Concepts on justinverstijnen.nl

I tested Azure Virtual Desktop RemoteAppV2

Wed, 25 Mar 2026 00:00:00 +0000

Microsoft announced RemoteAppV2 under some pretty enhancements on top of the older RemoteApp engine. This newer version has some improvements like:

Better multi monitor support
Better resizing/window experience
Visuals like window shadows

I cannot really show this in pictures, but if you test V2 alongside V1, you definitely notice these small visual enhancements. However, a wanted feature called “drag-and-drop” is still not possible on V2.

Source: https://learn.microsoft.com/en-us/azure/virtual-desktop/remoteapp-enhancements

How to enable RemoteAppV2

To enable RemoteAppV2, you need to set a registry key as long as the preview is running. Make sure you are compliant with the requirements as described on this page (client + hosts):

Getting started with GitHub Pages

Thu, 19 Mar 2026 00:00:00 +0000

With GitHub Pages, we can host some free websites for personal use. This is really great as we mostly already use GitHub to store our code and assets for websites. In this guide, I will explain some of the advantages of GitHub Pages, and how to get started by using the service.

Let’s dive into it!

Requirements

A GitHub account (free)
A domain name for your website, or you can use the default domain name of GitHub
- youraccount.github.io
A template website to upload to your domain name
Some basic knowledge about websites and DNS

What is GitHub Pages?

GitHub Pages allows you to host a static website directly from a GitHub repository. This can be done without managing a server, infrastructure, or hosting provider. The only thing you do is create a repository, upload a website, and optionally connect it to a domain name of your choice. We can compare this to Azure Static Web Apps if you are familiar with that.

How to properly secure Break Glass Accounts in your Entra ID

Sun, 01 Mar 2026 00:00:00 +0000

In our environment, we will do everything to secure it as much as possible. We give users only the permissions they need and only at given times, we enable Conditional Access to limit access to our data as much as possible.

But we also create Break Glass administrator accounts as our last resort, a method to login if everything else doesn’t work. Security wise, this sounds against all rules but we prefer a account to login in emergency situations over a complete tenant lockout.

Everything you need to know about Azure Bastion

Sun, 15 Feb 2026 00:00:00 +0000

Azure Bastion is a great tool in Azure to ensure your virtual machines are accessible in a fast, safe and easy way. This is cool if you want to embrace Zero Trust into your servers management layer and so a secure way to access your servers in Azure.

In this guide I will explain more about Azure Bastion and I hope I can give you a good overview of the service, its features, pricing and some practice information.

What is MTA-STS and how to use it to protect your email flow

Thu, 08 Jan 2026 00:00:00 +0000

MTA-STS is a standard for ensuring TLS is always used for email transmission. This increases security and data protection because emails cannot be read by a Man in the Middle. It works like this for inbound and outbound email to ensure security is applied to all of the messages processed by your emailing solution and domains.

In this guide I will explain how it works. Because it is a domain specific configuration, it can work with any service and is not bound to for example Exchange Online. In this guide we use Azure to host our MTA-STS policy. I present you 2 different options for you to choose, and of course only one is needed. You can also choose to use another solution, its it supports HTTPS and hosting a single TXT file, it should work.

Azure Virtual Desktop RDP Properties

Thu, 27 Nov 2025 00:00:00 +0000

In this post, we will be looking at the most popular different RDP Properties we can use in Azure Virtual Desktop.

I will be talking about local PC’s and remote PC’s alot, where the remote PC is of course the Azure Virtual Desktop host and the local PC is the device you can physically touch.

What are RDP properties?

RDP properties are specific settings to change your RDP experience. This can be to play sound on the remote or local PC, enable or disable printer redirection, enable or disable clipboard between computers and what to do if connection is lost.

Azure Compute Gallery and (AVD) VM images

Thu, 09 Oct 2025 00:00:00 +0000

Azure Compute Gallery is a great service in Azure to store, capture and maintain your VM images. This can be helpful when deploying multiple similar VMs. Use cases of this can be VM Scale Sets, webservers , containers or Azure Virtual Desktop session hosts.

In this blog post, I will tell more about Azure Compute Gallery, how to use it when imaging VMs and how it can help you storing and maintaining images for your VMs.

New: Azure Service Groups

Mon, 01 Sep 2025 00:00:00 +0000

A new feature in Microsoft Azure rised up on the Microsoft pages; Service Groups. In this guide, we will dive a bit deeper into Service Groups and what we can do with them in practice.

At the time of writing, this feature is in public preview and anyone can use it now.

What are these new Service Groups in Azure?

Service Groups are a parralel type of group to group resources and separate permissions to them. In this manner we can assign multiple resources of different resource groups and put them into a overshadowing Service Group to apply permissions. This eliminates the need to move resources into specific resource groups with all broken links that comes with it.

Using FSLogix App Masking to hide applications on Virtual Desktops

Thu, 31 Jul 2025 00:00:00 +0000

In this blog post I will explain and demonstrate the pro’s and features of using FSLogix App Masking for Azure Virtual Desktop. This is a feature of FSLogix where we can hide certain applications and other components from our users while still having to maintain a single golden image.

In this guide I will give some extra explaination about this feature, how it works, how to implement it in a production environment and how to create those rules based on the logged on user. I hope to give a “one-post-fits-all” experience.

Use Ephemeral OS Disks in Azure

Thu, 24 Jul 2025 00:00:00 +0000

In Azure, you have the option to create Ephemeral OS disks for your machine. This sounds really cool but what is it actually, what pro’s and cons are coming with them, what is the pricing and how do we use them? I will do my best to explain everything in this guide.

Requirements

Around 25 minutes of your time
An Azure subscription (if wanting to deploy)
Basic knowledge of Azure
Basic knowledge of servers and infrastructure

What are Ephemeral OS Disks?

Ephemeral OS Disks are disks in Azure where the data is stored directly on the hypervisor itself, rather than having a managed disk which could be resided at the very other end of a datacenter. Every cable and step between the disk and the virtual machine creates latency which will result in your machine being slower.

Implement Certificate-based authentication for Entra ID scripts

Sun, 13 Jul 2025 00:00:00 +0000

When using Entra ID, we can automate a lot of different tasks. We can use a script processing server for this task but doing that normally means we have to save credentials or secrets in our scripts. Something we don’t want.

Today I will show how to implement certificate-based authentication for App Registrations instead of using a client secret (which still feels like a password).

Requirements

Around 20 minutes of your time
An Entra ID environment if you want to test this
A prepared Entra ID app registration
A server or workstation running Windows to do the connection to Entra ID
Some basic knowledge about Entra ID and certificates

How does these certificates work?

Certificate based authentication means that we can authenticate ourselves to Entra ID using a certificate instead of user credentials or a password in plain text. When using some automated scripts it needs permissions to perform its actions but this means storing some sort of authentication. We don’t want to store our credentials on the server as this decreases our security and a potential risk of compromise.

What is Azure Firewall?

Thu, 03 Jul 2025 00:00:00 +0000

Azure Firewall is a cloud-native Firewall which can be implemented in your Azure network. It acts as a Layer 3, 4 and 7 Firewall and so has more administrative options than for example NSGs.

Requirements

Around 15 minutes of your time
Basic knowledge of Azure
Basic knowledge of networking and networking protocols

What is Azure Firewall?

Azure Firewall is an cloud based firewall to secure and your cloud networking environment. It acts as point of access, a sort of castledoor, and can allow or block certain traffic from the internet to your environment and from environment to the internet. The firewall can mostly work on layers 3, 4 and 7 of the OSI model.

Azure Default VM Outbound access deprecated

Thu, 19 Jun 2025 00:00:00 +0000

Starting on 30 September 2025, default outbound connectivity for Azure VMs will be retired. This means that after this date you have to configure a way for virtual machines to actually have connection to the internet. Otherwise, you will get an VM that runs but is only available through your internal network.

In this post I will do a deep dive into this new developement and explain what is needed and what this means for your existing environment and how to transition to the new situation after this 30 September 2025 date.

Enhance email security with SPF/DKIM/DMARC

Mon, 16 Jun 2025 00:00:00 +0000

When it comes to basic email security, we have 3 techniques that can enhance our email security and delivery by some basic initial configuration. Those are called SPF, DKIM and DMARC. This means, configure and mostly never touch again.

Microsoft announced that starting from May 5, 2025: SPF, DKIM and DMARC will become mandatory for inbound email delivery. Not configuring all three can result in your emails not being delivered correctly.

Microsoft Azure certifications for Developers

Wed, 11 Jun 2025 00:00:00 +0000

This page shows what Microsoft Azure certifications are available for Developer-minded people. I intend to focus as much on the developers as possible, although this is not my primary subject. I did some research and i didn’t find it very clear what to do, where to start etcetera.

The certification poster

Microsoft has an monthly updating certification poster available to have an overview for each solution category and the certifications of that category. You can find the poster here:

Introduction to Networks

Wed, 04 Jun 2025 00:00:00 +0000

This page is an introduction to Networks. We don’t need to know everything about it, but often face it in our work. In this guide I will give you a basic understanding of networks, IP addresses, VLANs, Segmenting etcetera. Basically everything you need to understand the process, and hopefully even more than that.

Requirements

Some basic networking knowledge
Some basic subnetting knowledge
Around 20 minutes of your time

Introduction to Networking

Networking is the process of connecting devices to share data and resources. It allows communication between users over local or global distances. Networks can range from small home setups to large corporate infrastructures. Key components include routers, switches, and protocols that manage data traffic. Effective networking ensures reliable, secure, and efficient information exchange. As technology advances, networking plays a critical role in enabling digital communication worldwide.

Creating Static Web Apps on Azure the easy way

Thu, 29 May 2025 00:00:00 +0000

Microsoft Azure has a service called the ‘Static Web Apps" (SWA) which are simple but yet effective webpages. They can host HTML pages with included CSS and can link with Azure Functions for doing more advanced tasks for you. In this guide we will explore the possibilities of Static Web Apps in Azure.

Requirements

Around 45 minutes of your time
An account for Github (recommended)
An Azure subscription to host your Static Web App
Some basic knowledge of Azure
A custom domain to link the web app to your domain

Introduction to Static Web Apps and Github

Before we dive into Static Web Apps and Github, I want to give a clear explaination of both the components that will help us achieving our goal, hosting a simple web app on Azure.

Create custom Azure Workbooks for detailed monitoring

Thu, 08 May 2025 00:00:00 +0000

Azure Workbooks are an excellent way to monitor your application and dependencies in a nice and customizable dashboard. Workbooks can contain technical information from multiple sources, like:

Metrics
Log Analytics Workspaces
Visualisations

They’re highly flexible and can be used for anything from a simple performance report to a full-on investigative analysis tool. A workbook can look like this:

Using the default Azure Workbooks

In Azure we can use the default workbooks in multiple resources that contain basic information about a resource and it’s performance. You can find those under the resource itself.

Skrepr Tech CI - PowerShell

Thu, 24 Apr 2025 00:00:00 +0000

Dit is mijn Collective Intelligence voor mei 2025 over PowerShell. Ik ga hier wat leuke dingen over laten zien, zie de inhoud voor handige links naar de kopteksten.

Aan het einde heb ik nog een leuke praktijkopdracht waarin we een PowerShell module gaan installeren en uitvoeren.

Ik heb mijn best gedaan om de uitleg zo simpel maar duidelijk te geven, ook voor onze niet-technische mensen.

Wat is PowerShell?

Powershell is een shell en script taal en sinds Windows 8/Server 2012 de onderliggende CLI van Windows. Eigenlijk alles in de grafische interface van Windows wordt door Powershell verwerkt, zoals te zien in onderstaande afbeelding:

Storage Account performance and pricing for Azure Virtual Desktop

Sun, 20 Apr 2025 00:00:00 +0000

Choosing the right performance tier of Azure Storage Accounts can be very complex. How much size and performance do we need? How many users will login to Azure Virtual Desktop and how many profile size do we want to assign them?

In this blog post I will explain everything about hosting your FSLogix profiles on Azure Virtual Desktop and the storage account performance including pricing. AFter that we will do some real world performance testing and a conclusion.

Monitor and reduce carbon emissions (CO2) in Azure

Thu, 10 Apr 2025 00:00:00 +0000

In Microsoft Azure, we have some options to monitor and reduce your organizations Carbon emissions (CO2) from services hosted in the cloud. When hosting servers on-premises, they need power, cooling and networking and those are also needed in the cloud. By migrating servers to the cloud doesn’t mean that those emissions do not count. Those emissions are generated on an other location.

In this guide, I will show some features of Microsoft Azure regarding monitoring and reducing carbon emissions.

AMC - Module 11: Infrastructure as Code (IaC) and DevOps

Thu, 27 Mar 2025 00:00:00 +0000

In this module, we cover Azure: Infrastructure as Code (IaC) and DevOps. This module focuses more on development on Azure, with less emphasis on automation and IT management. While IaC and DevOps might seem less exciting at first, they are essential for modern cloud-based application development and operations, helping streamline deployments, ensure consistency, and integrate continuous delivery pipelines.

Azure Portal, Azure Powershell and Azure CLI

There are multiple environments to manage Azure and its resources:

AMC - Module 10: Monitoring and Security

Thu, 20 Mar 2025 00:00:00 +0000

In this module, i want you to understand all the possibilities of Monitoring and some Security features of Microsoft Azure. We know that Security these days is a very hot topic and monitoring is not really unimportant either. Very valuable information for you, i hope :).

Azure Monitor

Azure Monitor is a service in Azure that enables monitoring. With it, you can monitor various resources and quickly identify potential issues during an outage. Azure Monitor supports almost all resources in Azure and can, for example, retrieve event logs and metrics from the guest operating system of virtual machines.

AMC - Module 9: Databases & AI

Thu, 13 Mar 2025 00:00:00 +0000

In this we will explore various possibilities of Databases and AI in Microsoft Azure.

Types of data and structures

Data in general can be stored in different ways for various purposes.

Relational: Relational data consists of rows and columns following a predefined schema. The schema is represented as a table, which is essentially a type of spreadsheet where the rows contain entities and the columns store properties. For example, in an online webshop, orders would be represented as rows (entities), while columns would contain data such as the order ID, customer address, timestamp, payment method, etc.
- Examples: SQL Server, MySQL, PostgreSQL
Non-relational: Non-relational data is less structured, such as a document or a JSON file. However, it is self-descriptive, meaning the file itself makes it clear how the data is stored.
- Examples: NoSQL, MongoDB, Gremlin, Cosmos DB
Unstructured: Unstructured data consists of various file types where the structure is not clearly defined.
- Examples:.docx, .xlsx, .jpg, .mp4 and other standalone files

Databases in Microsoft Azure

In Microsoft Azure, there are different ways to deploy a database where each type has it’s own charasteristics and requirements:

AMC - Module 8: Application Services and Containers

Thu, 06 Mar 2025 00:00:00 +0000

This module is about application services in Microsoft Azure. It mainly focuses on containers and containerized solutions but also explores other serverless solutions. These are solutions where, as a customer or consumer of Microsoft Azure, you do not need to manage a server.

Statefull vs. Stateless

We can categorize servers/VMs into two categories: Stateful and Stateless:

Stateful: Stateful servers are uniquely configured and have a specific role, for example:

AMC - Module 7: Virtual Machines and Scale Sets

Wed, 05 Mar 2025 00:00:00 +0000

This module explicitly covers virtual machines and virtual machines in combination with VMSS (Virtual Machine Scale Sets). Also we cover most of the VM family names, their breakdown, and advanced VM features.

Virtual Machines (VMs)

Virtual Machines are one of the most commonly used services in Microsoft Azure. This is because a customizable virtual machine allows for nearly unlimited possibilities, and most software requires a real desktop environment for installation.

AMC - Module 6: Networking in Microsoft Azure

Fri, 28 Feb 2025 00:00:00 +0000

In Module 6, we will explore all the possibilities of Azure regarding networking, VPNs, load balancing methods, proxies, and gateways. This chapter also covers most the topics and solutions included in the AZ-700 exam, the Azure Networking certification.

Check out the AZ-700 Azure Networking Certification at: https://learn.microsoft.com/en-us/credentials/certifications/azure-network-engineer-associate/?practice-assessment-type=certification

Introduction to generic Networking

A network is described as a group of devices who communicate with each other. In Microsoft Azure, we have to create and design networks for our resources to communicatie with each other. We only use TCP/IP networking, which works with IP addresses, DHCP, routing etcetera.

The Basics and Benefits of IPv6

Fri, 14 Feb 2025 00:00:00 +0000

IPv6. We hear it a lot these days and it’s a very common network addressing protocol and the successor of the older IPv4, but will not necessarily take over IPv4 100% (yet). On this page I will describe the basics, some tips and the benefits.

Requirements

Around 15 minutes of your time
Basic networking knowledge is great

IP addressing with IPv4 and IPv6

When we speak of a network, we speak of a set connected devices (we call them clients/nodes) where each device has its own use. Also there are some fundamental components every network has:

Active Directory FSMO roles

Tue, 04 Feb 2025 00:00:00 +0000

Active Directory Domain Controllers are assigned 5 different FSMO roles, which all have their own function. We can separate them over multiple servers to create more redundancy, but make sure to handle those all as servers. All roles neeed a 24/7 uptime for your environment to work properly.

In this guide, I will give a brief explaination of the roles, what their function is and how to move them to different servers to enhance availability and redundancy.

Get Device serial number on Windows 11 24H2 and up

Wed, 22 Jan 2025 00:00:00 +0000

With Windows 24H2 and the deprecation of WMIC, a easy command to find your devices’ serial number is gone. However, we can still look this up with Powershell.

Use the following command:

POWERSHELL

Get-WmiObject win32_bios | select SerialNumber

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

10 ways to use tags in Microsoft Azure

Fri, 10 Jan 2025 00:00:00 +0000

When being introduced to Azure, I learned about tags very quickly. However, this is something you can use in practice but is no requirement to make stuff actually work. Now some years ahead in my Azure journey, I can recommend (at least) 10 ways to use them properly and to make them actually useful in your environment.

I will explain these ways in this article.

What are Tags in Azure?

Tags are a pair of editable values in Microsoft Azure. These are in this pair-convention:

AMC - Module 5: Storage in Azure

Sat, 21 Dec 2024 00:00:00 +0000

This module focuses purely on the various storage services that Azure offers and provides. Additionally, we will explore the different options available to increase redundancy and apply greater resilience.

The importance and types of storage

Storage fundamentally exists in three different types:

Structured: Structured data is information stored according to a specific structure or model, allowing queries to be written to retrieve data.
- Examples: Databases, Database tables
Semi-structured: Semi-structured data is not stored according to a strict schema, but each file contains a clear structure, making the data understandable.
- Examples: XML files, JSON files
Unstructured: Unstructured data consists of individual files, each containing its own data.
- Examples: Text files, Video files, Images, Emails

In this chapter, we will primarily focus on Unstructured data.

Microsoft Defender External Attack Surface Management (EASM)

Sun, 01 Dec 2024 00:00:00 +0000

Microsoft Defender External Attack Surface Management (EASM) is a security solution for an organization’s external attack surfaces. It operates by monitoring security and operational integrity across the following assets:

Websites
IP addresses
Domains
SSL certificates
Other digital assets

In addition to these components, EASM can also forward all relevant information and logs to SIEM solutions such as Microsoft Sentinel.

It is also possible to manually input company-specific data, such as all domain names and IP addresses associated with its services.

Azure Key Vault

Tue, 26 Nov 2024 00:00:00 +0000

Azure Key Vault is a type of vault used to store sensitive technical information, such as:

Certificates
Secrets
Keys

What sets Azure Key Vault apart from a traditional password manager is that it allows software to integrate with the vault. Instead of hardcoding a secret, the software can retrieve it from the vault. Additionally, it is possible to rotate a secret every month, enabling the application to use a different secret each month.

The MITRE ATTACK Framework

Mon, 25 Nov 2024 00:00:00 +0000

The MITRE ATTACK (ATT&CK) Framework is a framework which describes all stages and methods cyberattacks attacks are launched on companies in the last 15 years. The main purpose of the framework is to help Red and Blue security teams to harden their systems and to provide a library of known attacks to help mitigate them.

MITRE is the organization who is in charge of this community-driven framework and is a non-profit organization. ATT&CK stands for:

The Zero Trust-model

Mon, 25 Nov 2024 00:00:00 +0000

The Zero Trust model is a security model to enhance your security posture by using 3 basic principles, and segmenting aspects of your IT environment into pillars.

The 3 primary principles are:

Verify Explicitly
Least privileged access
Assume Breach

At first, those terms seem very unclear to me. To further clarify the principles, i have added some practice examples to further understand what they mean:


Principle	Outcomes
Verify Explicity	Ensure people are really who they say they are Audit every login attempt from specific users Audit login attempts Block access from non-approved countries
Least privileged access	Assign users only the permissions they need, not more Assign only the roles when they need them using PIM Use custom roles when default roles expose too much permissions
Assume breach	At every level, think about possible breaches Segment your network Password-based authentication only is too weak

The model is the best illustrated like this:

AMC - Module 4: Resiliency and Redundancy in Azure

Thu, 21 Nov 2024 00:00:00 +0000

This module is all about resiliency and redundancy in Microsoft Azure. Resiliency literally means flexibility. It refers to how resistant a solution is to certain issues and failures. We want to build our solutions redundant, because we don’t want outage in a system so a customer can’t do their work.

Areas to implement resilliency

The different layers where you can and should apply resiliency and how you can improve the area are:

AMC - Module 3: Governance in Microsoft Azure

Thu, 07 Nov 2024 00:00:00 +0000

Introduction to Govenance in Azure

Governance in Azure refers to the enforcement of rules and the establishment of standards in solutions, naming conventions, technology, etc. This is achieved through the management and importance of Management Groups, Subscriptions, Resource Groups, Policies, RBAC, and Budgets.

In the cloud, Governance is crucial because processes and behaviors differ significantly from on-premises hardware. Additionally, certain services can be made publicly accessible, which requires an extra layer of security.

Configure DNSSEC and SMTP DANE Microsoft 365

Thu, 31 Oct 2024 00:00:00 +0000

Recently, Microsoft announced the general availability of 2 new security protocol when using Microsoft 365 and the service Exchange Online in particular. SMTP DANE and DNSSEC. What are these protocols, what is the added value and how can they help you secure your organization? Lets find out.

Domain Name System Security Extensions (DNSSEC)

DNSSEC is a feature where a client can validate the DNS records received by a DNS server to ensure a record is originated from the DNS server and not manipulated by a Man in the Middle attack.

AMC - Module 2: Identity in Azure

Thu, 24 Oct 2024 00:00:00 +0000

This Azure Master Class (AMC) chapter is all about Identity in Microsoft Azure. This means we discuss the following:

Users
Groups
Devices
Enterprise Applications
Service Principals
Authentication

What is identity?

For every service that a user accesses, it is necessary to have an identity. Access needs to be determined, and the service must know who the user is in order to open the correct environment.

Best practice is to always assign the least possible privileges. A person who performs 3 tasks does not need permissions for 200 tasks, but for the 3 tasks only. “Least privilege” is one of the 3 key principals of the Zero Trust model.

AMC - Module 1: Fundamentals of Cloud and Microsoft Azure

Thu, 17 Oct 2024 00:00:00 +0000

This chapter is about the term “Cloud” and the fundamentals of Microsoft Azure and Cloud Services in general.

What is “the Cloud”?

The Cloud is a widely used term to say, “That runs elsewhere on the internet.” There are many different definitions, but the National Institute of Standards and Technology (NIST) in the United States has identified five characteristics that a service/solution must meet to call itself a cloud service:

Microsoft Azure Master Class - Navigation page

Thu, 17 Oct 2024 00:00:00 +0000

Introduction to this Azure Master Class

Hey there! I have a new collection of blog posts here. A while ago (2023) I followed the Azure Master Class course of John Savill, and done some extra research into some of the components of Azure. I wrote those things down to learn from it and have some documentation. Firstly, this was for personal use but after founding this website and blog I decided to rework it and publish all the information because I think it can be very helpful.

How to learn Azure - My learning resources

Tue, 10 Sep 2024 00:00:00 +0000

When starting to learn Microsoft Azure, the resources and information can be overwhelming. At this page I have summarized some resources which found out during my Azure journey and my advice on when to use what resource.

To give a quick overview of all the training resources I used throughout the years and give you different types and sorted the resources from beginning to end:

Text based
Video’s
Labs and Applied Skills

1. Starting out (Video and text-based)

When starting out, my advice is to first watch the following video of John Savill explaining Microsoft Azure and giving a real introduction.

Introduction to Azure roles and permissions (RBAC/IAM)

Tue, 30 Jul 2024 00:00:00 +0000

When managing a Microsoft Azure environment, permissions and roles with RBAC is one of the basic ways to improve your security. At one hand, you want to have the permissions to do basic tasks but at the other hand you want to restrict an user to be able to do only what he needs to. This is called, the principle of “least-privilege”.

In this guide, I want to you to understand the most of the basic knowledge of managing access controls in Azure without very complex stuff.

Network security in Azure with NSG and ASG

Fri, 26 Jul 2024 00:00:00 +0000

When designing, managing and securing a network in Microsoft Azure we have lots of options to do this. We can leverage third-party appliances like Fortinet, Palo Alto, PFSense or Sophos XG Firewall but we can also use the somewhat limited built-in options; Network Security Groups (NSG for short) and Application Security Groups (ASG).

In this guide I will explain how Network Security Groups (NSG) and Application Security Groups (ASG) can be used to secure your environment.

Rename name-tags to resource groups and resources

Tue, 18 Jun 2024 00:00:00 +0000

When it comes to naming your Azure Resource Groups and resources, most of them are not renameable. This due to limitations on the platform and maybe some underlying technical limitations. However, it is possible to assign a renameable tag to a resource in Azure which can be changed or used to clarify its role. This looks like this:

How to add those renameable tags in the Azure Portal?

You can add this name tag by using a tag in Microsoft Azure. In the portal, go to your resource and go to tags. Here you can add a new tag:

Introduction to the Microsoft Cloud Security Benchmark (MCSB)

Tue, 16 Apr 2024 00:00:00 +0000

In the modern era like where we are today, security is a very important aspect of every system you manage. Bad security of 1 system can mess with all your systems.

So have a good overview of how secure your complete IT environment is, Microsoft released the Microsoft Cloud Security Benchmark, which is an collection of high-impact security recommendations you can use to secure your cloud services, even when utilizing a hybrid environment. When using Microsoft Defender for Cloud, this MCSB is included in the recommendations.

Introduction to the Azure Well-Architected Framework

Tue, 02 Apr 2024 00:00:00 +0000

The Azure Well-Architected Framework is a framework to improve the quality of your Microsoft Azure Deployment. This does it by spanning 5 pillars so an architect can determine with IT decision makers how they can get the most Azure with the planned budget.

The 5 pillars of the Well-Architected Framework are:


Pillar	Target
Reliability	The ability to recover a system and/or contine to work
Security	Secure the environment in all spots
Cost Optimization	Maximize the value when minimizing the costs
Operational Excellence	The processes that keep a system running
Performance Efficiency	The ability to adapt to changes

Cloud Adoption Framework Introduction (CAF)

Thu, 04 Jan 2024 00:00:00 +0000

More and more organizations are moving to the cloud. In order to do this succesful, we can use the Cloud Adoption Framework which is described by Microsoft.

The framework is a succesful order of processes and guidelines which companys can use to increase the success of adopting the cloud. The framework is described in the diagram below:

The CAF has the following steps:

Strategy: Define the project, define what you want to achieve and define the business outcomes.
Plan: Plan your migration, determine the plans and make sure the environment readiness is at a good level.
Ready (and migrate): Prepare your new cloud environment for planned changes and migrate your workloads to the cloud.
Optimize: After migrating to the cloud, optimize your environment by using the beste solutions possible and innovate at this level.
Secure: Improve the security of your workloads and plan your perodical security checks.
Manage: Manage operations for cloud and hybrid solutions.
Govern: Govern your environment and its workloads.

Intention of use

Increase the chance of your cloud success
Gives you a best practice of how to perform the migration by proven methodology
Ensures you don’t miss a crucial step

Intended users/audience

IT Decision makers
Company Management Teams
Companies who want to profit from cloud solutions
Companies that are planning to migrate to the cloud
Technicians and project managers for planning the migration

For more information, check out this page: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/