Tag Archives: Security

Secure Azure SQL Server Backups Using Managed Identities

Posted on by
2

I do believe most people know about the ability to backup your SQL server databases to URL (from Azure VMs).  If you recall you would use the storage key ( ideally not) or a SAS token, from there you would create a SQL credential that is bound to the SAS token (as a secret). Lots of moving parts especially when it comes to rotation time. So now, if you are on the newer versions of SQL server (SQL Server 2022 Cumulative Update 17 ) start thinking about backups via managed identities.

Continue reading

Microsoft Entra Authentication for Azure PostgreSQL

Posted on by
1

Straight from Microsoft’s documentation “Microsoft Entra authentication is a mechanism of connecting to Azure Database for PostgreSQL flexible server by using identities defined in Microsoft Entra ID. With Microsoft Entra authentication, you can manage database user identities and other Microsoft services in a central location, which simplifies permission management.”

Continue reading

Azure SQL Database – Advanced Threat Detection

Posted on by
Reply

You should always seriously consider enabling this feature. This is part of the ADS suite – Advanced Data Security and I will show you how good this pro-active service is.

Continue reading

Azure Storage Accounts – Open to the Internet?

Posted on by
Reply

Let’s get straight to the point. From official documentation it states that “To secure your storage account, you should first configure a rule to deny access to traffic from all networks (including internet traffic) by default. Then, you should configure rules that grant access to traffic from specific vnets. This configuration enables you to build a secure network boundary for your applications”.

Navigate to your storage account, what is the default setting? It is shown below.

Continue reading

Azure – What is a Shared Access Signature?

Posted on by
3

Using a Shared Access Signature (SAS) is usually the best way to control access rights to Azure storage resources (like a container for backups) without exposing the primary / secondary storage keys. It is based on a URI and this is what I want to look at today.

I always use the Azure Storage Explorer to build a SAS token. Let’s dig into what the different parts mean.

Continue reading