Archive
security
The Privileged Role Exposures Defender Misses
A look at Tier Zero exposure paths that don’t show up in the obvious places — and a tool to find them. How this started…
Least Privilege Studio: An Azure RBAC Tool
If you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s…
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
Using Azure Firewall as a NVA with Terraform
Using Azure Firewall as a Network Virtual Appliance (NVA) provides a powerful alternative to traditional VNet peering in hub-and-spoke designs. Instead of relying on…
Managing Secrets in Terraform: From Bad to Automated
When it comes to Infrastructure as Code (IaC), Terraform is an incredibly powerful tool. It allows us to define, deploy, and maintain entire environments…
Sending Custom Logs to Log Analytics via HTTP
Centralized logging is a cornerstone of any professional IT or DevOps setup. Azure Log Analytics (LAW) / Azure Monitor provides a powerful platform not…
Auditing Azure VM Operating Systems
Managing a growing Azure environment often means dealing with multiple subscriptions, distributed teams, and a wide range of virtual machine configurations. One critical but…
Quickly Find Azure VMs Without NSG Protection
Network Security Groups (NSGs) are a key security feature in Azure, acting as virtual firewalls to control network traffic to and from your Virtual…