Safeguard
Tag

azure-security

Safeguard articles tagged "azure-security" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Cloud Security

Azure IAM and RBAC Best Practices

A question-driven guide to Azure identity and access management: Entra ID vs Azure RBAC, scoping assignments, managed identities, PIM, and Conditional Access — with az CLI and Terraform examples.

Jul 3, 20266 min read
Cloud Security

Azure Security Best Practices for 2026

A practical Azure hardening guide covering Entra ID identity, Azure Policy guardrails, network isolation, Key Vault secrets, and Defender for Cloud — with Terraform and az CLI examples.

Jul 1, 20266 min read
Application Security

Top 10 Azure security risks and prevention

Real Azure breaches — BlueBleed, ChaosDB, OMIGOD, Midnight Blizzard — trace back to storage misconfigs, identity sprawl, and exposed secrets, not zero-days.

Jun 20, 20267 min read
Cloud Security

How to configure Azure AD Conditional Access policies

A step-by-step guide to configure Azure AD conditional access policies safely — MFA enforcement, device compliance, report-only piloting, and troubleshooting tips.

Feb 14, 20267 min read
Cloud Security

Choosing between Key Vault access policies and RBAC permi...

Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.

Jan 15, 20267 min read
Cloud Security

Best practices for using Azure Managed Identity instead o...

A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.

Jan 15, 20268 min read
Cloud Security

Preventing and detecting Azure service principal credenti...

How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.

Jan 14, 20267 min read
Cloud Security

Comparing confidential VM offerings across major cloud pr...

A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.

Dec 11, 20258 min read
Cloud Security

Azure storage account misconfiguration report

A breakdown of what drives Azure storage misconfiguration reports, from the 2023 Wiz-disclosed 38TB leak to SAS token and public access risks in 2025.

Nov 4, 20256 min read
azure-security — Safeguard Blog