When working with Azure Firewall's the easiest way to query traffic is to enable the diagnostic settings on the Firewall and send the data to a Log Analytics Workspace where Kusto Query Language (KQL) can be used to analyse the traffic and rulesets.
Azure - Querying Azure Firewall with KQL
Azure - Run Powershell commands on the OS through the Azure Portal
Occasionally you may need to run Powershell scripts for maintenance, troubleshooting/recovery or to find out a certain setting without the need to RDP into a VM or if you do not have access to the VM at the OS level, this can be achieved using the Run Command within the Azure portal under the VM plane.
The run command uses the VM agent to run the script inside the virtual machine.
Read more: Azure - Run Powershell commands on the OS through the Azure Portal
Azure - Using Sentinel to find out who deleted an Active Directory user
Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyse large volumes of data across your enterprise. It makes it easy to collect security data across your entire hybrid organization from devices, users, apps or servers within the cloud or on-premise.
When linked into all of your domain controller's security logs, it offers simple and powerful queries using the Kusto Query Language to quickly find out events such as who deleted or disabled an active directory user account.
Read more: Azure - Using Sentinel to find out who deleted an Active Directory user
Azure - Clearing the lock on a file within an Azure File Share
When trying to delete a file from within an Azure File Share that may has been mapped and also locked open you may get the following error when trying to delete the file:
"Failed to delete file path/name'. Error: The specified resource may be in use by an SMB client"
You will see this type of error on Storage v1 and v2 account types possibly in an FSLogix situation with the mapping of VHD and VHDX files. This article shows you how to utilise PowerShell to clear the lock.
Read more: Azure - Clearing the lock on a file within an Azure File Share
Azure - Setup Sentinel Alerts into a Teams Channel
When using Azure Sentinel as your security information and event manager (SIEM) platform, you do not always wanting to be having to check the incident dashboard for any incidents or have lots of emails clogging up your inbox.
Fortunately you can now configure a Sentinel Playbook which utilises a Logic App to trigger an alert into a Microsoft Teams channel of your choice.
Read more: Azure - Setup Sentinel Alerts into a Teams Channel
Azure - Stop and Deallocate a Windows VM using a Managed Identity
A simple and costly mistake which can often catch Azure administrators out is the 2 states a VM can be in when powered off, it will either be in a costly Stopped state or Stopped (deallocated) state, the difference is that when a VM is shutdown using the normal operating system method it goes into a Stopped state but although shut down the resources are still allocated to it and therefore the full costs are incurred as if the VM was powered on.
Learn how to initiate a shut down and deallocate from within the guest operating system using a system-assigned managed identity.
Read more: Azure - Stop and Deallocate a Windows VM using a Managed Identity
Azure - Stop and Deallocate a Windows VM using App registration and a Service Principal
A simple and costly mistake which can often catch Azure administrators out is the 2 states a VM can be in when powered off, it will either be in a costly Stopped state or Stopped (deallocated) state, the difference is that when a VM is shutdown using the normal operating system method it goes into a Stopped state but although shut down the resources are still allocated to it and therefore the full costs are incurred as if the VM was powered on.
This guide shows you how to initiate a shutdown and deallocate from within the guest operating system using App registration along with a service principal object.
Read more: Azure - Stop and Deallocate a Windows VM using App registration and a Service Principal
Office 365 - Test SMTP on Port 587 using Powershell
Learn how to connect to Office365 on port 587 and send a test email using Powershell.
Read more: Office 365 - Test SMTP on Port 587 using Powershell
Site to Site VPN between AWS and Azure
Multi-cloud architectures are an ever-increasing common design in the IT world and there will likely become a point when you want to setup a fast-direct resilient VPN connection between your public cloud providers such as Azure and AWS.
This article shows you how to configure a site to site VPN between AWS and Azure utilising the Internet Key Exchange version 2 (IKEv2) for the tunnel setup.
Azure - NAT and PAT through an Azure Load Balancer
Azure load balancers act as a highly available single point of contact that evenly distributes traffic to hosts in a backend pool, they can be utilised with health probes to ensure layer 4 traffic (TCP/UDP) is consistently and evenly distributed to healthy VM's.
This article shows you how to build an Azure load balancer then configure Network Address Translation (NAT) and Port Address Translation (PAT) rules for SSH traffic through for support or monitoring purposes, then lock it down through a network security group. This can easily be adapted for many other types of traffic.
Read more: Azure - NAT and PAT through an Azure Load Balancer