Skip to main content
Jorge Bernhardt Jorge Bernhardt

Security

2024

Bicep - Deploy Azure Firewall into Virtual Network
·1213 words·6 mins· 100 views · 5 likes
Bicep Microsoft Azure IaC Azure Firewall
Hey there! In another post, we discussed how you can use Terraform to deploy Azure Firewall and how it can make your cloud deployments more efficient and secure. Today, let’s explore how you can achieve similar results using Bicep, Azure’s language for resource declaration.

2023

Bicep - Deploying Log Analytics Workspaces
·853 words·5 mins· 100 views · 5 likes
Bicep Microsoft Azure IaC Azure CLI
Hello! This week, I wanted to share a new post about biceps - As you know, Infrastructure as Code (IaC) has become a critical aspect of any successful and scalable deployment.
Bicep - Azure Key Vault Deployments in Multiple Environments
·1035 words·5 mins· 100 views · 5 likes
Azure Key Vault Azure CLI Microsoft Microsoft Azure
Hi folks, I sincerely hope you are all doing great. You are probably aware of the importance of Azure Key Vault in securely and centrally managing secrets, encryption keys, and certificates.
Terraform - Deploying and Managing Azure Log Analytics Workspace
·1336 words·7 mins· 100 views · 5 likes
IaC Azure CLI Microsoft Microsoft Azure
Hi! As cloud architectures become more complex, Infrastructure as Code (IaC) has become increasingly important. By using tools like Terraform, IaC allows you to manage intricate infrastructures in a text-based, repeatable, and automated manner.
Bicep - Deploying keys with rotation policies in Azure Key Vault
·860 words·5 mins· 100 views · 5 likes
Azure Key Vault Azure CLI Microsoft Microsoft Azure
Hi! This week, we’re talking about security, specifically how to use automatic key rotation in Azure Key Vault. In case you didn’t know, Azure Key Vault’s automated key rotation improves security by creating new key versions at set intervals and sending expiration alerts via Event Grid.
Bicep - Enabling Malware Scanning & Sensitive Data Discovery in Storage Accounts
·888 words·5 mins· 100 views · 5 likes
Microsoft Defender Azure CLI Microsoft Microsoft Azure
Microsoft’s Defender for Storage has recently unveiled a significant security update, with two standout features being near-real-time malware scanning and sensitive data discovery. In this article, I will guide you on how to enable these features across all your Azure storage accounts using Bicep.
Terraform - Deploy Azure Firewall into Virtual Network
·1425 words·7 mins· 100 views · 5 likes
Terraform Microsoft Azure IaC Azure Firewall
Hello everyone! Azure offers a variety of security solutions, and Azure Firewall is a particularly effective tool. It is a fully managed cloud-native network firewall that provides top-notch protection for our virtual network resources.
Bicep - Deploying Microsoft Sentinel with Azure AD Connector
·997 words·5 mins· 100 views · 5 likes
Microsoft Sentinel Azure CLI Microsoft Microsoft Azure
Hi there! As you know, Microsoft Sentinel is an advanced SIEM tool that provides a comprehensive view of your organization’s security landscape. One of its superpowers comes from its integration with Azure AD connector.
Terraform - Deploy Azure Bastion into Virtual Network
·1532 words·8 mins· 100 views · 5 likes
Terraform Microsoft Azure IaC Azure Bastion
Hi there! In a previous article, we discussed the deployment of an Azure Bastion host in an existing Virtual Network (VNet) using Azure CLI and PowerShell. While those methods are effective, there’s an opportunity to simplify the entire process.
Terraform - Deploying Azure Hub-Spoke Networking
·1516 words·8 mins· 100 views · 5 likes
Microsoft Azure Networking Terraform Virtual network
In this blog post, I want to show you how to implement a hub-spoke network architecture on Azure using Terraform, one of my favorite infrastructure as code (IaC) tools. The hub-spoke model is a widely adopted networking strategy that allows you to simplify management, increase scalability, and improve the security of your Azure resources.

2022

Logging into an Azure Linux VM using an Azure AD account
·876 words·5 mins· 100 views · 5 likes
Azure CLI Azure Cloud Shell Azure PowerShell Connect-AzAccount
Today I want to show you how you can improve the security of your Linux virtual machines in Azure by integrating with Azure Active Directory (Azure AD) authentication. In this post, I’ll show you how to set up a Linux virtual machine and log in with Azure AD using openSSH certificate-based authentication.
How to route Subscription Activity logs to Azure Log Analytics workspace
·674 words·4 mins· 100 views · 5 likes
Azure CLI Azure PowerShell Connect-AzAccount Get-AzDiagnosticSetting
Sending resource logs to a Log Analytics workspace allows us to consolidate log entries from multiple resources and query the logs for complex analysis. In this post, I want to show you how to manage diagnostic settings for your subscription and send the Activity logs data to your Log Analytics workspace.

2021

How to convert an Azure AD B2B user from guest to member
·453 words·3 mins· 100 views · 5 likes
Azure AD Connect-MsolService Get-MsolUser Import-Module
By default, when an Azure AD B2B collaboration user is added to a tenant, the UserType property of the user is set to “Guest.” However, it may be the case that the host organization wants to treat the invited user as a member rather than a guest.
How to use a VM system-assigned managed identity to access Azure Key Vault
·1070 words·6 mins· 100 views · 5 likes
Azure CLI Azure Cloud Shell Azure PowerShell Connect-AzAccount
Hi, In a previous post, I showed you how to enable system-assigned managed identity on an Azure virtual machine. Today, I want to show you how to assign a managed identity to access an Azure resource securely.
How to enable the system-assigned managed identity on an Azure VM
·696 words·4 mins· 100 views · 5 likes
Azure CLI Azure Cloud Shell Azure PowerShell Connect-AzAccount
Hi, Jorge is back. In this post, I want to show you How to enable the system-assigned managed identity on an Azure VM using Powershell and Azure CLI. When you enable a system-assigned managed identity, Azure creates an identity associated with the instance and stores it to the Azure AD tenant associated with the subscription where you created the service instance.
How to create IP Groups for Azure Firewall rules
·944 words·5 mins· 100 views · 5 likes
Azure CLI Azure Firewall Azure PowerShell Connect-AzAccount
Hi everyone, In a previous post, I showed you how to deploy an Azure Firewall. Today I will show you how to create and manage IP Groups in your Azure Firewall using PowerShell and Azure CLI.
How to configure Azure Bastion host to send logs and metrics to Log Analytics workspace
·793 words·4 mins· 100 views · 5 likes
Azure Bastion Azure CLI Azure PowerShell Connect-AzAccount
Hi, In a previous post, I showed you how to configure Azure Bastion diagnostic parameters to send logs and metrics to a storage account. But suppose you already have a log analysis workspace.
How to configure Azure Bastion diagnostic settings
·781 words·4 mins· 100 views · 5 likes
Azure Bastion Azure CLI Azure Cloud Shell Azure PowerShell
Hello! everybody. Today I will show you how to configure Azure Bastion Diagnostic to send logs and metrics to a storage account using PowerShell and Azure CLI. Once this configuration is established, you can use the stored information to find out which users connected through Azure Bastion, when, from where, and metric information about the workloads of the Azure Bastion host.
How to enable the Key vault's firewall
·854 words·5 mins· 100 views · 5 likes
Add-AzKeyVaultNetworkRule Azure CLI Azure Cloud Shell Azure PowerShell
One of the security recommendations established by Microsoft in Azure Security Center is to enable the key vault’s firewall to prevent unauthorized traffic from reaching your key vault. This post will show you how to enable the firewall to ensure that only traffic from permitted networks can access your key vault using PowerShell and the Azure CLI.
How to configure Azure Firewall diagnostic settings
·778 words·4 mins· 100 views · 5 likes
Azure CLI Azure Cloud Shell Azure PowerShell Connect-AzAccount
Hey, guys, following the series of publications on Azure Firewall, today I’ll show you How to configure Azure Firewall Diagnostics to send logs and metrics to a storage account using PowerShell and the Azure CLI.