Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?Confuse in Azure WAF behavior with different browsers
Hello, I have an Azure Application gateway (WAF) that prevention mode is enabled and the OWASP 3 and the Microsoft Bot rule are activate. I checked my web application with chrome and refresh and sent many requests with Chrome. Now I received 403 Forbidden. I checked the logs the reason is: requestUri_s: /auth/login requestUri_s: /favicon.ico Message: SQL Comment Sequence Detected. But when I open my web application with Edge, it's work well. (Same system and same IP) 1. What's the reason? 2. How to fix? If I disable this role, there are risks. If I trust my IP, I couldn't check and QA my web app.
WordPress App how to restrict access to specific pages on the site
Hello all, I have a WordPress App hosted on Azure and I am struggling with how I can secure specific pages from public access. For example: www.mysite.com/wp-admin www.mysite.com/info.php I'd like it so that only specific IP addresses or Microsoft user accounts can access some, such as admin pages and for some pages I'd like no access at all, to where it just blocks any sort of visit. I've viewed the documentation for Front Door and some networking restrictions but that seems to be just IP addresses and I'm confused about how I can set those rule for specific pages within the App. I know WordPress offer plugins which have this sort of functionality but I'd like to take advantage of Azure's security features rather than plugins from WordPress. Any help is very appreciated. Thank youAzure Front Door and WAF
Hi i have created two Azure Web Apps using Azure App Service then i have configured. then i have configured Azure Front Door services, then i have created WAF rule to block access through my Public IP. that WAF rule does not process and i am still able to access that websites and WAF is enabled where should i start troubleshooting and Any guessed root causes..?
Securing app services across multiple AAD tenants
Hi All I'm beating my head against a wall so wanted to see if anyone can please help me out, or at least point me in the correct direction. We have a large Azure infrastructure across multiple AAD tenants, with a number of app services that we're trying to secure at the network level using app service restrictions so access is only allowed from clients within our infrastructure (across the 2 tenants), or using controlled access via our APIM and Front Door edges. The clients are a mix of other app services, VMs, VM scale sets (service fabric), and APIM access routes. All these now have Subnets attached for outbound routing. For securing within the same tenant everything works beautifully, using subnet access rules to grant access to the service endpoints from the client subnets. Where we are having problems is the cross-tenant allow rules. All the subnets have NATs attached with IPv4 public IPs, which I had assumed would mean that we'd be able to use the public IP to grant the access on restrictions in the other tenant. However what we've realised when we tested was that the presence of the Microsoft.Web service endpoint means that the NAT is being bypassed, and the IP presented to the target app service is not the IPv4 address we were expecting but an IPv6 address that is apparently used by the service endpoint, and I'm presuming not reliably static even if we can figure it out. I presume we're not the first people ever to try and achieve the goal of cross-tenant app restrictions so thought I would ask how this is best done? The one suggest I was given was to remove the service endpoints but that of course stops us being able to use subnet app restriction rules, and I failed to get anything to work with any of the IPs associated clients. Thanks in advance for any help you can offer Mark MiddlemistCan only remote into azure vm from DC
Hi all, I have set up a site to site connection from on prem to azure and I can remote in via the main dc on prem but not any other server or ping from any other server to the azure. Why can I only remote into the azure VM from the server that has Routing and remote access? Any ideas on how I can fix this?
Digital event: Modernize Your Network Security Strategy
Take a Zero Trust approach to secure your networks This is your opportunity to learn about the benefits of taking a Zero Trust approach to secure your cloud and hybrid networks. Azure network security provides you with a secure platform with advanced cloud native networking that protects web applications and workloads from network attacks. Register for this free event and learn how to: Protect and accelerate websites, apps, and content with the new Azure Front Door. Secure cloud perimeters and protect virtual networks with Azure Firewall and Azure Firewall Manager. Utilize Azure Web Application Firewall to protect from web vulnerabilities and bots. Modernize Your Network Security Strategy Thursday, February 18, 2021 10:00 AM–11:00 AM Pacific Time
