I’m a developer that’s now responsible for “technical stuff” for a small company (we have a website/app that supports human services). Me, a contract developer and a support/helpdesk/dba person are going to be responsible for all the servers/network/database/etc and the users will never need to know about anything beyond their O365 login.
We’re moving our stuff to azure, but right now I would love some suggestions relating to security. We’ve got a password manager, and was thinking about us having hardware tokens (Yubikeys?). Anything else that we should keep in mind?
I’m thinking about using tailscale for network access/VPN functionality. (I’m not a fan of bastion and connecting to remote databases will be good for developing/troubleshooting).