New Windows update brakes cloud Kerberos Trust
Microsoft is constantly working on improving security on the Windows Server Operating Systems. However sometimes unintentianally it breakes a feature. One of them is the following update: Protections for CVE-2025-26647 (Kerberos Authentication). This Windows security updates released in April contains protections for a vulnerability with Kerberos authentication. This issue...
How to auto start and stop Azure VM’s (Manual)
There are situations where you would like to automatically shutdown and start virtual machines in Azure. Where there are several different ways to automate the stop, deallocate and start virtual machines, I would like to show you today how to use a simple setup to automate, schedule and configure...
How to setup site-to-site VPN with Azure VPN-Gateway to Unifi Dream Machine
When you want to extend your local network to Azure, you have multiple options to extend it to Azure. In this manual I am going to show you how to setup a site-to-site VPN connection from a Unifi Dream Machine Pro/SE to an Azure Virtual WAN VPN Gateway. This...
How to setup web content filtering using Defender for EndPoint?
Last few weeks I’ve been working on data loss prevention policies and security features in the Microsoft 365 suite. One of the items that we did touch is web content filtering to protect users from malicious websites, but also to avoid people from uploading documents to content sharing websites....
Microsoft Entra Suite now generally available
Last July 11 Microsoft announced the general availability of the Microsoft Entra Suite. Since Microsoft focus for Zero Trust we see them delivering new security features making your users and environment more secure. Part of the Microsoft Entra Suite are Microsoft Entra Private Access and Microsoft Internet Access which...
How to deploy Azure Stack HCI – Part 2
In our first blog How to deploy Azure Stack HCI part 1 (Manual) | 2 Azure we learned how to deploy a (single) Azure Stack HCI node and a Cluster. In this manual we will continue the journey and we will setup networking, download images and deploy virtual machines....
How to deploy Azure Stack HCI part 1 (Manual)
Before we start, we will need to know a few things about Azure Stack HyperConverged Infrastructure. Basically it means that we can deploy physical hardware on-premise that uses internal hardware to create a redundant setup when deploying multiple nodes. When deploying Azure Stack HCI on hardware you will get...
What is Azure ARC and how to deploy it for on-premise (virtual) machines?
In the last few years we see an evolving hosting landscape. Emerging cloud hosting and even cloud offboarding for certain workloads. But with this increasingly complex environments we need to find a way to manage and governance our clouds. With Azure Arc you can governance, manage and maintain your...
How to deploy Entra ID Application Proxy (Manual)
Entra ID Application Proxy is a service that enables remote access to applications from any device with a web browser without the need for a VPN. It provides secure access to on-premises applications by proxying requests through the Azure cloud. One of the other features is that Entra secures...
Microsoft Entra ID Multitenant organization in public preview
Microsoft has released the ability to setup multitenant environments in Microsoft Entra. With this new feature in Microsoft Entra ID it is possible to define a group of tenants and connect them together to achieve better collaboration between the tenants. This includes the search en discovery of users across...
Windows Hello for Business and changing security policies (lessons learned)
Last weeks I had some challenges with a customer requiring more strictive PIN permissions for Windows Hello For Business. My initial thought was, I’ll just change the Intune Policy, and people will receive the new policy settings and job done. During the test phase with my own tenant, and...
Microsoft Managed Entra ID Conditional Access policies are coming to eligible tenants
In November last year, Microsoft announced the “auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage.” This means that all tenants with at least Entra ID P1 license will receive the Microsoft Managed conditional access policies with the intention to...
Enable Inter-Hub traffic Azure Virtual WAN through Azure Firewall (Manual)
Since Azure WAN came out I’ve configured multiple Azure Virtual WAN environments. But since september 2023 it is now possible to automatically assign firewall routes to all your VPN tunnels. By default traffic from 1 VPN tunnel to another VPN tunnel will bypass the firewall. With this new Inter-hub...
How to deploy Azure NAT Gateway (Manual)
Microsoft recently announced that direct internet connection for virtual machines will be deprecated at the end of September 2025. So how are we going to grant virtual machines with internet access without an Azure Firewall? We can use Azure NAT Gateway to grant internet access. So lets get started!...
Deploy Azure Firewall with Azure virtual WAN (Manual)
In the past blog I showed you how to deploy Azure Virtual WAN with a HUB (Deploy Azure Virtual WAN with Virtual HUB (Manual) | 2 Azure). Today we will continue the journey with the deployment of the Azure Firewall. Prerequisites: STEP 1: Deploy Azure Firewall policy From the...
Deploy Azure Application Gateway V2 with http to https redirect
Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that...
Deploy Azure MySQL Flexible Server using Private End-Points (Manual)
In this manual I am going to show you how to deploy Azure MySQL Flexible Server with data encryption enabled using a Service Managed Keys (SMK) for data at rest encryption. What is Azure MySQL Flexible Server? Azure Database for MySQL Flexible Server is a fully managed Azure database...
How to migrate lightning fast from on-premise file server to Azure Fileshare with AZCopy
When you want to migrate from an on-prem file server to an Azure File Share, you want to do it as fast as possible. There are multiple ways to achieve such an migration. This could be with Azure Storage Explorer, mount the SMB share and go for a traditional...
How to setup SFTP using Azure Blob Storage (Manual)
Since 2022 Microsoft supports the SSH FTP protocol on the Azure Blob Storage accounts. In this manual I will show you how to setup SFTP on Azure Blob storage. Before you can use SFTP, you will need to know a few things. One of them is that SFTP relies...
Setup Azure File Share with Entra ID hybrid identities
I hear a lot of people that want to get rid of their traditional file server and don’t want to move to SharePoint for various reasons. As an alternative we can use Azure File Share with integrated Entra ID authentication. This manual contains al the information required to setup...