cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Core Infrastructure and Security Blog
Options
1,193

Moving a Windows 365 Cloud PC From One DC Region to Another - MS Hosted Network

AtilGurcan on Nov 24 2022 12:40 AM
Windows 365 Logo From time to time, your employees may need to relocate from a location to another. Or more often, a new...
1,416

Private Endpoint DNS Resolution with Azure Private Resolver for Multi-Region

AndrewCoughlin on Nov 21 2022 12:00 AM
Have you ever wondered how to setup private endpoint and dns resolution for when you have connectivity to Azure in two d...
2,159

Learning Op: Migrate Away From ADFS to Azure AD

BrandonWilson on Nov 18 2022 09:00 PM
A path to a valuable learning opportunity for our readers!      
9,847

How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?

PaulHarrison on Nov 18 2022 10:42 AM
A quick post to help you navigate the Kerberos on domain controllers issues stemming from the November 8, 2022 update
1,760

Flexible and Simple Solution to Start and Stop VMs

fbinotto on Nov 14 2022 12:02 AM
Save on costs with this flexible solution.
1,599

Azure Monitor: Check and Assess Log Analytics Workspace, Application Insights and Dedicated Cluster

Bruno Gabrielli on Nov 10 2022 12:00 AM
Retaining control over your monitoring infrastructure, being aware of the number Application Insights instances, their i...
2,376

Azure Monitor: Calculating Chargeback to Split Monitoring Costs Across Projects

Bruno Gabrielli on Nov 09 2022 12:00 AM
Need to calculate the monitoring chargeback for your project? There's a way to perform a good estimation for both Azure ...
1,741

Check This Out! (CTO!) Guide (October 2022)

BrandonWilson on Nov 03 2022 02:49 PM
Welcome to the October 2022 Check This Out! (CTO!) guide: Helping you to expand your horizons!
6,929

Create Emergency Access Accounts for Azure AD and Use Log Analytics to Monitor Sign-ins from Them

Michael Hildebrand on Oct 31 2022 04:00 AM
As part of your cloud BCDR processes, make sure you have a solid emergency accounts process and automation watching for ...
3,707

Estimating Azure Diagnostics Cost

hspinto on Oct 24 2022 12:00 AM
Azure resource logging (with Azure Diagnostics) is recommended as part of the Operational Excellence and Security pillar...
2,799

Introduction to Network Trace Analysis 2: Jumping into TCP Connectivity

WillAftring on Oct 17 2022 05:17 AM
Howdy everyone, I hope you're hungry we have a feast of information we will be going through today. Our topic will be th...
3,910

Internet of PowerShell

fbinotto on Oct 09 2022 04:12 PM
Run PowerShell script from anywhere with IoT Hub.
2,190

Check This Out! (CTO!) Guide (September 2022)

BrandonWilson on Oct 07 2022 09:39 AM
Welcome to the September 2022 Check This Out! (CTO!) guide: Helping you to expand your horizons!
5,938

Azure Enterprise Policy as Code – Azure Landing Zones Integration

Anthony_W on Oct 03 2022 12:26 AM
Integrate the Enterprise Policy as Code solution with Azure Landing Zone policy deployment and management across your en...
6,025

Prepare for Cloud Service Disaster Recovery - Export Key M365 Services Configurations

Michael Hildebrand on Sep 30 2022 10:03 AM
When disaster strikes an IT infrastructure, be it an accident or maliciousness, a bit of preparation can go a long way t...
4,167

How To Determine What Devices Are Connecting To a Storage Account

AndrewCoughlin on Sep 26 2022 12:00 AM
Have you ever wondered how to determine if any devices are still using a storage account blob, file, table, or queues? I...
4,601

Create Azure Service Health Alerts for All Resource Groups

wernerrall on Sep 19 2022 01:16 AM
Create Azure Service Healths for All Resources in Resource Groups and email Contributors/Owners.
15.8K

Azure Enterprise Policy as Code – A New Approach

Anthony_W on Sep 12 2022 01:04 AM
We work closely with customers using Azure Policy and have seen many different methods of deploying and maintaining it, ...
3,261

Check This Out! (CTO!) Guide (August 2022)

BrandonWilson on Sep 09 2022 02:17 PM
Welcome to the August 2022 Check This Out! (CTO!) guide: Helping you to expand your horizons!
8,874

Fun with Azure VPN

fbinotto on Sep 06 2022 04:09 PM
Connect your lab with your internet devices and learn a lot about Azure VPN.
15.5K

Upgrading AKS Using REST API

varghesejoji on Sep 01 2022 11:19 AM
This blog covers the usage of Azure REST APIs to test upgrade options on Azure Kubernetes Service (AKS)  
5,050

Domain Join a Storage Account Leveraging Azure Automation

DarrenTurchiarelli on Aug 29 2022 04:24 PM
Are you looking to take the next step in your cloud journey and pivot away from managing file servers? Why not look at A...
3,153

Q: Who is adding a bunch of DNS records to my environment?

PaulHarrison on Aug 25 2022 02:00 AM
A: Everyone wants to go back in time to enable auditing before an incident has happened, but in this case, we can do som...
3,054

Right Size/Recommend Azure SQL Managed Instance

wernerrall on Aug 22 2022 12:35 AM
Do you need to understand if you are using the correct size of Azure SQL Managed Instance? Have your business needs chan...
3,517

Modernizing Endpoint Management – Encryption – Part 2

PaddyDamodharan on Aug 15 2022 12:00 AM
Part 2 - Use Intune to backup & recover Bitlocker keys for Co-managed clients.
6,818

Modernizing Endpoint Management – Encryption - Part 1

PaddyDamodharan on Aug 08 2022 12:00 AM
Part 1 - Use Intune to recover Bitlocker keys for ConfigMgr managed clients (Tenant attached).
2,277

CIS Tech Community-Check This Out! (CTO!) Guide (July 2022)

BrandonWilson on Aug 04 2022 08:12 AM
Welcome to the July 2022 Check This Out! (CTO!) guide: Helping you to expand your horizons!
3,227

The RC4 Removal Files Part 3 – The “Everything Else” Of It

Joel Vickery on Aug 01 2022 08:33 PM
Its the end of the road for RC4 and this blog post describes how to put the final nail in the RC4 coffin.
4,527

Accessing Key Vault from Another Subscription Over Private Endpoint

AndrewCoughlin on Jul 25 2022 12:00 AM
In this blog I will walk through the process of using a managed identity and access an Azure Key Vault from another subs...
3,773

Introduction to Network Trace Analysis Part 1: Asking Questions and Collecting Data

WillAftring on Jul 18 2022 07:55 AM
Today’s post will be a bit shorter but will cover how we collect network traces and what information we need to make use...

Latest Comments

RossUA
in Decrypting the Selection of Supported Kerberos Encryption Types on Nov 24 2022 10:53 AM
@Jerry Devore we are only observing RC4 used for TGT tickets obtained by NetApp storage. It is reported in the event 4768 as Ticket Encryption Type 0x17. The vast majority of other computer and user accounts are using AES encryption for TGT tickets for a long time already. And we have changed the pa...
0 Likes
FelixF
in Decrypting the Selection of Supported Kerberos Encryption Types on Nov 24 2022 07:03 AM
Thank you @Jerry Devore and @RossUA . Your help is much appriciated. After changing msDS-SupportedEncryptionTypes to 0x4 (RC4_HMAC_MD5) , we're able to access the NetApp again. The session key now is RC4. Thank you for your help, we'll check how to get rid of this configuration by either getting rid...
0 Likes
PeterTJohnsonZA
in Part 2 - You Might Want to Audit Your LAPS Permissions.... on Nov 24 2022 03:27 AM
Hi Eric A question that occurred to me. Am I correct in assuming that the "Owner" Security Principal of a computer object would have this capability as well? If that is true and you are some sort of computer provisioning/deployment software like SCCM etc. you would probably want to make sure that Ow...
0 Likes
azuser
in Decrypting the Selection of Supported Kerberos Encryption Types on Nov 23 2022 02:23 PM
It would be unrestricted for Kerberos if the GPO for the "Network security: Configure encryption types allowed for Kerberos" policy is not defined.Also, the msDS-SupportEncryptionTypes attribute for the KRBTGT not set(nothing).Will the KRBTGT's encryption type remain the same as RC4 since we deploye...
0 Likes
Jerry Devore
in Decrypting the Selection of Supported Kerberos Encryption Types on Nov 23 2022 10:44 AM
@FelixF - The November update (11B.22) is causing the updated DCs to default to AES session keys. In some cases you can resolve the issue by explictly setting RC4 in msDS-SupportedEncryptionTypes for the computer objects of the target (NetApp server in this case). However, the recommended approach w...
0 Likes