For sometime Microsoft has had a feature called Continuous access evaluation in Preview as part of Azure Active Directory. Which allows Conditional Access Policies and User Changes be evaluated in realtime compared to the traditional lifetime of a token. Just to illustrate. When a client application like Outlook connects to a service like Exchange Online, the …
Continuous access evaluation with Azure Active Directory Read More »
When migrating from Active Directory to Azure Active Directory you move an essentially from a tree based structure where you might have multiple domains, forest and a large OU structure to more a flat tenant structure within Azure Active Directory. This means that a lot of the management capabilities needs to change on how you …
Azure Administrative Units and MyStaff for delegated management Read More »
During Ignite Microsoft released a new set of Cloud integrations from Azure Defender to AWS and Google Cloud. This provides the following advantages when connecting Azure Defender to the different cloud providers. Automatic agent provisioning (Defender uses Azure Arc to deploy the Log Analytics agent to your AWS instances) (NOT Supported for Google Cloud yet) Policy management …
Microsoft tunnel is a new feature which was released during Microsoft Ignite 2020. Tunnel is a VPN gateway solution for Microsoft Intune. The tunnel allows access to on-premises resources from iOS/iPadOS and Android Enterprise devices using modern authentication and Conditional Access. As shown in the picture above, the service itself consists of multiple components where …
Microsoft Tunnel – What is it and how to set it up Read More »
With all the ransomware and crypto attacks that are happening these days, I do appriciate more and more the value of having backup of the data. Not just the backup of course, but also ensuring that we can easily restore data when something occurs, such as an company that gets infected by ransomware or data …
As part of Microsoft Ignite, Microsoft announced a new feature to provide insight into what kind of queries are being run within a Log Analytics workspace. Log Analytics is a centralized log service which can collect audit/log data from many sources, including like Office 365, Azure AD , OS based logs in addition PaaS Services …
I’ve previosly written about VMware on Azure using the Cloudsimple deployment https://msandbu.org/building-vmware-on-public-cloud-or-using-cloud-native/ where the cloudsimple solution is using a set of (dedicated hosts maximum 16) bare-metal servers in Azure to provide a VMware validated design setup within Microsoft Azure datasenter. The VMware solution is essentially running as its own ecossystem within Microsoft’s datacenters. Management of the VMware …
Lately there have been more and more ransomware attacks, where companies are faced with their systems and data becoming encrypted, and forcing them to pay a ransom to get access back to their data. A couple of weeks ago I started to subscribe to https://shadowintelligence.io/ feed just to see how many companies that are getting affected …
Protection against Ransomware Attacks, Credential Stuffing and Password Spray Attacks Read More »
When using Azure Policies as part of your govnernance framework, there is always on thing that has bugged me with Azure Policies and that is with regards to alerting about non-compliant resources. From within the portal you get a list of non-compliant resources shown as part of the Policy view. However there are no alerting …
Azure Monitoring alerting rule to notify on non-compliant resources Read More »
If you are hosting a blog like me, you can use Cloudflare to protect and accelerate your website which I have described here –> https://msandbu.org/moved-my-blog-to-cloudflare/ that means that front-end traffic is handled by Cloudflare and then to my origin site. Cloudflare recently introduced a new feature called Cloudflare access which allows you to securely publish web sites/applications …
Using Cloudflare Access to protect WordPress Admin sites Read More »
