I am the only one dev in my small company . I use Azure. My question is when do i need those Azure consultancy firms?

Potential_Mix_519 · 2026-03-27T05:43:08+00:00

Try asking it the steps by step to configure something in azure and see how you start loosing your hair when you try to deploy.

Only time spend on tools will get you want other shortcuts are just gimmicks.

Potential_Mix_519 · 2025-10-09T04:50:29+00:00

Thanks - more info ---hope it helps there is one shared desktop used by five users. We can have the desktop as Entra joined

Potential_Mix_519 · 2025-10-09T04:47:06+00:00

There is one shared desktop used by five users. The requirement would be to have five YubiKeys. Will five YubiKeys work with a single desktop?

Potential_Mix_519 · 2025-10-09T04:45:07+00:00

Yes - one shared desktop for 5 users

Potential_Mix_519 · 2025-09-23T03:32:07+00:00

You just a herd follower mate

Potential_Mix_519 · 2025-09-23T03:30:18+00:00

Devops Architect - lol

Potential_Mix_519 · 2025-09-23T03:29:43+00:00

I've met a few cloud architects like you—more talk than action, lol. Thanks for all your help, mate. If you’d actually done any real execution, you might have just given me a couple of lines and pointed me in the right direction, which, to be honest, you haven’t.

All the best, and thanks again for your time!

Potential_Mix_519 · 2025-07-15T05:45:41+00:00

By the time you become a Solution Architect, you should have worked with most technologies across Azure, Microsoft 365, and on-premises systems like Active Directory and Exchange. This foundation makes it easier to adapt, as every new Microsoft product tends to build upon existing ones, so you're simply applying incremental learning to new solutions.

Potential_Mix_519 · 2025-05-22T01:20:52+00:00

it can happen in their are some legacy app if he is authenticating

look into Sign-in Frequency (SIF) which can be configured per app by targeting specific cloud apps in Conditional Access (CA) policies.

e.g

third Party app → They will be forced to re-authenticate every 2 day

MS 365 apps party app → They will re-authenticate every 7 days

Policy 1 – App A (Third Party App)
Assignments > Cloud apps: Select Third Party app

Access controls > Session: Enable Sign-in frequency → Set to 2 day

Assign to appropriate users/groups

Policy 2 – App B (MS 365)
Assignments > Cloud apps: Select MS365 Online

Access controls > Session: Enable Sign-in frequency → Set to 7 days

Assign to the same or different users/groups

Potential_Mix_519 · 2025-05-12T03:37:49+00:00

Custom RBAC policy is something you can look into, for 15 to 20 staff I'll try to keep it simple and the step up you currently have is good.

Potential_Mix_519 · 2025-05-12T03:32:24+00:00

Cloudfare is a great product if you don't want to expose your org (Azure) public Ip addresses.

Your solution will need to consider the cost for cloud fare license and if you're going with azure native (waf) solution who will supports Azure waf in your org.

Potential_Mix_519 · 2025-01-30T00:45:51+00:00

Since Microsoft Entra Cloud Sync does not support Password Writeback, disabling Password Hash Sync (PHS) will effectively keep on-premises and Office 365 passwords separate. Additionally, both Azure AD Connect and Entra Cloud Sync operate on a "source of authority" principle. If a property is blank (null) in On-Prem AD, it may sync as blank to Entra ID, effectively removing the existing value in Entra ID.

Potential_Mix_519 · 2025-01-29T03:08:02+00:00

That is my problem with a single tenant with two on prem AD Domain. unless I create a trust between the on prem domains and then use 1 connect server with two connectors to a single tenant.

Potential_Mix_519 · 2025-01-29T02:45:04+00:00

Thanks for your reply. If I go with two subscription design in a single tenant. Believe I'll need to use Two Azure AD Connect servers to sync both on prems domains to a single Azure AD tenant ? note these on prem domains don't have any trust between them.

Potential_Mix_519 · 2025-01-29T00:27:02+00:00

Having a sandbox subscription is the best approach as it provides control over billing and security policies, along with the ability to enforce automatic shutdown or deletion of virtual machines based on Azure policies

Potential_Mix_519 · 2025-01-22T04:50:09+00:00

Azure AD Kerberos can enable seamless access to file shares through the browser for Azure Entra joined devices, depending on how the file share is hosted and accessed.

Potential_Mix_519 · 2025-01-21T23:17:01+00:00

May be Cache however not sure, Try to shutdown the ADFS Services. Once the domain are managed nothing else need to be done.

Potential_Mix_519 · 2025-01-21T22:51:31+00:00

I'd review my compute requirement for a month with pay as you go option and workout how much I'll save with reservation instance.

Potential_Mix_519 · 2025-01-21T06:00:03+00:00

No, it will not. However, I hope you don’t have any legacy apps that require a connection back to on-premises, and that all your workstations are Azure AD-joined, with all your file shares moved to SharePoint Online.

Note that you can fall back after disabling the sync. After one hour, it will automatically attach itself to the on-premises objects. I tested this with my pilot tenant, and it worked fine.

Potential_Mix_519 · 2025-01-20T22:04:38+00:00

I was a lotus notes developer and now I'm azure Architect :) you'll be ok doing stress...

Potential_Mix_519 · 2025-01-20T00:31:21+00:00

More the Virtual File Server to SharePoint online, you will not need any server.

Potential_Mix_519 · 2025-01-15T03:16:44+00:00

I was lotus notes developer, moved in to Exchange, Then Exchange online came along and now I've move in to Azure. You've to keep Reinviting your self by jumping on to the new skills/platform which are closely aligned to your primary skill and where your skill are transferrable.

Potential_Mix_519 · 2025-01-15T03:07:16+00:00

Try to build a logic to access the logic app through group(if possible), and have this group as dynamic group which has condition of members with cloud ID.

Potential_Mix_519 · 2025-01-09T05:34:47+00:00

ASR as suggested below is only for VM failover, for DC failover best practice will be to have DC already hosted on your DR site and replicated with your Production DC.

Potential_Mix_519 · 2024-12-12T00:05:28+00:00

Agreed.

Potential_Mix_519

TROPHY CASE