lunes, 30 de enero de 2023

Azure Ad - Zero Trust integración aplicaciones

 

Hola, 

Tras cierta investigación y recopilación, he creado una tabla donde he detallado los aspectos a tener en cuenta a la hora de garantizar un escenario Zero Trust, en lo relativo a la integración de aplicaciones, tanto Saas como desarrolladas por nosotros, bien sea con usuarios empresariales o público general.




viernes, 27 de enero de 2023

How to change Password in a VM DC in Azure

 

Hello, 

As you know, in Azure VMs there is an specific option to change the password of the local administrator account. However this option doesn't change the Password of the domain administrator account if this VM is a Domain controller, and as you know as well, there isn't local administrator account in a Domain controller. 

Reset password option


So, how am I able to fix?  Easy answer, you have to launch a powershell Script that change this password.

Go to --  VM -- Operations -- Run command -- RunPowershellScript


$user="adminaccountnmame"

$NewPass="NewPassword"

Set-ADAccountPassword -Identity $user -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$NewPassword" -Force) 




Regards

domingo, 22 de enero de 2023

Workbooks - Aprovechar el trabajo de la comunidad.

 

Hola,

En el día de a día en nuestro sector, gran parte del tiempo se lo lleva rendir cuentas, monitorizar y saber qué está pasando en nuestros sistemas, y esto, en el cloud, se traduce en tareas como, inventariado, búsqueda de recursos huérfanos, etc.

Para todo eso, tenemos Azure Workbooks y es muy fácil compartir el trabajo con la comunidad, generando plantillas que nos permitan reproducir aquellas Queries, Alerts y Dashboards que nos gusta y necesitamos en el día a día.

Ejemplos simples de consultas de mapas:

where type =~ 'microsoft.storage/storageaccounts'
| summarize count() by location




A la hora de tomar ejemplo de un workbook, vamos a usar uno que nos ayuda, mostrando los recursos huérfanos de nuestras suscripciones. 

La matería prima con la que tenemos que contar es: 

- Suscripción de Azure con suficientes recursos


Pasos a seguir:

1. Iremos a Azure Workbooks


2. Elegir "Empty" workbook


3. Hacer click sobre Advanced Editor


4.  allí tenéis que ir a Gallery Templates. Eliminar lo que allí aparece y pegar el contenido del Json.



5. Click en Apply
6. Click en Done Editing
7. Aquí tenemos el workbook con objetos huérfanos en mis suscripciones




Os dejo una lista de workbooks más que interesantes: 


Saludos





























jueves, 12 de enero de 2023

Hybrid features between Azure and On premises services

 

Hello, 

I know you agree if I say that AD Connect is the most popular software in terms of hybridization a Msft service, but Microsoft has so many components to ensure an interaction between on premises and cloud capabilities.

In this article I tried to collect a large list of them, but please do not hesitate to leave a comment if you thing that there should be any more to add.

My idea in this post is to offer you alternatives to an old and always first idea that is to create a VPN to encapsulate all traffic. Realize that some of this features as Backup Sever, AdConnect or Disaster discovery never use VPN but others as Azure data Gateway are competing with the VPN classic scenario.

Other idea in this post is to help you to extend the functionality of some cloud services like Banned password words or Azure Bastion to on premises because Microsoft will never includes this capabilities in the classic format.

This article only includes native Microsoft features and doesn't talk third party solution as Azure Data Services – Storage & Solutions | NetApp


Identity

ADConnect

What is Azure AD Connect and Connect Health. - Microsoft Entra | Microsoft Learn

Azure AD Connect: Topologías admitidas - Microsoft Entra | Microsoft Learn


ADConnect cloud sync

What is Azure AD Connect cloud sync? - Microsoft Entra | Microsoft Learn


ADFS

Servicios de federación de Active Directory en Azure | Microsoft Learn


MIM (being depecrated)

Microsoft Identity Manager | Microsoft Learn


Configure Banned password words list in Azure AD + Active Directory

Configure custom Azure Active Directory password protection lists - Microsoft Entra | Microsoft Learn

Deploy on-premises Azure AD Password Protection - Microsoft Entra | Microsoft Learn


NPS MFA Extension

Use Azure AD Multi-Factor Authentication with NPS - Azure Active Directory - Microsoft Entra | Microsoft Learn


Apps

Azure AD Application Proxy

Remote access to on-premises apps - Azure AD Application Proxy - Microsoft Entra | Microsoft Learn


Azure App hybrid connection

Hybrid connections - Azure App Service | Microsoft Learn

Azure Relay Hybrid Connections protocol guide - Azure Relay | Microsoft Learn

How to download Hybrid Connection Manager Client? - Microsoft Q&A


Files

Azure Files & Azure File Sync

Azure file shares in a hybrid environment - Azure Architecture Center | Microsoft Learn


Clustering

Cloud Witness

Deploy a cloud witness for a Failover Cluster | Microsoft Learn


Database

SQL data gateway

On-premises data gateways documentation | Microsoft Learn

Tutorial: Connect to on-premises data in SQL Server - Power BI | Microsoft Learn


Backup & Site Recovery

Azure backup and Archiving

Back up on-premises applications and data to the cloud - Azure Archtitecture Center | Microsoft Learn

Archive on-premises data to the cloud - Azure Architecture Center | Microsoft Learn

Use Azure Backup Server to back up workloads - Azure Backup | Microsoft Learn


Site Recovery and replication

Overview of Recovery Services vaults - Azure Backup | Microsoft Learn

About Azure Site Recovery - Azure Site Recovery | Microsoft Learn


Security

Defender for servers

Plan a Defender for Servers deployment to protect on-premises and multicloud servers | Microsoft Learn


DLP - Data loss prevention on-premises scanner

Learn about data loss prevention on-premises scanner - Microsoft Purview (compliance) | Microsoft Learn


Hybrid Storage Performance

Hybrid storage performance comes to Azure | Azure-blog en -updates | Microsoft Azure


Connectivity

Express Route

Configure ExpressRoute and S2S VPN coexisting connections: Azure PowerShell | Microsoft Learn


VPN

About Azure VPN Gateway | Microsoft Learn


Azure Bastion to on premises (over IP)

General availability: Azure Bastion IP based connection | Azure updates | Microsoft Azure

Connect to your on-prem server from anywhere! (microsoft.com)


Monitoring & Management

Azure Purview for data governance for on premises environment 

Unified Data Governance with Microsoft Purview | Microsoft Azure

Azure Purview: Data governance for on-premises, multicloud, and SaaS data – 4sysops


Azure Arc

Azure Arc: solución y administración híbridas y multinube (microsoft.com)


Azure Automation for on premise systems

Managing On-Premises Systems with Azure Automation | Azure Blog and Updates | Microsoft Azure


Change tracking for on premises changes

Azure Automation Change Tracking and Inventory overview | Microsoft Learn


Update Management

Azure Automation Update Management overview | Microsoft Learn


Co-management of devices

Co-management for Windows devices - Configuration Manager | Microsoft Learn