Certificate-based Point to Site Azure VPN through Intune

P2S VPN through Intune header

As the business world becomes increasingly mobile, cloud services are becoming even more attractive. But what if, as is often the case, there are still dependencies on an enterprise network - on Azure, for example? The solution is obvious: a point-to-site VPN ensures communication for mobile workers. In this how-to post, I discuss how a certificate-based point-to-site VPN to an Azure VPN gateway can be automatically rolled out to mobile clients through Intune. I also discuss how certificates can be automatically issued and renewed by a Certificate Authority in combination with Intune.

Azure Reserved Instance size flexibility

With cloud services now widely available on the market, flexibility for customers has multiplied. Quickly start a virtual test environment on Azure at the push of a button and then clean it up again. However, if you want to run several virtual machines on Azure continuously, it is worth planning and save costs by means of a reservation. In order not to have to sacrifice flexibility completely, there is the "Azure Reserved Instance size flexiblity" offer, which is used for VMs and scale sets. In this article, I will go into more detail about how Azure Reserved Instance size flexibility works and how you can use it to your advantage and save money.

Free SSL Certificate for your Azure App Service

Azure App Service Free SSL Cert

As is generally known, all services on the Internet must be encrypted. The SSL certificates of your trusted provider serve this purpose. Such certificates are often not inexpensive and / or associated with recurring administrative effort due to their renewal. However, Microsoft offers a free SSL Certificate for your Azure App Service. In this article, I go into more detail about the advantages and disadvantages. In addition, you can find a HowTo video on how to get a free App Service Certificate yourself or read about it directly at Microsoft Docs.

Restore Azure App Service MySQL In-App Database

Header-AppSvc-MySQL-Restore

The Azure App Service offers the possibility to have backups created automatically by Azure. This backup also includes the MySQL in-app database, which is often used for a simple WordPress site. But when testing the restore, the surprise that WordPress needs to be reinstalled. This is because the database is not restored during the restore, only the backed up file structure. But more about that later. The following tutorial shows how you can test what problem occurs and how restoring the Azure App Service MySQL in-app database works anyway.

Automatically audit and deploy Azure Resource Locks with Azure Policies

Banner - Auto Azure RG Lock with policies

You can create resources very easily on the Azure platform. This is great, but it also provides a few risks. For example, you can delete resources or entire environments just as easily. What is very helpful for tests and demos can be very dangerous for integration and production environments. So you don't have to manage this manually, I wrote an Azure Policy code. This defines the automatic auditing and provisioning of Azure Resource Locks with Azure Policies.

ARM template deployment – Hub and Spoke with Bastion

ARM Template Hub and Spoke with Bastion

With an Azure Resource Manager (ARM) template, you can create a specific infrastructure on Azure with the click of a button. The template defines the infrastructure as code and Azure is thereby told the target state of the resources. I have created such a template and published it via Github. The ARM template deployment includes a hub and spoke network topology with a central Azure bastion for secure access to VMs. This post shows you step by step how to use the template for yourself.

Use Azure Bastion with VNet peering

Azure Bastion with VNet peering

The Microsoft PaaS "Azure Bastion" is a popular service to make your Azure networks more secure. However, until now there was a drastic limit. Azure Bastion could only be used in the same VNet. VMs in a peered network could not be accessed via Bastion. This circumstance pushes up the costs, because with a hub-and-spoke topology you have to place a bastion in each VNet. But these times are over. Use Azure Bastion with VNet peering (since 05.11.2020 in preview).

Become familiar with the Cloud Adoption Framework for Azure

get used to the Cloud Adoption Framework by Yannic Graber

The cloud continues to be on the unstoppable growth path and is an omnipresent topic to this day. However, there is no general answer to the question of whether and in what form the cloud is right for companies. This must be assessed on a case-by-case basis. And this is exactly where the difficulty lies, since companies have different levels of knowledge and are at a different point. Microsoft has recognized this and provides extensive help. No matter whether you and your company are still in the very beginning or already very advanced. Become familiar with the Cloud Adoption Framework for Azure (CAF) and use it to make the right decisions and standards.

The long awaited arrival of Azure Region Resource Mover

Azure Resource Region Mover

Mit dem an der Ignite 2020 angekündigten Azure Region Resource Mover kannst du wie der Name sagt, Azure Ressourcen in eine andere Region verschieben (offizielle Bekanntgabe). Der Service ist per sofort im Public Preview Modus verfügbar. Als Azure Advisor habe ich den Region Resource Mover bereits im Februar 2020 im Private Preview Modus für euch testen können. Erfahre mehr über meine ersten Erfahrungen und lerne, wie einfach es ist, deine Azure Ressourcen in eine andere Region zu verschieben. Es ist soweit – the arrival of Azure Region Resource Mover.

en_GBEnglish