Private Endpoints and DNS Part Deux: Azure Private DNS Zones

This is a second video on Azure Private Endpoints and DNS.  Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the privatelink.file.windows.core.net zone. However, that option required manually adding hosts to the DNS zone.  This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS.  Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.

Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”

Private Endpoints with Azure Storage File Shares

Azure services are publicly available over the internet by default.  That works for many services, but sometimes we need to limit access to internal networks only.  Private Endpoints provide a local, internal connection to resources in Azure.  It does this by adding a virtual NIC to a subnet.  From there, the NIC gets a private IP address where it can be accessed from the internal network.  This video goes over the configuration options to create a new storage account with an Azure File Share Private Endpoint as well as update an existing storage account with a private endpoint.

Links

Zero to Hero with Azure Virtual Desktop
Hybrid Identity with Windows AD and Azure AD
Private Endpoints and DNS in Azure

Windows Virtual Desktop Email Discovery

In this video, I show you how to configure Email Feed Discovery for Windows Virtual Desktop (WVD).  Email Feed Discovery allows users to setup the Remote Desktop Client with their email address instead of the WVD Feed URL.

Continue reading “Windows Virtual Desktop Email Discovery”

Azure Point-to-Site VPN with Azure AD Authentication and MFA

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.

Continue reading “Azure Point-to-Site VPN with Azure AD Authentication and MFA”

Azure Point-to-Site VPN with Certificate Based Authentication

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication.  After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.

Continue reading “Azure Point-to-Site VPN with Certificate Based Authentication”

Site-to-Site Azure VPN with a Windows RRAS Server

Azure S2S VPN

This video shows how I created a VPN connection between my home lab and Azure Subscription.  I used a Routing and Remote Access role on a Windows Server 2019 as the local endpoint.  This provides the ability to setup a VPN connection without special firewall hardware.  This is useful for home labs and small offices that need connectivity to an Azure subscription.  It also is helpful to walk through the setup to prepare for Azure certifications such as the AZ-103.

Continue reading “Site-to-Site Azure VPN with a Windows RRAS Server”