In Azure DevOps, you can manage your security for a given team or group using the Permissions module. In this example, the API New Team has inherited and granted permissions. The “Allow permissions to view project level information” has been granted explicitly, while the permissions to delete, edit and manage projects has been inherited...
I created this post in response to questions from one of my customers which may be useful to others regarding Microsoft’s support plans around TLS 1.3 and upcoming releases.
We believe that Secure DevOps encompasses both a set of practices and a mindset shift to help customer adopt security principles and practices aligned with the culture shift and integrated with the practices, of DevOps. Secure DevOps practices include and build on those practices that are part of the Microsoft Security Development Lifecycle.
Beyond Lean, another important contributor to DevOps is the safety science movement. In this blog, Ron discusses this subject and show how important this is and how it changes the ways we think of the systems we build.
It is extremely difficult to find individuals with Security+ accreditation. Achieving this accreditation not only helps you but also helps defense contracting companies and the DoD community to fill in those national security related positions with those specialized needs.
When it comes to data, there is never a thing as too much security. With identify theft and breaches becoming a daily occurrence, ensuring sensitive information is protected is essential to business. Microsoft Azure has been designed from the ground-up to be one of the most secure places to store your information. Let me prove it!
Accessing Groups claims in Azure AD B2C requires adding some custom code through custom (IEF) policies. This post shows how to configure AD B2C IEF policies to access Groups in JWT Tokens.
MSRD is a self-service, AI-powered Dynamic Application Security Testing service that optimizes your web development cycle to identify and remediate bugs and security risks as they’re introduced into the codebase – not after they are already in production.
Azure Trust Center should be your first destination for our compliance offerings. Did you know independent audit reports along with Azure compliance offerings can be found there? This documentation is a free, but protected resource for those that utilize Microsoft cloud services (Azure, Office 365, Dynamics 365, etc.). Compliance documentation for HITrust, HIPPA/HITECH, FedRAMP, CSA CCM and many others are stored here.
Senior Consultant Omar Amin recently posted this article on securing a physical data center. In this post, he highlights roles and responsibility on security across various hosting options.
I don’t spend a lot of time talking to customers about physical data center security.