How to block legacy authentication protocols using Azure AD Conditional Access policy

While i was working with a customer and this was one of their needs, i decided to blog on how i deployed.

At first, what’s legacy authentication and why i need to block these protocols?

Legacy authentication is a term that refers to an authentication request made by:

Older Office clients that do not use modern authentication (for example, Office 2010 client)
Any client that uses legacy mail protocols such as IMAP/SMTP/POP3.

Continue reading “How to block legacy authentication protocols using Azure AD Conditional Access policy”

Azure AD Domain Services

I hear over and over discussions about Windows Active Directory, Azure AD and Azure ADDS ( Active Directory Domain Services).

Is it the replacement of a traditional Windows Active Directory?

What is Azure Active Directory Domain Services?

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

Continue reading “Azure AD Domain Services”

Deploy and configure Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure firewall allows you to centrally create, enforce and monitor network security policies across Azure subscriptions and virtual networks.

Let’s create a demo on setting up Azure Firewall to see how it works! To do that, before you start, make sure you have meet some prerequisites.

Continue reading “Deploy and configure Azure Firewall”

Azure Private DNS zone

A DNS zone is used to host the DNS records for a particular domain. To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name. Each DNS record for your domain is then created inside this DNS zone. To publish a private DNS zone to your virtual network, you specify the list of virtual networks that are allowed to resolve records within the zone. These are called linked virtual networks. When auto registration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its’ IP address, or is deleted.

Continue reading “Azure Private DNS zone”

Just-in-Time VM Access in Azure

Azure Just-in-Time VM Access is a great option to control when engineers need to work in their VM’s with RDP in to the system. Let’s assume they work 1 hour per day on servers. so, keeping port open for 24 hours is a risk.
Using Just-in-Time VM Access we can limit the time it keeps RDP ports open.

When Just-in-Time VM Access enabled, we can define what VM and what ports will be controlled. In most scenarios you do not need to control access to ports used by your applications or services. It will be more in to ports related to management tasks. This all done by using azure network security group rules.

Continue reading “Just-in-Time VM Access in Azure”

Lock Azure resources to prevent changes

Resource Manager Locks are using by administrators to lock down Azure resources to prevent deletion or changing of a resource.
These locks, when applied, will place restrictions on the resource for all users.
These are very useful when you have an important resource in your subscription that users should not be able to delete or change and can help prevent accidental and malicious changes or deletion.

Continue reading “Lock Azure resources to prevent changes”

Integrate on-premises apps with Azure Active Directory Application proxy

What is Application Proxy?

Azure AD Application Proxy is a great tool for publishing internal applications without exposing your servers to the Internet. If your applications require authentication for users to access them, you can get Azure AD to handle all this for you.

Application Proxy includes both the Application Proxy service that runs in the cloud, and the Application Proxy connector that runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-in token from Azure AD to the web application. The proxy does not require you to open any inbound ports through your firewall, the proxy connector simply connects outbound to Azure and all traffic is routed through that connection.

Continue reading “Integrate on-premises apps with Azure Active Directory Application proxy”

MCT Virtual Event

On Sunday 5/4/2020 I had the pleasure to participate for the first time in a Virtual Event. In my Azure Active Directory presentation I talked about the basic concepts of Azure AD and the differences with the traditional On premise Active Directory.

In the following link you will find the recorded presentation.

for the presentation, click here!

How To Add Custom Domain Name To Azure Active Directory

Every Azure AD directory comes with an initial domain name like “domainname.onmicrosoft.com”.
You can add you custom domain to Azure AD if you don’t want to use the default domain.
Find below the steps to add custom domain name to Azure AD..<

Continue reading “How To Add Custom Domain Name To Azure Active Directory”