{"id":500,"date":"2021-11-07T05:37:22","date_gmt":"2021-11-07T05:37:22","guid":{"rendered":"http:\/\/192.168.8.123\/?p=500"},"modified":"2022-02-11T11:20:01","modified_gmt":"2022-02-11T11:20:01","slug":"how-to-implement-azure-paas-security","status":"publish","type":"post","link":"https:\/\/exceedthecloud.com\/?p=500","title":{"rendered":"How to Implement Azure PaaS Security"},"content":{"rendered":"\n<p>Restricting access is imperative for organizations that want to enforce security policies for data access. You can use Azure role-based access control (Azure RBAC) to assign permissions to users, groups, and applications at a certain scope, such as the need to know and least privilege security principles. To learn more about granting users access to applications<\/p>\n\n\n\n<p>This labs are a replay of exercises done during my AZ-204 Developing Solutions for Microsoft Azure course and are intended to help you secure your PaaS with Azure role-based access control.<\/p>\n\n\n\n<p>Prerequisites for this labs :&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\">Azure Account<\/a>&nbsp;<\/p>\n\n\n\n<p><strong>Create an Azure web app<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Sign in to the Azure portal<\/li><li>Create a new resource group <strong>rg-exceed07112021<\/strong><\/li><li>In the <strong>rg-exceed07112021 <\/strong>resource group, create a web app named wa-exceed0712021.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img1-1024x473.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Create a new App Service plan named AppPlan1 that uses the <strong>S1<\/strong> pricing tier.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img2-1024x477.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Go to the URL for the new web app to verify that it&#8217;s up and running.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img3-1024x412.png\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Deploy code from a public GitHub repository<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>On the web app&#8217;s <strong>Deployment Center<\/strong> blade, create <strong>User credentials<\/strong> for <strong>FTP<\/strong> with the username ftp-exced07122021.<\/li><\/ul>\n\n\n\n<p>Click on Deployment Center \/ FTPS credentials<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img4-1024x487.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Fill the user scope<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img5-1024x444.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click Settings<\/p>\n\n\n\n<p>Source \/ External Git<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img6-1024x421.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Save<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>On the <strong>Deployment Center<\/strong> blade, configure an <strong>External<\/strong> repository source by using the <strong>App Services Kudu build server<\/strong> that contains a <strong>GIT<\/strong> repository located at https:\/\/github.com\/Azure-Samples\/app-service-web-dotnet-get-started. Use the master branch.<\/li><li>Test the web app in a browser by using the URL of the new web app and anonymous access.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img7-1024x493.png\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Modify and test App Service security<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>In the Azure portal, enable <strong>App Service Authentication<\/strong> by using Azure Active Directory authentication. Make sure that all connections are forced to authenticate through AAD.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img8-1024x439.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Create a new app registration<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"http:\/\/192.168.8.123\/wp-content\/uploads\/2021\/11\/img9-1024x468.png\" alt=\"\" class=\"wp-image-511\"\/><\/figure>\n\n\n\n<p>Under <strong>SSL Settings<\/strong>, make sure <strong>HTTPS Only<\/strong> is set to <strong>On<\/strong> to enforce network encryption.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img10-1024x485.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Use Role Based Access Control (RBAC) to allow a user <strong>User1-exceed07112021@exceedlab10152021outlook.onmicrosoft.com <\/strong>to access the application by adding a role assignment for the user to the role <strong>Managed Application reader<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img11-1024x466.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Add a Role Assignment for your user<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img12.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Add Managed Application Reader \/ Role assignment<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img13-1024x455.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Select members \/ Add your Users in our case (User1-exceed07112021@exceedlab10152021outlook.onmicrosoft.com)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img14-1-1024x482.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Test the modifications in a browser in a new <strong>InPrivate<\/strong> window by using the URL of the web app showing authentication that uses the Azure Active Directory user account User1-exceed07112021@exceedlab10152021outlook.onmicrosoft.com and password ####Your password####. Accept the <strong>Permissions requested<\/strong> when prompted.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img15-1-1024x522.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Enter password<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img16-1-1024x466.png\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/img17-1-1024x513.png\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Summary<\/strong><\/p>\n\n\n\n<p>Congratulations, you have completed the <strong>Implement Azure PaaS Security<\/strong> lab<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Created an Azure web app.<\/li><li>Deployed code from a public GitHub repository.<\/li><li>Modified and tested the web app for authentication by using an Azure Active Directory account.<\/li><\/ul>\n\n\n\n<p><mark class=\"kt-highlight\"><strong>Reminder<\/strong>: Don\u2019t forget to delete or shutdown all unused Azure resources after your labs for cost saving<\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Restricting access is imperative for organizations that want to enforce security policies for data access. You can use Azure role-based access control (Azure RBAC) to assign permissions to users, groups, and applications at a certain scope, such as the need &hellip; <a href=\"https:\/\/exceedthecloud.com\/?p=500\">Continued<\/a><\/p>\n","protected":false},"author":1,"featured_media":876,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"kt_blocks_editor_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,18],"tags":[72,53,70,58,71],"class_list":["post-500","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-practical-labs-series","category-security","tag-azure-active-directory","tag-git","tag-paas","tag-security","tag-web-app"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2021\/11\/Password.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/500","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=500"}],"version-history":[{"count":3,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/500\/revisions"}],"predecessor-version":[{"id":2338,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/500\/revisions\/2338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/media\/876"}],"wp:attachment":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}