Forum Widgets
Latest Discussions
Azure AD Connect - procedure to change source of anchor from ObjectSID to Ms-DS-ConsistencyGUID
Hello, We are an organization of + 1000 users with ADs (domain and subdomains) linked to Azure AD via Azure Ad Connect. Currently the anchor source is ObjectSID, UPN = mail and Hybrid Exchange. We would like to change it to MS-DS-ConsistencyGUID in order to be able to move objects easily between ADs without impacting the Azure AD accounts. (Or find a tested procedure) We have found documentation about changing the anchor source for ObjectGUID attributes to MS-DS-ConsistencyGUID but not much for attributes other than ObjectGUID. I have read and tested several ideas but nothing is 100% risk free. For you, what is the best procedure to change this anchor source without loss of connection/identification for the end user (on Office 365 for example)? BTW = Soft Delete is not an option unless we have no choiceAzure Course Blueprints
Please refer to the updated document now in Azure Architecture Blog https://aka.ms/courseblueprint Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course by modules. I.E.: Just day 1 of AZ-104, using filters in Visio and selecting modules 1-3 Enhanced Integration: The Visio Template+ for expert courses such as SC-100 and AZ-305 now features an additional layer that allows you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-204, AZ-700, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for SC-100, and AZ-204 or AZ-104 for AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. New Feature: A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Released Updated Contents! AZ-104 Azure Administrator Associate Blueprint [PDF] Template 12/14/2023 10/28/2024 Contents AZ-204 Azure Developer Associate Blueprint [PDF] Template 11/05/2024 11/11/2024 Contents AZ-500 Azure Security Engineer Associate Blueprint [PDF] Template+ 01/09/2024 10/10/2024 Contents AZ-700 Azure Network Engineer Associate Blueprint [PDF] Template 01/25/2024 11/04/2024 Contents SC-300 Identity and Access Administrator Associate Blueprint [PDF] Template 10/10/2024 Contents Specialty PDF Visio Released Updated AZ-140 Azure Virtual Desktop Specialty Blueprint [PDF] Template 01/03/2024 02/05/2024 Expert level PDF Visio Released Updated AZ-305 Designing Microsoft Azure Infrastructure Solutions Blueprint [PDF] Template+ AZ-104 AZ-204 AZ-700 05/07/2024 12/09/2024 Contents SC-100 Microsoft Cybersecurity Architect Blueprint [PDF] Template+ AZ-500 SC-300 10/10/2024 Contents Skill based Credentialing PDF Visio Released Updated AZ-1002 Configure secure access to your workloads using Azure virtual networking Blueprint [PDF] Template 05/27/2024 Contents AZ-1003 Secure storage for Azure Files and Azure Blob Storage Blueprint [PDF] Template 02/07/2024 02/05/2024 Contents Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Introduction to Course Blueprint for Trainers [10 minutes + comments] Real life demo AZ-104 Advanced Networking section [3 minutes] Visio stencils Azure icons - Azure Architecture Center | Microsoft Learn Subscribe if you want to get notified of any update like new releases or updates. My email ilan.nyska@microsoft.com LinkedIn https://www.linkedin.com/in/ilan-nyska/ Celebrating 30,000 Downloads! Please consider sharing your anonymous feedback <-- [~ 40 seconds to complete]
Azure - Certificate Authority
Hi, I was looking for any documentation on how Azure Key Vault can be integrated into an internal CA? I have read information on KV being integrated with 3rd party issues, such as DigiCert, but I was wondering how to do this with a traditional Windows Server running as a CA?
MS Guidance on NSGs on NICs vs on Subnets
I'm looking for any MS best practices around NSGs on network cards and I can't seem to find any. I've found the NSG best practices but I haven't found any on if it's best practice to have NSGs on just the subnet or the subnet and the NIC. I'm leaning toward just the subnet. Thoughts? Here is what I've found so far https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practicesAzure Firewall : Deploy, Configure & Control network access
I have written a quick tutorial with videos about how to deploy and configure network access in Aure Firewall with Single VNet model. In this article we will see how to manage or restrict network access for a Azure VMs using Azure Firewall. We will also see how to restrict or limit access to websites, outbound IP, ports, protocols, etc., In the below mentioned articles, I have made a step by step tutorial of a test environment creation for learning purpose – you can follow the same, deploy the test setup and play with the rules to become familiar. Below is the high level design of the test environment that we will deploy in Azure. High Level Architecture Deployment Approach Here is the high level deployment approach for deploying Single V-Net test environment with azure firewall. For Detailed and step by step Instructions and videos- please refer the below articles. Create Resource Group Sign in to the Azure portal at https://portal.azure.com. On the Azure portal menu, select Resource groups or search for and select Resource groups from any page. Then select Add. For Resource group name, enter <Jasparrow> For Subscription, select your subscription. For Resource group location, select a location. All other resources that you create must be in the same location. Select Create. Create Virtual Network & Add Subnet On the Azure portal menu or from the Home page, select Create a resource. Select Networking > Virtual network. For Subscription, select your subscription. For Resource group, select <jasparrow>. For Name, type Test-FW-VN. For Region, select the same location that you used previously. Select Next: IP addresses. For IPv4 Address space, type 10.0.0.0/16. Under Subnet, select default. For Subnet name type AzureFirewallSubnet. The firewall will be in this subnet, and the subnet name must be AzureFirewallSubnet. For Address range, type 10.0.1.0/26. Select Save. Next, create a subnet for the workload server. Select Add subnet. For Subnet name, type Workload-SN. For Subnet address range, type 10.0.2.0/24. Select Add. Select Review + create. Select Create. Create Virtual Machine Now create the workload virtual machine, and place it in the Workload-SN subnet. On the Azure portal menu or from the Home page, select Create a resource. Select Compute and then select Virtual machine. Windows Server 2019 Datacenter in the Featured list. Enter these values for the virtual machine: Under Inbound port rules, Public inbound ports, select None. Accept the other defaults and select Next: Disks. Accept the disk defaults and select Next: Networking. Make sure that Test-FW-VN is selected for the virtual network and the subnet is Workload-SN. For Public IP, select None. Accept the other defaults and select Next: Management. Select Off to disable boot diagnostics. Accept the other defaults and select Review + create. Review the settings on the summary page, and then select Create. Deploy Azure Firewall On the Azure portal menu or from the Home page, select Create a resource. Type firewall in the search box and press Enter. Select Firewall and then select Create. On the Create a Firewall page, use the following table to configure the firewall: Select Review + create. Review the summary, and then select Create to create the firewall.This will take a few minutes to deploy. After deployment completes, go to the <jasparrow> resource group, and select the Test-FW01 firewall. Note the firewall private and public IP addresses. You’ll use these addresses later. Creating a Default Route For the Workload-SN subnet, configure the outbound default route to go through the firewall. On the Azure portal menu, select All services or search for and select All services from any page. Under Networking, select Route tables. Select Add. For Name, type Firewall-route. For Subscription, select your subscription. For Resource group, select <jasparrow>. For Location, select the same location that you used previously. Select Create. Select Refresh, and then select the Firewall-route route table. Select Subnets and then select Associate. Select Virtual network > Test-FW-VN. For Subnet, select Workload-SN. Make sure that you select only the Workload-SN subnet for this route, otherwise your firewall won’t work correctly. Select OK. Select Routes and then select Add. For Route name, type fw-dg. For Address prefix, type 0.0.0.0/0. For Next hop type, select Virtual appliance.Azure Firewall is actually a managed service, but virtual appliance works in this situation. For Next hop address, type the private IP address for the firewall that you noted previously. Select OK. Creating Application Rule This is the application rule that allows outbound access to www.google.com. Open the <jasparrow>, and select the Test-FW01 firewall. On the Test-FW01 page, under Settings, select Rules. Select the Application rule collection tab. Select Add application rule collection. For Name, type App-Coll01. For Priority, type 200. For Action, select Allow. Under Rules, Target FQDNs, for Name, type Allow-Google. For Source type, select IP address. For Source, type 10.0.2.0/24. For Protocol:port, type http, https. For Target FQDNS, type www.google.com Select Add. Creating Network Rule This is the network rule that allows outbound access to two IP addresses at port 53 (DNS). Select the Network rule collection tab. Select Add network rule collection. For Name, type Net-Coll01. For Priority, type 200. For Action, select Allow. Under Rules, IP addresses, for Name, type Allow-DNS. For Protocol, select UDP. For Source type, select IP address. For Source, type 10.0.2.0/24. For Destination type select IP address. For Destination address, type 209.244.0.3,209.244.0.4These are public DNS servers operated by CenturyLink. For Destination Ports, type 53. Select Add. Creating NAT Rule Testing Traffic This rule allows you to connect a remote desktop to the Srv-Work virtual machine through the firewall. Select the NAT rule collection tab. Select Add NAT rule collection. For Name, type rdp. For Priority, type 200. Under Rules, for Name, type rdp-nat. For Protocol, select TCP. For Source type, select IP address. For Source, type *. For Destination address, type the firewall public IP address. For Destination Ports, type 3389. For Translated address, type the Srv-work private IP address. For Translated port, type 3389. Select Add. DNS Configuration & Testing For testing purposes in this tutorial, configure the server’s primary and secondary DNS addresses. This isn’t a general Azure Firewall requirement. On the Azure portal menu, select Resource groups or search for and select Resource groups from any page. Select the <jasparrow>resource group. Select the network interface for the Srv-Work virtual machine. Under Settings, select DNS servers. Under DNS servers, select Custom. Type 209.244.0.3 in the Add DNS server text box, and 209.244.0.4 in the next text box. Select Save. Restart the Srv-Work virtual machine. Test the firewall Now, test the firewall to confirm that it works as expected. Connect a remote desktop to firewall public IP address and sign in to the Srv-Work virtual machine. Open Internet Explorer and browse to https://www.google.com. Select OK > Close on the Internet Explorer security alerts.You should see the Google home page. Browse to https://www.microsoft.com.You should be blocked by the firewall. So now you’ve verified that the firewall rules are working: You can browse to the one allowed FQDN, but not to any others. You can resolve DNS names using the configured external DNS server. Reference Jasparrow Blog Video Tutorial Regards Jason
access azure file share form a web browser
hello is it a way even with a third party to access azure file share from a web browser or from a sharepoint. The point is i have integrated azure file share with azure AD and all computers join to the domain have access through the map folder, but external non join computer cannot thank you
What is the difference between application architect and Solution Architect?
What are the key differences between an Application Architect and a Solution Architect in the context of IT architecture roles and responsibilities? How does the level of abstraction differ for an Application Architect and a Solution Architect when designing and implementing IT solutions? Do they have distinct areas of focus, such as system-level design versus component-level design?
