How to Connect Remotely to A Virtual Machine in Microsoft Azure
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Imagine it's midafternoon on a Friday. Your team lead needs you to spin up a windows virtual machine for testing purposes. You manage to spin up the virtual machine, however, Houston, there's a problem. You need to connect remotely since you are currently out of town. Whether you're debugging a deployment or testing a new app environment, remote access to virtual machines is a must-have skill. Microsoft Azure, a leading cloud services provider, offers a robust platform to deploy, manage, and connect to VMs. This guide presents a step-by-step walkthrough on how to connect to a VM in Azure using standard tools like Remote Desktop Protocol (RDP) and Secure Shell (SSH). Prerequisites Before proceeding, ensure the following requirements are met: ✅ An active Microsoft Azure subscription ✅ A pre-provisioned VM in Azure ✅ Admin credentials (username/password or SSH key) ✅ A stable internet connection ✅ Access to a terminal or RDP client What Are Virtual Machines? Virtual machines (VMs) are software-based computers that run inside physical computers. They function like physical computers, with their own CPU, memory, storage, and network connectivity, but exist only as code within a physical host machine. Azure is one of the largest cloud providers worldwide with host of services, boasting security at scale for your computing needs. In fact, Azure has many different Virtual Machine options from you to choose from. VMs are important in cloud computing for several reasons: Security: VMs are separated from the main computer, so any issues inside a VM won't affect the main system. Efficiency: Multiple VMs can run on one physical computer, saving space and reducing costs. Flexibility: VMs can run different programs and operating systems at the same time on the same physical computer. Scalability: VMs can be quickly added or removed based on need, making it easy to adjust resources. Cost Savings: Using VMs means fewer physical computers are needed, which lowers expenses. These benefits make VMs a key part of cloud computing, helping to create efficient, secure, and adaptable computing environments. Step 1: Access the Azure Portal Launch your preferred web browser. Navigate to https://portal.azure.com. Authenticate using your Microsoft Azure credentials. Note: The Azure Portal provides a centralized interface to manage your Azure resources, including networking, storage, and compute services. Step 2: Locate the Virtual Machine Resource Identify the Subscription under which the VM is deployed. Select the appropriate Resource Group that contains the VM. From the list of resources in the group, locate and click on the Virtual Machine you intend to access. On the VM's overview page, review critical information such as its name, region, and assigned IP address. Step 3: Verify VM Operational Status Within the VM overview page, confirm that the Status is set to Running. If the VM is stopped, select the Start option to initiate the instance. Step 4: Establish a Remote Connection Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft that allows users to connect to another computer over a network connection. RDP provides a graphical interface to the user for remote interaction with the desktop of a remote system. It operates over TCP port 3389 and ensures encryption between the client and server during communication. RDP also supports features such as: Session redirection (printers, drives, and audio) Secure transmission using encryption and authentication protocols Efficient bandwidth usage by compressing data Understanding these capabilities is crucial for effectively managing and troubleshooting RDP connections, especially in enterprise environments. For Windows-based Virtual Machines (via RDP): Login to Azure Portal: https://portal.azure.com. Go to your Virtual Machine's overview page. Select Connect, then choose RDP. Ensure that the public IP address and port 3389 are accessible. If necessary, configure your Network Security Group (NSG) to allow inbound RDP traffic. Download the provided RDP file by clicking Download RDP File. Open the downloaded .rdp file using the Remote Desktop Client on your local machine. When prompted, enter the username and password you created when you deployed the Windows VM. For Linux-based Virtual Machines (via SSH): From the VM overview, click Connect and navigate to the SSH tab. Copy the autogenerated SSH command, which should look like: ssh -i ~/Directory saved/ssh/PRIVATE -KEY/VM-ADMIN-USERNAME/IP-ADDRESS Ex. ssh -i ~/ssh/id_rsa.pem/azureuser@PublicIPAddress Open a terminal (macOS/Linux) or PowerShell/Command Prompt (Windows). Paste and execute the SSH command. If applicable, provide the passphrase for your private key or the VM password. 5. Troubleshooting Tips Can’t connect via RDP/SSH? Double-check VM status (Running) Ensure correct IP and credentials Review NSG rules for open ports (3389 for RDP, 22 for SSH) Restart the VM if needed Dynamic IP changes? Consider reserving a static public IP address to avoid connection loss after reboots. SSH Key issues? Verify your key pair matches what was added to the VM Check file permissions (chmod 600 for private key on Linux/macOS) Cleaning Up Resources Once you're done working with your virtual machine, it’s important to clean up your resources to avoid unnecessary charges. Azure services are billed based on usage—even if you're not actively connected to the VM, you could still be charged for the compute, storage, and networking resources it consumes. Here’s how to properly shut things down: Option 1: Stop the VM (Preserves Configuration) Navigate to your VM’s overview page in the Azure Portal. Click the Stop button at the top. This shuts down the VM but keeps all associated resources (disks, IP addresses, etc.). Use this option if you plan to return to the VM later. Option 2: Delete the VM (Frees All Resources) From the VM overview page, click Delete at the top. Confirm the deletion when prompted. This removes the VM and associated compute charges but may leave behind other resources (e.g., disks, NICs, public IPs). To fully clean up: Go to the Resource Group where your VM was deployed. Review and delete any remaining resources you no longer need. Pro Tip: Always double-check which resources you're deleting—some may be shared across projects. 6. Best Practices for Secure VM Access ✅ Shut down unused VMs to reduce costs ✅ Use strong, unique credentials and SSH keys ✅ Avoid hardcoding secrets into scripts ✅ Enable Azure Bastion for browser-based secure access ✅ Implement Role-Based Access Control (RBAC) to limit user permissions ✅ Regularly rotate credentials and audit access logs Conclusion Connecting to a virtual machine in Azure is a foundational task for anyone working in cloud environments. In this guide, we walked through the essential steps—from accessing the Azure Portal and locating your VM, to establishing a secure connection using RDP for Windows or SSH for Linux. Along the way, we highlighted important best practices to ensure your access is both efficient and secure. Now that you’re comfortable connecting to a VM, you're ready to take the next step: creating and configuring your own virtual machines from scratch. What’s Next? In the next guide, we’ll explore provisioning new VMs in Azure, including choosing appropriate VM sizes, configuring network interfaces, and deploying software packages. Stay tuned as we dive deeper into cloud infrastructure management with Azure. Hyperlinks What Is a Virtual Machine and How Does It Work | Microsoft Azure Virtual machines in Azure - Azure Virtual Machines | Microsoft Learn Connect using Remote Desktop to an Azure VM running Windows - Azure Virtual Machines | Microsoft Learn Use SSH keys to connect to Linux VMs - Azure Virtual Machines | Microsoft LearnEfficiently Removing Inactive Guest Users in M365/Azure
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Many organizations forget to offboard their guest users. Whether students drop out, graduate, or are removed from the program, their guest accounts often linger in your tenant—quiet, forgotten, and potentially risky. Let’s talk about why it matters and what you should be doing about it. The Hidden Risk of Inactive Guest Users It’s easy to think of guest users as harmless—after all, they’re just there temporarily, right? But the reality is that each inactive user is an open door. A door that, if left unlocked, could be used by someone with bad intentions. Here’s why: Their credentials may be compromised elsewhere. If a former student reused a password or their email account is breached, an attacker could gain access to your tenant through their still-active guest account. They may retain access to sensitive files. Even if you think they’ve moved on, inactive users might still be able to view shared documents, recordings, or internal communication threads. Your organization becomes a bigger target. The more accounts you have—especially inactive or unmonitored ones—the more surface area an attacker can exploit. Nonprofits are particularly vulnerable. You’re working hard to do good in the world, but limited time, resources, and staff often mean security takes a back seat. That’s why it’s critical to develop lightweight, repeatable processes that protect your community and your mission. Guest Access Shouldn’t Be Set and Forget Inviting students into your tenant helps them feel part of something bigger. But just as important as the welcome is the send-off. Not everyone who starts the program finishes it, and not everyone who finishes needs continued access to your resources. Here are a few things to consider: Do you have a system to track who’s still active? Are you reviewing guest user activity periodically? Do you know how to remove or disable users when they’re no longer part of the program? If the answer to any of these is “no,” you’re not alone—and you’re not too late. The Benefits of Cleaning Up Your Tenant Beyond improving your security posture, removing inactive guest users can: Keep your environment organized. It’s easier to manage active cohorts when your tenant isn’t cluttered with outdated accounts. Reduce licensing conflicts. Even though guest users don’t typically consume licenses, having too many users can complicate group access, permissions, and automated workflows. Show respect for your participants. Offboarding users when their participation ends is a sign of professionalism—and it protects their data, too. Up Next: How to Remove Inactive Guest Users Now that you understand why it's important to remove inactive guest users, the next step is knowing how. Fortunately, Microsoft 365 provides built-in tools and settings to help you manage and clean up guest access safely and efficiently. In our next section, we’ll walk you through a step-by-step guide to identify and remove inactive guest users from your tenant. How to Create a Dynamic Group for Guest Users in Microsoft Entra ID The first thing we need to do is create a dynamic group for guest users. This step is important because dynamic groups automatically include users based on specific attributes—in this case, identifying anyone with a user type of "Guest." Instead of manually adding or removing users from a group each time someone joins or leaves your program, dynamic groups keep everything up to date for you. It’s a simple way to ensure your access management stays clean, organized, and secure. Step-by-Step Instructions Sign in to the Microsoft Entra admin center You’ll need to access the admin portal to manage groups and set up dynamic rules. Go to https://entra.microsoft.com and log in with your admin credentials > navigate to Manage Entra ID. Access the Groups section This is where all your groups are managed within Entra ID. In the left-hand menu, select Groups under the “Manage” section. Create a new group This begins the process of defining your dynamic group. Click + New group to start creating a new group from scratch. Configure group settings You’ll choose the group type, give it a name, and specify that it will use dynamic membership. Select Security as the group type, enter a name (like "Guest Users"), and choose Dynamic User under Membership type. Add dynamic membership rule This is where you set the condition that defines who will be in the group. Under Dynamic user members, click Add dynamic query to build a rule based on user attributes. Define the membership rule We’ll configure the rule so that it targets users where the userType equals Guest. Select + Add expression > set the Property to userType, Operator to Equals, and Value to Guest. Add second expression to filter active guests This ensures only active guest accounts are included. Click Add expression again > set the Property to accountEnabled, Operator to Equals, and Value to true. Validate the rules This helps confirm that your rule works as intended before applying it. Select Validate Rules > click + Add users and choose a guest user from the list. Save the dynamic rule Once your conditions are set, saving them will apply the logic to the group. Click Save to finalize the rule and return to the group creation screen. Create the group Review all the settings and create the group so it begins auto-populating. Click Create, and your dynamic group will now include all guest users automatically. Navigate back to the group tab > select Dynamic Groups > and select your group to view the members and verify all guest users have been added. We're not done just yet! Now let's automate the review and removal of inactive guest users. 🔍 How to Set Up an Access Review for Inactive Guest Users in Microsoft Entra ID After establishing a dynamic group for guest users, the next crucial step is to regularly review their activity. Access reviews in Microsoft Entra ID allow you to automate the process of identifying and removing inactive guest users, thereby maintaining a secure and compliant environment. Step-by-Step Instructions Access the Identity Governance section In the Azure search bar, type and select Identity Governance, then click on Access Reviews. Initiate a new access review Click on + New access review to start the configuration process. Select what to review • Resource type: Choose Teams + Groups • Review scope: Select Select Teams + groups • Group selection: Choose the dynamic group you previously created for guest users • Scope: Set to Guest users only • User scope: Check the box for Inactive users only • Days inactive: Specify the number of days (e.g., 30) to define inactivity Configure the review settings • Reviewers: Select Selected user(s) or group(s) • Users or Groups: Select your desired reviewer(s) • Duration: Set the number of days the review will be open (e.g., 5 days) • Recurrence: Choose the frequency (e.g., monthly, quarterly) or set it as a one-time review • Start date: Specify when the review should begin • End date: Define when the review should end or select Never for ongoing reviews Set up review settings • Auto apply results to resource: Enable this to automatically apply the review outcomes • If reviewers don't respond: Choose Remove access or Take recommendations to revoke access for users not reviewed • Action to apply on denied guest users: Select Block user from signing in for 30 days, then remove user from the tenant Configure advanced settings (optional) • Justification required: Require reviewers to provide reasons for their decisions • Email notifications: Enable to send notifications to reviewers at the start and end of the review • Reminders: Set up reminders for reviewers during the review period • Additional content for reviewer email: Add any specific instructions or information for reviewers Review and create the access review • Name: Provide a descriptive name for the access review • Description: Optionally, add details about the purpose of the review • Review: Ensure all settings are correct • Create: Click Create to initiate the access review Managing guest access might feel like a behind-the-scenes task, but it plays a frontline role in protecting your nonprofit’s data, resources, and reputation. Whether a guest user is a student who graduated, a volunteer who moved on, or someone who left unexpectedly, leaving their access unchecked can expose your organization to unnecessary risk. By creating a dynamic group for guest users and setting up regular access reviews, you’re putting smart guardrails in place. These steps not only strengthen your security but also keep your Microsoft 365 environment tidy, efficient, and aligned with best practices. Security doesn’t have to be complicated—and it shouldn’t be an afterthought. With tools already available in Microsoft Entra ID, you can stay proactive, stay protected, and keep your mission moving forward with confidence.Privileged Identity Management + Just-in-Time Access: Grant Access Only When It’s Needed
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Why always-on admin access is so last season That’s where Privileged Identity Management (PIM) and Just-in-Time (JIT) access come in. These powerful tools help nonprofits like yours give the right people access at the right time—no more, no less. It’s smart, secure, and surprisingly simple. Let’s break down what these tools do, and how they can help protect your organization without getting in the way of the amazing work you do every day. So, what is PIM and JIT—like, really? Think of Privileged Identity Management (PIM) as your organization’s VIP list—the folks who have elevated access to do high-level stuff like reset passwords, access financial data, or make major system changes. Now, here’s the twist: with Just-in-Time (JIT) access, no one stays on the VIP list forever. Instead, they request access when they need it—and lose it when they don’t. It’s like giving someone the keys to the office only when they need to go in, rather than letting them walk in 24/7. Why should nonprofits care? Because you're dealing with sensitive data—donor info, volunteer lists, grant applications—and you’re probably working with a lean team wearing many hats. That means it’s easy for someone to get elevated access “just in case” and never lose it. That’s risky business. Enter PIM + JIT = Peace of Mind. Real-life use case #1: The “Finance Volunteer” Scenario Let’s say you have a seasonal volunteer who helps with your annual fundraising campaign. They need access to your donor database and financial reports for two months. Normally, you'd assign them a high-level role and forget about it. With PIM, you give them eligible access, not active access. They request what they need, when they need it—and only for a set amount of time. Once they’re done, the access vanishes automatically. No more “Oops, I forgot they still had access six months later.” Real-life use case #2: The “IT Consultant” You Hired Once You brought in an external IT consultant to help set up your new Microsoft 365 environment. They needed global admin rights (eek!) for just a few days. Instead of giving them full access that lingers forever, you assign them a role through PIM with JIT access. They activate their access, do their job, and then—poof—it’s gone. You can even require multi-factor authentication and approval workflows before access is granted. You’re still in control. Bonus Perks You’ll Love Audit logs – Know who accessed what and when. Notifications – Get alerted when someone activates elevated access. Time limits – Set access to expire automatically. Approvals – Make sure someone signs off before access is granted. Final Thoughts Security doesn’t have to be boring or burdensome. Tools like PIM and JIT are built right into Microsoft 365 (hello, E5 license!) and help you strike the perfect balance between productivity and protection. Here’s the best part for nonprofits: Microsoft gives eligible nonprofit organizations 10 free Microsoft 365 Business Premium licenses—which already include powerful security features like Defender for Business and Intune. To unlock PIM and JIT, you’ll need Microsoft Entra ID Plan 2, which is included in Microsoft 365 Enterprise E5 licenses. But no worries—you can add this advanced level of protection as an affordable add-on to your Business Premium licenses. So yes, your nonprofit can absolutely step up to enterprise-grade security—without paying enterprise-grade prices. Your nonprofit is doing amazing work—let’s make sure your data and systems are just as amazing (and secure). How to Enable PIM and JIT Access in Microsoft Entra Ready to level up your security with PIM and JIT? Follow these steps to get started: Step 1: Sign In Go to the Microsoft Entra admin center at entra.microsoft.com and sign in with a Global Administrator or Privileged Role Administrator account. Step 2: Navigate to PIM In the left-hand menu, select Identity Governance. Click on Privileged Identity Management. Step 3: Manage Microsoft Entra Roles Under the Manage section, click Microsoft Entra roles. Step 4: Assign Roles with JIT (Eligible) Access To Assign roles select, Assign Eligibility. Choose the role you want to manage (e.g., Global Administrator, User Administrator, etc.) or select + Add assignments and select a role there. Apply the scope: this defines where the role applies. Directory Scope: Grants access across the entire Microsoft Entra directory (tenant). Use this for org-wide roles like Global Administrator or User Administrator. Application Scope: Limits access to a specific registered application (like a third-party app or a custom-built app). Assign roles here when managing permissions for app-specific access. Service Principal Scope: Applies the role to a specific service principal, which represents the identity used by an app or automation to access resources. Use this when assigning roles to automation accounts, scripts, or non-user entities. Assign to a username or group. When assigning roles in PIM, you can choose between two types: Eligible: The user does not have the role by default, but they can activate it when needed. This is ideal for Just-in-Time (JIT) access and is the most secure option. Active: The user has the role assigned permanently and doesn't need to request or activate it. Use this only when ongoing access is absolutely necessary. Choose whether the assignment is permanent or for a specific time frame. Click Assign to save. Step 5: Users Activate Roles When Needed (JIT Access) When a user needs to perform an admin task: They go to the Privileged Identity Management section. Find their eligible role and click Activate. Complete any required justification, MFA, or approval steps. Step 6: Approvers Review Activation Requests (Optional) If you’ve set up approvals: Approvers will receive a notification and can review/approve requests directly from the PIM portal. Step 7: Stay Compliant and Secure Regularly review role activations and audit activity logs. Adjust role assignments as needed to maintain least-privilege access. Additional Resources: Assign Microsoft Entra roles in PIM Assign eligibility for a group in PIM Built-in roles in Microsoft EntraHow to Purchase a Domain in Azure: A Step-by-Step Guide
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. How to Purchase a Domain in Azure: A Step-by-Step Guide Purchasing a domain in Azure is a straightforward process that allows you to create a custom web address for your applications. Whether you're setting up a personal blog, a business website, or an app, Azure makes it easy to manage your domains. Here's a step-by-step guide to help you get started. Step 1: Prerequisites Before you begin, ensure you have the following: An Azure subscription with a paid tier (App Service domains aren't supported on free trial or credit-based subscriptions). An existing App Service app or create a new one in an Azure Public region. To learn more about creating a new App Service app, please visit: Deploying a Web App on Azure App Service | Microsoft Community Hub ⚠️ Important: You cannot proceed with purchasing a domain through the App Service experience without first creating or selecting an existing App Service app. Step 2: Navigate to Custom Domains Log in to the Azure Portal: Go to portal.azure.com and sign in with your Azure account and click on "App Services." Please note: If you do not see App Services you may need to search for it in the search bar. Select Your App Service: Navigate to the App Service app you want to associate with your domain. Custom Domains: Under "Settings", you will see the "Custom Domains" option. Click on it to manage your custom domains. Step 3: Purchase a Domain Buy App Service Domain: Click on "Buy App Service domain." Configure Domain Settings: Subscription: Choose the subscription to use for purchasing the domain. Resource Group: Select the resource group where the domain will be placed. Domain Name: Enter the domain name you want (e.g., contoso.com). If your desired domain isn't available, Azure will suggest alternatives. Contact Information: Provide accurate contact information as required by ICANN for domain registration. Ensure you have access to the email address provided. Hostname Assignment: Verify the default hostnames to map to your app, such as the root domain (e.g., contoso.com) and the 'www' subdomain (e.g., www.contoso.com). Step 4: Complete the Purchase Review and Purchase: Review your settings and click "Buy" to complete the purchase. Confirmation: You will receive a confirmation email from GoDaddy, the domain registrar used by Azure. Step 5: Configure DNS Settings DNS Management: After purchasing the domain, you can manage DNS settings directly in Azure. Navigate to the "DNS Zone" in the Azure portal to configure records such as A, CNAME, and MX. For information on how to Create an Azure DNS zone and record using the Azure portal, please visit: Quickstart: Create a public DNS zone and record - Azure portal - Azure DNS | Microsoft Learn Map Domain to App: Ensure your domain is correctly mapped to your App Service app by verifying the DNS settings. You can learn more about buying and managing an app Service domain, by visiting: Buy and configure an App Service domain - Azure App Service | Microsoft Learn Conclusion Purchasing a domain in Azure is a seamless process that integrates well with your existing Azure services. By following these steps, you can easily set up a custom domain for your applications, enhancing your online presence and making your web address more memorable.Understanding and Purchasing SSL Certificates in Azure: A Comprehensive Guide
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Securing your website is paramount. One of the most effective ways to ensure the security of your online presence is by purchasing an SSL certificate. This blog will guide you through the process of purchasing SSL certificates, explain what SSL is, and delve into the specifics of wildcard SSL certificates. What is SSL? SSL stands for Secure Sockets Layer. It is a security protocol that provides privacy, authentication, and integrity to Internet communications. SSL was first developed by Netscape in 1995 to ensure that data transmitted between a web server and a browser remains private and integral. Over time, SSL evolved into Transport Layer Security (TLS), which is the modern standard for encryption. When a website implements SSL/TLS, its URL changes from "http://" to "https://", indicating that the connection is secure. SSL encrypts data transmitted across the web, ensuring that anyone who tries to intercept this data will only see a garbled mix of characters that is nearly impossible to decrypt. This encryption process involves an authentication handshake between two communicating devices to verify their identities and ensure data integrity. Why is SSL Important? SSL is crucial for several reasons: Privacy: SSL encrypts data, protecting sensitive information such as credit card numbers and personal details from being intercepted by hackers. Authentication: SSL verifies the identity of the web server, preventing attackers from setting up fake websites to steal data. Data Integrity: SSL ensures that data is not tampered with during transmission, maintaining its integrity. Types of SSL Certificates There are various types of SSL certificates, including: Domain-Validated (DV) Certificates: These are basic certificates that verify the domain name. Organization-Validated (OV) Certificates: These certificates provide a higher level of validation by verifying the organization behind the domain. Extended Validation (EV) Certificates: These offer the highest level of validation, displaying a green address bar in the browser to indicate a secure connection. What is a Standard SSL Certificate? A Standard SSL certificate is designed to secure a single domain (e.g., www.example.org). It’s ideal for organizations that only need to protect one website or service. These certificates are simpler to manage and typically more cost-effective than wildcard certificates. Benefits of Standard SSL Certificates: Simplicity: Best suited for securing a single domain. Cost-Effective: Generally, less expensive than wildcard certificates. Ease of Management: No need to manage subdomain coverage. If your organization does not require coverage for multiple subdomains, a standard SSL certificate may be the most practical and budget-friendly option. What is a Wildcard SSL Certificate? A wildcard SSL certificate is a versatile security solution that encrypts and secures multiple subdomains under a single domain. It uses an asterisk (*) in the domain name field to represent all possible subdomains. For example, a wildcard SSL certificate for *.example.com can secure [www.example.com] (http://www.example.com), mail.example.com, store.example.com, and any other first-level subdomain. Benefits of Wildcard SSL Certificates Wildcard SSL certificates offer several advantages: Cost-Effective: One certificate covers multiple subdomains, reducing overall expenses. Easy Management: Simplifies the process of securing and maintaining multiple subdomains. Flexibility: Allows for quick addition of new subdomains without purchasing new certificates. Consistent Security: Ensures uniform encryption across all subdomains. How to Purchase an SSL Certificate Purchasing an SSL certificate through Azure involves several steps. Here's a simplified guide: Log in to the Azure Portal: Go to portal.azure.com and sign in with your Azure account. Create a Resource: Click on "Create a resource" and search for "App Service Certificate." Select App Service Certificate: Click on "App Service Certificate" and then "Create." 4. Choose your subscription, resource group, App Name, publish, runtime stack, region, choose your certificate details (standard or wildcard), and etc. Once you have went through/reviewed all the necessary tab, select "review + create" to create your web app. 5. Bind the Certificate to Your App Service: Navigate to the App Service app you want to secure. In the left-hand menu, select "certificates” under the "settings." Here, you will find options like "Private Key Certificates (.pfx)" or "Public Key Certificates (.cer)" In the managed certificates pane, select + add certificate. To learn more about adding and managing a TLS/SS: certificate, please visit: Install a TLS/SSL certificate for your App - Azure App Service | Microsoft Learn Conclusion Purchasing an SSL certificate is a crucial step in securing your website and protecting your users' data. Whether you opt for a standard SSL certificate or a wildcard SSL certificate, the benefits of encryption, authentication, and data integrity are invaluable. By following the steps outlined above, you can ensure a secure and trustworthy online presence for your website.Azure Virtual Desktop vs. Azure Virtual Machines: What's the Difference for Nonprofits?
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. So, What’s the Difference? Azure Virtual Desktop (AVD): Think of AVD like a Windows PC in the cloud—but more flexible. You can use it to host multi-user desktops for teams or set up dedicated, personalized desktops for individual users. Users log into their own familiar desktop from anywhere. You (or your IT partner) manage everything centrally—apps, updates, security. Whether it's one user or 100, AVD can scale to match. Great for: Teams who need secure, remote access to the same apps—and individuals who just want their own cloud-based Windows desktop they can use anywhere. Azure Virtual Machine (VM): An Azure VM is like having your own personal computer or server in the cloud. It’s flexible, powerful, and you control every detail—from the operating system to the installed software. Great for: Hosting apps, websites, or databases, or running tools that require a specific setup. Use Cases in the Nonprofit World Let’s bring this down to earth with some nonprofit-flavored examples. Azure Virtual Desktop Use Cases: 1. Remote Staff and Volunteers Need a Consistent Experience You’ve got staff and volunteers logging in from laptops, tablets, or home desktops. AVD gives them a secure, cloud-based desktop with all the nonprofit’s tools preloaded—Microsoft 365, donor CRM, finance software, you name it. 💡 "It worked on my computer, were you able to get it up on yours?" is officially canceled. Everyone gets the same setup. Single-user AVD is perfect here—each person gets their own desktop environment they can log into from anywhere, no matter what device they’re using. 2. Securing Sensitive Client Data If your nonprofit handles personal or health data—say, for client services or case management—AVD keeps that data in the cloud, not on personal devices. Even if someone loses their laptop, your data stays safe inside the virtual desktop. Whether it's one person or a whole department, AVD gives you strong security and peace of mind. Azure Virtual Machine Use Cases: 1. Running a Custom Database or Legacy App Still using a donor tracking system from 2006? (Hey, no judgment.) Spin up a VM with the exact OS and environment you need—without messing with your main network or other users. It’s like building a safe time capsule for that one tool you still depend on. 2. Hosting a Website or Internal Tool Want to host your nonprofit’s website or a private tool for grant tracking or board reporting? A VM gives you full control—no need to pay for a third-party host with limitations. A little more tech-savvy, but super powerful and customizable. So… Which One Should You Use? Here’s your cheat sheet: Feature Azure Virtual Desktop (AVD) Azure Virtual Machine (VM) Designed for Multiple or single users One user or workload per VM Best for Remote desktops, secure access Servers, apps, or databases Cost-efficient when… You have remote staff or training needs You need dedicated computing resources Management Centralized for multiple users Per-VM basis User experience Familiar Windows desktop Fully customizable server/workload Wrapping It Up Whether you’re supporting a remote workforce, delivering training, running legacy apps, or hosting a website—Azure’s got the tools. Choose Azure Virtual Desktop if you want your team (or just one person) to access a secure, consistent Windows desktop from anywhere. Choose Azure Virtual Machines when you need full control for apps, websites, or one-off tech projects. Or hey, maybe you need both! Some nonprofits use AVD for staff and VMs for back-end systems. It’s all about picking the right combo for your mission.Deploying a Web App on Azure App Service: A Comprehensive Guide
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Azure App Service is a powerful platform for building, deploying, and scaling web apps. It supports multiple languages and frameworks, making it a versatile choice for developers. In this guide, we'll walk you through the process of deploying a web app on Azure App Service. Step 1: Prerequisites Before you start, ensure you have the following: An Azure account with an active subscription. If you don't have one, you can create a free account. Create Your Azure Free Account Or Pay As You Go | Microsoft Azure Your web app code ready for deployment. Visual Studio or any other development environment you prefer. Step 2: Create an App Service Log in to the Azure Portal: Go to portal.azure.com and sign in with your Azure account. Create a Resource: Click on "Create a resource" and select "App Service." 3. Configure your Web App: Choose your subscription, resource group, App Name, publish, runtime stack, region, and etc. Once you have went through/reviewed all the necessary tab, select "review + create" to create your web app. Step 3: Deploy Your Web App Deployment Center: Navigate to the "Deployment Center" in your App Service. Source Control: Choose your source control method (e.g., GitHub, Bitbucket, Azure Repos). Build Provider: Select the build provider (e.g., GitHub Actions, Azure Pipelines). Configure Settings: Follow the prompts to configure your deployment settings. This includes connecting your repository and setting up continuous integration/continuous deployment (CI/CD) pipelines. Step 4: Monitor and Scale Your App Monitor: Use Azure Monitor to keep track of your app's performance and health. Set up alerts to notify you of any issues. Scale: Azure App Service allows you to scale your app based on demand. Navigate to the "Scale up" or "Scale out" options to adjust your app's resources. Step 5: Manage Your App App Settings: Configure application settings, connection strings, and environment variables in the "Configuration" section. SSL Certificates: Secure your app with SSL certificates. Navigate to "TLS/SSL settings" to configure SSL bindings. Conclusion Deploying a web app on Azure App Service is a streamlined process that integrates well with various development tools and workflows. By following these steps, you can easily deploy, monitor, and scale your web app, ensuring a robust and reliable online presence.Azure Storage Options - A Guide to Choosing the right storage option
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Provided in this guide is a nonprofit-friendly breakdown of the main Azure Storage types, what they’re good for, and how to choose based on your needs and budget. The 4 Main Types of Azure Storage Azure offers four primary types of storage: Storage Type What It Stores Best For Blob Storage Unstructured data: images, videos, PDFs Media files, documents, backups File Storage Shared files accessible via SMB protocol Team file shares, legacy apps, migrations Table Storage NoSQL key-value data Lightweight data like logs or sensor data Queue Storage Messages for task automation Background tasks, app-to-app communication Let’s break them down in more detail, with nonprofit use cases. 🟣 1. Azure Blob Storage (Binary Large Object) What it is: A flexible place to store unstructured data—like documents, images, and videos. Use case for nonprofits: Uploading program videos or workshop recordings for your community Storing scanned forms, reports, or grant applications Keeping secure backups of sensitive files Cost tip: You can save money using Cool or Archive tiers for files you rarely access. 🔵 2. Azure File Storage What it is: A cloud-based shared file system that acts like a network drive. Use case for nonprofits: Replacing on-premise file servers Collaborating across teams in remote or hybrid environments Making legacy nonprofit software cloud-accessible Bonus: It integrates easily with Windows using standard SMB protocols, so your team won’t need to learn anything new. 🟢 3. Azure Table Storage What it is: A NoSQL storage option for simple key-value pairs. Use case for nonprofits: Storing lightweight data like newsletter sign-ups or app usage logs When you need a low-cost alternative to a full database Note: It’s not for complex queries—this is basic storage, great for lightweight scenarios. 🟡 4. Azure Queue Storage What it is: A messaging system that lets apps send and receive messages asynchronously. Use case for nonprofits: Automating tasks, like sending thank-you emails after an online donation Managing volunteer registration workflows You probably won’t use this directly, but if your IT team or a consultant is building an app for you, it might be part of the backend. How to Choose: A Quick Guide for Nonprofits Need Best Option Store and access documents, images, or videos Blob Storage Share files across staff or locations File Storage Store structured data (like a simple database) Table Storage Automate tasks between services Queue Storage Long-term storage or backups (low cost) Blob Storage (Archive Tier) Replacing an on-site file server File Storage 💡 Cost-Saving Tips for Nonprofits Use your Azure credits: Eligible nonprofits get $3,500 in free Azure credits annually via Microsoft for Nonprofits. Pick the right tier: Blob storage offers Hot, Cool, and Archive tiers based on how often you access data. Turn on auto-delete or lifecycle rules: Save money by setting old files to auto-delete or move to a cheaper tier. Final Thoughts Azure Storage offers powerful tools to help your nonprofit stay secure, organized, and scalable. Choosing the right option ensures your team has access to the files and data they need—without overspending. Whether you’re working with an IT volunteer, a cloud consultant, or just learning it yourself, knowing the basics of Azure Storage puts your organization in a stronger position to grow and serve your community.Tips & Tricks for Provisioning Virtual Machines on Azure
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. Why Deploy Virtual Machines? Last year, a small nonprofit focused on community health faced a challenge: they needed to test a new donor management system without risking their live database. With a tight budget and no room for error, they turned to Virtual Machines, and it changed everything. Virtual Machines (VMs) offer nonprofits a cost-effective, secure way to test new tools, deploy updates, and collaborate remotely without putting critical systems at risk. By creating isolated environments, VMs add an important layer of protection: if something goes wrong in one virtual machine, the issue stays contained, leaving the rest of the system safe. For nonprofits navigating tight budgets and big ambitions, VMs can be game changers. And the example above is just the beginning. In this guide, we’ll walk you through best practices for provisioning virtual machines and help you choose the right setup for your organization’s unique needs. Choosing The Right Size & Type Disclaimer: Pricing for Virtual Machines (VMs) can differ based on the region and is contingent upon availability. All listed prices are estimates and may be subject to change without prior notice. For the most accurate and up-to-date pricing, please refer to the official pricing page. The information provided here is accurate as of April 2025. Azure offers a variety of VM series and sizes tailored to different use cases. Choosing the right one ensures you get enough performance without overspending. Here’s a quick overview of common VM types and when to use them: B-series (Burstable VMs) – Best for development, testing, or small workloads. These are low-cost VMs that accumulate credits when idle and burst (use full CPU) when needed. Ideal for scenarios that don’t need full CPU constantly, such as a low-traffic website, a small database, or a dev/test server. B-series VMs are very economical for nonprofits on a tight budget but not suited for sustained heavy CPU usage (they’ll slow down once burst credits are used up). D-series (General purpose) – Good for many production workloads. D-series VMs have a balanced mix of CPU, memory, and disk suitable for web servers, application servers, and databases in production. If you’re hosting a website or an app for your nonprofit and expect steady usage, a D-series (like D2s_v3 or D4s_v3) is a safe choice. They’re designed to handle most business workloads reliably. E-series (Memory optimized) – Use for memory-intensive applications. E-series have a higher memory-to-CPU ratio. These are great for large relational databases, in-memory analytics, or applications like SQL Server, SharePoint, or SAP that need a lot of RAM. A nonprofit likely uses these only if running big databases or data analytics programs that require extra memory. F-series (Compute optimized) – Use for CPU-intensive tasks. F-series provide a higher CPU-to-memory ratio. They are suited for workloads that need a lot of processing power but not as much RAM – for example, batch processing, scientific computations, or high-traffic application servers that perform intensive calculations. If your nonprofit does data analysis or simulations (say for research), an F-series might be fitting. Others (specialty VMs) – Azure also has specialized families: N-series (GPU) – for graphics-heavy or machine learning workloads (with NVIDIA GPUs). H-series (High Performance Computing) – for extremely compute-intensive tasks (like simulations). M-series (High Memory) – for extremely large memory needs (like very large databases). These are less common for typical nonprofit scenarios, but it’s good to know they exist if you have specialized needs (for example, an N-series VM could help a nonprofit that does AI-driven image processing or video rendering). Cost Management Tips Nonprofits often have limited budgets, so it’s important to optimize costs. Azure provides several ways to save money on VMs without sacrificing necessary performance: Start/Stop VMs and Auto-shutdown: Unlike on-premises servers, you pay for cloud VMs only while they’re running. If you don’t need the VM 24/7, shut it down when not in use (and deallocate it in Azure so you’re not billed for compute). Azure even has an auto-shutdown option to turn off the VM on a schedule (e.g., every night at 7 PM). This is great for dev/test or office-hours-only scenarios. (Note: Even when a VM is stopped, you still pay for the storage of its disk, but that cost is minimal.) Azure Spot Instances: For certain workloads, you can use Spot VMs to get huge discounts (up to 90% off) normal prices. Spot VMs allow Azure to use spare capacity – the trade-off is Azure can evict (stop) your VM if it needs that capacity back (with a 30-second warning). This is ideal for batch jobs, testing, or workloads that can handle interruptions. For example, if your nonprofit runs a large data analysis job overnight, a Spot VM could be very cost-effective. However, Spot VMs are not recommended for any critical or persistent service (like your main website) because they can be turned off unexpectedly. Reserved Instances: If you know you’ll need a VM continuously for a long period (one year or three years), consider Azure Reserved Virtual Machine Instances. You commit to a 1-year or 3-year term for a VM and in return get a significant discount (up to ~72% vs. pay-as-you-go prices). This works well for production servers that will be always on. You pay upfront (or yearly) for the reservation, which locks in the lower rate. Azure Hybrid Benefit: If you use Windows Server or SQL Server, you might already own licenses. Azure Hybrid Benefit allows you to apply existing licenses to Azure VMs and pay a lower rate (essentially, you’re not charged for the license again). Combining Reserved Instances + Hybrid Benefit can yield up to ~80% savings for Windows VMs. Nonprofits that have on-premises licenses or software assurance should investigate this. Scaling Strategically: Plan your deployment to scale efficiently: Scale Up vs Scale Out: Scaling up means increasing a VM’s size (more CPU/RAM) when needed, whereas scaling out means adding more VM instances. For example, if your nonprofit’s website is getting popular, you could scale up from a 2-core VM to a 4-core VM or scale out to two 2-core VMs behind a load balancer. Scaling out with multiple smaller VMs can be more cost-effective and offers redundancy (if one VM goes down, the others still serve the site). Azure has features like Virtual Machine Scale Sets that automatically add/remove VMs based on demand. Right-Size Your VM: It’s common to start with a smaller VM and only increase if needed. Azure Monitor (discussed later) can show if your VM is under heavy load. Conversely, if a VM is mostly idle, you might downgrade to a cheaper size. Azure Advisor will recommend cost optimizations such as shutting down underused VMs or rightsizing them. Use Free and Open-Source Software on Linux: If your workload can run on Linux, consider using Linux VMs to avoid Windows licensing costs. For instance, hosting a website with a LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu can be cheaper than running a Windows VM with IIS and MS SQL (due to license). We’ll talk more about Linux vs Windows soon. Azure Credits and Donations: As a nonprofit, check Microsoft’s programs for nonprofits. You may receive Azure credits or grants that can cover a portion of your costs. Always use those first! Additionally, using Azure Cost Management tools, you can set up a budget to get alerted if you approach a monthly spending limit – a good safety net for tight budgets. By combining these strategies, nonprofits can stretch their cloud budget significantly while still meeting their IT needs. Azure’s own guidance highlights that using reserved instances and existing licenses can drastically cut costs, and that spot instances offer deep discounts for flexible workloads. Conclusion In conclusion, you have a better understanding of how you can empower your organization to deploy Aure VMs. We covered what types of Virtual machine sizes and types to consider based on your needs. How you can weigh balancing cost and performance. You learned effective strategies on how you can save money with tips for cost management. If you would like to explore more about your options and perform a deep dive into materials, please see the links below to learn more. With careful planning, smart resource management, and Azure’s built-in tools, your organization can confidently build powerful, cost-effective cloud solutions. Hyperlinks Virtual Machine series | Microsoft Azure QuickStart - Create a Windows VM in the Azure portal - Azure Virtual Machines | Microsoft Learn What are Azure Reservations? - Microsoft Cost Management | Microsoft LearnWhat Is an SQL Database? A Beginner's Guide
At the heart of this post is Kairos IMS, an innovative Impact Management System designed to empower human-serving nonprofits and social impact organizations. Co-developed by the Urban League of Broward County and our trusted technology partner, Impactful, Kairos IMS reduces administrative burdens, enhances holistic care, and enables organizations to leverage data for increased agility and seamless service delivery. In this blog series, we’ll take a closer look at the powerful technologies that fuel Kairos IMS, from Azure services to security frameworks, offering insight into how modern infrastructure supports mission-driven impact. Click here to learn more. What Does SQL Stand For? SQL (pronounced "ess-cue-ell" or sometimes "sequel") stands for Structured Query Language. It's a standardized programming language used to manage and manipulate relational databases—a type of database that stores data in tables, similar to a spreadsheet. What Is an SQL Database? An SQL database is any database that uses SQL to query and manage the data it holds. It organizes information into tables, which are made up of rows (records) and columns (fields). These tables can be linked to each other using relationships, making it easy to combine and retrieve related data efficiently. For example, an online store might have: A Customers table (name, email, phone number), An Orders table (order ID, customer ID, product ID), A Products table (product name, price, stock count). With SQL, the business can easily pull reports like “show all orders placed by John Doe” or “list products low in stock.” How Nonprofits Can Use SQL Databases Imagine you're running a youth mentorship program. You could use an SQL database to manage: Participants (name, age, school, enrollment date) Volunteers (contact info, availability, background check status) Sessions (which mentor met with which student, when, and where) With a few SQL queries, you could: Generate a monthly report on how many mentorship hours were logged See which students have missed more than two sessions Pull contact information for all volunteers available on Tuesdays What Can You Do with SQL? SQL allows you to: Create and modify databases and tables Insert, update, and delete records Query data using commands like SELECT, WHERE, and JOIN Set up permissions for who can access or change the data Common SQL Database Systems Several software systems (called Database Management Systems, or DBMS) use SQL. Some popular ones include: MySQL – free and open-source, widely used for websites Microsoft SQL Server – enterprise-level database used by many businesses PostgreSQL – powerful open-source DBMS with advanced features SQLite – lightweight, often used in mobile apps Oracle Database – robust and scalable, commonly used in large corporations Why Are SQL Databases Important? SQL databases are trusted for: Data integrity: ensuring accuracy and consistency Scalability: handling large amounts of data as your needs grow Security: controlling who can view or edit information Reliability: mature systems that are well-tested in real-world use Conclusion SQL databases are the backbone of modern data management. Whether you’re building a website, managing customer records, or running a business, understanding SQL gives you the tools to organize and retrieve your data efficiently. Even a basic knowledge of SQL can open doors in tech, analytics, and beyond. An SQL database can be a game-changer for nonprofits looking to stay organized, demonstrate impact, and scale their operations. Whether you're a grassroots organization just starting out or an established nonprofit ready to modernize your systems, understanding SQL is a smart step toward using data for good.
