Back in 2021, Kerberos support for Azure AD was available as a preview. A lot has happened since then and the three-headed hellhound continues to make its way and shake up the cloud. This article is a collection of information on what Azure AD with Kerberos and Azure Files already provides and where the journey will go. This is because support for Azure Files with Kerberos has also recently been publicly communicated, although at the time of writing this article it is still in preview.
The Application Gateway WAF v2 has brought some new features compared to v1, including the ability to create "WAF Custom Rules". In this short article I would like to discuss these "Custom Rules" and show how you can successfully create them. I have added some hints to the article that are difficult or impossible to find in the Microsoft documentation.
As is generally known, all services on the Internet must be encrypted. The SSL certificates of your trusted provider serve this purpose. Such certificates are often not inexpensive and / or associated with recurring administrative effort due to their renewal. However, Microsoft offers a free SSL Certificate for your Azure App Service. In this article, I go into more detail about the advantages and disadvantages. In addition, you can find a HowTo video on how to get a free App Service Certificate yourself or read about it directly at Microsoft Docs.
You can create resources very easily on the Azure platform. This is great, but it also provides a few risks. For example, you can delete resources or entire environments just as easily. What is very helpful for tests and demos can be very dangerous for integration and production environments. So you don't have to manage this manually, I wrote an Azure Policy code. This defines the automatic auditing and provisioning of Azure Resource Locks with Azure Policies.
With an Azure Resource Manager (ARM) template, you can create a specific infrastructure on Azure with the click of a button. The template defines the infrastructure as code and Azure is thereby told the target state of the resources. I have created such a template and published it via Github. The ARM template deployment includes a hub and spoke network topology with a central Azure bastion for secure access to VMs. This post shows you step by step how to use the template for yourself.
The Microsoft PaaS "Azure Bastion" is a popular service to make your Azure networks more secure. However, until now there was a drastic limit. Azure Bastion could only be used in the same VNet. VMs in a peered network could not be accessed via Bastion. This circumstance pushes up the costs, because with a hub-and-spoke topology you have to place a bastion in each VNet. But these times are over. Use Azure Bastion with VNet peering (since 05.11.2020 in preview).
The work forms "home office", "remote work" or even "work anywhere" are becoming increasingly important, especially in recent months. This change affects not only users, but also IT staff and system administrators. However, I am often confronted with mistrust and security concerns when dealing with such issues. This is where Azure Bastion comes into play. Bastion not only enables "work anywhere" for system administrators, but also provides increased security and secure access to your Azure VMs without the need for a VPN!
Azure Bastion is an Azure service that allows you to access your Azure VMs securely and centrally via the web portal. This allows you to enable your system administrators and system specialists to "work anywhere" without any security concerns. In this article I will not focus on the service itself, but rather on the steps necessary to plan and implement Azure Bastion.
Multi-factor authentication is widely used today and should be standard for all companies and individuals. But what if the configured MFA device is lost or broken? Microsoft's Authenticator App offers a practical, simple and secure solution to this problem through cloud backup of the MFA configuration. With it you can easily backup your existing MFA configuration. This article shows how to activate the backup, add another MFA device, load the backup data and remove the lost or broken device. And all of this can be done very easily in a few steps.