Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?Using Azure Bastion via through vWAN Virtual Hub
I have a feedback about Azure Bastion. I am using the ability to use Azure Bastion with multiple virtual networks via vNET Peering. I would like to extend this feature to use it via a Virtual WAN hub. However, the current Azure Bastion does not seem to detect peering through a virtual hub. I hope Azure Bastion to be able to connect to VM hosts on different virtual networks via a virtual hub.
Deny traffic between VNETs when using peering Bastion Host VNET?
Like many fans of Bastion Host, I was really excited to see that Bastion Host can be used across peered VNETs. I gave this a bit of thought before going ahead and seeking thoughts on below. If I'm peering a VNET from the Bastion Host VNET to a bunch of other VNETs solely for this purpose, e essentially increasing our attack surface after opening up all traffic between the VNETs (even without allowing gateway transit). The situation I envisaging is that if 1 VMs in a peered subnet is compromised (not via RDP), attacker can use lateral movement using any port other than 22/3389 to attack other VMs. Naturally I can't ammend the default any-any rule for VNETs in the NSG. So I see 2 options really. 1. Add an explicit deny-all rule for inbound from the VNET (lower priority of course than inbound allowing 22/3389 from Bastion Subnet) 2. Don't be so overly cautious and do nothing! Keen for thoughts and feedback!Change subnet
we have the usual vnet setup with a/24 subnet split into /25 for vms and /27 for DMZ and /27 for Bastion. the users were running out of IP addresses for VM deployment. I have setup a vnet with a /24 subnet which can give them more IPs but, they want the bastion to be enabled for accessing the VMs. I made sure the VMs are turned off and tried changing the subnet /25 but it says it is in use,. Does Azure allow changing the subnet? I know I can add a whole new subnet for bastion but, I'm thinking about the possibility of changing the same subnet for keeping it organized.Can only remote into azure vm from DC
Hi all, I have set up a site to site connection from on prem to azure and I can remote in via the main dc on prem but not any other server or ping from any other server to the azure. Why can I only remote into the azure VM from the server that has Routing and remote access? Any ideas on how I can fix this?
