Windows Hello for Business and changing security policies (lessons learned)

Last weeks I had some challenges with a customer requiring more strictive PIN permissions for Windows Hello For Business. My initial thought was, I’ll just change the Intune Policy, and people will receive the new policy settings and job done. During the test phase with my own tenant, and...

Microsoft Managed Entra ID Conditional Access policies are coming to eligible tenants

In November last year, Microsoft announced the “auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage.” This means that all tenants with at least Entra ID P1 license will receive the Microsoft Managed conditional access policies with the intention to...

Enable Inter-Hub traffic Azure Virtual WAN through Azure Firewall (Manual)

Since Azure WAN came out I’ve configured multiple Azure Virtual WAN environments. But since september 2023 it is now possible to automatically assign firewall routes to all your VPN tunnels. By default traffic from 1 VPN tunnel to another VPN tunnel will bypass the firewall. With this new Inter-hub...

How to deploy Azure NAT Gateway (Manual)

Microsoft recently announced that direct internet connection for virtual machines will be deprecated at the end of September 2025. So how are we going to grant virtual machines with internet access without an Azure Firewall? We can use Azure NAT Gateway to grant internet access. So lets get started!...

Deploy Azure Firewall with Azure virtual WAN (Manual)

In the past blog I showed you how to deploy Azure Virtual WAN with a HUB (Deploy Azure Virtual WAN with Virtual HUB (Manual) | 2 Azure). Today we will continue the journey with the deployment of the Azure Firewall. Prerequisites: STEP 1: Deploy Azure Firewall policy From the...

Deploy Azure Application Gateway V2 with http to https redirect

Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that...

Deploy Azure MySQL Flexible Server using Private End-Points (Manual)

In this manual I am going to show you how to deploy Azure MySQL Flexible Server with data encryption enabled using a Service Managed Keys (SMK) for data at rest encryption. What is Azure MySQL Flexible Server? Azure Database for MySQL Flexible Server is a fully managed Azure database...

How to setup SFTP using Azure Blob Storage (Manual)

Since 2022 Microsoft supports the SSH FTP protocol on the Azure Blob Storage accounts. In this manual I will show you how to setup SFTP on Azure Blob storage. Before you can use SFTP, you will need to know a few things. One of them is that SFTP relies...

Setup Azure File Share with Entra ID hybrid identities

I hear a lot of people that want to get rid of their traditional file server and don’t want to move to SharePoint for various reasons. As an alternative we can use Azure File Share with integrated Entra ID authentication. This manual contains al the information required to setup...

How to setup BGP VPN connection with Azure WAN (Lessons learned)

Last few weeks I’ve been busy with setting up an Azure Virtual WAN environment with multiple VPN connections. One of them is a High available VPN with BGP connection to a Fortigate Firewall. Since this Fortigate Firewall is hosted with a 3rd party, I don’t have any screenshots or...

Redundant VPN Gateway reset (Azure WAN)

If you happen to have a redundant setup of a VPN gateway, which happens to be delivered as well with Azure Virtual WAN, you might encounter issues where you want to reset the VPN Gateway. One thing that is not clearly mentioned in the documentation, nor is it in...

Microsoft Azure Boost Preview

Last July Microsoft announced the new Azure Boost in Preview. Azure Boost is a new system that offloads virtualization processes traditionally performed by the hypervisor and host OS, such as networking, storage, and host management, onto purpose-built hardware and software. By separating hypervisor and host OS functions from the...

Microsoft renames Azure AD to Microsoft Entra ID

A year ago Microsoft announced the Entra product family to gain more trust and achieve higher security in every digital experience and interaction. By making the protection of identities and access an primary goal, Microsoft envisions an new era for security. With this renaming Microsoft is showing their commitment...

Get started with Azure Functions (Manual)

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running. As you build your functions, you have...

How to register Azure B2C tenant in the Azure API Managent (Manual)

From within the Azure API Manament portal there is a default authentication option for your API consumers. The better option is to configure a connection with an Azure B2C tenant. This will enable you to enforce MFA and conditional access policies on your API applications. In this manual it...

How to solve in Azure: The subscription is not registered to use namespace ‘xxxxxx’

Sometimes it happens that if you want to deploy a new type of resource in Azure that you receive the following error: The subscription is not registered to use namespace ‘*********’. See https://aka.ms/rps-not-found for how to register subscriptions. Today I received the above error for the namespace Microsoft.AzureActiveDirectory. And...

How to create an applocker policy (Manual)

Windows AppLocker is a technology first introduced in Windows 7 that allow you to restrict which programs users can execute based on the program’s attributes. In enterprise environments it is typically configured via Group Policy, however we can leverage the XML it creates to easily build our own custom...