Implementing Azure Active Directory SSO (Single Sign on) in Xamarin iOS apps

2nd of December, 2014 / / 2 Comments

This blog post is the first in a series that cover Azure Active Directory Single Sign On (SSO) Authentication in native mobile applications.

  1. Authenticating iOS app users with Azure Active Directory (this post)
  2. How to Best handle AAD access tokens in native mobile apps
  3. Using Azure SSO access token for multiple AAD resources from native mobile apps
  4. Sharing Azure SSO access token across multiple native mobile apps.

Brief Start

Two weeks ago the Azure AD (AAD) team released the Active Directory Authentication Library (ADAL) to enable developers to implement SSO functionality leveraging AAD.… [Keep reading] “Implementing Azure Active Directory SSO (Single Sign on) in Xamarin iOS apps”

Secure Azure Virtual Network and create DMZ on Azure VNET using Network Security Groups (NSG)

7th of November, 2014 / / 20 Comments

At TechEd Europe 2014, Microsoft announced the General Availability of Network Security Groups (NSGs) which add security feature to Azure’s Virtual Networking capability. Network Security Groups provides Access Control on Azure Virtual Network and the feature that is very compelling from security point of view. NSG is one of the feature Enterprise customers have been waiting for.

What are Network Security Groups and how to use them?

Network Security Groups allow us to control traffic (ingress and egress) on our Azure VNET using rules we define and provide segmentation within VNET by applying Network Security Groups to our subnet as well as Access Control to VMs.… [Keep reading] “Secure Azure Virtual Network and create DMZ on Azure VNET using Network Security Groups (NSG)”

Addressing Cross-Site Request Forgery in public/hybrid APIs

6th of November, 2014 / / No Comments

Cross-Site Request Forgery (CSRF or Session Riding) is the invocation of unauthorised commands that are triggered by a trusted user. A malicious website could make use of the fact that a user is logged in to a vulnerable website to then ride that session and forge requests. CSRF is a very common type of attack and ASP.NET has had the AntiForgery library for a long time. What’s interesting is when you have a hybrid/public API that your website is using and it is also used by other clients like Powershell, Mobile, etc.… [Keep reading] “Addressing Cross-Site Request Forgery in public/hybrid APIs”

The Little Gotchas of managing certificates in Azure

5th of November, 2014 / / 2 Comments

Azure and I have been friends for quite some time now, and I love the power that Azure gives me. He enables me to spin up a whole enterprise-like infrastructure in seconds. However, when it comes to managing certificates, Azure disappoints me. In a recent project that I have worked on, I got frustrated with some of Azure gotchas when it comes to managing security keys. In this blog post, I will share my experience on these issues.… [Keep reading] “The Little Gotchas of managing certificates in Azure”

Azure VM Security using Azure VM Security Extensions, ConfigMgr and SCM Part 2

31st of October, 2014 / / 1 Comment

This post is part of the series. Part 1 can be found here. As I mentioned on previous post, this post to wrap up my session at TechEd Sydney 2014 DCI315 Azure VM Security ad Compliance Management with Configuration Manager and SCM.

Let’s jump to our next focus:

Patch Azure VM

ConfigMgr  is long famous for its capability for patch management. Three points on how the patch management lifecycle is running with ConfigMgr 2012 R2 for our Azure VMs:

  • Scan and Measure
    Scan&Measure
  • Remediate Non-Compliant – Patch the non-compliant
  • Reporting
    reportdefinition

Patch is straight forward and utilize ADR (Automatic Deployment Rules) to set schedule update/patch.… [Keep reading] “Azure VM Security using Azure VM Security Extensions, ConfigMgr and SCM Part 2”

ADFS Metadata Conversion for Shibboleth

31st of October, 2014 / / No Comments

I recently blogged about the issues integrating Shibboleth Service Providers with ADFS. As an update to that blog one of Kloud’s super smart developers (Alexey Shcherbak) has re-written the FEMMA ADFS2Fed.py Python script in PowerShell, removing the need for Python and the LXML library! The ADFS2Fed converts ADFS metadata for consumption by a Shibboleth SP. Below is the output of Alexey’s labour, awesome work Alexey!

[code language=”PowerShell” gutter=”false”]
$idpUrl = "https://federation.contoso.com";
$scope = "contoso.com";
$filename = ((Split-Path -parent $PSCommandPath) +"\federationmetadata.xml");… [Keep reading] “ADFS Metadata Conversion for Shibboleth”

Azure VM Security using Azure VM Security Extensions, ConfigMgr and SCM Part 1

30th of October, 2014 / / 1 Comment

This post to wrap up my session at TechEd Sydney 2014 : DCI315 Azure VM Security and Compliance Management with Configuration Manager and SCM.

In this blog post series we will dispell some of the myths and dive into Azure VM Security.

With Azure AU Geo launched on TechEd Sydney 2014, Azure now has 19 Regions. More and more enterprises start migrating their workloads into Azure. Most of our clients have the same question – How do we manage security and compliance on Azure VM?… [Keep reading] “Azure VM Security using Azure VM Security Extensions, ConfigMgr and SCM Part 1”

Shibboleth Service Provider Integration with ADFS

29th of October, 2014 / / 4 Comments

If you’ve ever attempted to integrate a Shibboleth Service Provider (Relying Party) application with ADFS, you’d have quickly realised that Shibboleth and ADFS are quite different beasts. This blog covers off some of the key issues involved and provides details on how to get ADFS to play nice with a Shibby Service Provider (SP). This blog does not cover configuring ADFS to participate as a member in a Shibboleth Federation like InCommon or the Australian Access Federation (AAF).… [Keep reading] “Shibboleth Service Provider Integration with ADFS”

Microsoft Antimalware for Azure is Now in Preview

14th of June, 2014 / / No Comments

Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a new cloud service that detects and remove viruses, spyware, and other malicious software. Administrators can configure alerts to detect when malicious software attempts to install or run on a Microsoft Azure workload. The service is currently in preview.

I was really excited when I heard this new service announced at TechEd North America. Microsoft Antimalware for Azure addresses a major gap in the market. There is a legitimate need to protect IaaS and PaaS workloads running on Azure from viruses and other malware.… [Keep reading] “Microsoft Antimalware for Azure is Now in Preview”