Azure Security Architect

InTune Migration PreExisting Identities

anuj March 12, 2025 InTune Migration PreExisting Identities2025-03-12T15:42:49+00:00 InTune No Comment

For Intune (device) migrations to be successful, two things need to be in place The identities (for those devices) need to be in place already The licensing for the devices…

Storage Accounts and Blob Storage

anuj December 30, 2024 Storage Accounts and Blob Storage2024-12-30T17:16:49+00:00 Storage Security No Comment

Step 1 - Creating a NEW STORAGE ACCOUNT Types - Storage accounts are of three types - V2 (most general purpose), V1 (hardly used anymore) and Blob Storage (can only…

Azure Policy Recommended Policies

anuj December 29, 2024 Azure Policy Recommended Policies2024-12-29T16:32:53+00:00 Azure Security Ecosystem No Comment

These are the top recommended policies for most customers. Enforce resource tagging Limit allowed locations Prohibit specific resources deployment ( Public IP addresses) Require Secure Transfer for Storage Accounts Block…

Device Restrictions using Conditional Access Policies in Azure Entra ID

anuj November 27, 2024 Device Restrictions using Conditional Access Policies in Azure Entra ID2024-11-27T18:13:19+00:00 Entra ID No Comment

Now, there's a policy that allows you to restrict which devices get into your Azure subscriptions. The compliant devices policy requires you to list CIDR ranges/devices that are permitted. You…

Letting in vendors to your Entra Tenant

anuj November 23, 2024 Letting in vendors to your Entra Tenant2024-11-23T00:26:33+00:00 Entra ID No Comment

Use Case Let in a set of Vendor Engineers into your Azure Subscription (typically with GLOBAL READER permissions) Steps in Entra and in Azure Set up SSO using the vendor's…

P2 licenses – Use Case – SSO Authentication and MFA – no mailbox

anuj November 22, 2024 P2 licenses – Use Case – SSO Authentication and MFA – no mailbox2024-11-22T20:36:46+00:00 Entra ID No Comment

Use Case - SSO Authentication and MFA - no mailbox P2 licenses - Cloud Only Authentication (not federated)

Devices versus Apps – Managed by Intune

anuj November 22, 2024 Devices versus Apps – Managed by Intune2024-11-22T20:36:05+00:00 InTune No Comment

Intune Can be used to manage both devices as well as applications on the devices. One can configure InTune for JUST application management (and have some other tool do the…

Migration of Azure site-to-site VPN tunnel from one region to another

anuj November 18, 2024 Migration of Azure site-to-site VPN tunnel from one region to another2024-11-18T14:14:46+00:00 ExpressRoute No Comment

Option 1 - create a new VPN in the new region Create a new VPN gateway in the desired region Configure the new gateway with the same connection settings as…

Azure Hub Spoke Best Practices

anuj April 16, 2024 Azure Hub Spoke Best Practices2024-04-16T19:52:54+00:00 Azure Network Security No Comment

The HUB VNET contains the Firewall Subnet, the Gateway VPN Subnet (which has a SITE TO SITE VPN) and the workload Subnet A. The Spoke VNET contains other workloads in…

Container Networking Security on Azure

anuj April 16, 2024 Container Networking Security on Azure2024-04-16T00:41:50+00:00 No Comment

For Containers to be assigned IP Addresses (in order to access Azure PaaS services - the storage service), one can use the Container network interface plugin

123