AKS: Enabling and using preview features such as nodepools using CLI

Most of the time we use the familiar Azure portal to consume Azure Resources. That is all well and good. However sometimes we find that having the Azure CLI to do this is more easier, as once we perfect the script we can just run it, instead of having to use the Portal. In this … Continue reading AKS: Enabling and using preview features such as nodepools using CLI

Tip: Capturing Devices to Manage in Intune Using Azure AD Connect

Working with customers who are starting their migration for identity and administration from on-premises to Azure, I see a couple options in the installation and configuration of Azure AD Connect that get missed. Particularly, once Azure AD Connect is installed and on-premises accounts are synced with Azure, customers find that their Active Directory managed devices … Continue reading Tip: Capturing Devices to Manage in Intune Using Azure AD Connect

Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

My big focus for Azure at Microsoft is in administration and identity. This includes a lot of heavy Azure AD work. I regularly help customers assess their Azure AD implementations and plans, which puts me in the unique position to hear about customer woes directly. One of the bigger pain points I hear from customers … Continue reading Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

Azure AD Best Practice: When to Consider Using a Full SQL Server Instance for Azure AD Connect

By default, Azure AD Connect installs with SQL Express. More specifically, the default is a SQL Server 2012 Express LocalDB (a light version of SQL Server Express). If you need to manage a higher volume of directory objects, you'll definitely want to point the installation wizard to a different installation of SQL Server. The type … Continue reading Azure AD Best Practice: When to Consider Using a Full SQL Server Instance for Azure AD Connect

The new way to avoid exposing port 3389 in Azure – Bastion!

Microsoft has released the public preview for Azure Bastion, allowing an additional factor and separate subnet to be your protection from the hordes of hackers who scan the Internet every day looking for open port 3389 with easy passwords or vulnerable patch-level. And things are simpler for you as well - no more unnecessary PIP's … Continue reading The new way to avoid exposing port 3389 in Azure – Bastion!

Deploy Azure Kubernetes Service (AKS) to a preexisting VNET

I recently ran into an issue where I needed to deploy AKS in an environment with a limited number of available IP addresses. If you've ever deployed AKS before, you might have noticed that using the default settings creates a new VNET with a /8 CIDR range (16,777,214 hosts), which was way too large for … Continue reading Deploy Azure Kubernetes Service (AKS) to a preexisting VNET

Azure AD Best Practice: Requiring users to periodically re-confirm their authentication information

Disabling the authentication methods re-confirmation prevents users from updating potentially outdated information such as email or phone number and can decrease the effectiveness of Self-service Password Reset (SSPR). This may also result in password reset information being sent to an unintended recipient. The default setting in Azure AD is to require users to re-confirm authentication … Continue reading Azure AD Best Practice: Requiring users to periodically re-confirm their authentication information