Tuesday, August 31, 2021

The Microsoft Azure Cosmos DB security flaw and the impact on customers

On August 12, 2021, the cyber security researcher Wiz reported to Microsoft a vulnerability in Microsoft Azure Cosmos DB that potentially allowed intruders to gain access to customer’s database by using the Cosmos DB primary read-write key. According to Microsoft, the flaw was related to a data visualization feature called Jupyter Notebook. In a blog post, Wiz pointed out that this feature was introduced in 2019 but it has been enabled by default for new DBs since February 2021. What made me think whether my customers or my environments could have been affected.

In an official statement, Microsoft shares that this security issue was fixed immediately to keep the customers protected.

On August 29, 2021, Wiz published a very good blog post called Protecting your environment from ChaosDB that goes deeply and covers topics such as Who is affected, Find out which Cosmos DBs are affected by this vulnerability, and Actions to be taken (short-term and long-term actions/recommendations). If you use Cosmos DB in your applications, I recommend you to have a look at the following blog posts to better understand the overall situation and reach out the correct decision for your business scenario:

Better safe than sorry 😊

I ended up regenerating the primary read-write key of my Cosmos DBs. I also took this opportunity to regenerate the primary read-only key as well as the secondary read-write and read-only keys of all my Cosmos DBs to ensure all keys are new and my data is protected.

Sunday, August 22, 2021

Awarded the Microsoft MVP in Office Development - 2021/2022

The doorbell rang and someone from my family opened it. I knew the postman was supposed to deliver something special for me on that day but I wasn't sure whether he/she was at the door. I started thinking, "Maybe it is a friendly neighbor or a postman who isn't delivering the package I’ve been waiting for." Although I was keen to go and see what was going on, I couldn't because I was in the middle of a meeting.

Finally, the meeting was over; and I walked downstairs like a kid in a candy shop. The package was for me and the sender was Microsoft. Together with my family I opened the package and a beautiful “THANK YOU” appeared. The MVP award for 2021-2022 has just arrived!

I’m delighted to receive the MVP award also this year. 2020 was definitely exceptional and I hope the near future will allow us more and more to get back to what we used to call normal 😊 I’m also looking forward to meeting the community in person at events again. This is something I miss most about our awesome community!

This blog post represents an opportunity for me to say thank you to people who keep inspiring and motivating me:

  • Chris O’Brien: You’ve been an MVP for 14 consecutive years. Congratulation 🥳 Thanks for all the content you've been sharing with us via your blog, events, social media, and so on. You've been a source of inspiration to me.
  • Jeremy Thake: Although you aren't an MVP anymore, you keep contributing to our community with the awesome Microsoft 365 Developer Podcast. Thank you and Paul Schaeflein for the content you share and the speakers you invite. Also, thank you for the great work you’ve done on the Microsoft Graph docs.
  • Vesa Juvonen and Waldek Mastykarz: The Microsoft 365 PnP Weekly is a success and you guys have been playing a very important role in impacting our community.
  • A huge thanks to all of you who has been sharing your knowledge with us. As Vesa Juvonen says, "YOU ARE AWESOME".
I also want to say thanks to the Valo Teamwork team for the peer programming, the brainstorming, and innovation sessions we have. It’s been a pleasure to work with you and to be part of Valo. Thanks also to the Microsoft Graph docs team for the tireless and amazing work you do and for the huge impact you have in our community. Very special thanks to my wife and kids for everything 😊 I loved each and every second we spend together ❤