本文介绍了在微软Azure订阅中添加超级协助管理账号的步骤。通过添加协管账号可以降低账号订阅被封的概率,提供超管账号被封或者忘记密码的补救方案,并管理某些服务如OpenAI模型。需要一个有效订阅的Azure和一个被邀请的微软账号。步骤包括访问订阅详情,添加角色分配,选择特权管理角色和所有者,选择成员,设置条件,最后确认邀请并使用被邀请账号登录Azure控制面板。
Cloudflare Access是一种企业级Zero Trust产品,提供免费的无限期、无流量限制、50台设备支持的零信任解决方案。本文简要记录了团队域的手动加入、客户端设备控制和身份验证策略等内容。
This post provides information on Azure application registrations, enterprise applications, and managed identities. It explains the purpose of application registrations and the trust relationship established between Microsoft's identity platform and custom applications. It also discusses enterprise applications as the application identity within Azure AD and the relationship between app registrations and enterprise applications. Additionally, the post covers managed identities and their role in assigning identities to Azure resources. The author aims to clarify these concepts in the context of authentication in Azure.
This article explains how to use Azure Automation and PowerShell to create a daily Microsoft Entra risk report. By automating the process, administrators can monitor risk events, gather data, format it into an HTML report, and send it via email. The report includes information on risk detections, risky users, and risky service principals, providing visibility into identity-based attacks and allowing for timely action. The article provides step-by-step instructions on setting up the Azure Automation account, assigning necessary permissions, installing required Microsoft Graph PowerShell SDK modules, adding the code, reviewing the report, and scheduling the script to run daily.
This article provides a guide on using Azure to automate alerts for Azure (Entra ID) application secret expirations. It covers creating a new Azure application, assigning permissions, creating an app secret, connecting to the Microsoft Graph API, retrieving application information, handling pagination, getting application secret expiration, converting time to local time zone, dealing with multiple secrets per application, sending alerts via email and Microsoft Teams, and setting up automatic serverless automation using PowerShell runbooks and schedules.
This blog post discusses how to build a DMZ (Demilitarized Zone) in Azure Cloud. It explains the concept of a DMZ, the architecture with two or three layers of security, and workload placement. It also provides examples of address spacing and hybrid network workloads placement. The post concludes with best practices for Azure networking, including segmenting networks, controlling traffic with NSGs, and enforcing user-defined rules.
This document provides best practices for network security in Microsoft Azure. It emphasizes the importance of adopting Zero Trust architectures, implementing conditional access policies, enabling port access only after workflow approval, and granting temporary permissions for privileged tasks. The document also recommends controlling routing behavior, using virtual network appliances, deploying perimeter networks for security zones, avoiding exposure to the internet with dedicated WAN links, optimizing uptime and performance with load balancing, disabling RDP/SSH access to virtual machines, and securing critical Azure service resources with Azure Private Link. Additional information on control routing behavior, virtual network appliances, perimeter networks, WAN links, load balancing, RDP/SSH access, and Azure Private Link is provided. The document concludes with a reference to Azure security best practices and patterns.
This post explains how to set up a L2TP/SSTP client access RRaS server in Azure. Although RRaS is not officially supported in Azure, it can still be configured by enabling IP forwarding on the VM and adding a routing table to the vnet. The post provides step-by-step instructions on installing the Remote Access role, configuring and enabling RRaS, and setting up NAT for the VPN tunnel. It also mentions the need to assign IP addresses from a static pool and configure SSL certificate and authentication. The post concludes by inviting readers to share their experiences and alternative methods in the comments.
This article provides a step-by-step guide on how to configure an Azure site-to-site VPN with RRAS in Azure Resource Manager. It covers configuring the RRAS server's NICs, installing the RRAS roles and features, setting up and configuring the VPN in Azure, and configuring the RRAS server. The article also includes troubleshooting tips.
This document provides information about the Sync-CyberArk-Password-Azure-KeyVault-Secret plugin, which allows for pushing, updating, and syncing passwords from CyberArk Vault to Azure Key Vault. It includes prerequisites, configuration steps, and instructions for adding Azure Key Vault usage. The document also explains how to add KeyVaultName and SecretName File Categories in Vault Server and create a new service account platform. Additionally, it covers the process of adding Azure Key Vault usage and testing the push/update operation.