In this video, we create a hub and spoke network in Azure by peering our spoke VNet’s to a centralized, Hub Virtual Network. Then we use a VPN Virtual Network Gateway to enable gateway transit connectivity between the spokes. Next, we configure routing with Azure Route Tables and User Defined Routes (UDR) to send traffic going to other spokes to the hub. Then we log into a virtual machine and verify connectivity.Continue reading “Azure Hub and Spoke Virtual Network (VNet) with a VPN Gateway”
This is a second video on Azure Private Endpoints and DNS. Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the privatelink.file.windows.core.net zone. However, that option required manually adding hosts to the DNS zone. This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS. Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”
Azure services are publicly available over the internet by default. That works for many services, but sometimes we need to limit access to internal networks only. Private Endpoints provide a local, internal connection to resources in Azure. It does this by adding a virtual NIC to a subnet. From there, the NIC gets a private IP address where it can be accessed from the internal network. This video goes over the configuration options to create a new storage account with an Azure File Share Private Endpoint as well as update an existing storage account with a private endpoint.
In this video, I show you how to configure Email Feed Discovery for Windows Virtual Desktop (WVD). Email Feed Discovery allows users to setup the Remote Desktop Client with their email address instead of the WVD Feed URL.Continue reading “Windows Virtual Desktop Email Discovery”
This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections using Azure AD to authenticate the client. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how enable Multi-Factor Authentication with a Conditional Access policy or enforcing MFA per-user.Continue reading “Azure Point-to-Site VPN with Azure AD Authentication and MFA”
This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication. After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.Continue reading “Azure Point-to-Site VPN with Certificate Based Authentication”
Azure Files SMB Access with Windows AD allows you to access file shares in Azure with NTFS access control. By default, that access won’t extend to an on-prem network over VPN or Express Route. This video shows how to extend access to an Azure Files share with Windows AD to an on-premises network using Private Endpoints.Continue reading “Azure Files SMB Access On-premises with Private Endpoints”
This video goes over two ways of restricting access to Microsoft Azures PaaS services; Service Endpoints and Private Endpoints. Both are used to restrict access to PaaS serviced, but work differently. The video gives an overview if the differences and then does a walkthrough of deploying Service Endpoints and Private Endpoints using an Azure Storage account as an example.Continue reading “Azure Virtual Networking Service Endpoints and Private Endpoints”