Anything covering Azure e.g. Azure AD, Virtual Machines, VPN

Analysing Azure AD Logs with Log Analytics

Katy Nicholson, 14 February, 2022

Log Analytics is part of Azure and is a great solution for analysing and interrogating logs across a huge assortment of Azure services. In this post I am going to demonstrate redirecting Azure AD logs to Log Analytics, and then build a dashboard showing various data from those logs. You will need to have Azure AD P1 or P2 licensing in order to redirect the Azure AD logs, and an Azure subscription to create the workspace.

AVD: Applications

Katy Nicholson, 27 January, 2022

Applications can be installed onto Azure Virtual Desktop Session Hosts in multiple ways. In this post I briefly look at the traditional methods, and have a detailed look at MSIX App Attach.

AVD: Getting Started with Azure Virtual Desktop

Katy Nicholson, 24 December, 2021

Azure Virtual Desktop (previously named Windows Virtual Desktop) is exactly as it sounds - a Virtual Desktop solution in Azure! While many of us are familiar with Windows Server Remote Desktop roles, and if we think back far enough - Terminal Services, AVD is an exciting cloud based take on this. So the first question I think we should tackle is "Why do I need this?" - Why can't we just use some Server 2022 VMs in Azure running the standard RDS roles - Session hosts, brokers, gateway etc? Well - you can do that if you want, but you're then paying compute costs for your session hosts, brokers and gateways, setting up a public IP address and opening ports. With AVD the broker and gateway are provided on Azure and they're free - all you pay is the cost of the Session Host VMs. Another point here is that with AVD you can use Windows 10 (or 11) Multi-session edition, designed for virtual desktops. No more trying to shoehorn Server with Desktop Experience into place.

Azure AD and Windows Hello: SSO to on-premises resources

Katy Nicholson, 10 October, 2021

A look at how a hybrid user logged into an Azure AD Joined device can SSO to on-premises resources, whether they logged on with a password or using Windows Hello for Business.

Azure Cloud Shell

Katy Nicholson, 18 June, 2021

Azure Cloud Shell is a great feature which gives you a PowerShell (or Bash) window in the browser. Whilst you can't access on-premise resources from the shell you can manage anything cloud based. By default there's a huge selection of Azure modules loaded, plus things like Teams.

Azure: Conditional Access and MFA

Katy Nicholson, 5 March, 2021

Multi-factor authentication is a must in this day and age, with phishing techniques becoming more and more sophisticated and more difficult to detect/block. Azure MFA can be used to secure your Office 365 workload (and, if you're using it as the authentication method for other services, they can be secured too).

Azure AD password protection

Katy Nicholson, 19 February, 2021

Azure AD Password Protection is part of Azure Active Directory and helps prevent users from picking poor/easily guessable/compromised passwords. Microsoft maintain a "global banned passwords" list which stores passwords which are "deemed too common". Obviously this list is not published, but by using Azure AD Password Protection you can have password changes run against it for both cloud and on-premises users. You can also create a custom banned password list, of up to 1000 entries, containing easily guessable things about your organisation, e.g. product names.

Backing up my Azure workload to Azure

Katy Nicholson, 13 February, 2021

I've looked at using Azure to back up on-premises workloads in a previous post (Azure Backup, I think it's time I looked at backing up workloads that are already running from Azure. I'm going to look at backing up Virtual Machines and storage accounts - there's not much more I store in Azure that would need backing up. I'm going to take a quick look at the options for storage accounts, virtual machines and databases. So the first question must be "Where do we back this up to?" - you could make a case for backing it up to an on-premise backup server, or even to a competing cloud provider, using one of many products designed for "backing up your Azure and Office 365 data". I see backups as having three purposes really - to get you up and running again after a disaster (such as losing your on-premise servers, or in this case your Azure workload being irreversibly lost), to recover from user error, and finally (becoming more and more important these days) to recover from ransomware/encryption based attacks. I back up my Azure workload to Azure because I feel the way it is configured - with availability zones, geo-redundant data etc - that it's highly unlikely that my backup will disappear along with my workload. I'd also think there's much more chance of something going wrong with my backup if it was stored on-premise rather than in Azure.

Azure AD Application Proxy

Katy Nicholson, 29 January, 2021

Azure AD Application Proxy is a really neat tool for publishing internal applications without exposing your servers to the Internet. If your applications require authentication for users to access them you can get Azure to handle all this for you, and it supports single sign on. Alternatively if you've got an old or obscure application that can't cope with Azure SSO you can configure it to use passthrough authentication, where the internal application remains responsible for this task.

WAC: Azure Backup

Katy Nicholson, 22 January, 2021

If you've connected Windows Admin Centre to Azure you'll find a section called Azure Backup. This will allow you to back up your on-site workloads to Azure using the Microsoft Azure Recovery Services agent. It's ideal for backing up physical servers or individual virtual machines. In this post I'm going to look at configuring and backing up a server through Windows Admin Centre, and then at how to recover the data - both for a partial failure (such as some files being deleted but the server still boots) and a total failure.

Hybrid Cloud Print

Katy Nicholson, 8 January, 2021

Hybrid Cloud Print is a solution to allow users to print to on-premise printers from their devices without needing to be on site or even have VPN connectivity - they just need Internet access. It is however fairly complicated to set up and requires multiple app registrations in Azure, and an Application Proxy server setting up. In this post I go through the steps on how to set it up and print from an Intune managed device. It has been replaced with Universal Print, however you can still set it up and use it if needed.

Universal Print

Katy Nicholson, 8 January, 2021

Universal Print is the new way to cloud print from your devices. It replaces Hybrid Cloud Print and is a lot easier to set up and manage. You'll need your devices to be connected to Azure AD (either domain joined or hybrid joined, or registered).

Creating a VPN from your on-site network to Azure

Katy Nicholson, 26 August, 2020

If you are moving any of your local network services into Azure it's likely you don't want to have to access them over the Internet and would rather have a VPN, and "private" IP addresses assigned to each of your Azure Virtual Machines. Here I go through how to set this up using my home lab and Azure tenancy as an example.

In-place OS upgrade of Azure Virtual Machines

Katy Nicholson, 24 August, 2020

In-place upgrade of Windows 2016 Azure VMs to Windows 2019 is not officially supported but still something we occasionally need to do. While I'd recommend you spin up a new 2019 VM and migrate your workload if at all possible, it's a bit long winded but you can do an in-place upgrade. If you're lucky it's as simple as copying the files off the ISO and running through the upgrade wizard, however if it brings up any prompts or messages you need to connect to the console to view you'd not get very far with a service like Azure where you cannot view the console, and this is one of the reasons why it is unsupported directly on Azure.