Azure MFA: Architecture Selection Case Study

14th of March, 2017 / / 4 Comments

I’ve been working with a customer on designing a new Azure Multi Factor Authentication (MFA) service, replacing an existing 2FA (Two Factor Authentication) service based on RSA Authenticator version 7.
Now, typically Azure MFA service solutions in the past few years have been previously architected in the detail ie. a ‘bottom up’ approach to design – what apps are we enforcing MFA on? what token are we going to use? phone, SMS, smart phone app? Is it one way message, two way message?… [Keep reading] “Azure MFA: Architecture Selection Case Study”

Send mail to Office 365 via an Exchange Server hosted in Azure

24th of February, 2017 / / No Comments

Those of you who have attempted to send mail to Office 365 from Azure know that sending outbound mail directly from an email server hosted in Azure is not supported due to elastic nature of public cloud service IPs and the potential for abuse. Therefore, the Azure IP address blocks are added to public block lists with no exceptions to this policy.
To be able to send mail from an Azure hosted email server to Office 365 you to need to send mail via a SMTP relay.… [Keep reading] “Send mail to Office 365 via an Exchange Server hosted in Azure”

Exchange Server 2016 in Azure

23rd of February, 2017 / / 13 Comments

I recently worked on a project where I had to install Exchange Server 2016 on an Azure VM and I chose a D2 sized Azure VM (2 cores, 7GB RAM) thinking that will suffice, well that was a big mistake.
The installation made it to the last step before a warning appeared informing me that the server is low on memory resources and eventually terminated the installation, leaving it incomplete.
Let this be a warning to the rest of you, choose a D3 or above sized Azure VM to save yourself a whole lot of agony.… [Keep reading] “Exchange Server 2016 in Azure”

Exchange Server 2016 install error: “Active Directory could not be contacted”

23rd of February, 2017 / / No Comments

I recently worked on a project where I had to install Exchange Server 2016 on an Azure VM and received error “Active Directory could not be contacted”.
To resolve the issue, I had to complete the following steps;

  1. Remove the Azure VM public IP address
  2. Disable IPv6 on the NICipv6-disabled
  3. Set the IPv4 DNS suffix to point to your domain. If a public address is being used it will be set to reddog.microsoft.com by default.dns-suffix

Once done the installation could proceed and Active Directory was contactable.

Azure Load Balancer – Add/Remove Vms

20th of February, 2017 / / No Comments

 
Still stuck on azure service manager (ASM)? Have load balancers in environment which you need to configure often to remove/add vms? Not a worry. Even though when it comes to load balancer configuration option in ASM we are pretty much tied down to PowerShell but in this post I will show you how you can use simple PowerShell scripts to configure your load balancer.
Azure load balancer is a layer 4 load balancer (TCP, UDP) and manages the incoming traffic for load and availability.… [Keep reading] “Azure Load Balancer – Add/Remove Vms”

How to create an Azure Function App to Simultaneously Start|Stop all Virtual Machines in a Resource Group

6th of January, 2017 / / 6 Comments

Just on a year ago I wrote this blog post that detailed a method to “Simultaneously Start|Stop all Azure Resource Manager Virtual Machines in a Resource Group”. It’s a simple script that I use quite a lot and I’ve received a lot of positive feedback on it.
One year on though and there are a few enhancements I’ve been wanting to make to it. Namely;

  • host the script in an environment that is a known state.
[Keep reading] “How to create an Azure Function App to Simultaneously Start|Stop all Virtual Machines in a Resource Group”

Azure AD Connect pass-through authentication. Yes, no more AD FS required.

8th of December, 2016 / / 18 Comments

Originally posted on Lucian.Blog. Follow Lucian on Twitter: @LucianFrango.

***

Yesterday I received a notification email from Alex Simons (Director of PM, Microsoft Identity Division) which started like this:

Todays news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview!

So I thought I’d put together a streamlined overview of what this means for authentication with regards to the Microsoft Cloud and my thoughts on if I’d use it.… [Keep reading] “Azure AD Connect pass-through authentication. Yes, no more AD FS required.”

Azure AD Connect – Using AuthoritativeNull in a Sync Rule

1st of December, 2016 / / No Comments

There is a feature in Azure AD Connect that became available in the November 2015 build 1.0.9125.0 (listed here), which has not had much fanfare but can certainly come in handy in tricky situations. I happened to be working on a project that required the DNS domain linked to an old Office 365 tenant to be removed so that it could be used in a new tenant. Although the old tenant was no long used for Exchange Online services, it held onto the domain in question, and Azure AD Connect was being used to synchronise objects between the on-premise Active Directory and Azure Active Directory.… [Keep reading] “Azure AD Connect – Using AuthoritativeNull in a Sync Rule”

Configuring AWS Web Application Firewall

30th of November, 2016 / / No Comments

In a previous blog, we discussed Site Delivery with AWS CloudFront CDN, one aspect in that blog was not covered and that was WAF (Web Application Firewall).
What is Web Application Firewall?

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.

[Keep reading] “Configuring AWS Web Application Firewall”