Azure

Microsoft Cloud solution – Security, Auditing, Traceability and how do they react to data breach

You might have an interest in Microsoft cloud hosting security, auditing and / or data protection, just like me. I’ve collected a few good links, that should get you started.

First of, a little on how they react if breaches will happen, because they will at some point in some way. Major or minor…
How Would Microsoft Respond to a Data Breach of the Azure services?

Secondly, this white paper examines how Microsoft investigates, manages, and responds to security incidents within Azure.
Microsoft Azure Security Response in the Cloud

So how do they protect their physical data centers as well as your data and which certifications do they comply to?
Security, Audits, and Certifications

A little on their politics for how they manage and regard your data.
With Microsoft, you are the owner of your customer data.

And lastly a more wide perspective article.
5 questions every executive should be asking their security team

Advertisements

Configure Azure Application Proxy application for CRM Internet Facing Deployment

The task was to configure an existing CRM IFD, with an existing ADFS / Azure Application Proxy infrastructure.

CRM IFD deployment was already working and implemented for internal access. What was missing was the external access through Azure Application Proxy.
Following this guide: https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/
With the following configuration will get you there:

Note that once you have the CRM Internet facing deployment done, no changes are required on CRM or ADFS. The below is only the Azure Application Proxy configuration required for CRM internet facing deployment.

Logon to manage.windowsazure.com and create a new Application under Active Directory.
Important configuration is:
– External URL: You can use the same URL as internally, however make sure that CNAME record is created as well as certificate is uploaded. This is referred to as custom domain.
– Preauthentication Method: Passthrough
– Translate URL in headers: No

You need to add required CRM IFD service url’s:
organisation, authentication and/or discovery service as seperate applications.

References
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-custom-domains/
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-claims-aware-apps/

SharePoint with Azure Access Control Service

This article describes the installation process of using Azure Access Control Service (ACS) as an identity provider for SharePoint. This article uses Windows Live-ID as test.

This article uses ACS as the first federator after the consuming application with reference to the below architecture.

IdentityFederation

Prerequisites:
1: Administrative access to the Azure ACS. (https://manage.windowsazure.com/)
2: Access from SharePoint solution to Azure ACS url. (Internet browsing available)
3: Access to public URL of SharePoint solution. (SharePoint exposed to the internet)

Installation SharePoint with Azure Access Control Service