Azure Active Directory
Synchronize on-premises directories and enable single sign-on.
Web Resources
Who Deleted a Blob?It is sometimes useful to know who created/modified/deleted a storage blob. For that information to be recorded in a log the authentication must be done with Azure AD to populate the user information correctly.
There are two sets of logs that can help, Azure Monitor logs and classic Analytics logs1. Azure monitor storage columns - https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/storagebloblogs
Columns of interest
CallerIpAddress - The IP address of the requester, including the port number
OperationName - The type of REST operation that was...
Agenda
This article will provide a demonstration on how to utilize either SAS token authentication or managed identity from API Management to make requests to Azure Storage. Furthermore, it will explore and compare the differences between these two options.
Comparision
The choice between Managed Identity and SAS Token depends on factors such as the level of control required, the duration of access, and the specific security requirements of your application. Both options offer different levels of access control and security features for accessing Azure Storage.
Azure Managed Identity...
Background Information
While the our work environments became more and more complex, the need of automation is a fact. Therefore ,I made a demo on how you can automate various administrative tasks performed on a Service Fabric Cluster using the sfctl module and trigger them via Azure Function. On Function, we deploy a Docker Container that has all the necessary tools and permissions to access SF Cluster. The Azure Service Fabric command-line interface (CLI) is a command-line utility for interacting with and managing Service Fabric entities, like cluster, applications and services....
This article describes how to perform a REST API request in Azure using RBAC authentication with Postman. I will use as example the Get Blob (REST API) request.
Please see below how to perform a REST API request in Azure using RBAC authentication:
Open the Azure Portal and go to Azure Active Directory.
On left side, please create a new App registration by clicking on App registration (left side bar) and then New registration. Fill in the Name and all the information required.
Inside the new app:
Click on Overview and and collect the Application (client) ID value, and the Directory...
Disclaimer: Please test this solution before implementing it for your critical data.
Scenario:
This article explains step by step procedures to accomplish the requirements in Azure Storage using built in RBAC roles:
Read/Download and write/upload operation for containers and blobs should be allowed for the users.
Delete operations should be restricted.
Pre-Requisites:
Azure Storage GPV2 / ADLS Gen 2 Storage account
Make sure to have enough permissions(Microsoft.Authorization/roleAssignments/write permissions) to assign roles to users , such as Owner or User Access...
When using Azure Cognitive Search to index data from an Azure SQL database, it's important to understand the different authentication methods that can be used to connect to the database. In this blog post, we'll explain the different authentication methods that the Search service can use to access an Azure SQL database.
Authentication Methods in SQL DB
There are several authentication methods that can be used to connect to an Azure SQL database, including:
SQL Authentication
SQL authentication is a method of authentication that uses a username and password to connect to an Azure SQL...
Background Information
To prevent unauthorized access to a Service Fabric cluster, you must secure the cluster. Security is especially important when the cluster runs production workloads. This article describes how to configure node-to-node and client-to-node security by using Windows security, where gMSA is the preferred security model.
A standalone Managed Service Account (sMSA) is a managed domain account that provides automatic password management, simplified service principal name (SPN) management and the ability to delegate the management to other administrators.
The group...
Service Fabric Explorer (SFX) is an open-source tool for inspecting and managing Azure Service Fabric clusters. Service Fabric Explorer is a desktop application for Windows, macOS and Linux. To launch SFX in a web browser, browse to the cluster's HTTP management endpoint from any browser - for example https://clusterFQDN:19080. Service Fabric explorer may not load for numerous reasons. Most frequent reasons could be access denied while trying to access or unable to choose the right certificate. Following steps provide some useful insights on investigation steps and mitigations to be...
Azure cloud service extended support(CSES) is a new Azure Resource Manager based deployment model for Azure Cloud Services product. Cloud Services (extended support) has the primary benefit of providing regional resiliency along with feature parity with Azure Cloud Services deployed using Azure Service Manager. It also offers some ARM capabilities such as role-based access and control (RBAC), tags, policy, and supports deployment templates.
For the classic cloud service, we have Azure DevOps built-in pipeline task Azure Cloud Service Deployment task - Azure Pipelines | Microsoft...
Since, well, the beginning of Azure API Management, you've been able to validate that the Json Web Token (JWT) coming into your Azure API Management service is valid before passing it onto the backend service. The validate-jwt policy is one of the most used policies within Azure API Management, will happily ensure your client applications are using the right client IDs, and have the right audiences and claims. Meanwhile, Azure Active Directory (AAD) is a mainstay of enterprise APIs, providing authentication and authorization controls for a wide variety of APIs from M365 APIs to...