Azure Security and Encryption

Azure Active Directory is used for access controls. Azure AD can be used stand-alone. It offers Single sign-on, MFA, providing identities to services.

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To read encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data.

Asymmetric encryption uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS), used in HTTPS.

By default, Azure encrypt/decrypt file storage data. It’s transparent to the user. Azure SQL Database used Transparent data encryption. It performs real-time encryption/decryption of the database at rest without requiring changes to the application. It’s enabled by default. TDE uses symmetric key called database encryption key. By default, Azure provides a unique encryption key per logical SQL server instance and handles all the details.

Azure key vault is used to keep application secrets.

Azure Security Monitor. Monitoring service that provides threat protection across all of your services. Azure Security Center is offered on Standard tier subscription. It’s $15 per node per month.

Does Azure commercial follow FEDRAMP guidelines?

This is the first question that will always be asked if you are setting up Azure for a client that works with government.

Both Azure and Azure Government uses same security controls. They are accessed and authorized at the FedRAMP high impact level. Azure Government provides an additional layer of protection to customers to screened US persons. This is used to store and process data subject to US export control regulation’s such as EAR, ITAR, and DoE 10 CFR Part 810.

Refer to this Microsoft article for details;

https://azure.microsoft.com/en-us/blog/all-us-azure-regions-now-approved-for-fedramp-high-impact-level/

Take time to see which environments meet your needs.  Many people are surprised at how robust the Azure [commercial] compliance space is.  https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

Resources;

Check and change PHP version in Azure WordPress App service

I am running WordPress as Azure App service. My current configuration for the technology stack is;

I did a Site health check on WordPress dashboard; Tools->Site Health, WordPress site health status shows that I am running an older version of PHP.

I figured I should be changing my Stack settings from .NET to PHP.  I made the change hoping it wouldn’t break the application;

Technology stack is changed from .NET to PHP without any issues.

I went back to WordPress dashboard and ran Site Health. PHP version issue solved.

If someone is running WordPress on Linux, this is a good reference;

Windows Snip & Sketch alternative

I like windows snip and sketch tool. The only draw back, you take a snapshot and if you want to draw rectangle around an area, it’s not possible in this tool. The snapshot has to be copied into MS Paint or Power Point to annotate. It’s kind a two step process.

The alternative is to use Greenshot which is a full featured snipping tool. Greenshot does come with an editor where you can easily add arrows, text, shapes, blur out/pixelate sensitive information.

Greenshot automatically copy the screenshot to the clipboard. At the time of installation it gets registered with windows and always available in the taskbar. If I need to edit a screenshot, I can right-click the greenshot icon and choose: Open Image from clipboard to access it in the editor. Once done, I then either save the image there or choose copy to clipboard, to send the edited version back to the clipboard, ready to be pasted somewhere else.

Here is an example;

Donate: