Stack Overflow
Stack Overflow

Questions tagged [azure-security]

Use this tag for Azure Security questions

216 questions
3
votes
1 answer

What is the difference between connection string and StorageCredentials for accessing Azure Blob Storage?

I'm looking into using Azure Blob Storage and, from looking at several tutorials, I get that one can access the blob storage through a connection string or using StorageCredentials. Is there a best practice? Or do both serve a different…
DevBezz
  • 93
  • 1
  • 5
3
votes
1 answer

Azure Cloud no matches for kind "SecretProviderClass" in version "secrets-store.csi.k8s.io/v1alpha1"

I am working in azure cloud and wanted to add a simple ServiceProviderClass using the doc from Azure Azure / secrets-store-csi-driver-provider-azure replacing the secret, keyvaultName and tenantId apiVersion:…
Sylhare
  • 5,907
  • 8
  • 64
  • 80
3
votes
3 answers

In Azure Devops, how to let some contributors create sprints without them being Project Adminstrator?

I understand we can let people create 'sprints' in 'area-path' by adding them in 'Project Administrator' group. Tasks of sprint creation is usually handled by Product-Owner/Business-Analyst in our organization but project administrator has lot of…
old-monk
  • 799
  • 8
  • 20
3
votes
1 answer

How to use @azure/identity with DefaultCredentials from 'az login' instead of service account when developing locally?

Not sure if this is already possible somehow or there's a different 'flow' that's expected and makes sense which I have yet to discover. We use @azure/keyvault-secrets + @azure/identity to access/manage all our secrets/keys across our applications…
SebastianG
  • 8,563
  • 8
  • 47
  • 111
3
votes
1 answer

Whitelisting specific IP Addressess with Azure Network Security Groups

I'm trying to restrict access to endpoints on my virtual machine only to specific external IP addresses. Having looked into it I found that a Network Security Group on Azure may be appropriate. I created a network security group and attached it to…
Brian Delaney
  • 181
  • 1
  • 16
2
votes
3 answers

Selective Resource/Infra isolation on Azure. Possible?

Good day, folks! I have an Azure subscription and it has multiple resources created, like App Services, Databases, Key Vault, Storage, account, etc I want only a few people to see the full resources, for the rest of the team, I don't want all the…
Raw_Wish
  • 151
  • 1
  • 6
2
votes
0 answers

How to update security patches in azure container registry automatically?

Scenario: There is an azure container registry(acr) with many repositories (around 20) Each repository has different tags like image:dev0.1, dev0.2, prod0.1, prod0.2 There are more than 100 images which include all available tags within each…
shaik moeed
  • 5,300
  • 1
  • 18
  • 54
2
votes
0 answers

How to generate test alert/incident in "Microsoft 365 Defender" portal for test purpose?

I want to generate test alert in "Microsoft 365 Defender" portal. I have tried to login "portal.azure.com" and "outlook.office.com" from tor browser; and I was expecting an alert to be triggered (which isn't of course). any other way possible to…
shalin makhecha
  • 21
  • 3
2
votes
1 answer

How to add/update user permissions on environment's security through REST API on Azure DevOps?

I need to add user permission when creating an environment through REST API with PowerShell. I've looked at the network trace and this is the header when I tried to manually add a user permissions Request…
Jess
  • 29
  • 7
2
votes
0 answers

VA2108 - Minimal set of principals should be members of fixed high impact database roles

I have Azure SQL database. Azure Security Center tells vulnerability VA2108 - Minimal set of principals should be members of fixed high impact database roles. Vulnerability Severity is "High" and Status is "Unhealthy". It is pointing to principal…
Kenny_I
  • 2,001
  • 5
  • 40
  • 94
2
votes
1 answer

Invalid client secret is provided when using correct and not expired secret

I have Azure App Registration with active secret. I'm trying to obtain token using v1.0 like below (clientId is an ID of the above App Registration) $body = @{ grant_type = 'client_credentials'; client_id = $clientId; client_secret =…
db_k
  • 364
  • 1
  • 5
  • 19
2
votes
1 answer

How to generate SAS URLs for blob storage using User Delegation Key in Python

I'm trying to generate SAS URLs to read blobs using a user delegation key and the Azure SDK for Python. The following code works if I use the storage account key but fails if I try to use the user delegation key. import datetime as dt import…
cbare
  • 12,060
  • 8
  • 56
  • 63
2
votes
2 answers

Azure Security center giving high alerts "trusted registries only allowed for container images"

We have AKS and using images from our private acr and dockerhub images. Could see that default security policies applied to the subscription and which giving high security vulnerabilities recommendations for the trusted images. Upon checking…
Vowneee
  • 956
  • 10
  • 33
2
votes
1 answer

How to use managed identity to access key vault on different subscription of same tenant?

Have my Azure VM scale set on subscription1 of tenantA & assigned user managed identity which also belongs to subscription1 of tenantA. Now I have keyvault on subscription2 of tenantA(same tenant). The keyvault hold secrets which the apps on Azure…
Zackie Khan
  • 85
  • 7
2
votes
0 answers

Results of Azure SQL Vulnerability Assesment

I want to configure Security Baselines for Azure SQL Database via ARM Template. I am referring to the sample code: "resources": [ { "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/rules/baselines", …
Manjunath Rao
  • 1,397
  • 4
  • 26
  • 42
1
2
3
14 15