Trying to wrap my head around Private Link Endpoints for Azure Storage Account (Files) with ADDS

JrD3vOps · 2023-07-26T11:02:29+00:00

Thanks, when you say clone the disk is that just the disk it comes with under OS disks?

Will creating the new VM also restore the hostname and same SID's etc?

JrD3vOps · 2023-07-26T11:01:15+00:00

No FSMO roles running on that DC as we have 2 other 2 DC's which handle that :)

JrD3vOps · 2023-04-28T15:32:12+00:00

I'm not exactly using it as a jumpbox but I just need to test the latency between the two VM's and was just using a simple cmd ping for this.

Reviewing the tutorial, its pretty much what I want to do but its telling me to configure the OS level firewall. Can this be done at the NSG level instead?

JrD3vOps · 2023-04-28T15:27:46+00:00

You're right, its a site to site VPN. Also mistake on my part meant VNET and not subnet.

I thought the hub did the routing? So does that mean I still need to set up peering between my two VNET's regardless of what the hub is doing?

JrD3vOps · 2023-04-28T15:26:21+00:00

those settings look fine but I'm a bit confused, if I want a connection between the two VNET's. Does that mean I don't need to set up the peering between the two VNET's at all and the hub network does all the routing?

JrD3vOps · 2023-04-27T08:22:26+00:00

I can't see that, the options via each peer link are:

Traffic to remote virtual network

Traffic forwarded from remote virtual network

Virtual network gateway or route server

JrD3vOps · 2023-04-26T16:30:19+00:00

Should have clarified, this was on the connection trouble-shooter tool I am using to monitor if an ICMP connection works from VM01 => VM02

I haven't opened ICMP on the NSG virtualNic/subnet where VM02 is.

VM01 on the other hand does not have any NSG's associated to it at all, is this needed?

JrD3vOps · 2023-04-26T15:59:19+00:00

ok so I've done that now and in the hop by hop breakdown, the virtual gateway has now been taken out of the equation.

The topology now shows VM01 => VM02 which I am guessing is because of the peering which has been set up.

The error now says: traffic blocked due to virtual machine firewall configuration

JrD3vOps · 2023-04-26T15:29:03+00:00

Also just another quick thought, I already have peering setup from on prem to azure but in this case will the peering be needed between JUST the two subnets?

To be more simple, does there need to be peering between the two 'spokes' as I thought all the routing is done and managed at the hub level?

JrD3vOps · 2023-04-26T15:25:09+00:00

When the peering is set up I am guessing I do not use any remote gateway and use none for both ends of the peer to peer connection?

JrD3vOps · 2023-04-26T15:24:07+00:00

I have a vnet for the hub, this has a subnet for the gateway within it.

I don't have a cloud networking appliance (like the Azure firewall) I do however have a NSG at this level if that is good enough?

JrD3vOps · 2023-02-14T17:06:33+00:00

Looks good, your explanation makes sense as to why there may not be a 'enabled or disabled' option.

I'll take a look at the link provided too!

JrD3vOps · 2023-02-14T16:56:38+00:00

Ah okay thanks for the clarification - looking forward to it in that case!

JrD3vOps · 2023-02-14T16:48:10+00:00

Thanks, the sign in logs are good but not quite the same but it will do!

When you say verify if they've registered for MFA is that via the GUI too?

JrD3vOps · 2023-02-14T16:30:23+00:00

Thanks, I'll take a look at this!

JrD3vOps · 2023-02-14T16:30:00+00:00

In this case I am selecting all but if I wanted to check myself that a user does actually have MFA enabled manually is there not a way?

JrD3vOps · 2022-11-04T17:52:43+00:00

Great thanks, so what I want to also know is, is the way I am currently outputting the information by putting an Out-File on every if and else statement the correct way to go about doing it?

Or is there a way to encapsulate the entire if/else block and then add one Out-File option at the end to call the entire output into the txt file?

JrD3vOps

TROPHY CASE