{"id":1060,"date":"2023-11-23T07:17:57","date_gmt":"2023-11-23T07:17:57","guid":{"rendered":"https:\/\/www.idenxt.com\/?p=1060"},"modified":"2024-04-30T12:05:31","modified_gmt":"2024-04-30T12:05:31","slug":"welcome-to-the-azure-hall-of-misconfiguration-fame","status":"publish","type":"post","link":"https:\/\/www.idenxt.com\/sv\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/","title":{"rendered":"Welcome to the Azure Hall of Misconfiguration Fame"},"content":{"rendered":"<p><strong>Author:<\/strong> Howard M. Cohen<\/p>\n<p>You\u2019re well protected! When you use Azure cloud services, there are many ways in which you\u2019re well protected. Many data and network protections. Flexible data backup services. Multiple layers of security tools and systems. Yes, when you use Azure you\u2019re well protected from just about everything\u2026<\/p>\n<p>Except yourself.<\/p>\n<p>You\u2019re well aware that a sizable proportion of data threats come from people internal to your own organization. They swipe the credentials of those they work with to access data they have no right to see. They copy valuable data to removable media. They have all manner of ways to steal from you. But they are not who we\u2019re talking about here.<\/p>\n<p>We\u2019re talking about your best-intentioned, most reliable, most trustworthy employees.<\/p>\n<h2>They Make Mistakes<\/h2>\n<p>This is by no means an indictment of your good people. They\u2019re human. Everyone makes mistakes, but these can erode the safety and efficiency of your cloud operations. They most often come in the form of misconfigurations of the cloud service.<\/p>\n<h2>Frequent Misconfigurations on Azure<\/h2>\n<p>Azure is a vast, complex computing environment providing many opportunities, each of which require multiple decisions regard options, settings, and other technical details. The simple law of big numbers tells us that in such a large quantity of decisions there will be errors.<\/p>\n<p>Here are a few misconfigurations that are routinely made:<\/p>\n<h3>Allowing login without multi-factor authentication (MFA)<\/h3>\n<p>This one is just too simple to solve. MFA should simply be a default requirement, but it is still an optional setting. Passwords are simply too easy to steal, and a major proportion of users still use \u201cpassword\u201d or \u201c12345678\u201d as their password. Combining this with a multi-digit number that is instantiated at the time of login and provided to the user via a device they possess makes password theft useless. It can be argued that users find MFA inconvenient, but the value gained clearly outweighs the extremely minor inconvenience. Failure to implement MFA is not just a poor choice, it\u2019s a misconfiguration.<\/p>\n<h3>Giving Every User Azure AD Admin Access<\/h3>\n<p>Another almost unimaginable misconfiguration is the bad practice of issuing admin rights to access the Azure Active Directory (AD) portal. This is the equivalent of giving everybody every key to every door in your building. It obliterates security completely. Yet, many Azure users do this for \u201cconvenience\u201d reasoning that they don\u2019t have to manage anyone\u2019s rights or access authorizations when everybody has access to everything by default. That convenience will inevitably cost them dearly.<\/p>\n<h3>Not Turning on Identity Protection<\/h3>\n<p>Azure Identity Protection detects unusual user behaviors, malware attachments, too many retries when someone is trying to log in, potential credential leaks, and more. But it only does that when it\u2019s turned on. While there\u2019s seemingly no good reason not to, many Azure environments run without it due to a simple failure to turn it on.<\/p>\n<h3>No Email Notifications<\/h3>\n<p>Do you have people sitting at consoles staring at the screens watching literally everything that happens in your Azure environment? If you\u2019ve failed to enable email notifications and given Azure an active email address to send them to, you had better have people wasting their time in that fashion.<\/p>\n<h3>No Alerts<\/h3>\n<p>Most every deployed Azure service produces activity logs, and you can readily establish customized alerts to actively notify you when log data indicates potential problems, or thresholds have been exceeded. All too often, users choose the \u201cignorance is bliss\u201d option and fail to establish any alerts. This requires Azure to use its defaults and basic security features to manage the health of your Azure environment. Another invitation to potential disaster.<\/p>\n<h3>Too Many Guests<\/h3>\n<p>If \u201ctwo is company, three is a crowd,\u201d then the sheer number of vendors, suppliers, clients, and other external associates allowed access via Azure AD can turn into a stampede. All too often, Azure users fail to remove guest credentials when no longer needed enabling those outsiders to quietly enter and begin finding ways to compromise data assets later on. Onboarding and proper offboarding of employees is difficult enough to get right. Too many guests is another unforced error.<\/p>\n<h3>No Network Watcher<\/h3>\n<p>Data sitting still produces no value. All Azure environments depend upon the network to transport data to where it can do some good. Azure Network Watcher helps them identify, understand, and troubleshoot problems that many arise on that network. Again, there\u2019s really no good reason to disable it, or never enable it. Yet, all too often Azure Network Watcher is not in use.<\/p>\n<h3>Static IP Addresses<\/h3>\n<p>Dynamic Host Configuration Protocol (DHCP) is among the most valuable features of IP networking in that it turns every host into a moving target. While cybercriminals may be able to identify the IP address of a given device, that address will soon change. Yet, many Azure users establish static, unchanging IP addresses all too often. When a DHCP lease is renewed all previous DNS records and logs become completely unavailable, which stymies any external effort to obtain and compromise them.<\/p>\n<h3>Orphaned or Over-Provisioned Virtual Machines (VM)<\/h3>\n<p>Any Azure administrator who has had a user leave a VM running unnecessarily has felt the budgetary pain of allowing such a thing to happen. What\u2019s more insidious are VMs that are configured lazily in the first place, requiring far more and many resources than they really required. These are far harder to detect. These are misconfigurations that directly cause potentially significant overspending.<\/p>\n<h2>Totally Preventable if Someone is Minding the Operation<\/h2>\n<p>We\u2019ve only scratched the surface of the many misconfigurations that are routinely observed in many Azure environments. The one thing all of these and all the one\u2019s we don\u2019t have room to describe have in common is that they\u2019re all preventable.<\/p>\n<p>All it takes is having someone or something constantly monitoring and managing the entire Azure environment. Of course, the challenge is that most enterprises have difficultly justifying the budget required to staff such critical functions.<\/p>\n<h2>Automated Azure Hosting<\/h2>\n<p>As with so many other IT functions, the most cost-effective way to supplement for a shortage of human resources is to automate as many functions as possible as completely as possible.<\/p>\n<p>This is why Idenxt was developed. Based on technologies provided by Microsoft for Azure operation, augmented by customized management automation, Idenxt assures the elimination of common and not-so-common misconfiguration errors, providing continuous optimization of your Azure environment. This assures that you and your users enjoy the best possible Azure experience and efficiency enhancement.<\/p>\n<p>For more information and insight into how to leverage Idenxt to increase your revenue without proportional increases to operating costs, contact us <a href=\"https:\/\/www.idenxt.com\/sv\/contact-us\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Howard M. Cohen You\u2019re well protected! When you use Azure cloud services, there are many ways in which you\u2019re well protected. Many data and network protections. Flexible data backup services. Multiple layers of security tools and systems. Yes, when you use Azure you\u2019re well protected from just about everything\u2026 Except yourself. You\u2019re well aware &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.idenxt.com\/sv\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/\"> <span class=\"screen-reader-text\">Welcome to the Azure Hall of Misconfiguration Fame<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":1066,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Welcome to the Azure Hall of Misconfiguration Fame - Idenxt<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Welcome to the Azure Hall of Misconfiguration Fame - Idenxt\" \/>\n<meta property=\"og:description\" content=\"Author: Howard M. Cohen You\u2019re well protected! When you use Azure cloud services, there are many ways in which you\u2019re well protected. Many data and network protections. Flexible data backup services. Multiple layers of security tools and systems. Yes, when you use Azure you\u2019re well protected from just about everything\u2026 Except yourself. You\u2019re well aware &hellip; Welcome to the Azure Hall of Misconfiguration Fame Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/\" \/>\n<meta property=\"og:site_name\" content=\"Idenxt\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-23T07:17:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T12:05:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"822\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Welcome to the Azure Hall of Misconfiguration Fame - Idenxt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/","og_locale":"en_US","og_type":"article","og_title":"Welcome to the Azure Hall of Misconfiguration Fame - Idenxt","og_description":"Author: Howard M. Cohen You\u2019re well protected! When you use Azure cloud services, there are many ways in which you\u2019re well protected. Many data and network protections. Flexible data backup services. Multiple layers of security tools and systems. Yes, when you use Azure you\u2019re well protected from just about everything\u2026 Except yourself. You\u2019re well aware &hellip; Welcome to the Azure Hall of Misconfiguration Fame Read More &raquo;","og_url":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/","og_site_name":"Idenxt","article_published_time":"2023-11-23T07:17:57+00:00","article_modified_time":"2024-04-30T12:05:31+00:00","og_image":[{"width":1920,"height":822,"url":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp","type":"image\/webp"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#article","isPartOf":{"@id":"https:\/\/www.idenxt.com\/sv\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/"},"author":{"name":"admin","@id":"https:\/\/www.idenxt.com\/sv\/#\/schema\/person\/2a2f143dc36e628aaee059c3a3ed49e9"},"headline":"Welcome to the Azure Hall of Misconfiguration Fame","datePublished":"2023-11-23T07:17:57+00:00","dateModified":"2024-04-30T12:05:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.idenxt.com\/sv\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/"},"wordCount":1119,"publisher":{"@id":"https:\/\/www.idenxt.com\/sv\/#organization"},"image":{"@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#primaryimage"},"thumbnailUrl":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp","articleSection":["blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.idenxt.com\/sv\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/","url":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/","name":"Welcome to the Azure Hall of Misconfiguration Fame - Idenxt","isPartOf":{"@id":"https:\/\/www.idenxt.com\/sv\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#primaryimage"},"image":{"@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#primaryimage"},"thumbnailUrl":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp","datePublished":"2023-11-23T07:17:57+00:00","dateModified":"2024-04-30T12:05:31+00:00","breadcrumb":{"@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#primaryimage","url":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp","contentUrl":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp","width":1920,"height":822},{"@type":"BreadcrumbList","@id":"https:\/\/www.idenxt.com\/blog\/welcome-to-the-azure-hall-of-misconfiguration-fame\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.idenxt.com\/sv\/"},{"@type":"ListItem","position":2,"name":"Welcome to the Azure Hall of Misconfiguration Fame"}]},{"@type":"WebSite","@id":"https:\/\/www.idenxt.com\/sv\/#website","url":"https:\/\/www.idenxt.com\/sv\/","name":"Idenxt","description":"","publisher":{"@id":"https:\/\/www.idenxt.com\/sv\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.idenxt.com\/sv\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.idenxt.com\/sv\/#organization","name":"Idenxt","url":"https:\/\/www.idenxt.com\/sv\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.idenxt.com\/sv\/#\/schema\/logo\/image\/","url":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2024\/10\/logo.png","contentUrl":"https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2024\/10\/logo.png","width":300,"height":76,"caption":"Idenxt"},"image":{"@id":"https:\/\/www.idenxt.com\/sv\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.idenxt.com\/sv\/#\/schema\/person\/2a2f143dc36e628aaee059c3a3ed49e9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.idenxt.com\/sv\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c8b89ec6b7c765867ad732b4001656a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c8b89ec6b7c765867ad732b4001656a?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/www.idenxt.com"]}]}},"rttpg_featured_image_url":{"full":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1920,822,false],"landscape":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1920,822,false],"portraits":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1920,822,false],"thumbnail":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",150,64,false],"medium":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",300,128,false],"large":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1024,438,false],"1536x1536":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1536,658,false],"2048x2048":["https:\/\/www.idenxt.com\/sv\/wp-content\/uploads\/2023\/11\/welcome-to-the-azure-hall-of-misconfiguration-fame.webp",1920,822,false]},"rttpg_author":{"display_name":"admin","author_link":"https:\/\/www.idenxt.com\/sv\/author\/admin\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/www.idenxt.com\/sv\/category\/blog\/\" rel=\"category tag\">blog<\/a>","rttpg_excerpt":"Author: Howard M. Cohen You\u2019re well protected! When you use Azure cloud services, there are many ways in which you\u2019re well protected. Many data and network protections. Flexible data backup services. Multiple layers of security tools and systems. Yes, when you use Azure you\u2019re well protected from just about everything\u2026 Except yourself. You\u2019re well aware&hellip;","_links":{"self":[{"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/posts\/1060"}],"collection":[{"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/comments?post=1060"}],"version-history":[{"count":1,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/posts\/1060\/revisions"}],"predecessor-version":[{"id":1078,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/posts\/1060\/revisions\/1078"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/media\/1066"}],"wp:attachment":[{"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/media?parent=1060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/categories?post=1060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.idenxt.com\/sv\/wp-json\/wp\/v2\/tags?post=1060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}