AzUpdate S04E12: Passwordless, Azure Key Vault, Azure Functions and Microsoft Authenticator
Published May 06 2022 07:00 AM 4,589 Views
Microsoft

Hello Folks,

 

Well, I’m back this week after my first in-person event in over 2 years!!!  OMG, it was wonderful to sit in a large room with like-minded people discussing tech in a fun open, and respectful environment.  I was at the PowerShell Summit in Seattle, and it was great.  You’ll be able to see all the content from that event on their YouTube channel soon.

 

However, I saw the episode last week and I’m not sure I can follow that up. Amy (@wyrdgirl) and Shannon (@shankuehn) did a fantastic job.  Check it out!

 

This week I will be joined by my boss.  The one and only Rick Claus (@RicksterCDN), and we will cover the news from the mothership that impacts the IT/Ops audience.  More specifically, we’ll cover Passwordless RDP with Windows Hello for Business, Automated key rotation in Azure Key Vault, Azure Functions supports PowerShell 7.2, and strong passwords with Microsoft Authenticator.

 

here we go! … Join us online on YouTube? (Live at 10 am eastern time zone) or catch the replay below.

 

 

Passwordless RDP with Windows Hello for Business

 

PierreRoman_0-1651815858328.png

 

Ok…  This is not a product announcement.  It’s an article I found on Microsoft TechCommunity  that walks you through pulling together a couple of guides already in the WHfB deployment guides into a single solution with an overview of how to use the solution.

 

That solution addresses the challenge where when accessing remote systems, (This can be via MMC console for example to access Active Directory Users and Computers. Or RDP access onto a remote server.)  We still need to provide a password to run these tools.

 

How can you properly protect these credentials from compromise?

You can by using this combination of WHfB dual enrolment with a certificate deployed to the WHfB container protected with the users PIN/Biometrics can help.

I’m sure to be trying this one out in my own environment.  Check it out!!!

Automated key rotation in Azure Key Vault

 

PierreRoman_1-1651815858332.png

 

Key rotation is one of the best security practices to reduce the risk of secret leakage.

 

If you have anything to do with generating keys on a regular basis to protect your environment, you know that rotating your keys can lead to better protection.  Well, key auto-rotation in Azure Key Vault is now generally available and safe to run in production.

 

Please refer to the following documentation to configure key rotation.

Azure Functions now supports PowerShell 7.2 (preview)

PierreRoman_2-1651815858336.png

 

The IT and Ops community (and more and more Devs) have been using PowerShell for a long time.

 

“PowerShell Core is a cross-platform (Windows, Linux, and macOS) automation and configuration tool/framework that works well with your existing tools and is optimized for dealing with structured data (e.g. JSON, CSV, XML, etc.), REST APIs, and object models. It includes a command-line shell, an associated scripting language and a framework for processing cmdlets.”

PowerShell/PowerShell: PowerShell for every system! (github.com) Readme snip

 

Because it’s open-source new versions (minor and major) have been released at a great pace.  Azure Functions id trying to keep up with the pace.  You can find the list of supported languages here.

 

I believe it’s important for all of us so we can avoid fragmentation with supported version in our code.

 

Check out Azure Function.

 

Generate strong passwords with Microsoft Authenticator​

PierreRoman_3-1651815858352.png

 

In this day and age passwords are problematic.  To complicated and they’re hard to remember, to easy and you get hacked, using the same so you remember leaves you vulnerable.  I know passwordless is the answer, but what about all those sites and services that don’t support 2FA or passwordless.  The Microsoft Authenticator now provides the ability to generate a strong, random password for you.  And save it securely.

 

To set that up, all you need to do is open Microsoft Authenticator, go to the Passwords tab, and start syncing your data using your Microsoft AccountMake sure you select Authenticator as your default autofill provider.

 

Check it out!

 

MS Learn Module of the Week

PierreRoman_4-1651815858354.png

 

Considering we talked about passwordless and auto-generated passwords today I thought it would be great to brush up on our authentication skills.

 

So this week’s Learn Module of the week is Learn how Microsoft supports using multifactor authentication as part of a cybersecurity solution

 

This learning path provides an overview of how to use multifactor authentication as part of a cybersecurity solution.

 

Thanks for joining us for this week’s AZUpdate episode. Feel free to comment or reach out with any questions in the comments below or join us on our discord server.

 

Cheers!

Pierre

 

Co-Authors
Version history
Last update:
‎May 06 2022 12:00 AM
Updated by: