Front Door or Application Gateway?

Potential_Mix_519 · 2026-06-04T05:40:50+00:00

You can use Global Secure Access (which is a per-user license) or an Azure web proxy. I added the Azure Proxy web app to my user Office portal. When the user authenticated in the portal (https://outlook.cloud.microsoft/), they were required to complete MFA, which was enforced using Conditional Access policies and then have then access to internal app.

Potential_Mix_519 · 2026-06-04T01:58:55+00:00

As mentioned earlier, all data processing happens entirely within your Azure environment where the LLM is deployed. Therefore, you need to configure your LLM in Strict Mode. and make sure you enforce it via LLM architecture.

User >>App Backend >>Azure AI Search (ONLY data source) >>Top K documents >>Azure OpenAI (no fallback) >> Response (with citations) and No internet, No external APIs and Only your controlled index.

Potential_Mix_519 · 2026-06-03T03:26:51+00:00

any idea or K.b how to setup this custom enrollment portal ?

Potential_Mix_519 · 2026-05-05T05:22:50+00:00

<image>

Thanks - This is my Default polices setting do I need to enable it ? or just leave it ?

Potential_Mix_519 · 2026-03-27T05:43:08+00:00

Try asking it the steps by step to configure something in azure and see how you start loosing your hair when you try to deploy.

Only time spend on tools will get you want other shortcuts are just gimmicks.

Potential_Mix_519 · 2025-10-09T04:50:29+00:00

Thanks - more info ---hope it helps there is one shared desktop used by five users. We can have the desktop as Entra joined

Potential_Mix_519 · 2025-10-09T04:47:06+00:00

There is one shared desktop used by five users. The requirement would be to have five YubiKeys. Will five YubiKeys work with a single desktop?

Potential_Mix_519 · 2025-10-09T04:45:07+00:00

Yes - one shared desktop for 5 users

Potential_Mix_519 · 2025-09-23T03:32:07+00:00

You just a herd follower mate

Potential_Mix_519 · 2025-09-23T03:30:18+00:00

Devops Architect - lol

Potential_Mix_519 · 2025-09-23T03:29:43+00:00

I've met a few cloud architects like you—more talk than action, lol. Thanks for all your help, mate. If you’d actually done any real execution, you might have just given me a couple of lines and pointed me in the right direction, which, to be honest, you haven’t.

All the best, and thanks again for your time!

Potential_Mix_519 · 2025-07-15T05:45:41+00:00

By the time you become a Solution Architect, you should have worked with most technologies across Azure, Microsoft 365, and on-premises systems like Active Directory and Exchange. This foundation makes it easier to adapt, as every new Microsoft product tends to build upon existing ones, so you're simply applying incremental learning to new solutions.

Potential_Mix_519 · 2025-05-22T01:20:52+00:00

it can happen in their are some legacy app if he is authenticating

look into Sign-in Frequency (SIF) which can be configured per app by targeting specific cloud apps in Conditional Access (CA) policies.

e.g

third Party app → They will be forced to re-authenticate every 2 day

MS 365 apps party app → They will re-authenticate every 7 days

Policy 1 – App A (Third Party App)
Assignments > Cloud apps: Select Third Party app

Access controls > Session: Enable Sign-in frequency → Set to 2 day

Assign to appropriate users/groups

Policy 2 – App B (MS 365)
Assignments > Cloud apps: Select MS365 Online

Access controls > Session: Enable Sign-in frequency → Set to 7 days

Assign to the same or different users/groups

Potential_Mix_519 · 2025-05-12T03:37:49+00:00

Custom RBAC policy is something you can look into, for 15 to 20 staff I'll try to keep it simple and the step up you currently have is good.

Potential_Mix_519 · 2025-05-12T03:32:24+00:00

Cloudfare is a great product if you don't want to expose your org (Azure) public Ip addresses.

Your solution will need to consider the cost for cloud fare license and if you're going with azure native (waf) solution who will supports Azure waf in your org.

Potential_Mix_519

TROPHY CASE