NVSummit 2021

Content

This repo consists of some scripts and Terraform examples to showcase the different security and governance features within Microsoft Azure and M365. If using the built-in examples that are defined the Azure deployment will deploy the following components

Log Analytics Workspace
Azure Automation
Virtual Network
NSG Flow Logs and Traffic Analysis
Backup Vault and Backup Policy
Azure Policies
Windows VM with Public IP address (NOTE: THE VM IS PUBLICALY AVAILABLE WITH NO FIREWALL for demonstration purposes)
Azure Web Application Gateway with Custom Firewall Rules
Azure Sentinel
Azure Update Management

NOTE: Since this is only for demonstration purposes it deploys a VM with public facing IP and should only be used for demo or educational purposes (and or inspiration)

Getting started

Since most of the examples are either using Terraform/PowerShell scripts I recommend reading up on Terraform and how to create a service principal/using Managed Identity or Key Vault with defined secrets which are used during runtime.

So the use of these script require that you define a service principal to use against the different API's

Some useful tools and powershell modules

Install PowerShell modules used

Install-Module Microsoft.Graph Update-Module Microsoft.Graph Install-Module AzureAD Install-Module AzureADPreview Install-Module Az az config set extension.use_dynamic_install=yes_prompt Install-Module MCAS Install-Module ExchangeOnlineManagement Install-Module MicrosoftTeams Install-Module MicrosoftGraphSecurity Install-Module Az.ResourceGraph

Configure Chocolatey and install Terraform and VSCode

Set-ExecutionPolicy Bypass -Scope Process -Force; ` iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

choco install vscode Choco install Terraform

Should be run after VS Code is installed

code --install-extension hashicorp.terraform code --install-extension ms-vscode.azure-account code --install-extension msazurermtools.azurerm-vscode-tools code --install-extension ms-vscode.azurecli code --install-extension AzurePolicy.azurepolicyextension

Terraform

When downloading the Terraform examples they have hardcoded resource names (didn't have time to define it more modular.. coming later) Download the content locally and open CLI

terraform plan terraform apply

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
dotnet-core-api		dotnet-core-api
presentations		presentations
.gitignore		.gitignore
README.md		README.md
appfw.tf		appfw.tf
appgw.tf		appgw.tf
backup.tf		backup.tf
ca.ps1		ca.ps1
conditionalaccess.ps1		conditionalaccess.ps1
conditionalaccess2example.ps1		conditionalaccess2example.ps1
defender.ps1		defender.ps1
examplevm.tf		examplevm.tf
keyvault.tf		keyvault.tf
main.tf		main.tf
network.tf		network.tf
office365servicecommunication.ps1		office365servicecommunication.ps1
policies.tf		policies.tf
sentinel.tf		sentinel.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

NVSummit 2021

Content

Getting started

Install PowerShell modules used

Configure Chocolatey and install Terraform and VSCode

Should be run after VS Code is installed

Terraform

About

Releases

Packages

Languages

msandbu/nvsummit

Folders and files

Latest commit

History

Repository files navigation

NVSummit 2021

Content

Getting started

Install PowerShell modules used

Configure Chocolatey and install Terraform and VSCode

Should be run after VS Code is installed

Terraform

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages