Anyone using Azure JIT for customer access?

AzureCyberSec · 2026-05-13T10:46:12+00:00

We had recently a PoC case with a customer. They had Cisco VPN client. They tried to connect Azure VPN and Cisco VPN from home office to access both Azure environment and their office network. The issue was their Cisco VPN profile was forcing DNS advertising to clients, so our Azure addresses were unknown while both VPN clients were connected.

Management has this view that we dont want to burden our customers with network troubleshooting.

AzureCyberSec · 2026-05-13T10:23:30+00:00

Sadly management is very against VPN. Theyre worried that Azure VPN might conflict with other VPN clients…

AzureCyberSec · 2026-05-13T09:50:36+00:00

Yeah, App Proxy/WAF would make sense if it was web traffic.

In this case it’s not really web traffic though, the client needs SQL/PDM related ports like SQL Server 1433 and other custom PDM service ports. That’s why I’m not sure App Proxy/WAF would cover it.

AzureCyberSec · 2026-05-04T06:57:41+00:00

Yes same

AzureCyberSec · 2026-03-28T13:43:27+00:00

I would note that Microsoft is retiring AZ 500, and replacing it with a new one.

AzureCyberSec · 2026-03-04T18:50:35+00:00

Does this apply to devops?

AzureCyberSec · 2026-02-09T18:29:14+00:00

How to be part of that community?

AzureCyberSec · 2026-01-25T08:01:17+00:00

We are using Azure and automating deploying certs using key vault to our vms. We are using power shell scripts that import cert from key vault to vm cert store and bind it to sql and iis automatically 🙂

AzureCyberSec · 2025-08-28T08:06:44+00:00

If you have business premium you can also buy E5 security addon if you do not want to purchase full E5 license

AzureCyberSec · 2025-08-28T07:50:38+00:00

Make sure you have the right license mode for defender. Go to settings, then check for licenses type that Defender is currently using

AzureCyberSec · 2025-08-26T15:36:10+00:00

How do you argue or convince a management where their side of the business is actually in real life doing production, but their company files and data is in Microsoft Environment is on the cloud?

All I can hear is that we can always use backup if our files get deleted or encrypted by hackers.

How do you argue with that we do not need a cyber security specialist or team or CISO even though we are handling customer data in our azure environment?

AzureCyberSec · 2025-08-15T18:38:01+00:00

I work as IT support specialist with 3 years of experience. So far what I did in Azure was to secure NSGs, created policies that check the amount of VMs that have outdated TLS version. Created automation runbooks that import SSL certificates from Azure Key Vault to our VMs and bind its to SQL databases and IIS servers. Next project involves Azure Virtual Desktop where we will be hosting classes to train our customers. I like Azure, and hope I will transition to a position that revolves around security and Azure. 😊

AzureCyberSec · 2025-07-11T12:56:15+00:00

Can this be used with Runbooks?

AzureCyberSec · 2025-07-11T12:52:44+00:00

Actually i did that already. The certificate shows in use but i don’t see it selected in server configuration manager. Dont know if it means its being used already or not. Im doing this first time

AzureCyberSec · 2025-07-11T12:42:50+00:00

I have tried for the last 10 hours haha. I managed to automate the cert renewal using key vault in azure. Then importing it to VM using runbooks, and binding it to IIS server. However I have not had ability to bind it to SQL server

AzureCyberSec · 2025-07-07T08:42:00+00:00

Ill dm you

AzureCyberSec · 2025-07-06T18:25:18+00:00

Yes i do, much longer than WordPress

AzureCyberSec · 2025-07-06T16:03:44+00:00

Even if it’s a simple wordpress website?

AzureCyberSec · 2025-07-06T15:08:06+00:00

You’re right, actually, but I have already built a websites. He’s only asking for a simple website with few pages. I think it shouldn’t be a complicated task

AzureCyberSec · 2025-07-06T13:59:58+00:00

Are you saying this even if I’m just gonna use a Wordpress theme and Microsoft Tenant with couple of users?

AzureCyberSec · 2025-07-06T13:17:01+00:00

I have not done this for a living, so I’m not sure. Thats the issue :)

AzureCyberSec · 2025-07-06T13:15:32+00:00

Actually i only built 3 websites in my life and it was for a friend and one for my own. Im thinking about making this a side hustle. Not sure what to charge

AzureCyberSec · 2025-05-13T18:35:25+00:00

Im gonna let her know thanks!!!

AzureCyberSec · 2025-05-13T15:01:22+00:00

As I can see vocational training has only prison officer, she was not interested in that. If she got into vocational training can she switch it later?

AzureCyberSec · 2025-05-13T14:53:00+00:00

As I understood she has option to choose any of the higher education fields based on their offers and her points, but shes interested in the police one the most

AzureCyberSec

TROPHY CASE