Manual infrastructure provisioning can be challenging and error-prone, leading to potential security risks and increased complexity. Visualising and automating this process can improve threat modelling capabilities and streamline infrastructure management.

We will cover:

Challenges of manual infrastructure provisioning

Benefits of automating infrastructure provisioning

Using diagrams to visualise infrastructure and threat modelling with Microsoft Threat Modelling Tool

Technical details of (1) translating Visio diagrams into Terraform and Bicep, (2) Importing the diagrams into Microsoft Threat Modelling Tool and (3) AzureRM and AzureAD through IaC “gotchas”

Potential benefits, limitations, and trade-offs of this approach

Integrating with common DevOps tools and workflows

Results of the proof of concept through sample diagrams and generated code, along with lessons learned from the development process.

Attendees will learn about the benefits of automating infrastructure provisioning and how using diagrams to visualize infrastructure can improve threat modelling capabilities. They will also gain a technical understanding of how to translate Visio diagrams into Terraform and Bicep code, as well as insights into the limitations and trade-offs of this approach. Finally, attendees will see a showcase of results and lessons learned, as well as potential use cases and considerations for implementing this approach in their own organizations.

Products: Microsoft Visio, Microsoft Threat Modelling Tool, Azure DevOps, Bicep, Terraform, AzureRM, AzureAD