Tag Archives: Security

Keeping your Azure VMs up-to-date with the update management solution

Based on the Azure services Log Analytics and Azure Automation you can use three new capabilities in the Azure portal for your Azure VMs: inventory, change tracking, and update management. -> https://azure.microsoft.com/en-us/updates/update-management-inventory-and-change-tracking-are-available-in-azure-automation/ In this blog article I will talk about the update management solution. If you Read more [...]

Deploy NSG augmented security rules with Azure Resource Manager templates

In my previous blog post “Working with NSG augmented security rules in Azure” I described what the NSG augmented security rules are and how you can leverage them with PowerShell. -> http://www.danielstechblog.info/working-nsg-augmented-security-rules-azure/ In this blog post I will briefly describe how to implement the augmented security rules in your Azure Resource Manager template. First, Read more [...]

Working with NSG augmented security rules in Azure

At Microsoft Ignite this year Microsoft has announced several networking improvements and features in Azure. Most of them are currently in public preview and can be tested like the augmented security rules for NSGs in Azure. -> https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/ What are augmented security rules? In short, they extend the rule set, so you can specify Read more [...]

Enabling Azure Disk Encryption on Windows Server 2016 Server Core in Azure

Beside the Windows Server 2016 Datacenter image, Microsoft also provides an image with Windows Server 2016 Datacenter - Server Core in Azure. If you are using the Server Core image and want to enable Azure Disk Encryption for the VM, you will see the following error message. The official solution is described in the Azure documentation. -> https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-tsg#troubleshooting-windows-server-2016-server-core You Read more [...]

Does have ADE or SSE a performance impact on Azure IaaS VMs?

Before I begin to write about this topic, I want to clarify that the results are not an official statement by Microsoft. The opinions expressed herein are my own personal opinions and do not represent my employer’s view in anyway. Now we have clarified that, let us begin to talk about what ADE and SSE are in a short way. ADE stands for Azure Disk Encryption and is the volume-based encryption option Read more [...]

Using Veeam FastSCP with Azure VMs and self-signed certificates

When working with Azure VMs you have several options to copy files into your VMs. One tool I really like is Veeam FastSCP, because my Azure VMs are just dev / test machines and are neither part of an Active Directory nor I have a VPN connection with the my Azure Virtual Network. -> https://www.veeam.com/fastscp-azure-vm.html So I want a secure way to get files into my Azure VMs and here comes Read more [...]

Azure Germany services URLs and IP addresses for firewall or proxy whitelisting

When you are working with Azure Germany sometimes you have to whitelist specific IP address ranges or URLs in your corporate firewall or proxy to access all Azure services you are using or trying to use. Some information like the datacenter IP ranges and some of the URLs are easy to find. Other things are more complicated to find like calling IP addresses of specific Azure services or specific URLs. The Read more [...]

Using MFA in Azure Germany

Using multi-factor authentication as an additional security layer for your accounts in Azure Germany is very easy. Just login to the Azure Germany portal (https://portal.microsoftazure.de) with a Global Administrator account and jump to the Azure Active Directory blade. Next, click on Multi-Factor Authentication in the overview pane to access the MFA portal. There you can activate MFA for a single Read more [...]

Azure services URLs and IP addresses for firewall or proxy whitelisting

When you are working with Azure sometimes you have to whitelist specific IP address ranges or URLs in your corporate firewall or proxy to access all Azure services you are using or trying to use. Some information like the datacenter IP ranges and some of the URLs are easy to find. Other things are more complicated to find like calling IP addresses of specific Azure services or specific URLs. The Read more [...]

Microsoft Azure Network Security Group effective security rules evaluation

Ever faced the problem that you had defined rules in your Network Security Groups, attached one to the virtual subnet and the other one to the VM’s NIC and finally lost the view which rules of which NSG are applied to the VM? If you can answer the question with yes, then Azure provides the solution for it. A hidden gem: the effective security rules. The effective security rules evaluation can Read more [...]