Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?1.2KViews0likes5CommentsAzure SD-WAN
Hi, I'm looking for good SD-WAN options for connecting our branches to our Azure vWAN with secured hubs (Azure Firewall). The plan is to ditch our current on-prem network circuit + express route and move to Azure vWan as the central hub with branch offices connecting over SD-WAN. I've had a look atAzure Virtual WAN partners, regions, and available locations | Microsoft Learn. We currently do have Fortigate NGFW on-prem but doesn't belong to us as its managed by a vendor. Besides, deploying dual role Fortigate NGFW into the vWan hub seems like an over-kill since we already have Azure Firewall Premium? Would be grateful for your experience \ suggestions. Thanks620Views0likes1CommentAzure Coexistence ExpressRoute and VPN Gateway
Good Day Team, Got a rookie question I'm not getting. Does the coexistence between the expressroute and VPN gateway mean: 1. one of each gateway type can be provisioned within a VNET or 2. both VPN and ExpressRoute connections can be terminated on a single gateway within a Virtual Network? Thanks to all those who are to help. Aegis1.4KViews0likes4CommentsAzure VMware Solution - Design Networking
Hello the community I would like your opinion and your help on the network implementation of the AVS solution Design picture I deployed a Vpn Gateway connection to interconnect the on-premise connection to Azure. (VpnGw Routed-Based 2e generation) I deployed Azure Route Server, Azure Bastion and Azure VMware Solution. To connect AVS to my Hub, I wanted to deploy another ExpressRoute Gateway in my hub. (purple, connection 2) Unfortunately, this doesn't seem possible. The peering (connection 4) doesn’t work, but I’m not really surprised. When I deployed AVS, an 'Azure vNet connect' option allowed me to create a new vNet, only in the same resource group(ResourceGroup_01_AVS). In this vNet, the vNet Gateway (ExR Gateway) is connected. I added a new subnet to connect the Jumpbox and manage AVS. It's not possible for me to create a new connection (connection 3) to AVS with a new ExpressRoute key. And to use ExpressRoute Global Reach, I need an existing ExpressRoute. (no available items) And for now, I only have one vpn. Since I’m at a dead end, I take any hypothesis of resolution. To complete the discussion, two diagrams I could find in Microsoft sessions that can complement our exchange. Use case 01 - AVS and NVA, VPN over ExR Use case 02- AVS and NVA, 2 Vnet Thank you in advance for your time and help.3KViews0likes3CommentsCan only remote into azure vm from DC
Hi all, I have set up a site to site connection from on prem to azure and I can remote in via the main dc on prem but not any other server or ping from any other server to the azure. Why can I only remote into the azure VM from the server that has Routing and remote access? Any ideas on how I can fix this?695Views0likes0CommentsExpressroute Coexistence P2S
Hi We have an IPVPN ExpressRoute connection back to our MPLS. We also have a central Internet breakout from our MPLS, its quite small, only 300mb. we don't want to increase the bandwidth on that circuit and at the moment it is getting a little over used by workers connecting to on-premise and Azure service via the client VPN they have. We want to look at the possibility of bringing up a P2S VPN in Azure that can also utilise the ExpressRoute for connectivity back down to the MPLS. We also have multiple VNGs setup that are linked to other Azure subs and a spare VNG that has a larger GatewaySubnet than the others (/27) Has anyone successfully brought up another VNG in the same GatewaySubnet asn an ExpressRoute VNG to allow P2S connections back either into the Azure environment or using the ExpressRoute back into an on-premise LAN (via the MPLS)? if you have, get in touch because I'd like to know how you managed it. I have looked at Virtual WAN, but that would entail bringing down the current ER which is a no no at the moment. thanks726Views0likes0CommentsExpressRoute with IPsec tunnel to on-prem
Is it possible to configure an IPsec tunnel over ExpressRoute with NVAs? The ExpressRoute is configured for Azure Private Peering. Is there any kind of list of supported NVAs for this scenario? So far we've tried vWAN with ExpressRoute to configure the IPsec and it works but we can see a significant impact on billing due to vWAN I guess. Also if you can think of any alternatives to setup ExpressRoute (with Az Private Peering) with IPsec tunnel then please share. So far for me the available options are vWAN and NVAs - at least according to this thread https://docs.microsoft.com/en-us/answers/questions/50909/configure-ipsec-encryption-over-express-route.html1.4KViews0likes2CommentsSDWAN and Express route
Hello Team , We have a global MPLS Network for a Service Provider X . Now we want to estalish Express route for our Hub vnets in Azure cloud . this looks fine Now we also have an SDWAN project running ;there is a Juniper Device on prem . which split the traffic between MPLS and VPN . when traffic switch to MPLS , juniper will do encryption . So do express route support encryption ? will there be any benefit ? how do we use pure MPLS express route and SDWAN together1.4KViews0likes1Comment