Get started with Azure Functions (Manual)
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running. As you build your functions, you have...
How to register Azure B2C tenant in the Azure API Managent (Manual)
From within the Azure API Manament portal there is a default authentication option for your API consumers. The better option is to configure a connection with an Azure B2C tenant. This will enable you to enforce MFA and conditional access policies on your API applications. In this manual it...
How to solve in Azure: The subscription is not registered to use namespace ‘xxxxxx’
Sometimes it happens that if you want to deploy a new type of resource in Azure that you receive the following error: The subscription is not registered to use namespace ‘*********’. See https://aka.ms/rps-not-found for how to register subscriptions. Today I received the above error for the namespace Microsoft.AzureActiveDirectory. And...
How to create an applocker policy (Manual)
Windows AppLocker is a technology first introduced in Windows 7 that allow you to restrict which programs users can execute based on the program’s attributes. In enterprise environments it is typically configured via Group Policy, however we can leverage the XML it creates to easily build our own custom...
IP Groups in Azure Firewall
If you are planning on using Azure Firewall you will definitely need to start using IP Groups. This will make your life so much easier and save you a lot of time in future changes because it will allow you to group and manage IP addresses for Azure Firewall...
How to deploy fonts to Windows clients using Intune. (Manual)
Last week I had a customer that wanted to deploy multiple fonts to all his clients. Since there is no default option to deploy fonts to Intune clients, it is time to do some PowerShell magic, in Intune. How to install fonts on your device? If you have new...
Restrict Azure App Permissions to Specific mailboxes only
With Microsoft disabling basic Authentication starting October 1st 2022, I see a lot of vendors asking us IT Pro’s to create an Azure App registration with mailbox permissions to read out just a single mailbox. However, by default this Azure App grants permissions to every single mailbox in your...
How to setup Azure AD Enterprise app with password sign-on
Some web applications do not support single sign-on authentication. For these applications Microsoft has created an option to save the password in Azure AD. In this manual I am going to explain how to set it up. STEP 1: Create app From within the Azure Portal (https://portal.azure.com) go to...
Deploy Azure Virtual WAN with Virtual HUB (Manual)
This is the first blog post about Azure Virtual WAN. In the coming series I will be showing how to deploy en setup Azure Virtual WAN and setup VPN connections (S2S and P2S). In this blog post we start with the first step:...
Azure VM cannot connect to RDP (NLA, Manual)
Today I had to restore a virtual machine from a backup from 2 weeks ago. Once booted I received the error message that I was not able to connect because of the following error: The remote computer that you are trying to connect to requires Network Level Authentication (NLA),...
CSP: Granular Delegated Admin Privileges (GDAP) explained
Microsoft has been working on improving security. In the last few years every CSP customer has had the request to grant Delegated Admin Privileges (DAP) at least once. Without it is hard for the CSP Partner to grant and assign licenses, however not impossible. Of course it is convenient...
Bring your own IP (BYOIP) to Azure with Custom IP Prefix
When you want to move to Azure, but you want to retain your current public IP addresses, because of IP whitelisting, or te preserve your established IP reputation, you can now move your Public IPv4 Addresses to Azure. Once onboarded, these IPs can be associated with Azure resources, interact...
Azure AD Connect Export and Import configuration
Today I had to fix an AD Connect server that stopped working over the weekend. Unfortunately there was now way of fixing AD Connect sync and we had to reinstall AD Connect. However I didn’t want to lose the configuration that was made in the past. Since the end...
Automatically assign license(s) to groups in Office 365 (Manual)
When you want to align license assignments in Office 365 it might be helpful to automatically assign licenses to users by adding them to groups. This way you can make sure that everybody gets the right license and avoid mistakes. The problem with medium or large companies is that...
How to move resources to another subscription or resource group in Azure?
In this manual I am going to show you how to move resources to a different subscription, region and/or resource group in Azure. For today I am going to use the Azure portal, but you can use Azure PowerShell, Azure CLI or the REST API as well to move...
How to setup Azure Priviliged Identity Management (PIM) – Manual
Privileged Identity Management is a service in Azure that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Microsoft 365 or Microsoft Intune. Why should you use it? Organizations want to minimize the number of people who...
Setup a good password policy in Azure AD
A good password policy is the first step on securing your environment and company data. Without a password policy in place you can be sure that a lot of users will take a password that can be easily guessed and/or brute forced in less than 5 minutes. Default Azure...
Continuous Access Evaluation (CAE) in Azure AD (GA)
Microsoft has just announced (January 2022) the General Availability of Continuous Access Evaluation as part of the Azure AD Zero Trust management portfolio. What is Continuous Access Evaluation? In short: continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain...
Change Office 365 & SharePoint default domain name (Manual)
When a company changes it name, it would be nice if the SharePoint url can be changed to reflect the new company name. When you first signed up for Microsoft 365 you created an onmicrosoft.com domain. Even if you add custom domains, this domain will be used for SharePoint...
Azure Administrative Unit, what is it? And how to use it!
Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of...