Script to Assist in Point-to-Site VPN and OpenVPN with Azure

Script para auxiliar a configuração da VPN point-to-site e OpenVPN com o Azure em máquinas Windows

Hello everyone!!

I created a script to assist in the configuration of point-to-site VPN and OpenVPN with Azure on Windows machines. This script easily and iteratively generates the certificates and keys required for the configuration process of both types of VPN.

VPN_Logo
Continue reading “Script to Assist in Point-to-Site VPN and OpenVPN with Azure”

Configuring passwordless with your Authenticator APP

HEEYYY!!!

Microsoft has previewed a new security feature that allows the use of the Microsoft Authenticator app to log in to Azure without the need for a password. This is relevant because one of the most common ways to steal passwords today is through a keylogger, which captures the password and username as the user types. However, this is just one of the problems it solves. Another important issue is to avoid password storage.

microsoft-authenticator-app Continue reading “Configuring passwordless with your Authenticator APP”

Creating SPOT VMs in Azure

Hello!

Microsoft has finally launched the SPOT VMs, which we already had in other clouds such as AWS and GCP. These virtual machines provide access to unused computational resources in Azure and also large discounts. However, they cannot be reserved and Azure can interrupt them at any time to use its resources. The SPOT VMs are ideal for:

  • Workloads that can support interruptions
  • Development and testing
  • Applications that do not store state
  • Short-lived tasks
  • Batch jobs
    images

Continue reading “Creating SPOT VMs in Azure”

Creating Proximity Positioning Groups

Hello guys,

Do you know about Proximity Placement Groups in Azure and what they are used for? With proximity groups, you can place your Virtual Machines as close as possible, thus achieving the best possible latency. These proximity groups are a logical grouping to ensure that computational resources are physically located close to each other.

ppg Continue reading “Creating Proximity Positioning Groups”

Creating 2nd Generation VMs in Azure.

On the last day of 11/04/2019, Microsoft finally made second-generation VMs generally available, which we had on our local Hyper-v since Windows Server 2012 R2. They have a new architecture based on UEFI that is different from the BIOS-based architecture of generation 1. With these VMs, according to Microsoft, you will be able to:

  • Create larger VMs (up to 12 TBs).
  • Provision OS disk sizes that exceed 2 TBs.

Continue reading “Creating 2nd Generation VMs in Azure.”

Creating rules for conditional access in Azure Active Directory to ENFORCE MFA (Multifactor Authentication) on your Administrators.

conditional-access-signal-decision-enforcementHello!!!

Conditional access policies are if-then instructions, if a user wants to access a resource, then they must complete an action first.

According to Microsoft, commonly applied policies are:

Require multifactor authentication for users with administrative roles Require multifactor authentication for Azure management tasks Block user entries attempting to use legacy authentication protocols Require trusted locations for Azure Multifactor Authentication registration Block or allow access in specific locations Block risky sign-in behaviors Require organization-managed devices for specific applications

Very important, to use this feature you must have at least one “premium” license from your Azure Active Directory.

As a demonstration, I will enforce MFA (Multifactor Authentication) for all administrative users. Continue reading “Creating rules for conditional access in Azure Active Directory to ENFORCE MFA (Multifactor Authentication) on your Administrators.”

Using Azure Migrate – Part 2: Assessment

Folks, Continuing the deployment of Azure Migrate in Part 1, we will now see how to perform assessment of our virtual machines for free (Remembering that we use Microsoft’s tool for assessment, it only works on virtual machines (VMware/Hyper-v), physical servers are still not possible unless an ISV is used, such as Cloudamize). A very important step to verify the cloud resources that will really be necessary for the migration of our on-premise environment to Azure, thus avoiding unnecessary expenses:

Logo_AzureMigration Continue reading “Using Azure Migrate – Part 2: Assessment”

Using Azure Migrate – Part 1: Deployment and Configuration

Hello!

On July 11th, 2019, Microsoft announced the new Azure Migrate. This tool already existed but was quite limited. Now it has some interesting options, including:Logo_AzureMigration

  • Unified platform for migration
  • Database assessment and migration
  • Webapp migration
  • Assessment tools for right sizing/costs from both Microsoft and other partners
  • No need to install an agent on the client’s servers

Continue reading “Using Azure Migrate – Part 1: Deployment and Configuration”

Azure Bastion – Managing your Linux and Windows VMs through the Browser

Buenas Pessoal!!!

Hello everyone!!! Today to manage our VMs (Windows/Linux) in Microsoft Azure, we can connect through a VPN or through direct connection to the External IP, using RDP and SSH protocols. Many leave their VMs exposed to the internet, in order to facilitate remote access, but this practice is not recommended, bringing great security risks. Thinking about it, Microsoft made Azure Bastion available, where we can manage our VMs through a Browser using SSL (Secure Sockets Layer). And the coolest thing? No public IP is required for this encrypted access.

Continue reading “Azure Bastion – Managing your Linux and Windows VMs through the Browser”