One of my goal this year was to work more and more with the Microsoft security solutions and got deeper into the different services and possibilities. My focus on this is to get a better understanding how we can secure our Hybrid Cloud environment with the different Microsoft defender products.
Microsoft announces with the Azure Firewall Standard and Premium two new Firewall Services available as PaaS solution what are a great benefit to classic Firewall deployments, because of native Autoscaling Features, no need for VM Management and more. Unfortunately the price was to high for SMBs, with 900€ for the Standard and over 1200€ for the Premium Edition. A frequently requested Features, was a cheaper variant aimed at small and medium businesses.
This wish has been answered and is now available in the form of the Azure Firewall Basic edition. The Azure Firewall Basic (AzFw Basic) is available as public preview and the planned subscription must first be prepared before the deployment can begin with some Powershell commands. This article will guide you through the setup process for a Hub and Spoke Network and the main difference between the three Azure Firewall editions.
Azure Firewall edition comparison
Microsoft already introduced the Azure Firewall as Standard Edition in 2018 and expanded it with numerous updates in 2019. The Firewall Manager followed at the end of 2019 to manage various Azure firewalls under one roof. Mid of 2021 Microsoft announced the Azure Firewall Premium edition and extend the capabilities compared to the standard edition by the following features: TLS Inspetion, IDPS, Web categories and URL Filerting.
The acceptance of the firewall has been high so far due to the numerous features and the fact that the firewall is provided as a PaaS solution. As an SMB solution, the prices called are too high and that is where the Basic Edition is now trying to attract attention.
The following table list the difference between the edition. Please note the Maximum throughput between the different edition. Azure Basic Firewall is limited at time of article of 2 VMs under the hood and a maximum troughput of 250 (maybe increase to GA).Continue reading Azure Firewall Basic is available as Public preview
Many of my customers move to the cloud in the last recent years. This means for existing environments a start of a journey away from on-prem system going forward to cloud environments. We all know a journey starts with preperation and needs different steps and is always not a good idea to work on all systems together. But on the other hand, same system still exists in there old way and use sometimes old, unsecure protocols for communication and authentication.
To adress this issues Microsoft announce Septemper 2019 in a blog article “Improving security” the disabling of support for Basic authentication for the protocols like EWS, POP, IMAP and Remote Powershell. After the plan the corona crisis came up and Microsote decided to postpone the disabling of the noted protocols.
In September 2021 Microsoft released new information about this in the article “Basic authentication and Exchange Online” including some updated information. Microsoft will disable basic authentication beginning 1st of October 2022 for all protocols except SMTP auth. This means the following protocols will be disabled:
- Exchange Web Services (EWS)
- Exchange ActiveSync (EAS)
- Remote PowerShell
The full event month of September is slowly coming to an end and what better way to end it than with a great Azure conference? I´m really happy to announce that I will speak at the Experts Live Netherlands. The Experts Live Netherlands is one of the biggest Experts Live conferences next to Experts Live Europe and celebrates its 10th anniversary this year.Continue reading Speaking at Experts Live Netherlands 2022
Three months ago on 7th of April Microsoft announce a new exam for security architects and introduce again the existing exams SC-200, SC-300, AZ-500 and MS-500. The article contains the new announcement of the new exam SC-100 to become Microsoft Cybersecurity Architect.
I took the Microsoft Cybersecurity Beta exam #SC100 and got yesterday the confirmation that I passed the exam. This is great news for me as it confirms that I am gaining a better and better knowledge in Azure Security topics.
In this article I will introduce the exam, how to get the Microsoft Cybersecurity Architect Expert award and which materials I used to prepare for the exam.Continue reading How I passed the Microsoft Cybersecurity Architect exam SC-100 and why I am now a Microsoft Cybersecurity Architect Expert
I know it’s been a little quiet on new blog articles the last few months, but that’s due to other community topics I’m working on. One of my new projects is the Azure Ask my Anything Live format that I will be hosting with my team at Azure Bonn Live on YouTube and Linkedin. I’m excited to announce that we’re kicking off this year with an Azure AMA on Azure Virtual Desktop Best Practices, and we have the pleasure of welcoming Marcel Meurer and Patrick Koehler to this session. Marcel and Patrick are two Azure MVPs and do a lot of work in the AVD community. Marcel is known as the brains behind the WVDAdmin and Project Hydra products, which are services to automate all things Azure Virtual Desktop. Patrick has also been active in the AVD community for many years with great sessions and insights about AVD and is the organizer of AVD TechFest together with Simon Binder.
Azure AMA – Azure Virtual Desktop Best Practices will take place live on Youtube on February 14, 2022. You can register for this event via our Azure Bonn page. Please note that this is a live AMA session and we would love for you to join us live and bring your questions to the session. If you don’t have time this time, please use our Microsoft forms to submit your questions before the session starts. The session will be held in German, but you can also ask your questions in English.
GermanContinue reading Azure AMA – Azure Virtual Desktop Best Practices #AVD with Marcel Meurer and Patrick Koehler
I am pleased to have received an invitation to speak at the upcoming Scottish Summit 2021. The Scottish Summit was estabhlished in 2020. This year the conference is becoming an online-only conference and will be streamed on all social media channels. The conference itself is growing into a really big conference with many parallel tracks with different language. The main conference starts on Saturday 27/02/21 and there will be many sessions on Microsoft Cloud services (like Azure, M365 and so on).
Azure Governance is an important topic for any customer using cloud resources. In my session, I will show the power of Azure Policy and Azure Security Center to define guardrails for your Azure environment and bring it into a compliant and secure state. I will go live with my session at Saturday 27/02/21 starting 1PM. If you are interested in how Azure Policy and Azure Security Center work together and how these services are handled, please feel free to join my session and ask questions.
There are quite a few Microsoft Cloud sessions planned for the Conference. Go to the website, plan your agenda and grab your ticket. There’s also an App available for iOS and Android. I hope to see you there.
In the past Thomas Naunheim (Thomas Blog) and I have worked on several Cloud projects focusing on Azure Governance and Enterprise Scale. We decided to create a session together to integrate the best of both worlds and our experiences and recommendations from the field.
- Overview of Cloud Adoption Framework
- Overview of Well-architecture Framework
- Management of Compliance and Security Status
- Azure Enterprise-Scale Landing Zone
- Azure Ops: “Operationalize” Azure environment at scale
We are very happy to announce that our session was accepted by the Azure Saturday Hamburg Team on 20/02/2021. The Azure Saturday Hamburg is a full, free Azure conference day with lot of great sessions. The event will have two different tracks and the first speakers and sessions have been announced. Take a look at the agenda and sign up for this great conference across different sessions from the Azure Cosmos.Continue reading Speaking at Azure Saturday Hamburg 2021 together with Thomas Naunheim
Last year Gregor Suttie and Richard Hooper launched the Azure Advent Calendar and I got to support with a session on Azure Bastion. This year they improved on the idea with the Festive Tech Calendar. I’m happy to be back with an article on Azure VM best practices. I hope you find the article helpful and I would appreciate feedback.
Over the past few months, I have conducted many customer workshops, designed and implemented Landing Zones, and migrated or placed VMs into Azure. One of the most common customer questions has been about best practices for Azure VMs to maximize performance and efficiency, minimize costs, increase security, and reduce management overhead. This article is based on my real-world experience and recommendations based on several Azure projects.Continue reading Azure VM Best Practices
02/03/2022 Update 1
There are some improvements and changes in the AzFilesHybrid module, I updated the article with this changes.
The Azure Files Teams announced the availability of joining Azure Fileshares to AD DS since February 2020. This brings a lot of new possibilites, like to move Fileservers directly to a hosted SMB solution or deploy WVD Profiles directly on Azure Fileshares.
Microsoft did a lot of work to bring this solutions to live, but there are some challenges and pitfalls to activate and maintain the service. In this article I will go in a short way over all related considerations for Azure Fileshares AD DS authentication. Please note this article only focus to enable Azure Files for Active Directory Domain Services – not Azure AD or Azure AD DS.Continue reading Azure Files enabled AD DS SMB authentication Best Practices and all you need to know