Networking
223 TopicsFormer Employer Abuse
My former employer, Albert Williams, president of American Security Force Inc., keeps adding my outlook accounts, computers and mobile devices to the company's azure cloud even though I left the company more than a year ago. What can I do to remove myself from his grip? Does Microsoft have a solution against abusive employers?28Views0likes0CommentsHow to Protect ...azure-api.net Subdomain from DDoS Attacks when using API Management Basic
Dear Tech Community , I am usingAzure API Management (APIM Basic)inexternal modeand without VNet integration, meaning my API instance is publicly accessible through the default...azure-api.netsubdomain. I'm also using a custom domain but the default domain still remains aktive. I am concerned about potentialDDoS attacksand want to secure this subdomain. I am considering usingAzure Front Doorto filter the traffic and leverage itsWeb Application Firewall (WAF)for enhanced protection. Could you please clarify the following: Is it possible to fully protect the API subdomain (...azure-api.net) via Azure Front Door or other products, ensuring no traffic bypasses Front Door and directly reaches the original APIM domain? What additional configurations, such asIP filtering or header validation, are required to restrict access so that only traffic routed through Azure Front Door reaches the APIM domain? Given thatAPI Management without VNet integrationdoesnโt support DDoS Protection Standard, what are the best practices forDDoS protectionin this scenario? Could you recommend any additional steps or configurations to ensure that allDDoS and security measuresare effectively implemented? Thank you for your support. Best regards MichaelSolved261Views0likes3CommentsAzure Private DNS Resolver - Need Help
Hi All, we are planning to implement Azure DNS resolver to replace DNS forwarder ? have few question before on this . 1. does Azure Private DNS resolver works with SD-WAN / VWAN model network ? 2. does it requires to create a Azure DNS Zone for the private resolver ? we require Azure DNS Private resolver for forwarding purpose only and our current DNS forwarder VM on Bind DNS looks like below - By default all the Vent's DNS IP should be pointing to DNS Forwarders VM Bind Server for dns resolution. 2.DNS Forwarder in the region will forward the traffic to dns server based on the query to the domain controllers. There are specific rules for each Domain controller.we need similar kind of behavior from Azure private DNS resolver. will this work by using the DNS Private resolver ?appreciate for help in this issue156Views0likes1CommentWindows Updates and Defender Updates on Azure VM
Hi all, We want to build a locked down Azure VM with no public IP address. Is it possible for this VM to still get updates and report without a public IP address. Or is it a case that we really need a public IP address and then a firewall for this to be secure?Solved484Views1like2CommentsOn-prem connect with S2S VPN to Azure / users on P2S to Azure cannot connect to S2S on-prem resourc
Hi! I am trying to configure so that P2S users can access resources over at S2S end. S2S is working and onprem can access VM at Azure. Also P2S can access VM at Azure and from that VM ofcourse access S2S. However a P2S user cannot directly access a resource at the end of the S2S. The onprem network is advertised in the Azure VPN client but still it seems its not routing to the on-prem site. Example, onprem firewall does not see any incoming ICMP from P2S client, It does however see ICMP from VM located at Azure. LocalNetworkGateway Not using BGP. Static routes should work right? Below is two test net 192.168.1.0/24 and 192.168.47.0/24 over at the on-prem site. (S2S works fine) VirtualNetworkGateway P2S Also added custom routes 192.168.1.0/24,172.16.100.0/24. Seems it does not matter. Without them added the client sees the routes. See below. In the Azure VPN-client windows app, when connected I can se the routes: Client Route Print Any suggestions how I can get P2S user to access resources at S2S end? ThanksSolved1.4KViews0likes7CommentsAzure Application Proxy logging
Hi, so, aiming to replace ISA/TMG with Application Proxy for a variety of use case scenarios, the main question that is arising relates to logging. are application proxy logs automatically available via OMS as they are part of Azure Active Directory authentication? what about apps with no authentication? the key information is the source IP, username, application(destination), which is available with the CSV log file download from application proxy, but the UI doesnt provide any information or automation around generating the log file, or connecting to the live data stream. the big goal being intrusion detection, identification, and tracking. is OMS the product to use for this? what if the customer wished to use splunk or some other third party option, how do we connect to/parse the logs in that instance? cheers Pete14KViews0likes3CommentsAzure decommissioning - December 2023
Hi there I know that 2023 is over, but if you missed them, here are the decommissions announced by the Azure teams during the month of December: 1). 5G & Space Azure Object Anchors The service will be withdrawn on May 20, 2024. So for those like me, who don't know this service, it allows you to create 3D content objects through virtual points on physical objects. Azure Spatial Anchors Same punishment for the Azure Spatial Anchors service which will be withdrawn on November 20, 2024. Just like the previous one, I didn't know it, and it allows developers to generate mixed reality applications. -- 2). Containers Azure Container Apps On the Azure Container Apps side, the product team has decided to remove the plane 2023-04-01-preview control API from March 6, 2024. You simply need to switch to the latest stable version of the API i.e. 2023-05-01 Azure Kubernetes Service On the AKS side, the Pod Security Policy functionality which was in preview, will be removed as of August 1, 2024. Instead, Microsoft encourages you to use the Pod security admission controller functionality or the Azure policy service. -- 3). Management and Governance Azure Automation On August 31, 2024, change tracking and inventory with the Log Analytics agent will be removed. Instead you are encouraged to migrate to change tracking and inventory in Azure Monitoring Agent. The removal of the Update Management features, as well as the Log Analytics agent as of August 31, 2024. Azure Update Manager is the perfect replacement for Update Management, in fact I'm going to take a look at it because I might have some needed on one of my projects. Azure Monitor The removal of custom alerts from Container insights recommended alerts on May 31, 2024, instead of March 14, 2026. You are therefore encouraged to use the Prometheus rules instead. -- 4). Network VPN Gateway The withdrawal of the Standard and High Performance SKUs for the VPN gateway service on September 30, 2025. You will therefore need to consider using another SKU before this date to avoid any impact on your infrastructure. See you soon ๐617Views0likes0CommentsOn-prem connect with S2S VPN to Azure - Mobile users on P2S to Azure cannot connect to on-prem
Hello Thanks for taking your time to read this if you've got this far๐ CURRENT SETUP We have aon-prem network that is connected to Azure using aSite to Site VPN On-prem can communicate with Azure, and Azure back to on-prem. No worries. We have mobile users (out of the office where the above S2S is configured) that connect to Azure usingPoint to Site VPN. - Point to Site users can access Azure no worries. PROBLEM Users that are using theP2S VPN cannot communicate through the VPN down to the on-prem network resources (which are connected usingS2S VPNas described above. --------------------- Is there something obvious that is missing? We have not put in a route table, we have not set any static routes either. As per this articlehttps://docs.microsoft.com/en-us/azure/vpn-gateway/work-remotely-supportScenario 2 - We would assume it would just work, but I am guessing we need to add some sort of static route somewhere. Just not sure where I should be looking to be able to communicate all the way through from mobile user on P2S to on-prem connect via S2S.Solved2.4KViews1like2Comments