Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

The Microsoft cybersecurity reference architecture will be explained by demoing key components, starting with Azure Security Center for a cross platform visibility, protection and threat detection. Then a walk through on how you can secure different Azure services covering Azure … Continue reading →

Configure ADFS Extranet Lockout Protection

Extranet lockout provides the following key advantages: It protects your user accounts from brute force attacks where an attacker tries to guess a user’s password by continuously sending authentication requests. In this case, AD FS will lock out the malicious … Continue reading →

How to Configure Microsoft ADFS with Azure MFA as Primary Authentication

In order to setup Azure MFA as Primary Authentication with AD FS, this does require you to move to Azure MFA (cloud-based version). I have not deployed Azure Multi-Factor Authentication Server (on-prem/hybrid version) in a few years for anyone as … Continue reading →

Replace ADFS and WAP SSL Certificates

On the ADFS Server: Import the new SSL certificate in the computers MY“ certificate store. Run a elevated Powershell to get the thumbprint of the certificate. cd cert: cd localmachine cd my dir Identify the thumbprint in the output. In … Continue reading →

How to Upgrade ADFS 2012 R2/2016 to Server 2019

Once Computer restarted the Server 2016, Now you can see that AD FS Management is available. Now Click on it and open the AD FS Management But if you see, AD FS on Server 2016 is not showing anything here. … Continue reading →

SELF SERVICE PASSWORD RESET IN AADCONNECT NOT WORKING

For those google searching the eventlog azure ad connect sync errors I just had, which I couldn’t google an answer to: Start the AADConnect wizard and disable Password Writeback Do a delta sync Start the AADConnect wizard and enable Password … Continue reading →

Deploy Azure Application Gateway –Step by Step

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source … Continue reading →

Move or Add a VM’s Primary NIC from one VNET to another vNet

In this example, the powershell Cmdlets edit the VM NIC properties and change the subnet from one vNet to another vNet. Step1: Get Azure VM, NIC and Resource Group Properties. Stop-AzVM -Name “vm” -ResourceGroupName “RG01” $vm = Get-AzVm -Name “vm” … Continue reading →

Migration from Office 365 or Microsoft 365 mailboxes to G Suite using the G Suite Data Migration Service

This gallery contains 1 photo.

Supported Environment Microsoft 365, Office 365, Exchange 2016, 2013, 2010, 2007 or 2003. Supported G Suite G Suite Enterprise, Business, Basic, and Education accounts G Suite Cost Standard prices are shown. Google occasionally offers special discounts to some customers for … Continue reading →

Amazon WorkSpaces : A Cost-effective Alternative to Windows Virtual Desktop

This gallery contains 1 photo.

An Amazon WorkSpace is a cloud-based virtual desktop that can act as a replacement for a traditional desktop. A WorkSpace is available as a bundle of operating system, compute resources, storage space, and software applications that allow a user to … Continue reading →

Migrating Azure VM to AWS EC2 using AWS Server Migration Service

This gallery contains 1 photo.

Requirements for Azure connector The recommended VM size of Azure connector is F4s – 4 vCPUs and 8 GB RAM. Ensure that you have a sufficient Azure CPU quota in the region where you are deploying the connector. A Standard … Continue reading →

Prepare Windows 10 Master Image & Deploy Windows Virtual Desktop

This gallery contains 2 photos.

Microsoft announced Windows Virtual Desktop and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a true multi-session Windows 10 and Office 365 ProPlus virtual desktop and app experience on any … Continue reading →

Migrate Alibaba ECS VM to Azure Cloud using Azure Site Recovery Services

In my previous blog, I have written how to migrate workloads from VMware to Azure Cloud.  In this tutorial, I am going to elaborate you how to migrate Amazon Web Services (AWS) EC2 virtual machines (VMs) to Azure VMs by … Continue reading →

Migrate SQL Server to Azure SQL Database using Database Migration Services (DMS)

The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. The Data Migration Service (DMA) lets you … Continue reading →

Convert Synced User to In-Cloud User

Here is the scenario: Synced ID: Specifies the immutable ID of the federated identity of the user. This should be omitted for users with standard identities. You have local Active Directory with AAD Connect installed, which sync users and password … Continue reading →

Build DMZ in Azure Cloud

This gallery contains 3 photos.

Azure routes traffic between Azure, on-premises, and Internet resources. Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table. You can override some of Azure’s system routes with … Continue reading →

Decide on Office 365 Migration Path

This gallery contains 1 photo.

Deciding on the best migration path of your users’ email to Office 365 can be difficult. Your migration performance will vary based on your network, existing messaging systems design, mailbox size, migration speed, and so on. For migrations from an … Continue reading →

Azure Stack Pricing Model

This gallery contains 1 photo.

Azure Stack is sold as an integrated system, with software pre-installed on validated hardware. Azure Stack comes with two operational modes—Connected and Disconnected. Connected Mode use Azure metering services with the Microsoft Azure Cloud. The Disconnected Mode does not use … Continue reading →

Amazon EC2 and Azure Virtual Machine (Instance) Comparison

This gallery contains 1 photo.

Both Amazon EC2 and Azure VM provide a wide selection of VM types optimised to fit different use cases. An instance or VM is combinations of virtual CPU, virtual memory, temporary storage, and networking capacity and give a customer the … Continue reading →

Azure AD B2B Collaboration With SharePoint Online

This gallery contains 2 photos.

Azure AD B2B collaboration capabilities to invite guest users into your Azure AD tenant to allow them to access Azure AD service Azure AD B2B collaboration invited users can be picked from OneDrive/SharePoint Online sharing dialog boxes. OneDrive/SharePoint Online invited … Continue reading →

Migrate Amazon Web Services (AWS) EC2 VM to Azure Cloud

This gallery contains 1 photo.

In my previous blog, I have written how to migrate workloads from VMware to Azure Cloud.  In this tutorial, I am going to elaborate you how to migrate Amazon Web Services (AWS) EC2 virtual machines (VMs) to Azure VMs by … Continue reading →

Backup VMware Server Workloads to Azure Backup Server

This gallery contains 1 photo.

In my previous article, I explained how to install and configure Azure Backup Server. This article explains how to configure Azure Backup Server to help protect VMware  Server workloads. I am assuming that you already have Azure Backup Server installed. … Continue reading →

Azure Backup Server v2

This gallery contains 2 photos.

Azure Backup is used for backups and DR, and it works with managed disks as well as unmanaged disks. You can create a backup job with time-based backups, easy VM restoration, and backup retention policies. The following table is a … Continue reading →

Migrate a SQL Server database to Azure SQL Database

This gallery contains 1 photo.

Azure Database Migration Service partners with DMA to migrate existing on-premises SQL Server, Oracle, and MySQL databases to Azure SQL Database, Azure SQL Database Managed Instance or SQL Server on Azure virtual machines.     Moving a SQL Server database … Continue reading →

Migrating VMware Virtual Workloads to Microsoft Azure Cloud

This gallery contains 3 photos.

Overview Migrating to the cloud doesn’t have to be difficult, but many organizations struggle to get started. Before they can showcase the cost benefits of moving to the cloud or determine if their workloads will lift and shift without effort, … Continue reading →

Nimble Hybrid Storage for Azure VM

Microsoft Azure can be integrated with Nimble Cloud-Connected Storage based on the Nimble Storage Predictive Flash platform via Microsoft Azure ExpressRoute or Equinix Cloud Exchange connectivity solutions. The Nimble storage is located in Equinix colocation facilities at proximity to Azure … Continue reading →

EMC Unity Hybrid Storage for Azure Cloud Integration

The customers who have placed their workload in both on-premises and cloud forming a “Hybrid Cloud” model for your Organisation, you probably need on-premises storage which meets the requirement of hybrid workloads. EMC’s Unity hybrid flash storage series may be … Continue reading →

Geo-mapping using Azure Traffic Manager

Microsoft Azure Traffic Manager allows you to control the distribution of user traffic for service endpoints in different datacenters and region. Traffic Manager support distribution of traffic for Azure VMs, Web Apps, cloud services and non-Azure endpoints. Traffic Manager uses … Continue reading →

Office 365 MailFlow Scenarios and Best Practices

Microsoft Office 365 gives you the flexibility to configure mail flow based on your requirements and uses scenario to delivered email to your organisation’s mailboxes. The simplest way to configure mail flow is to allow Microsoft EOP to handle spam … Continue reading →

Azure Site-to-Site IPSec VPN connection with Citrix NetScaler (CloudBridge)

This gallery contains 1 photo.

An Azure Site-to-Site VPN gateway connection is used to connect on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing … Continue reading →

Migrate Office 365 Relying Party Trust to Different ADFS Farm

To migrate Office 365 Relying Party Trust from an existing ADFS Farm to new ADFS Farm, follow the step by step guide. Migrating Office 365 Relying Party Trust will incur a minor disruption to SSO environment. Prerequisites: Existing ADFS Farm … Continue reading →

Deploy Work Folder in Azure Cloud

The concept of Work Folder is to store user’s data in a convenient location. User can access the work folder from BYOD and Corporate SOE from anywhere. The work folder facilitate flexible use of corporate information securely from supported devices. … Continue reading →

Azure Site Recovery for VMware VMs

Azure Site Recovery orchestrates and manages disaster recovery for Azure VMs in Azure Cloud, and on-premises VMs in VMware, System Center VMM and physical servers. Prerequisites: VMware Virtual Server Azure Subscription Azure Virtual Network ExpressRoute between On-premises to Azure Network … Continue reading →

ADFS 4.0 Step by Step Guide: Federating with Splunk Cloud

To integrate On-Premises SSO with Splunk Cloud, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Splunk Cloud tenant Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/acs Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/logout ADFS Sign-on URL https://sts.domain.com/adfs/services/trust ADFS Sign-Out URL  https://sts.domain.com/adfs/ls/?wa=wsignout1.0 … Continue reading →

ADFS 4.0 Step by Step Guide: Federating With Google Apps

To integrate On-Premises SSO with Google Apps, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Google Apps single sign-on enabled subscription Google Apps Sign-on URL https://mail.google.com/a/domain.com ADFS Sign-on URL https://sts.domain.com/adfs/ls/ ADFS Password Change URL https://sts.domain.com/adfs/portal/updatepassword/ ADFS … Continue reading →

ADFS 4.0 Step by Step Guide: Federating with ServiceNow

Prerequisites: Windows Active Directory Windows Server 2016 with ADFS Role installed ServiceNow Tenant ADFS Signing certificate from ADFS Server ADFS Service Identifier: http://sts.domain.com/adfs/services/trust ServiceNow Sign On URL: https://company.service-now.com/navigate.do ServiceNow Identifier: https://company.service-now.com ADFS Signout URL: https://sts.domain.com/adfs/ls/?wa=wsignout1.0 Step1: Export Token Signing Certificate … Continue reading →

Configure Azure B2B, Azure Rights Management for on-premises SharePoint, Exchange and File server

Azure Information Protection (Azure RMS) is an enterprise information protection solution for any organization. Azure RMS provides classification, labeling, and protection of organization’s data. Note: This deployment also enables Azure B2B access for the Published Applications in Azure AD. Azure … Continue reading →

Office 365 Hybrid Deployment with Multiple Active Directory Forests

This article explains how you can deploy a hybrid Office 365 and Exchange on-premises environment with multiple Active Directory Forest. An organisation that utilizes an account forest and a resource forest to separate Active Directory accounts and Exchange servers in … Continue reading →

Configuring Azure ExpressRoute using PowerShell

Microsoft Azure ExpressRoute is a private connection from on-premises networks to the Microsoft cloud over a private peering facilitated by a network service provider. With ExpressRoute, you can establish a faster, low latencies and reliable connection to Microsoft cloud services, … Continue reading →

Building Multiple ADFS Farms in a Single Forest

Let’s paint a picture, you have an unique requirement to build multiple ADFS farms. you have a fully functional hybrid environment with EXO. you do not want to modify AAD connect and existing ADFS servers. But you want several SaaS applications use different ADFS farm with MFA but their identity is managed by the same Active Directory forest used by existing ADFS farm.

Here is the existing infrastructure:

• 1 single forest with multiple hybrid UPNs (domainA.com, domainB.com, domainC.com and many…)
• 2x ADFS servers (sts1.domainA.com)
• 2X WAP 2012 R2 cluster
• 1x AAD Connect
• 1X Office 365 Tenant with several federated domains (domainA.com, domainB.com, domainC.com and many….)
• 1x public CNAME sts1.domainA.com

Above configuration is working perfectly.

Now you would like to build a separate ADFS 2016 farm with WAP 2016 cluster for SaaS applications. This ADFS 2016 farm will be dedicated to authenticate these SaaS applications. you would also like to turn on MFA on ADFS 2016. Add new public authentication endpoint such as sts2.domainA.com for ADFS 2016 farm.

End goal is that once user hit https://tenant.SaaSApp.com/ it will redirect them to sts2.domain.com and prompt for on-prem AD credentials and MFA if they are accessing from public network.

New ADFS 2016 infrastructure in the same forest and domain:

• 2X ADFS 2016 Servers (sts2.domainA.com)
  
• 2X WAP 2016 Servers
• 1 X separate public IP for sts2.domainA.com
• 1X public CNAME for sts2.domainA.com
• 1X Private CNAME for sts2.domainA.com

Important Note: You have to prepare Active Directory schema to use ADFS 2016 functional level. No action/tasks necessary in existing ADFS 2012 R2 environment.

Guidelines and referrals to build new environment.

Upgrading AD FS to Windows Server 2016 FBL

ADFS 4.0 Step by Step Guide: Federating with Workday

Branding and Customizing the ADFS Sign-in Pages

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part I

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part II

Office 365 Hybrid Deployment with Exchange 2016 Step by Step

Hybrid Configuration Business Case. On-premises IRM- Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. Antispam and malware protection- Mailboxes moved to Office 365 are automatically provided with antivirus … Continue reading →

Upgrading AD FS to Windows Server 2016 FBL

This article will describe how to install new ADFS 2016 farm or upgrade existing AD FS Windows Server 2012 R2 farm to AD FS in Windows Server 2016. Prerequisites: ADFS Role in Windows Server 2016 Administrative privilege in both ADFS … Continue reading →

ADFS 4.0 Step by Step Guide: Federating with Workday

This article provides step by step guidelines to implement single sign on using ADFS 4.0 as the identity provider and Workday as the identifier and service provider. Important Note: Workday does not provide a service provider metadata XML file to … Continue reading →

Login to Exchange Online PowerShell using MFA

Once you enable MFA on Admin account, you will be denied access to EXO using PowerShell until you update Azure PowerShell version to latest. Download and install Microsoft Online Services Sign-In Assistant and Azure Active Directory Connection preview Use Connect-MsOlService … Continue reading →

Create Azure Internal Load Balancer using PowerShell

Input Parameters: Subnets: Subnet_10.x.x.x Resource Groups (Service Name): ServerGroup1 VMs: Server1, Server2 InternalLoadBalancerName: InternalLB1 Port: 443 Find the Subnets where you would like to create a internal load balancer. Get-AzureVNetSite Find the VMs which you would like to add to … Continue reading →

Exchange 2010/2013 to Exchange 2016 Migration Step by Step

Deployment Location: On-premises Target Environment: Exchange Server 2016 CU4 Current Environment: Exchange Server 2010 or Exchange Server 2013 or mixed Public Folder Location: Exchange Server 2013 Understanding of Exchange Server 2016: Exchange Server 2016 wraps up in two Exchange roles … Continue reading →

Enable multi-factor authentication for office 365 users using PowerShell

The script enables strong authentication for Office 365 users from a CSV input. Before you turn on strong auth or multi-factor auth, take necessary measure to communicate with users to notify them that they will have to register their mobile … Continue reading →

Add multiple users to Office 365 security groups using PowerShell Scripts

Step1:  Connect MSOL Services Connect-MsolService Step2: Find out ObjectID of the Security Group you would like add members to Get-MsolGroup –Maxresults 100000 | Where-Object {$_.DisplayName -eq “Test Security Group”} Get-MsolGroup –ObjectId “af407072-7ae1-4b07-a0ca-6634b7396054” OR Sign-in to Portal.Azure.Com and Select Azure Active … Continue reading →

Configuring Retention Policies in Office 365

Retention policies are used to manage email lifecycle. Retention policies are applied by creating retention tags, adding them to a retention policy, and applying the policies to mailboxes. To Create various retention policies in Office 365 using simple PowerShell. Connect … Continue reading →

Office 365: Configuring catch-all mailbox during migration

Step1: Create Catch-All Mailbox 1. Sign in to portal.office.com>Active Users 2. Create a new user named “Catch-All-Mailbox” and assign licenses either E1 or E3. Step2: Create exception Security Group (Optional Step) 1. Log onto Office 365 admin portal 2. Go … Continue reading →