Step-by-Step Guide: Setting Up a Banned Password List in Azure

image-16-1024x490

Recently, a customer raised a ticket asking us to implement a banned password list. In this guide, I’ll walk you through how we successfully tackled this request and configured it in Entra ID.

Enforcing strong password policies in Entra ID is crucial for improving organisational security. One effective method is implementing a custom banned password list to prevent users from selecting weak or predictable passwords. Here’s how to set this up step-by-step:

Prerequisites

Before starting, ensure you have the following:

  1. Entra ID Premium P1 or P2 licence

    • The banned password list feature is available only in Entra ID Premium editions.

  2. Administrator permissions

    • You need Global Administrator or Privileged Role Administrator rights in Entra ID to configure password policies.

Continue reading “Step-by-Step Guide: Setting Up a Banned Password List in Azure”

Simplifying Azure Storage: Choosing the Right Type for Your Data

Azure Storage Types

As an Azure Solutions Architect, I often come across clients who find Azure’s wide range of storage options overwhelming. In this post, I’ll break down Azure Storage into simple terms, so you can make the right choice for your needs.

What is Azure Storage?

Azure Storage is a cloud service that provides scalable, durable, and secure storage solutions. Whether you need to store files, structured data, or backups, Azure Storage has an option for you.

Types of Azure Storage

Here are the main storage options and their typical use cases:

  1. Blob Storage
    Think of this as a place for large files—videos, images, backups, or any unstructured data.

    • When to Use: Hosting static website content, storing backups, or media streaming.
    • Cool Feature: Access tiers (Hot, Cool, and Archive) let you optimise costs based on how often you access the data.

  2. File Storage
    Like a network share in the cloud! Ideal for replacing on-premises file servers.

    • When to Use: Lift-and-shift applications that rely on file shares.
    • Cool Feature: It supports SMB and NFS protocols, so it integrates easily with existing systems.

  3. Table Storage
    A NoSQL store for lightweight, structured data.

    • When to Use: Logging, metadata storage, or applications requiring fast key-value lookups.
    • Cool Feature: It’s incredibly cost-effective and lightning-fast for specific use cases.

  4. Queue Storage
    A messaging store to decouple application components.

    • When to Use: When building distributed apps or processing background tasks.
    • Cool Feature: Works seamlessly with Azure Functions for event-driven architectures.

  5. Disk Storage
    Persistent storage for Virtual Machines (VMs).

    • When to Use: Running workloads like databases, where performance and durability matter.
    • Cool Feature: Options like Ultra Disks offer high throughput for demanding workloads.

Continue reading “Simplifying Azure Storage: Choosing the Right Type for Your Data”

Azure Introduces Terraform Export Feature in Private Preview: A New Era for DevOps and IaC

AzTfm

Microsoft Azure has taken a significant step forward for Infrastructure as Code (IaC) enthusiasts with the latest private preview feature in the Azure Portal – the ability to export Terraform configurations directly. Previously, exporting configurations was limited to ARM templates, but now you can generate Terraform and Bicep configurations right from the portal. This enhancement makes Azure even more accessible and streamlined for DevOps workflows.

Currently in Private Preview

The new export feature is currently in private preview, so it’s not yet available to all users. However, Microsoft is preparing to announce the public preview very soon, making this tool accessible to a wider audience. In the meantime, if you want to stay updated on the latest news and announcements about this feature, you can sign up to receive updates directly from Microsoft using this form.

Why is This a Game-Changer?

For years, Azure users could only export configurations as ARM templates, which are powerful but have a steeper learning curve compared to Terraform. With Terraform’s growing popularity due to its flexibility and cross-platform capabilities, Microsoft’s decision to introduce direct Terraform exports marks a shift towards more inclusive DevOps practices.

This new capability not only simplifies the process of moving to Terraform but also bridges the gap for teams transitioning from ARM templates to more modern IaC approaches. Automating and streamlining this process accelerates workflows, reduces human error, and empowers teams to better manage their cloud infrastructure.

Continue reading “Azure Introduces Terraform Export Feature in Private Preview: A New Era for DevOps and IaC”

How to Implement Azure Bastion to Securely Access Azure Virtual Machines

Bastion

When managing cloud-based virtual machines, ensuring secure access is critical. Exposing RDP/SSH ports over the internet introduces potential security vulnerabilities. Azure Bastion provides a secure, fully managed solution to connect to Azure VMs without needing to expose these ports to the public internet.

What is Azure Bastion?

Azure Bastion is a PaaS service that allows you to securely connect to your Azure Virtual Machines (VMs) using RDP or SSH, directly from the Azure Portal without the need to expose these ports via a public IP.

Minimum Required RBAC Roles for Azure Bastion Access

To connect to a VM using Azure Bastion, the user must have the appropriate permissions. At a minimum, they will need the following role assignments:

  1. Reader role on the target VM: This grants read access to the VM, allowing the user to see the VM’s configuration but not modify it.
  2. Reader role on the network interface (NIC) associated with the VM’s private IP address: This ensures the user can read network information for the VM.
  3. Reader role on the Azure Bastion resource: This grants access to the Bastion host itself, allowing the user to initiate connections through Bastion.

If the VM is in a peered virtual network (cross-VNet connections), the following additional role assignment is required:

  1. Reader Role on the virtual network (VNet) of the target VM: This is necessary if you are connecting to a VM across VNet peering.

Continue reading “How to Implement Azure Bastion to Securely Access Azure Virtual Machines”

Exploring the Webex API: A Step-by-Step Guide to Generating Your Access Token

Hey guys!

Today, let’s dive into the Webex API and how you can leverage it to build your own custom integrations.

I recently began exploring the Webex REST API, but I wanted to use my own code rather than relying only on the web browser.
While the Webex Developer Portal allows you to perform all actions directly online once you’re logged in (automatically using your token for requests), I preferred a more flexible approach that didn’t tie me to the browser.

So, in this post, I’ll show you how to generate your own access token to use in your custom code.

So, these are the steps you will have to do to achieve this:

Continue reading “Exploring the Webex API: A Step-by-Step Guide to Generating Your Access Token”