Using Azure Bastion via through vWAN Virtual Hub
I have a feedback about Azure Bastion. I am using the ability to use Azure Bastion with multiple virtual networks via vNET Peering. I would like to extend this feature to use it via a Virtual WAN hub. However, the current Azure Bastion does not seem to detect peering through a virtual hub. I hope Azure Bastion to be able to connect to VM hosts on different virtual networks via a virtual hub.
Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?
ExpressRoute with IPsec tunnel to on-prem
Is it possible to configure an IPsec tunnel over ExpressRoute with NVAs? The ExpressRoute is configured for Azure Private Peering. Is there any kind of list of supported NVAs for this scenario? So far we've tried vWAN with ExpressRoute to configure the IPsec and it works but we can see a significant impact on billing due to vWAN I guess. Also if you can think of any alternatives to setup ExpressRoute (with Az Private Peering) with IPsec tunnel then please share. So far for me the available options are vWAN and NVAs - at least according to this thread https://docs.microsoft.com/en-us/answers/questions/50909/configure-ipsec-encryption-over-express-route.html
SDWAN and Express route
Hello Team , We have a global MPLS Network for a Service Provider X . Now we want to estalish Express route for our Hub vnets in Azure cloud . this looks fine Now we also have an SDWAN project running ;there is a Juniper Device on prem . which split the traffic between MPLS and VPN . when traffic switch to MPLS , juniper will do encryption . So do express route support encryption ? will there be any benefit ? how do we use pure MPLS express route and SDWAN together
IKEv2 and Windows 10/11 drops connectivity but stays connected in Windows
I’ve seen this with 2 different customers using IKEv2 User VPNs (virtual wan) and Point to Site gateways in hub and spoke whereby using the VPN in a Always On configuration (device and user tunnel) that after a specific amount of time (56 minutes) the IKEv2 connection will drop the tunnel but stay connected in Windows. To restore the connection, you just reconnect. has anyone else had a similar experience? I’ve seen the issue with ExpressRoute and with/without Azure firewalls in the topology too.Recommendation for Best VPN solution for Banking customer
Hi Community, One of our customer wants to implement a VPN solution that will direct all network traffic through a trusted location. The reason for this is they're a new start-up bank and will need 2 things. Some legacy bank solutions still require you to access from a static IP - but their devices are built with Azure AD/Intune/Autopilot. For home/coffee shop networks, all traffic must be securely routed for access to any web based applications Customer considering the below solutions and they're looking to keep the solution within the Azure/M365 stack rather than integrate within any additional vendor networking, if possible. Always-on VPN, deployed via Intune to devices Open enterprise app VPN, once again deployed via Intune Azure VWAN for directing traffic through Azure Questions: What would be best approach from the above ones? Is there any other better solution than this? Any guidance would be of great help. Many thanks!Live webinar - Optimizing Cloud Experience with Cisco SD-WAN and Microsoft Azure Networking
Join our team of experts today, Tuesday, November 30th @ 11:30 PM UTC (3:30 PM Pacific time) for a joint live webinar between Microsoft and Cisco to get exclusive insight on how we are extending our existing partnership with Cisco to improve network connectivity to cloud-based applications. During the session, you'll hear from the Microsoft and Cisco product teams on industry first innovations designed to improve the integration between Microsoft 365 and Cisco SD-WAN Cloud OnRamp for SaaS. These enhancements will give users more control over traffic flow, insight into deep metrics, and automated policy integration. You’ll also learn how customers can extend their Cisco SD-WAN from branch sites to their workloads on Azure using virtual WAN, access workloads with little or no additional configuration, provide end-to-end automation from branch to cloud, and leveraging Azure global backbone for regional connectivity. Register for the event here: Optimizing Cloud Experience with Cisco SD-WAN and Microsoft Azure Networking (cvent.com)Azure Firewall query
Hi Community, Our customer has a security layer subscription which they want to route and control all other subscription traffic via. Basically, they want to remove direct VPeers between subscriptions and to configure Azure Firewalls to allow them to control and route all other subscriptions traffic. All internet traffic would then be routed down our S2S VPN to our Palo Alto’s in Greenwich for internet access (both ways). However, there may be some machines they would assign Azure Public IP’s to for inbound web server connectivity, but all other access from external clients would be routed via the Palos inbound. Questions: Which one (Azure Firewall or Azure WAN) would be best option? What are the pros and cons? Any reference would be of great help.
