Category Azure Container Registry

Microsoft Azure Security – Study Notes

A collection of all my study notes and lab work while working towards passing the badge Microsoft Certified Security Engineer Associate by passing the AZ-500 exam

These notes are in no order and are not focused towards any exam content other than sharing my experience of configuring and automating security within Azure in the run up to the final exam.

  1. Azure – Setup Azure Blueprints
  2. Azure – Advisor
  3. Azure – AD Identity Protection
  4. Azure – Install and Configure Antimalware On A Virtual Machine
  5. Creating Security Baselines In Microsoft Azure
  6. Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install
  7. Azure – Access Control and Role Assignment
  8. Azure – Configure Management Locks – Prevent Accidental Deletion Of Core Resources
  9. AZURE – Control Storage Access by Networks
  10. Azure – Update Management
  11. Azure – Monitoring Alert On Virtual Machine CPU Usage
  12. Azure – Register An Application in AD and Generate App Password
  13. Azure – Activity Log
  14. Azure – Route Tables – How To Force Traffic Down A Specific Route
  15. Azure – Content Trust in ACR and Roles
  16. Azure – Creating Key Vaults
  17. Azure – Create Kubernetes Cluster with ACR Integration
  18. Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email
  19. Azure – Security Center and Pricing
  20. Azure Conditional Access Policies – Greyed Out
  21. Azure – Configure Web App Custom Domain and TLS
  22. Azure – Configure Web App and Licenses
  23. AZ-500: Microsoft Azure Security Technologies – EXAM PASSED!!!

Azure – Content Trust in ACR and Roles

Security and Authentication method – Content Trust

You need a container registry to start with


Content trust in Azure Container Registry

“Azure Container Registry implements Docker’s content trust model, enabling pushing and pulling of signed images.”
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust

Signing Role

ACRImageSigner     ( role is used for signing permissions)

AcrPush     ( role is used for ACR push)

For a list if built in roles and descriptions see here

Container registry roles see here


Azure CLI command to assign the ACRImageSigner role

az role assignment create –scope <registry ID> –role AcrImageSigner –assignee <user name>

ACR Tasks

Automate Container Image builds and ACR tasks info. An example use, for automating the build cycle. How “By executing az login with a service principal, your CI/CD solution could then issue az acr build commands to kick off image builds.”

Manage Resource Groups CLI

Azure CLI manage resource groups available here