Marko Lauren’s Post

Nice little 🎄🎁 below - a great blog Microsoft #Sentinel and RBAC permissions. Quick note - NO Changes to Sentinel permissions, if you could see incidents before, you still will! BUT SOC teams may likely ADD #Defender roles like Security Reader, Security Admin if you didn't have them already. 🥁🥁🥁 Sentinel support for URBAC is coming soon!!! Unwrap the blog 👇 😁 https://lnkd.in/gjFSzWPi

Managing Microsoft Sentinel and Microsoft Defender XDR permissions in Microsoft Defender portal. In November 2023 at Microsoft Ignite, we announced the integration of Microsoft Sentinel with Microsoft Defender XDR into the unified Microsoft Defender portal. Fast forward, in July 2024 we announced this integration GA, and in July 2025 we announced the Microsoft Sentinel experience will be retired in the Azure portal on July 1, 2026. As we introduced the new portal experience, many customers naturally had questions, particularly around permissions. Common concerns included: How will permissions be managed going forward? What changes should I expect with my existing Azure permissions? And do I still need the Microsoft Sentinel Contributor role? In this post, we break down the answers and clarify what the transition means for you. Microsoft Sentinel SIEM permissions In the Azure portal, we use Azure RBAC permissions to manage... #techcommunity #azure #microsoft https://lnkd.in/gWf3Xx79

From Apps on Azure Blog articles, Identity Bindings: A Cleaner Model for Multi‑Cluster Identity in AKS, by samcogan "AKS has supported assigning Azure Managed Identities to pods for some time, first through Pod Identity and then later through Workload..." https://lnkd.in/gfCdBwjb

Identity Bindings: A Cleaner Model for Multi‑Cluster Identity in AKS. AKS has supported assigning Azure Managed Identities to pods for some time, first through Pod Identity and then later through Workload Identity. Using these tools it is possible to give a pod an Azure Identity that it can use to interact with other Azure services - pull secrets from Key Vault, read a file from Blob Storage or write to a database. Workload Identity is the latest incarnation of this feature and significantly simplified this feature, removing the need to run additional management pods in the cluster and to have the identity injected in every node however it does have some issues of it's own. These issues are particularly evident when operating at scale and wanting to share the same Managed Identity across multiple workloads in the same cluster, or across multiple clusters. Workload Identity relies on creating a Federated Identity Credential... #techcommunity #azure #microsoft https://lnkd.in/gMHzPMps

🚀 Simplifying Azure Authentication with Managed Identity In one of our earlier videos, we explored how to connect with Azure resources—like Key Vault—from a local machine using a Service Principal registered on Microsoft Entra ID. But here’s the real challenge: 👉 How do we securely manage these credentials in a Production environment, where everything is deployed directly on Azure? The good news is, Azure has already solved this for us! With Managed Identity, you can seamlessly connect to different Azure resources without the hassle of storing or maintaining credentials. 🔑 Managed Identity = Secure, Simple, and Automatic authentication across Azure services. 🎥 And in this video, we’ll go one step further—exploring Managed Identity in action so you can see exactly how it works in real-world scenarios. https://lnkd.in/gEEPMU8J

A clear, practical walkthrough of forward vs reverse proxies using Squid on Azure. Shows how multiple cloud services can be accessed through one secure outbound endpoint. https://lnkd.in/grwCSnDJ

Azure wasn’t down on December 30. Our assumptions were. No alerts. No outage banner. Bas silence. portal.azure.com → NXDOMAIN intune.microsoft.com → gone Same links worked instantly on 8.8.8.8 and 1.1.1.1. That’s when I just knew… …this wasn’t a cloud failure. It was a dependency failure. We’d hard-wired… …Cisco Umbrella/OpenDNS like gravity. Always there. Always safe. Until it wasn’t. Suddenly Microsoft Azure… …looked “globally down” only for teams who never mapped… …DNS as a failure domain. The myth that died that day: “If Azure is up, we’re fine.” Comedy of errors, live in prod: • One resolver silently fails • Control planes vanish • CI/CD stalls • Intune can’t phone home • VPNs can’t resolve gateways • Everyone blames the cloud I’ve made this mistake myself. DNS lived in the appendix. Not the risk register. That one’s on me. Hard truth: Most “cloud outages” are middleware outages in reality. What changed after December: 1️⃣ Resolver diversity — two independent paths, health-checked, failover-tested 2️⃣ DNS in DR — explicit runbooks, not tribal memory 3️⃣ Vendor-aware ops — DNS/SWG vendors = Tier-1 dependencies 4️⃣ Drift detection — compare answers, TTLs, CNAMEs before users do The line that stuck with me: If you don’t map it, you don’t control it. Azure didn’t disappear. It was selectively unreachable. If DNS isn’t in your 2026 risk register, December already told you what’s coming. Save this. Or comment if that outage changed how you think about “stable infrastructure.”

Still using storage account keys to hand out access to Tables, Queues, or Files? Azure is starting to offer a cleaner path. User delegation SAS is now in public preview for Azure Tables, Queues, and Files, letting teams issue time-bound SAS tokens backed by Microsoft Entra ID instead of long-lived keys. Read the full breakdown and unpack what it changes for platform and security teams: https://lnkd.in/d3Q8wcmK #MicrosoftAzure #AzureStorage #CloudSecurity #EntraID #IdentityAccessManagement