If you wanted to block inbound traffic to your Azure Function, one option is to use an Access Restriction. To check if you have one, navigate to the Networking blade for your Azure Function and check if Access restriction is On. Figure 1, Access Restriction and Azure Functions Take caution that although this let’s you […]
Read More →Category: Security
Machine Keys on an Azure App Service, machineKey multiple, different data centers, regions on Azure
I wrote this article some time ago, Machine Keys on an Azure App Service, machineKey multiple instances Azure, which describes how and why there are no problems running on multiple instances of your App Service Plan, so long as they are in the same region or datacenter. This is because, as part of the App […]
Read More →How to get a Bearer access token for Azure
Even though I am not a security expert, it has always interested me. When I worked on the IIS team some years back, pre Azure and pre Cloud days the protocol mostly used for large corporations was Kerberos. Initially, troubleshooting those issues would give me sleepless nights, but over some years you begin to see […]
Read More →Securing an Azure App Service or Azure Function PaaS
A common topic I would like to call out which I see in regards to security has to do with endpoints. I kind of want to call those endpoints “potentially vulnerable attack vectors”. I am a bit nervous writing “vulnerable” because the endpoints I mention here are secure, which is why I also called out […]
Read More →Consumption vs. Runtime Scaling in Azure Functions
Technical terminology is its own language. If I speak German to a person who doesn’t understand the words I am saying, it would be the same as saying “hey, I was working on a runtime scaling issue yesterday and it was crazy awesome.” You might get the point that I was working on a runtime […]
Read More →WEBSITE_VNET_ROUTE_ALL and Azure Functions
This would apply to Azure App Services too. This is an interesting feature. To me it resembles or provides the ability to force tunnel. The implementations of forced tunneling I have seen have typically been configured using route tables. Where the route table is a matrix of IP addresses (see Figure 6) that instructs TCP […]
Read More →Microsoft Authenticator App
If you are still using UID and Password as the only means for authentication, you might consider implementing Multi Factor Authentication (MFA). One way to do this is by using the Microsoft Authenticator App which you can read all about it here. I am writing this mostly to help me remember how I configured it […]
Read More →IP Restrictions on Azure App Service as expected behavior
A method to 100% shutdown the public endpoint of an App Service running in the public tenant is not provided. However, you can create an ILB ASE (which is not a public tenant) or you can restrict the access using an IP Restriction. Here is some information on the detailed feature for setting this up […]
Read More →Using Managed Service Identity (MSI) with an Azure App Service or an Azure Function
Instead of storing user id / passwords or database connection strings in source or configuration files, you should consider storing them in an Azure Key vault. Azure Function 400 Bad Request How to connect to a database from an Azure Function Create an Azure Key Vault secret How to connect to a database from an […]
Read More →How to connect to a database from an Azure Function using Azure Key Vault
In my original article here where I stored the database connection string in an Environment Variable which is no longer an optimal approach (it was only for example). I will now update the Azure Function to access an Azure Key Vault secret which has the database connection string and use it to make the database […]
Read More →