Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

Gallery

The Microsoft cybersecurity reference architecture will be explained by demoing key components, starting with Azure Security Center for a cross platform visibility, protection and threat detection. Then a walk through on how you can secure different Azure services covering Azure … Continue reading

How to Configure Microsoft ADFS with Azure MFA as Primary Authentication

Gallery

In order to setup Azure MFA as Primary Authentication with AD FS, this does require you to move to Azure MFA (cloud-based version). I have not deployed Azure Multi-Factor Authentication Server (on-prem/hybrid version) in a few years for anyone as … Continue reading

Move or Add a VM’s Primary NIC from one VNET to another vNet

Gallery

In this example, the powershell Cmdlets edit the VM NIC properties and change the subnet from one vNet to another vNet. Step1: Get Azure VM, NIC and Resource Group Properties. Stop-AzVM -Name “vm” -ResourceGroupName “RG01” $vm = Get-AzVm -Name “vm” … Continue reading

Migration from Office 365 or Microsoft 365 mailboxes to G Suite using the G Suite Data Migration Service

Gallery

Supported Environment Microsoft 365, Office 365, Exchange 2016, 2013, 2010, 2007 or 2003. Supported G Suite G Suite Enterprise, Business, Basic, and Education accounts G Suite Cost Standard prices are shown. Google occasionally offers special discounts to some customers for … Continue reading

Amazon WorkSpaces : A Cost-effective Alternative to Windows Virtual Desktop

Gallery

An Amazon WorkSpace is a cloud-based virtual desktop that can act as a replacement for a traditional desktop. A WorkSpace is available as a bundle of operating system, compute resources, storage space, and software applications that allow a user to … Continue reading

Migrating Azure VM to AWS EC2 using AWS Server Migration Service

Gallery

Requirements for Azure connector The recommended VM size of Azure connector is F4s – 4 vCPUs and 8 GB RAM. Ensure that you have a sufficient Azure CPU quota in the region where you are deploying the connector. A Standard … Continue reading

Prepare Windows 10 Master Image & Deploy Windows Virtual Desktop

Gallery

Microsoft announced Windows Virtual Desktop and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a true multi-session Windows 10 and Office 365 ProPlus virtual desktop and app experience on any … Continue reading

Migrate Alibaba ECS VM to Azure Cloud using Azure Site Recovery Services

Gallery

In my previous blog, I have written how to migrate workloads from VMware to Azure Cloud.  In this tutorial, I am going to elaborate you how to migrate Amazon Web Services (AWS) EC2 virtual machines (VMs) to Azure VMs by … Continue reading

Migrate SQL Server to Azure SQL Database using Database Migration Services (DMS)

Gallery

The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database. The Data Migration Service (DMA) lets you … Continue reading

Convert Synced User to In-Cloud User

Gallery

Here is the scenario: Synced ID: Specifies the immutable ID of the federated identity of the user. This should be omitted for users with standard identities. You have local Active Directory with AAD Connect installed, which sync users and password … Continue reading

Build DMZ in Azure Cloud

Gallery

This gallery contains 3 photos.

Azure routes traffic between Azure, on-premises, and Internet resources. Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table. You can override some of Azure’s system routes with … Continue reading

Decide on Office 365 Migration Path

Gallery

This gallery contains 1 photo.

Deciding on the best migration path of your users’ email to Office 365 can be difficult. Your migration performance will vary based on your network, existing messaging systems design, mailbox size, migration speed, and so on. For migrations from an … Continue reading

Azure Stack Pricing Model

Gallery

This gallery contains 1 photo.

Azure Stack is sold as an integrated system, with software pre-installed on validated hardware. Azure Stack comes with two operational modes—Connected and Disconnected. Connected Mode use Azure metering services with the Microsoft Azure Cloud. The Disconnected Mode does not use … Continue reading

Amazon EC2 and Azure Virtual Machine (Instance) Comparison

Gallery

This gallery contains 1 photo.

Both Amazon EC2 and Azure VM provide a wide selection of VM types optimised to fit different use cases. An instance or VM is combinations of virtual CPU, virtual memory, temporary storage, and networking capacity and give a customer the … Continue reading

Azure AD B2B Collaboration With SharePoint Online

Gallery

This gallery contains 2 photos.

Azure AD B2B collaboration capabilities to invite guest users into your Azure AD tenant to allow them to access Azure AD service Azure AD B2B collaboration invited users can be picked from OneDrive/SharePoint Online sharing dialog boxes. OneDrive/SharePoint Online invited … Continue reading

Migrate Amazon Web Services (AWS) EC2 VM to Azure Cloud

Gallery

This gallery contains 1 photo.

In my previous blog, I have written how to migrate workloads from VMware to Azure Cloud.  In this tutorial, I am going to elaborate you how to migrate Amazon Web Services (AWS) EC2 virtual machines (VMs) to Azure VMs by … Continue reading

Backup VMware Server Workloads to Azure Backup Server

Gallery

This gallery contains 1 photo.

In my previous article, I explained how to install and configure Azure Backup Server. This article explains how to configure Azure Backup Server to help protect VMware  Server workloads. I am assuming that you already have Azure Backup Server installed. … Continue reading

Azure Backup Server v2

Gallery

This gallery contains 2 photos.

Azure Backup is used for backups and DR, and it works with managed disks as well as unmanaged disks. You can create a backup job with time-based backups, easy VM restoration, and backup retention policies. The following table is a … Continue reading

Migrate a SQL Server database to Azure SQL Database

Gallery

This gallery contains 1 photo.

Azure Database Migration Service partners with DMA to migrate existing on-premises SQL Server, Oracle, and MySQL databases to Azure SQL Database, Azure SQL Database Managed Instance or SQL Server on Azure virtual machines.     Moving a SQL Server database … Continue reading

Migrating VMware Virtual Workloads to Microsoft Azure Cloud

Gallery

This gallery contains 3 photos.

Overview Migrating to the cloud doesn’t have to be difficult, but many organizations struggle to get started. Before they can showcase the cost benefits of moving to the cloud or determine if their workloads will lift and shift without effort, … Continue reading

Nimble Hybrid Storage for Azure VM

Gallery

Microsoft Azure can be integrated with Nimble Cloud-Connected Storage based on the Nimble Storage Predictive Flash platform via Microsoft Azure ExpressRoute or Equinix Cloud Exchange connectivity solutions. The Nimble storage is located in Equinix colocation facilities at proximity to Azure … Continue reading

EMC Unity Hybrid Storage for Azure Cloud Integration

Gallery

The customers who have placed their workload in both on-premises and cloud forming a “Hybrid Cloud” model for your Organisation, you probably need on-premises storage which meets the requirement of hybrid workloads. EMC’s Unity hybrid flash storage series may be … Continue reading

Geo-mapping using Azure Traffic Manager

Gallery

Microsoft Azure Traffic Manager allows you to control the distribution of user traffic for service endpoints in different datacenters and region. Traffic Manager support distribution of traffic for Azure VMs, Web Apps, cloud services and non-Azure endpoints. Traffic Manager uses … Continue reading

Office 365 MailFlow Scenarios and Best Practices

Gallery

Microsoft Office 365 gives you the flexibility to configure mail flow based on your requirements and uses scenario to delivered email to your organisation’s mailboxes. The simplest way to configure mail flow is to allow Microsoft EOP to handle spam … Continue reading

Azure Site-to-Site IPSec VPN connection with Citrix NetScaler (CloudBridge)

Gallery

This gallery contains 1 photo.

An Azure Site-to-Site VPN gateway connection is used to connect on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing … Continue reading

Migrate Office 365 Relying Party Trust to Different ADFS Farm

Gallery

To migrate Office 365 Relying Party Trust from an existing ADFS Farm to new ADFS Farm, follow the step by step guide. Migrating Office 365 Relying Party Trust will incur a minor disruption to SSO environment. Prerequisites: Existing ADFS Farm … Continue reading

Deploy Work Folder in Azure Cloud

Gallery

The concept of Work Folder is to store user’s data in a convenient location. User can access the work folder from BYOD and Corporate SOE from anywhere. The work folder facilitate flexible use of corporate information securely from supported devices. … Continue reading

ADFS 4.0 Step by Step Guide: Federating with Splunk Cloud

Gallery

To integrate On-Premises SSO with Splunk Cloud, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Splunk Cloud tenant Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/acs Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/logout ADFS Sign-on URL https://sts.domain.com/adfs/services/trust ADFS Sign-Out URL  https://sts.domain.com/adfs/ls/?wa=wsignout1.0 … Continue reading

ADFS 4.0 Step by Step Guide: Federating With Google Apps

Gallery

To integrate On-Premises SSO with Google Apps, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Google Apps single sign-on enabled subscription Google Apps Sign-on URL https://mail.google.com/a/domain.com ADFS Sign-on URL https://sts.domain.com/adfs/ls/ ADFS Password Change URL https://sts.domain.com/adfs/portal/updatepassword/ ADFS … Continue reading

ADFS 4.0 Step by Step Guide: Federating with ServiceNow

Gallery

Prerequisites: Windows Active Directory Windows Server 2016 with ADFS Role installed ServiceNow Tenant ADFS Signing certificate from ADFS Server ADFS Service Identifier: http://sts.domain.com/adfs/services/trust ServiceNow Sign On URL: https://company.service-now.com/navigate.do ServiceNow Identifier: https://company.service-now.com ADFS Signout URL: https://sts.domain.com/adfs/ls/?wa=wsignout1.0 Step1: Export Token Signing Certificate … Continue reading

Configure Azure B2B, Azure Rights Management for on-premises SharePoint, Exchange and File server

Gallery

Azure Information Protection (Azure RMS) is an enterprise information protection solution for any organization. Azure RMS provides classification, labeling, and protection of organization’s data. Note: This deployment also enables Azure B2B access for the Published Applications in Azure AD. Azure … Continue reading

Office 365 Hybrid Deployment with Multiple Active Directory Forests

Gallery

This article explains how you can deploy a hybrid Office 365 and Exchange on-premises environment with multiple Active Directory Forest. An organisation that utilizes an account forest and a resource forest to separate Active Directory accounts and Exchange servers in … Continue reading

Configuring Azure ExpressRoute using PowerShell

Gallery

Microsoft Azure ExpressRoute is a private connection from on-premises networks to the Microsoft cloud over a private peering facilitated by a network service provider. With ExpressRoute, you can establish a faster, low latencies and reliable connection to Microsoft cloud services, … Continue reading

Building Multiple ADFS Farms in a Single Forest

Let’s paint a picture, you have an unique requirement to build multiple ADFS farms. you have a fully functional hybrid environment with EXO. you do not want to modify AAD connect and existing ADFS servers. But you want several SaaS applications use different ADFS farm with MFA but their identity is managed by the same Active Directory forest used by existing ADFS farm.

Here is the existing infrastructure:

  • 1 single forest with multiple hybrid UPNs (domainA.com, domainB.com, domainC.com and many…)
  • 2x ADFS servers (sts1.domainA.com)
  • 2X WAP 2012 R2 cluster
  • 1x AAD Connect
  • 1X Office 365 Tenant with several federated domains (domainA.com, domainB.com, domainC.com and many….)
  • 1x public CNAME sts1.domainA.com

Above configuration is working perfectly.

Now you would like to build a separate ADFS 2016 farm with WAP 2016 cluster for SaaS applications. This ADFS 2016 farm will be dedicated to authenticate these SaaS applications. you would also like to turn on MFA on ADFS 2016. Add new public authentication endpoint such as sts2.domainA.com for ADFS 2016 farm.

End goal is that once user hit https://tenant.SaaSApp.com/ it will redirect them to sts2.domain.com and prompt for on-prem AD credentials and MFA if they are accessing from public network.

New ADFS 2016 infrastructure in the same forest and domain:

  • 2X ADFS 2016 Servers (sts2.domainA.com)
  • 2X WAP 2016 Servers
  • 1 X separate public IP for sts2.domainA.com
  • 1X public CNAME for sts2.domainA.com
  • 1X Private CNAME for sts2.domainA.com

Important Note: You have to prepare Active Directory schema to use ADFS 2016 functional level. No action/tasks necessary in existing ADFS 2012 R2 environment.

Guidelines and referrals to build new environment.

Upgrading AD FS to Windows Server 2016 FBL

ADFS 4.0 Step by Step Guide: Federating with Workday

Branding and Customizing the ADFS Sign-in Pages

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part I

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part II

Office 365 Hybrid Deployment with Exchange 2016 Step by Step

Gallery

Hybrid Configuration Business Case. On-premises IRM- Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. Antispam and malware protection- Mailboxes moved to Office 365 are automatically provided with antivirus … Continue reading

Upgrading AD FS to Windows Server 2016 FBL

Gallery

This article will describe how to install new ADFS 2016 farm or upgrade existing AD FS Windows Server 2012 R2 farm to AD FS in Windows Server 2016. Prerequisites: ADFS Role in Windows Server 2016 Administrative privilege in both ADFS … Continue reading

ADFS 4.0 Step by Step Guide: Federating with Workday

Gallery

This article provides step by step guidelines to implement single sign on using ADFS 4.0 as the identity provider and Workday as the identifier and service provider. Important Note: Workday does not provide a service provider metadata XML file to … Continue reading

Create Azure Internal Load Balancer using PowerShell

Gallery

Input Parameters: Subnets: Subnet_10.x.x.x Resource Groups (Service Name): ServerGroup1 VMs: Server1, Server2 InternalLoadBalancerName: InternalLB1 Port: 443 Find the Subnets where you would like to create a internal load balancer. Get-AzureVNetSite Find the VMs which you would like to add to … Continue reading

Exchange 2010/2013 to Exchange 2016 Migration Step by Step

Gallery

Deployment Location: On-premises Target Environment: Exchange Server 2016 CU4 Current Environment: Exchange Server 2010 or Exchange Server 2013 or mixed Public Folder Location: Exchange Server 2013 Understanding of Exchange Server 2016: Exchange Server 2016 wraps up in two Exchange roles … Continue reading

Enable multi-factor authentication for office 365 users using PowerShell

Gallery

The script enables strong authentication for Office 365 users from a CSV input. Before you turn on strong auth or multi-factor auth, take necessary measure to communicate with users to notify them that they will have to register their mobile … Continue reading

Add multiple users to Office 365 security groups using PowerShell Scripts

Gallery

Step1:  Connect MSOL Services Connect-MsolService Step2: Find out ObjectID of the Security Group you would like add members to Get-MsolGroup –Maxresults 100000 | Where-Object {$_.DisplayName -eq “Test Security Group”} Get-MsolGroup –ObjectId “af407072-7ae1-4b07-a0ca-6634b7396054” OR Sign-in to Portal.Azure.Com and Select Azure Active … Continue reading

Office 365: Configuring catch-all mailbox during migration

Gallery

Step1: Create Catch-All Mailbox 1. Sign in to portal.office.com>Active Users 2. Create a new user named “Catch-All-Mailbox” and assign licenses either E1 or E3. Step2: Create exception Security Group (Optional Step) 1. Log onto Office 365 admin portal 2. Go … Continue reading