eduardokieling.com

In modern cloud architectures, securing application traffic is not only about protecting the connection between users and the entry point of the application. It is equally important to ensure that communication between application gateways and backend services is also properly validated and encrypted.

Azure Application Gateway provides several capabilities to enforce TLS validation when communicating with backend services. These controls help organizations maintain strong security practices by verifying backend identities and preventing potential man-in-the-middle scenarios.

Continue reading “Backend TLS validation controls in Azure Application Gateway explained”

IP address planning is one of the most important aspects of designing scalable network architectures in Azure. While virtual networks provide flexibility in defining address spaces, subnet design can become challenging as environments grow and requirements evolve.

A capability that helps address this challenge is the ability to assign multiple address prefixes to a single subnet. This feature introduces new design possibilities for managing IP space more efficiently without requiring disruptive changes to existing environments.

Continue reading “Design patterns using multiple address prefixes for Azure VNet subnets”

Hello everyone,

Secure application delivery is a central topic in modern cloud architectures. As organizations increasingly adopt private networking models, controlling how applications are exposed becomes a key design consideration.

A new capability in Azure Application Gateway v2 introduces the concept of a Private Application Gateway, allowing the service to operate entirely within private network boundaries.

Continue reading “Private Application Gateway on Azure Application Gateway v2 overview”

As cloud environments grow in complexity, protecting resources is no longer limited to traditional network boundaries. Organizations are increasingly adopting architectures where services communicate internally across multiple virtual networks, subscriptions, and regions.

In these environments, the challenge is not only protecting external access but also defining clear and controlled boundaries between services. Azure Network Security Perimeter introduces a model that helps address this challenge by creating a structured security boundary around platform services.

This capability allows organizations to control how Azure services can be accessed, helping reduce exposure while maintaining flexibility in cloud architectures.

Continue reading “Operational insights on Azure Network Security Perimeter”

Managing security infrastructure in production environments always requires careful coordination. Network security components such as firewalls sit directly in the data path of critical applications, meaning that even small operational changes must be handled with caution.

Azure has introduced customer-controlled maintenance for Azure Firewall, a capability that gives organizations more control over when maintenance activities and updates are applied.

This improvement can be particularly valuable for enterprises that operate workloads with strict availability requirements.

Continue reading “Operational insights on customer controlled maintenance for Azure Firewall”

Hello everyone,

DNS plays a critical role in modern cloud environments. Almost every application relies on DNS resolution to connect services, APIs, and external platforms. Because of this central role, DNS is also a common entry point for security threats.

To address these risks, Azure introduced DNS security policies, allowing organizations to apply additional protection and governance over DNS traffic.

Continue reading “Azure DNS security policy explained”