Tag: virtual network

Private Endpoints and DNS Part Deux: Azure Private DNS Zones

Posted on by Travis Roberts

This is a second video on Azure Private Endpoints and DNS.  Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the privatelink.file.windows.core.net zone. However, that option required manually adding hosts to the DNS zone.  This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS.  Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.

Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”

Private Endpoints with Azure Storage File Shares

Posted on by Travis Roberts

Azure services are publicly available over the internet by default.  That works for many services, but sometimes we need to limit access to internal networks only.  Private Endpoints provide a local, internal connection to resources in Azure.  It does this by adding a virtual NIC to a subnet.  From there, the NIC gets a private IP address where it can be accessed from the internal network.  This video goes over the configuration options to create a new storage account with an Azure File Share Private Endpoint as well as update an existing storage account with a private endpoint.

Links

Zero to Hero with Azure Virtual Desktop
Hybrid Identity with Windows AD and Azure AD
Private Endpoints and DNS in Azure

Private Endpoints and DNS in Azure

Posted on by Travis Roberts
Private Endpoint

Private Endpoints in Azure provide a secure way to access resources over the private, internal network.  But the options for configuring DNS for Private Endpoints is not as straight forward.  This video goes over the options available for DNS with Private Endpoints.  We start by crating a storage account with a Private Endpoint, the review the default DNS configuration.  We look at The WireServer and how it can be used with a Conditional Forwarder as well as using Forward Lookup Zones for name resolution.

Continue reading “Private Endpoints and DNS in Azure”

Azure Point-to-Site VPN with Azure AD Authentication and MFA

Posted on by Travis Roberts

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.

Continue reading “Azure Point-to-Site VPN with Azure AD Authentication and MFA”

Azure Point-to-Site VPN with Certificate Based Authentication

Posted on by Travis Roberts

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication.  After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.

Continue reading “Azure Point-to-Site VPN with Certificate Based Authentication”