anuj, Author at Azure Security Architect

Author Archives: anuj

Device Restrictions using Conditional Access Policies in Azure Entra ID

anuj November 27, 2024 Device Restrictions using Conditional Access Policies in Azure Entra ID2024-11-27T18:13:19+00:00 Entra ID No Comment

Now, there's a policy that allows you to restrict which devices get into your Azure subscriptions. The compliant devices policy requires you to list CIDR ranges/devices that are permitted. You…

Letting in vendors to your Entra Tenant

anuj November 23, 2024 Letting in vendors to your Entra Tenant2024-11-23T00:26:33+00:00 Entra ID No Comment

Use Case Let in a set of Vendor Engineers into your Azure Subscription (typically with GLOBAL READER permissions) Steps in Entra and in Azure Set up SSO using the vendor's…

P2 licenses – Use Case – SSO Authentication and MFA – no mailbox

anuj November 22, 2024 P2 licenses – Use Case – SSO Authentication and MFA – no mailbox2024-11-22T20:36:46+00:00 Entra ID No Comment

Use Case - SSO Authentication and MFA - no mailbox P2 licenses - Cloud Only Authentication (not federated)

Devices versus Apps – Managed by Intune

anuj November 22, 2024 Devices versus Apps – Managed by Intune2024-11-22T20:36:05+00:00 InTune No Comment

Intune Can be used to manage both devices as well as applications on the devices. One can configure InTune for JUST application management (and have some other tool do the…

Migration of Azure site-to-site VPN tunnel from one region to another

anuj November 18, 2024 Migration of Azure site-to-site VPN tunnel from one region to another2024-11-18T14:14:46+00:00 ExpressRoute No Comment

Option 1 - create a new VPN in the new region Create a new VPN gateway in the desired region Configure the new gateway with the same connection settings as…

Azure Hub Spoke Best Practices

anuj April 16, 2024 Azure Hub Spoke Best Practices2024-04-16T19:52:54+00:00 Azure Network Security No Comment

The HUB VNET contains the Firewall Subnet, the Gateway VPN Subnet (which has a SITE TO SITE VPN) and the workload Subnet A. The Spoke VNET contains other workloads in…

Container Networking Security on Azure

anuj April 16, 2024 Container Networking Security on Azure2024-04-16T00:41:50+00:00 No Comment

For Containers to be assigned IP Addresses (in order to access Azure PaaS services - the storage service), one can use the Container network interface plugin

Access Reviews in Azure AD

anuj April 16, 2024 Access Reviews in Azure AD2024-04-16T00:23:47+00:00 Azure AD No Comment

When you create access reviews for admin level users ( global admin or password admin), you have a couple of options on how to deal with the review results. You…

External Users and Active Directory

anuj April 15, 2024 External Users and Active Directory2024-04-15T15:16:53+00:00 Active Directory No Comment

Also read - 4 types of authentication What exactly are External USers from an AD perspective? External Users can be both your own corporate (remote) users, OR external partners. This…

Azure Firewall – Stateful, Packet Inspection

anuj April 15, 2024 Azure Firewall – Stateful, Packet Inspection2024-04-15T14:38:25+00:00 Azure Security Ecosystem No Comment

What is needed to deploy an Azure Firewall? Azure Firewall requires it's own empty subnet and an unused IP address space. You will need to create an address space, if…