NSGs for Azure APIM with VNET

Chiyo OdikaAZURELeave a Comment

I’m doing some work on deploying Azure API Management inside a VNET in order to access backend services and had to enumerate a list of Network Security Group (NSG) rules to allow inbound and outbound traffic into the subnet in which API Management is deployed. Posting the JSON here so for easy reference. Still testing this out, so let me know if I missed any ports. Cheers!

 

Chiyo OdikaNSGs for Azure APIM with VNET

Zero Trust and the Azure Firewall service

Chiyo OdikaAZURELeave a Comment

I’m a proponent of zero trust for enhancing network-level security and access control for your Azure resources. The idea is that of demarcating your high-security deployments from the internet, using a perimeter network, aka DMZ. What this enables you to do is focus your network access control, logging, monitoring, alert/event management workflow integration on your edge devices, not necessarily as a stand-alone solution, but as a part of an overarching solution for access control, and oversight at the network layer. Think NSGs/ASGs (in the Microsoft cloud) as fitting somewhere into this picture, and let’s not overlook Identity and the role it plays as a pillar of security, but that’s a topic for another day. Now with that said, most enterprises … Read More

Chiyo OdikaZero Trust and the Azure Firewall service

Making the move to Azure Security Center and Azure Sentinel

Chiyo OdikaAZURELeave a Comment

This article is not intended as a technical deep-dive into the Azure Security Center (ASC) and Sentinel solutions from Microsoft. There are loads of instructive docs on these from Microsoft. I intend for this article to simply serve as a reminder for OMS Security and Compliance clients to make the switch to Azure Security Center and explore the Sentinel SIEM solution which is currently in preview and free. The Security and Compliance solution reaches EOL at the end of July 2019.     Recall this security event log filtering feature that informed SecurityEvent table data in your Log Analytics repo, and that lived somewhere in the erstwhile OMS Security & Audit UI? Well it’s wound up in Azure Security Center. … Read More

Chiyo OdikaMaking the move to Azure Security Center and Azure Sentinel

Azure Monitor Management solution for RDS, Windows VDI and Citrix

Chiyo OdikaAZURE, Azure Monitor, OMSLeave a Comment

Just noticed the availability of the community edition of the Azure Monitor management solution for RDS, Citrix and Windows VDI. Organizations that provide services through VDI have a need for monitoring the solution to various degrees beyond just server-side and  infrastructure and performance monitoring, but also monitoring for user experience, session monitoring etc. These solutions enable you to deeply analyze sizing, performance, and user experience at each time frame in the past and for lowest expenses. You will also be able to leverage your existing event management, and alerting workflows in Azure monitor and investments in Azure. Check out the solutions here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/sepagogmbh.loganalyticsagent-rds?tab=Overviewhttps://azuremarketplace.microsoft.com/en-us/marketplace/apps/sepagogmbh.loganalyticsagent-rds?tab=PlansAndPrice

Chiyo OdikaAzure Monitor Management solution for RDS, Windows VDI and Citrix

Hybrid Cloud Print Known Issues and Workarounds

Chiyo OdikaAZURE, Azure Active Directory, WINDOWS SERVERLeave a Comment

In a previous post, I outline the steps for deploying Hybrid cloud print. Here are some noteworthy issues and errors you may encounter when deploying/ testing this solution through either of the supported pre-authentication methods, and some ways to remediate them. Publishing permissions. This error indicates that you do not have permissions print server management permissions or permissions to modify the Mopria database file. Address this by following steps #2 and #8 of the referenced post above. Read and Sign-in Authorization for Native client or web apps This error indicates that required permissions are missing on Native client or Web apps it further indicates that you’ve not delegated permissions to the app for required APIs, as outlined in steps #10 … Read More

Chiyo OdikaHybrid Cloud Print Known Issues and Workarounds

Hybrid Cloud Print with Passthrough Authentication – Detailed steps

Chiyo OdikaAZURE, Azure Active Directory, WINDOWS SERVERLeave a Comment

In a previous post, I gave an overview of the Windows Server Hybrid Cloud Print solution. This is a solution that enables organizations to support print functionality for MDM-managed BYOD and Azure AD joined devices. Organizations will find this solution useful if they plan to: Leverage existing global printing investments to support BYOD and non-domain joined devices deploy Azure AD joined devices into existing AD and global print environment support MDM managed BYOD support printing while away from the corpnet   The solution supports single sign-on user authentication and allows your to leverage your existing authorization processes. I briefly covered this in the previous post. In this article, I will go over the steps for configuring Hybrid Cloud Print using … Read More

Chiyo OdikaHybrid Cloud Print with Passthrough Authentication – Detailed steps

Overview of Hybrid Cloud Print Solution

Chiyo OdikaAZURE, Azure Active Directory, WINDOWS SERVERLeave a Comment

Hybrid Cloud Print is a relatively new feature that is built on the Windows Print Server role in Windows Server 2016. It enables users to discover and securely print to on-premises printers from their Azure AD joined, and MDM managed devices, and from wherever they have an internet access. The solution is built on a Windows print service and discovery service endpoints, both of which are running on IIS services supporting the internet Printing protocol and Mopria Alliance industry printer discovery standard, respectively. For the server-side configuration, you will need to : install the Print Server Windows Server feature Install Hybrid cloud Print through for instance, the PowerShell modules Configure IIS endpoints to support SSL Install and configure SQLite package … Read More

Chiyo OdikaOverview of Hybrid Cloud Print Solution

OMS is now Azure Monitor

Chiyo OdikaAZURE, Microsoft Operations Management Suite, OMSLeave a Comment

Microsoft has recently made some branding changes that have resulted in the unification of many of its erstwhile standalone infrastructure and application monitoring services under the Azure Monitor banner.  Azure Monitor, which previously was the recommended core infrastructure monitoring tool in Azure for collecting, visualizing, analyzing and responded to events related to metrics and a subset of logs, has now evolved into a comprehensive solution for collecting, analyzing, and acting on telemetry from your on-premises and cloud (cloud agnostic) environments. I’d like to preface the rest of this article by clarifying what I mean when I say “OMS is now Azure Monitor”, which while technically inaccurate, is arguably an apt assertion. The Microsoft Operations Management Suite (OMS) was a collection … Read More

Chiyo OdikaOMS is now Azure Monitor

Reinstate Missing BitLocker recovery tab in ADUC

Chiyo OdikaWINDOWS SERVERLeave a Comment

Quick fix for reinstating BitLocker recovery tab for locating and viewing BitLocker Drive Encryption (BDE) recovery passwords stored in Active Directory Domain Services (AD DS). The tab is enabled by the Active Directory BitLocker Recovery Password Viewer tool, which is an optional feature that is part of the BitLocker Drive Encryption Administration Utilities component of the Remote Server Administration Toolkit (RSAT). You can enable this feature manually through server manager or via PowerShell:

If you’d also like to install the manage-bde and repair-bde command line tools for BitLocker Drive Encryption, you can install the BDE Administration utilities.

Once the feature is enabled, you can view recovery passwords for computer objects and search for recovery passwords across your domain(s).

Chiyo OdikaReinstate Missing BitLocker recovery tab in ADUC

Microsoft OMS Book – The excluded chapter

Chiyo OdikaAZURE, Microsoft Operations Management Suite, OMSLeave a Comment

Writing technology books is a challenging enough proposition as it were. The challenge increases exponentially when one  undertakes the writing of a book about a cloud platform, as was the case with my writing the Microsoft OMS book. The challenge with this stems from the fact that I intend for this book to be a technical reference for readers as they work with the OMS platform and underlying Azure services, and as such, the book must, by necessity, reference not just relevant concepts, but also current, and up-to-date content. Admittedly, the nature of the book – publisher’s cookbook format – heightened said need for pertinence, and up-to-dateness of the material, because readers expect to be able to follow along with … Read More

Chiyo OdikaMicrosoft OMS Book – The excluded chapter