes Service. When enabling Azure Active Directory integration, AKS requires that RBAC is also enabled. A detailed configuration guide can be found in the Azure documentation. -> https://docs.microsoft.com/en-us/azure/aks/aad-integration Before you can make Read more [...]

Using ACS Engine to build private Kubernetes clusters with bring your own Virtual Network on Azure

Looking at Azure Container Service (AKS) – Managed Kubernetes you may have recognized that AKS currently does not support bring your own VNET and private Kubernetes masters. If you need both capabilities and one of them today, you must use ACS Engine to create the necessary Azure Resource Manager templates for the Kubernetes cluster deployment. -> https://github.com/Azure/acs-engine Beside Read more [...]

Deploying Application Security Groups with an Azure Resource Manager template

This month Microsoft launched the public preview of the Application Security Groups, short ASG, in all Azure regions. -> https://azure.microsoft.com/en-us/updates/public-preview-for-asg/ ASGs are like a security group and makes it easier to define an Azure Network Security Group rule set. You can join Azure VMs or to be more specific the Azure VM’s NIC to an ASG. In the next step you would Read more [...]

Link summary for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V and Azure

From a security perspective the new year has started with a big bang. If you have lost the traction where you get the necessary information for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V, and Azure, then have a look at the following link summary. Windows Server in general: Windows Server guidance to protect against speculative execution side-channel Read more [...]

Deploy the update management solution through an Azure Resource Manager template

In my last blog article, I talked about the update management solution in Azure and what the capabilities are. -> https://www.danielstechblog.io/keeping-azure-vms-date-update-management-solution/ Today we will have a look on how to deploy the update management solution through an Azure Resource Manager template. All what we need is to define the following Azure services in the template. Read more [...]

Keeping your Azure VMs up-to-date with the update management solution

Based on the Azure services Log Analytics and Azure Automation you can use three new capabilities in the Azure portal for your Azure VMs: inventory, change tracking, and update management. -> https://azure.microsoft.com/en-us/updates/update-management-inventory-and-change-tracking-are-available-in-azure-automation/ In this blog article I will talk about the update management solution. If you Read more [...]

Deploy NSG augmented security rules with Azure Resource Manager templates

In my previous blog post “Working with NSG augmented security rules in Azure” I described what the NSG augmented security rules are and how you can leverage them with PowerShell. -> https://www.danielstechblog.io/working-nsg-augmented-security-rules-azure/ In this blog post I will briefly describe how to implement the augmented security rules in your Azure Resource Manager template. First, Read more [...]

Working with NSG augmented security rules in Azure

At Microsoft Ignite this year Microsoft has announced several networking improvements and features in Azure. Most of them are currently in public preview and can be tested like the augmented security rules for NSGs in Azure. -> https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/ What are augmented security rules? In short, they extend the rule set, so you can specify Read more [...]

Enabling Azure Disk Encryption on Windows Server 2016 Server Core in Azure

Beside the Windows Server 2016 Datacenter image, Microsoft also provides an image with Windows Server 2016 Datacenter - Server Core in Azure. If you are using the Server Core image and want to enable Azure Disk Encryption for the VM, you will see the following error message. New-AzureRmResourceGroupDeployment : 14:27:53 - Resource Microsoft.Compute/virtualMachines/extensions 'azst-crp4/BitLocker' Read more [...]