azure-security
Safeguard articles tagged "azure-security" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Azure IAM and RBAC Best Practices
A question-driven guide to Azure identity and access management: Entra ID vs Azure RBAC, scoping assignments, managed identities, PIM, and Conditional Access — with az CLI and Terraform examples.
Azure Security Best Practices for 2026
A practical Azure hardening guide covering Entra ID identity, Azure Policy guardrails, network isolation, Key Vault secrets, and Defender for Cloud — with Terraform and az CLI examples.
Top 10 Azure security risks and prevention
Real Azure breaches — BlueBleed, ChaosDB, OMIGOD, Midnight Blizzard — trace back to storage misconfigs, identity sprawl, and exposed secrets, not zero-days.
How to configure Azure AD Conditional Access policies
A step-by-step guide to configure Azure AD conditional access policies safely — MFA enforcement, device compliance, report-only piloting, and troubleshooting tips.
Choosing between Key Vault access policies and RBAC permi...
Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.
Best practices for using Azure Managed Identity instead o...
A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.
Preventing and detecting Azure service principal credenti...
How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.
Comparing confidential VM offerings across major cloud pr...
A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.
Azure storage account misconfiguration report
A breakdown of what drives Azure storage misconfiguration reports, from the 2023 Wiz-disclosed 38TB leak to SAS token and public access risks in 2025.