Stikkord: azure
-
Learning PowerShell with GitHub Copilot: Building a Hub–Spoke Networking Test
I wanted a project that would ensure that I keep my PowerShell skills and continued to learn new stuff. I chose to build a hub–spoke networking test with an Azure Firewall in the middle. It was complex enough to be interesting and a topic that I’m very familiar with. My PowerShell skills are somewhere in…
-
How I Accidentally Spent a stupid amount on a Test Firewall (And Built a Solution So It Never Happens Again)
Picture this: You’re sitting on a beach in Thailand, coconut in hand, completely disconnected from work. Life is good. Then you make the mistake of checking your Azure bill. $650 For one month. For a test subscription that should cost maybe $50. The culprit? One Azure Firewall. Premium tier. Running 24/7 for two weeks while I was…
-
Simplifying Azure IPAM Hierarchies with Terraform: Two Approaches
Azure Virtual Network Manager (AVNM) has recently gone GA with a powerful new feature: IP Address Management (IPAM). I’ve been diving deep into this feature—exploring how to implement it using Infrastructure as Code (IaC) and designing operational models around it. Link to the module. While working with IPAM, I encountered a few challenges when designing a…
-
Getting Started with Azure Front Door and Private Link for Container Apps
Since the support for container apps as private link enabled origins for azure front door in GA. I took a look at how easy it is to get started using it. The announcement can be found here. I followed this easy guide and this is what I learned from setting it up in the Azure…
-
Deploy Maester with Terraform: A Simple Guide
Maester is a PowerShell-based framework for automating security testing within Microsoft environments, developed by Merill Fernando, Faben Bader, and Thomas Naunheim. This blog post discusses an easy approach to deploying Maester using Terraform for managing Microsoft tenant security settings. The configuration enables monthly security checks and email notifications for any issues. The tool is set…
-
Mastering Azure Virtual Network Manager for Security and Efficiency
The Azure Virtual Network Manager (AVNM) transforms the task of altering network infrastructure into a simplified process. It enables users to configure network topologies, change hubs, and implement security rules efficiently. The interface allows for quick modifications. AVNM manages security admin rules centrally, ensuring network owners cannot override them. Additionally, it deploys User-Defined Routes (UDR)…
-
Staying Updated on Tech: My Weekly Tools
I often get asked how to stay updated on major tech updates. The simple answer is you can’t. It’s not possible to stay updated on all areas all the time. You need to focus on areas that interest you the most and use some effective tools. Tools I use the following tools every week: For…
-
Azure Virtual Network Manager – A game changer or just a costly upgrade?
Intro Managing networks in Azure can pose significant challenges due to the multitude of resources involved. Maintaining control over these resources further amplifies the complexity. The entire system hinges on the network functioning as intended. Add security into the mix, and you’re dealing with a highly complex, high-risk component of your architecture. Azure Virtual Network…
-
Azure Virtual WAN: Personal Experiences and Key Considerations
Are you intrigued by Azure Virtual WAN? If so, continue reading. I’ve been working with this technology for several months and I’m eager to share my firsthand experiences from multiple implementations. However, before you delve deeper, please note that this article will not delve into the intricate details of how routing works internally within Azure…
-
Navigating the Challenges of Policy as Code in Azure: Part 2
Previously, I have written about some challenges around policy as code. You can find the previous blog here. There I discuss some problems I see with policy as code in general. Now I’m going to delve a little deeper into the problem and look even more at what Microsoft gives us and what we might…
-
How to get custom condition as IaC for the role Role Based Access Control Administrator
TL;DR The new Azure Role, “Role Based Access Control Administrator,” allows for granular control over role assignments. This blog post details the creation of a Terraform module to implement this functionality. The process involves understanding the functionality via the Azure portal, writing the code, and dealing with unsupported functions in the azurerm provider from Terraform…
-
Analyzing User Privileges in Azure based on activity
Maintaining control over users with directory roles is a challenge in itself. However, a more informed approach involves examining their usage based on activity logs. This provides a comprehensive view of how these roles are being utilized by the respective users. Executing this script offers an overview of the users and their activities over the…
-
Enabling Virtual Network Encryption
Short blog that goes through how to enable virtual network encryption.
-
Navigating the Challenges of Policy as Code in Azure
The text is about the my experience with Policy as Code in Azure, which is a way of using policies to create and enforce rules for resources. I try to discusses some of the challenges and scenarios that arise after deploying policies, such as deny policies, audit policies, and deploy if not exists policies. Pointing…
-
Get started with PowerShell 7.2 in Azure Automation Account
Microsoft just release the support for Powershell 7.2 in Azure Automation Account. For one that have been using runbook for a long time this was a great upgrade. There are a lot of work left before it is an pleasant experience. So, I have created this blog to explain a few workarounds for the problems…
-
Demystifying Azure Policies: The Role of the DenyAction Effect
TL;DR The new DenyAction effect in Azure Policy provides a robust mechanism to prevent accidental deletion of critical resources and enforce compliance. It offers a more granular control compared to resource locks, allowing specific actions to be blocked. This blog post explores the use of DenyAction effect and provides an example of its implementation. Introduction Azure Policy’s effectiveness largely…
-
Automating DNS Integration with PaaS Services in Azure
Introduction Working with DNS in a cloud environment can be challenging, especially when integrating Platform as a Service (PaaS) services, such as Azure Storage or Azure SQL Database, into the network. In this article, we will explore how Azure Policy can help automate and streamline this process. The Problem For many enterprises, using PaaS services…
-
Azure Landing Zones: Enhancing Security and Simplifying Resource Management with Access Packages
What is Access Packages? Access packages are a powerful feature of Microsoft Entra ID that can help organizations manage identity and access lifecycle at scale. Access packages must be in a container called a catalog, which defines what resources you can add to your access package. If you don’t specify a catalog, your access package…
-
Azure Firewall as DNS Proxy with the new Azure DNS Resolver
Introduction Since I’m one of those that is «born in the cloud» I have not been working very much with DNS until now. DNS has always been a black box, but now with the new Azure DNS Revolver I though is was about time to take a deep dive into this and see how this…
-
Tips and tricks when using the ALZ terraform module
I have been playing around with the terraform module from Microsoft for the Azure Landing Zone (ALZ) for some time now. It is one of the technical implementation option for the ALZ under the CAF framework. While the module offers commendable features, its utilization and reverse engineering process can be intricate at time. I have…
Håvard Løkensgard 