PL-200 Exam Success Story
I recently passed my PL-200 exam, and I owe a lot of my success to CertsExpert practice tests. Initially, preparing for the exam was tough, but these https://www.certsexpert.com/PL-200-exam-online.html changed the game for me. They were made by experts and helped me understand all the important concepts for the real test. On exam day, I felt confident and managed to answer all the questions easily, leading to great results. I'm really grateful for the help Certs Expert provided in my journey to success.
Key Vault drops "=" either while wrapping or unwrapping.
Hi, we have created an application for our customer. Somehow this week it stopped working. While debugging I found somehow "=" are dropped after unwrapping. I can verify this with the Rest API. First I wrap this: { "alg": "RSA-OAEP-256", "value": "08vUy8_Ub5mzmqbE7kZOXQ==" } And the result after unwrapping is this: { "kid": "https://XXXXX.vault.azure.net/keys/wrapkey/xxxxx", "value": "08vUy8_Ub5mzmqbE7kZOXQ" } This seemed to have changed recently. As we use rust in our application reverting the base64 now fails. I also tried with another value, which only had one =, which resulted in the same behavior. Did anyone experience the same?
Azure Policy Guardrail
Hi All, I have the following requirement to set the guardrails for the secrets stored in the AKV. Environment 1. I have 100s of Azure Subscriptions and in each subs, there are 1-2 AKV configured 2. There are few AKV spread across the subscriptions where very sensitive secrets are stored with a tag "sensitive" Requirements 1. No one should be able to change/modify the tags setup in the AKV where tags are configured as sensitive even user are assigned Subs Owner/key Vault admin permissions. 2. No human user should be able to read those secrets with a sensitive tags. 3. If possible, I want to configure the above requirements for everyone except 1-2 folks within a org. Can someone please guide me how to craft such policy. Thanks RajNew Blog Post | Azure resource entity page - your way to investigate Azure resources
Azure resource entity page - your way to investigate Azure resources - Microsoft Tech Community Azure resources such as Azure Virtual Machines, Azure Storage Accounts, Azure Key Vault, Azure DNS, and more are essential parts of your network. Threat actors might attempt to obtain sensitive data from your storage account, gain access to your key vault and the secrets it contains, or infect your virtual machine with malware. The new Azure resource entity pages are designed to help your SOC investigate incidents that involve Azure resources in your environment, hunt for potential attacks, and assess risk.
New Blog Post | Azure Sentinel Notebooks - Azure cloud support, new visualizations
Azure sovereign clouds, Matrix visualization, Process Tree update in MSTICPy 1.4 (microsoft.com) The 1.4.2 release of MSTICPy includes three major features/updates: Support for Azure sovereign clouds for Azure Sentinel, Key Vault, Azure APIs, Azure Resource Graph and Azure Sentinel APIs A new visualization — the Matrix plot Significant update to the Process Tree visualization allowing you to use process data from Microsoft Defender for Endpoint, and generic process data from other sources. We have also consolidated our visualizations into a single pandas accessor to make them easier to invoke from any DataFrame.
Encryption in Az - Confusion
Hi everyone. I did not know how to answer these questions so maybe some of you have experiences with encryption. 1. The wording is quite difficult. Is Service-side enryption = Storage Service Encryption? Both use the SSE. 2. In the constraints i saw "Managed disks encrypted using customer-managed keys cannot also be encrypted with Azure Disk Encryption.". Why that? As i know, SSE with CMK and ADE are not same things, right? 3. The abbreviation KEK is confusing. I thought that's what is used in SSE (the CMK) respectively during ADE (when I add a key to the key vault and use it for the disk encryption). Now i saw there is in premium key vault the option "KEK for BYOK". Whats the difference, what is the KEK now? For what do i need that KEK for BYOK if i already have my KEK as i added key in key vault? 4. It is recommended to use a key in key vault for ADE? Kind regardsUnable to connect to the destination mentioned in the KeyVault URL
I am trying to use the Dynamics 365 Data export service to connect with my Azure SQL with Azure AD connection. When following this tutorial : https://www.youtube.com/watch?v=txms2Yvn6Vc and many more; i figured out how to export my D365 data export service but this tutorial is based on my SQL user. When I try to use a Azure AD user to do the authentication I keep getting the error "Unable to connect to the destination mentioned in the keyvaul URL error" What I did ATM is , used the D365 Powershell script like the tutorial mentioned to create a keyvault with the connection string and paste the keyvault url inside my D365 settings to validate. This works if i use the second connection string in the pic below But when I do the exact same thing with an Active directory connection string (second connection string in picture) This does not work !! Inside the SQL server I ensured that my Azure AD user has active directory admin roles. And the userID I use inside my connection string has all the rights inside the server and database to do the minimum for D365 Export service (create, insert table, ....) But still i got a fail inside my D365 . Tried everything ATM don't know where to look. Any body who had the same issues as me ? OR know which step I am missing ?SSL wildcard certificate renewal stuck on 'Waiting for certificate issuer'
My wildcard SSL cert recently expired, and after going through the domain verification process again, it is now stuck on 'Waiting for certificate issuer'. I have successfully made it through steps 1-2 in the configuration process, but am unable to go any further. The certificate is also not found when I try to import it into an App Service App. Can someone help?
SCCM & Intune Co-management
Hi! I know that you know can manage bitlocker keys within Intunes on "Azure AD joined device". But is there any way to do the same with "Azure AD registred device"? as seen on this https://msdnshared.blob.core.windows.net/media/2016/04/c.png) you aren't (See; Doamin joined + Device registration). But as I see it, it's just a easy string. TL;DR: Do anyone know how to save a bitlocker key within Intune/Azure AD to those who are "Azure AD registred device" or "Hybrid joined"? Or do anyone know how to change a device from those mention above and make it "Azure AD joined device"? Thanks for your time.
