Category Archives : Identity & Access Management

31

Jul

Azure management groups now in general availability

I am very excited to announce today general availability of Azure management groups to all our customers. Management groups allow you to organize your subscriptions and apply governance controls, such as Azure Policy and Role-Based Access Controls (RBAC), to the management groups. All subscriptions within a management group automatically inherit the controls applied to the management group. No matter if you have an Enterprise Agreement, Certified Solution Partner, Pay-As-You-Go, or any other type of subscription, this service gives all Azure customers enterprise-grade management at a large scale for no additional cost.

With the GA launch of this service, we introduce new functionality to Azure that allows customers to group subscriptions together so that you can apply a policy or RBAC role to multiple subscriptions, and their resources, with one assignment. Management groups not only allow you to group subscriptions but also allows you to group other management groups to form a hierarchy. The following diagram shows an example of creating a hierarchy for governance using management groups.

By creating a hierarchy like this you can apply a policy, for example, VM locations limited to US West Region on the group “Infrastructure Team management group” to enable internal compliance and

17

Apr

Announcing new Azure Security Center capabilities at RSA 2018

Migrating your workloads to the cloud can enable some inherent security benefits. With cloud scale machine learning and security analytics, you can mitigate threats quickly, making your environment more secure and your organization more productive.

Azure Security Center provides centralized visibility of the security state of your resources and uses the collective intelligence from machine learning and advanced analytics to not only detect threats quickly but to help you prevent them. It’s agent-based approach helps gain deeper security insights from the workloads and extends these protections to workloads running on-premises as well as other clouds, providing a unified security management for you.

Today we are excited to announce several capabilities in Azure Security Center that will provide enhanced protection to help you keep pace with the evolving cybersecurity landscape:

Visibility and governance at the organizational level

Take advantage of a new overview dashboard to gain visibility into your security state from an organizational level instead of a subscription level. To help organizations identify and address the challenges of managing an organization-wide security posture, you can now set security policies for management groups in your organization. You can also monitor it with an organization-wide compliance score as well as a breakdown

06

Mar

Visibility into network activity with Traffic Analytics – now in public preview

Today, we are announcing the public preview of Traffic Analytics, a cloud-based solution that provides visibility into user and application traffic on your cloud networks.

Traffic Analytics analyzes NSG Flow Logs across Azure regions and equips you with actionable information to optimize workload performance, secure applications and data, audit your organization’s network activity and stay compliant.

With Traffic Analytics, you now can:

Gain visibility into network activity across your cloud networks. Solution provides insights on: traffic flows across your networks between Azure and Internet, in Azure,  public cloud regions, VNETs and subnets. inter-relationships between critical business services and applications. applications and protocols on your network, without the need for sniffers or dedicated flow collector appliances. Secure your network; Identify threats on your network, such as: flows between your VMs and rogue networks. network ports open to the Internet. applications attempting Internet access. anomalous network traffic behavior (e.g. back-end servers attempting connectivity, to servers outside your network etc.) Improve performance of your applications by: capacity planning – eliminate issues of over-provisioning or under utilization by monitoring utilization trends of VPN gateways and other services. analyzing in-bound and out-bound flows. understanding application access patterns (e.g. Where are

20

Feb

Spring Security Azure AD: Wire up enterprise grade authentication and authorization

We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.

With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.

Getting Started

Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user’s information using AAD Graph API.

Authorization Flow Chart

The authorization flow is composed of 3 phrases:

Login with credentials and get validated through Azure AD. Retrieve token and membership information from Azure AD Graph API. Evaluate the membership for role-based authorization.

Register a new application in Azure AD

To get started, first register a new