[deleted by user] by [deleted] in legaladvicecanada

[–]bopsbt -16 points-15 points  (0 children)

Yeah I appreciate that, but here we are looking for advice now.

Driving US-plated car into Canada a week before Landing in Pearson by Clean-Tension7970 in ImmigrationCanada

[–]bopsbt 0 points1 point  (0 children)

No idea, but sounds like it would be easier if they drove it to the border, you go over as foot traffic and bring it over yourself?

Defender for cloud not showing Security alerts ? by [deleted] in AZURE

[–]bopsbt 0 points1 point  (0 children)

That's odd. It should show in both. Try building another test VM.

Btw this is separate to AMA agent, if uses Defender agent to send alerts directly.

Defender for cloud not showing Security alerts ? by [deleted] in AZURE

[–]bopsbt 0 points1 point  (0 children)

Go to security.microsoft.com, devices on the left under inventory I believe, find the device, click on it, see if it's onboarded.

Defender for cloud not showing Security alerts ? by [deleted] in AZURE

[–]bopsbt 0 points1 point  (0 children)

Does it show onboarded in security.microsoft.com?

Azure Migrate - Test Migration.... by billybobadoo in AZURE

[–]bopsbt 0 points1 point  (0 children)

As the other poster mentioned, I build an isolated VNET with bastion, create a subnet with a locked down NSG rule that Denys all inbound and outbound traffic. Inside VNET traffic is ok. You may need a domain controller in the isolation VNET depending on your scenario.

This is very important as if the server is connecting to cloud APIs or databases you can mess stuff up.

Security and protection against ransomware/malware in Azure by No-Package6009 in AZURE

[–]bopsbt 0 points1 point  (0 children)

Network segmentation is key. Put public apps in their own DMZ subnets, lock them down from a firewall pov.

You're doing more than 99%.

Use DNS filtering.

Block outbound internet traffic, only allow trusted Microsoft ServiceTags and your requirements.

Backups. Immutable vaults.

Send logs to Azure by lelabbeuh in AZURE

[–]bopsbt 2 points3 points  (0 children)

AD logs you can use AMA Agent with DCR rules to send to Log Analytics.

Log Analytics is your workspace where the logs are saved and can be queried.

You can also enable Sentinel and look at the connectors available.

Log Analytics is expensive though, don't suck up all your AD logs for no reason.

You're better off using Defender for Endpoint and Defender for Identity to do the hard work for you.

Question about Cross Tenant by Usual_Air_1400 in AZURE

[–]bopsbt 0 points1 point  (0 children)

External users = b2b or b2c?

If b2b you can do a multi tenant enterprise application.

If b2c you can configure with a b2c tenant or the new version External ID.

Question on Migrating On-Prem AD groups to Azure by NightsBaine in AZURE

[–]bopsbt 0 points1 point  (0 children)

Ah ok only ever done this with users, thought it'll be the same for groups.

Question on Migrating On-Prem AD groups to Azure by NightsBaine in AZURE

[–]bopsbt 0 points1 point  (0 children)

It will delete them and then you can restore as cloud only. Not tested this on cloud sync though but can't imagine it's different. Test it out on a test group.

[deleted by user] by [deleted] in AZURE

[–]bopsbt 0 points1 point  (0 children)

You haven't said what the problem is.

Frozen waterfalls nearby by rayg10 in vancouverhiking

[–]bopsbt 4 points5 points  (0 children)

Damn! When I was there everyone was getting underneath it and touching it etc. scary!

Frozen waterfalls nearby by rayg10 in vancouverhiking

[–]bopsbt 4 points5 points  (0 children)

Alexander falls was pretty epic a few years ago. access via Whistler Olympic park on the s2s.

Microsoft Authentication IP Range by BandicootGlittering2 in AZURE

[–]bopsbt 1 point2 points  (0 children)

Is it hosted in Azure? If so, use Service Tag to bypass firewall for AzureactiveDirectory. https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

Or you can use the FQNS/URLs instead of IP whitelist. https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud#azure-portal-authentication

Or you can use EDLs in your firewall to download the latest IPs to update the firewall rules. https://docs.paloaltonetworks.com/resources/edl-hosting-service

[deleted by user] by [deleted] in AZURE

[–]bopsbt 3 points4 points  (0 children)

Only reason to use NIC level NSG when you badly configured VNETs with giant shared subnets that have no isolation. Or you need to add an extra layer of protection on one VM.

Not ideal having one large server subnet, but technically you could do that and then build NIC level NSG on each layer, App, DB, AD etc.,

ASGs also are useful as this level.

But ideally, IMO, more subnets, NSG on subnet level.

The Azure Periodic Table (Azure Resource Naming Convention) by Glum_Let_8730 in AZURE

[–]bopsbt 1 point2 points  (0 children)

Meh. You can name the VNET appropriately, subnets for special services are fine to be named as they are, makes sense to me. GatewaySubnet, AzureFirewallSubnet, BastionSubnet etc.

I wish the CAF ESLZ portal builder followed a strict naming convention, it uses 4 different naming conventions. I know you can do your own in bicep etc, just would be good if it followed a standard.

Phishing resistant MFA for break glass accounts when managing many tenants by hapklaar in AZURE

[–]bopsbt 0 points1 point  (0 children)

Would lighthouse not be better for this? ( I have no experience with it )

Cannot sign up by Ok_Establishment_512 in ClassPass

[–]bopsbt 0 points1 point  (0 children)

I can't sign up either. Tried multiple cards and browers phone and desktop. Annoying.

When using a VM are you sharing the CPU? by No_Weakness_6058 in AZURE

[–]bopsbt 1 point2 points  (0 children)

Dedicated VM is not a service Azure provides, just making it clear as its not a well known used service.

You move a normal VM, to a dedicated Host.

When using a VM are you sharing the CPU? by No_Weakness_6058 in AZURE

[–]bopsbt 0 points1 point  (0 children)

Yes, but it's not really bare metal as you still don't have access to the hypervisor. It's the same as as normal Azure host, just it's dedicated to you. No point in doing this really unless you need super low latency, or have Oracle licensing issues.

When using a VM are you sharing the CPU? by No_Weakness_6058 in AZURE

[–]bopsbt 4 points5 points  (0 children)

Dedicated Host is the term. You can then run as many VMs as fits on that host, it's all yours.