Azure with Danidu

Posts

Securing Azure Services with Fetian FIDO

Hey Folks Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 - AllinPass FIDO Security Key – FEITIAN (ftsafe.com) and K39 - Single-button FIDO Security Keys | FEITIAN (ftsafe.com) Use case In an organization following changes needs to be implemented. 1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand

Updating Azure VM Data Disk Sizes

Summary Hope you are doing great, this time I came up with a simple azure DevOps solution for updating VM disk sizes. The current project that I'm in has a bunch of virtual machines. So, we need a way to update the VM disk with minimal administrative effort and changes. In this scenario, we have used Bicep as the IAC language Azure DevOps pipelines YAML variable files Here is the high-level workflow for a particular VM in the solution YAML Pipeline file got two workflows, firstly the VM build pipeline, and the second is the disk update one. If you focus on the green arrow and the purple arrow, basically I'm modifying the same bicep module file and passing the same set of variables. You may wonder why we cannot use the same flow to build the VM and update the disk later, that's because for the disk updates VM needs to be in a shutdown state, and other components in the 1st flow need the VM up and running especially the extension modules YAML Variable Files I have decided t

Azure Virtual Desktops - FIDO Support with FEITIAN FIDO

Howdy Folks This time, I decided to play with Azure Virtual Desktops - FIDO key support feature. My experience with FIDO is also new. Luckily Fetian team hooked me up with one of their FIDO keys to test this solution. Firstly thanks heaps for the FEITIAN team You can check out the FEITIAN lineup on their Amazon Store here . I have used ePass FIDO NFC Security Key K9 . Following is my use case for the LAB Configure FIDO key with my personal Hotmail account Enable FIDO key redirection with AVD Sign in to my personal Onedrive using the FIDO key within the Azure Virtual Desktop Session Firstly About the K9 Key The K9 security key is a USB and NFC key. The setup of this key is really straightforward. Check this blog post for the setup and the activation of using it in Azure AD. In terms of build quality, It's portable and easy to use, made out of hard plastic which makes it light weighted. I would suggest having a key ring or key tag attached otherwise you may lose the key :P Also sinc

Azure Virtual Desktops Gold Image Windows Update Automation

Howdy Folks During a recent customer engagement, I had to deploy Azure Virtual Desktop solutions via DevOps pipelines. Due to some reasons, we decided to go down the gold image option for the shared hostpools. So I ended up creating compute galleries and saved gold image files for the different hostpools This leads me to think of a way to update these gold images without spending much time and deploying them to hostpools. And found a way to do it. There may be other way to do it but, I think based on the scenario and the services I used int this solution, this method is the ideal one As usual below diagram explains the flow of my pipeline. For this process other than azure pipelines, the main component that I will be using is packer template. For those who are new to packer... "Packer is HashiCorp's open-source tool for creating machine images from source configuration . You can configure Packer images with an operating system and software for your specific use-case. Terrafor

Managing Azure VM Guest and host updates (Azure DevOps)

Howdy folks, Back again with a new blog post. This time it's about Azure VM Guest and VM host update management during the VM deployment process. I'm writing this blog assuming you have a good understanding of how to manage Azure VM updates from Azure In a recent project, there was a requirement to create an environment for a software deployment solution. And as part of the solution, automatic VM update is among one of the requirements. There are great articles from Microsoft and as well as other consultants on how to manage windows update in Azure, this article is slightly different and explain how to achieve this via pipeline Without further due following are the key component we need to set up. Component Deployment Method Log Analytics Workspace BICEP Automation Account BICEP Link Automation to Workspace BICEP Update Solution BICEP Provision Update Schedule Azure Powershell command in the pipeline Add enable updates for VM Azure Powershell command in the pipeline As you can