Multi-Tenant Daemons with Microsoft Identity platform

Background I have recently speaking to a customer about the following scenario. Customer has an API that supposed to be consumed by some **trusted** daemon applications built and managed by their partners. It's not the interactive users (no signed in users via an web application) who will be using the API, rather some background process … Continue reading Multi-Tenant Daemons with Microsoft Identity platform

Key Vault as backing store of Azure Functions

If you have used Azure function, you probably are aware that Azure Functions leverages a Storage Account underneath to support the file storage (where the function app code resides as Azure File share) and also as a backing store to keep Functions Keys (the secrets that are used in Function invocations). Figure: Storage Account containers … Continue reading Key Vault as backing store of Azure Functions

Secure Azure Web sites with Web Application Gateway wtih end-to-end SSL connections

The Problem In order to met higher compliance demands and often as security best practices, we want to put an Azure web site behind an Web Application Firewall (aka WAF). The WAF provides known malicious security attack vectors mitigation's defined in OWASP top 10 security vulnerabilities. Azure Application Gateway is a layer 7 load balancer that provides WAF out of the box. However, … Continue reading Secure Azure Web sites with Web Application Gateway wtih end-to-end SSL connections