Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

I recently came across an issue where a user-assigned managed identity on a VM was not able to read the properties of the resource group where the VM object it was assigned to resided. As our deployment relied on these permissions being set it would fail until the permissions were added. Normally, you could easily … Continue reading Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

AKS: Enabling and using preview features such as nodepools using CLI

Most of the time we use the familiar Azure portal to consume Azure Resources. That is all well and good. However sometimes we find that having the Azure CLI to do this is more easier, as once we perfect the script we can just run it, instead of having to use the Portal. In this … Continue reading AKS: Enabling and using preview features such as nodepools using CLI

Tip: Capturing Devices to Manage in Intune Using Azure AD Connect

Working with customers who are starting their migration for identity and administration from on-premises to Azure, I see a couple options in the installation and configuration of Azure AD Connect that get missed. Particularly, once Azure AD Connect is installed and on-premises accounts are synced with Azure, customers find that their Active Directory managed devices … Continue reading Tip: Capturing Devices to Manage in Intune Using Azure AD Connect

Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

My big focus for Azure at Microsoft is in administration and identity. This includes a lot of heavy Azure AD work. I regularly help customers assess their Azure AD implementations and plans, which puts me in the unique position to hear about customer woes directly. One of the bigger pain points I hear from customers … Continue reading Azure AD Best Practice: Using Azure AD Connect Standby for Redundancy and Failover

Azure AD Best Practice: When to Consider Using a Full SQL Server Instance for Azure AD Connect

By default, Azure AD Connect installs with SQL Express. More specifically, the default is a SQL Server 2012 Express LocalDB (a light version of SQL Server Express). If you need to manage a higher volume of directory objects, you'll definitely want to point the installation wizard to a different installation of SQL Server. The type … Continue reading Azure AD Best Practice: When to Consider Using a Full SQL Server Instance for Azure AD Connect

The new way to avoid exposing port 3389 in Azure – Bastion!

Microsoft has released the public preview for Azure Bastion, allowing an additional factor and separate subnet to be your protection from the hordes of hackers who scan the Internet every day looking for open port 3389 with easy passwords or vulnerable patch-level. And things are simpler for you as well - no more unnecessary PIP's … Continue reading The new way to avoid exposing port 3389 in Azure – Bastion!

Deploy Azure Kubernetes Service (AKS) to a preexisting VNET

I recently ran into an issue where I needed to deploy AKS in an environment with a limited number of available IP addresses. If you've ever deployed AKS before, you might have noticed that using the default settings creates a new VNET with a /8 CIDR range (16,777,214 hosts), which was way too large for … Continue reading Deploy Azure Kubernetes Service (AKS) to a preexisting VNET

Azure AD Best Practice: Requiring users to periodically re-confirm their authentication information

Disabling the authentication methods re-confirmation prevents users from updating potentially outdated information such as email or phone number and can decrease the effectiveness of Self-service Password Reset (SSPR). This may also result in password reset information being sent to an unintended recipient. The default setting in Azure AD is to require users to re-confirm authentication … Continue reading Azure AD Best Practice: Requiring users to periodically re-confirm their authentication information

Field Notes: Azure Active Directory Connect – Troubleshooting Task Overview

This is a continuation of a series on Azure AD Connect. Previous parts have mostly been focusing on the installation and configuring different user sign-in options for Azure AD. Links to these are provided in the summary section below. Now that we have covered the common setup options for Azure AD Connect, I would like … Continue reading Field Notes: Azure Active Directory Connect – Troubleshooting Task Overview

Moving Azure Virtual Machines to a different region

Background There are various scenarios in which you would want to move your existing Azure IaaS virtual machines (VMs) from one region to another. For example, if you already deployed in one region, and a new region support was added which is closer to the end users of your application or service. In this scenario, … Continue reading Moving Azure Virtual Machines to a different region