Tag: Azure

Failed to add new rule: IpSecurityRestriction.VnetSubnetResourceId is invalid.

This post is focused on a scenario where you are creating an Access Restriction rule in an Azure App Service to allow client requests from a subnet in a Virtual Network (VNET) and you get this error: Failed to add new rule: IpSecurityRestriction.VnetSubnetResourceId is invalid. For request GET https://management.azure.com/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/Microsoft.Network/virtualNetworks/xxxxxx/taggedTrafficConsumers?api-version=2018-01-01 with clientRequestId xxxxxx and correlationRequestId xxxxxx,…

Read the full article

Microsoft Ignite 2019 – Deliver Highly Available Secure Web Application Gateway and Web Application Firewall

Speaker: Amit Srivastava, Principal Program Manager, Microsoft Mission Critical HTTP Applications Always On Secure Scalable Telemetry Polygot – variety of backed, IaaS, PaaS, on-prem Many things to think about. What Azure Pieces Can We Use? WAG AFD CDN WAF Azure Load Balancer Azure Traffic Manager WAG Regional ADS as a service. A full reverse proxy.…

Read the full article

Microsoft Ignite 2019 – Extending Azure Resource Manager (ARM), Azure’s Control Plane

Speakers: Guarav Bhatnagar Evan Hissey Challenges with Extending Azure As part of my template deployment, I want to … Do some post-configuration to set up my application Ex-Configure DB passwords, etc. Certain services/types/APIs can’t be called from ARM templates Ex – Create AD users, storage tables, calling APIs external to Azure 200+ Azure services –…

Read the full article

Microsoft Ignite 2019 – Delivering Services Privately in Your VNet with Azure Private Link

Speakers: Narayan Annamalai, Group Program Manager, Microsoft Sumeet Mittal, Senior Program Manager, Microsoft Private PaaS We’ve been using Service Endpoint in addition with ACLs on the PaaS services. But this doesn’t provide an IP on the subnet. NSGs still need to allow access to all IPs of that PaaS service, e.g. all storage accounts. Private…

Read the full article

Microsoft Ignite 2019 – Building and Managing Distributed Micro-Perimeters With Azure Firewall

Speaker: Yair Tor, Principal Program Manager Azure Firewall Cloud native stateful firewall as a service. A first among public cloud providers. Central governance of all traffic flows Built in high availability and auto scale Network and application traffic filtering Centralized policy across VNets and subscriptions Complete VNet protection Filter outbound, inbound, spoke-spoke Centralized logging Best…

Read the full article

Microsoft Ignite 2019 – Securing Your Cloud Perimeter With Azure Network Security

Speaker: Sinead O’Donvan (Irish, by the accent) Zero Trust Architecture document 7 pillars: Identity Devices Data Apps Infrastructure Networking – the focus here Verify explicitly every access control Being on the network is not enough Use least privilege access IP address is not enough Assume breach No one is perfectly secure. Identify the breach. Contain…

Read the full article

Microsoft Ignite 2019 – Windows Server on Azure Overview, Lift-and-Shift Migrations for Enterprise Workloads

Speakers: Rob Hindman, Microsoft Elden Christensen, Microsoft Why Windows + Azure Unmatched security Built-in hybrid Most cost effective Unparalleled innovation and deep trust with enterprises Weighing Your Options Rehost – lift and shift Refactor, rearchitect or rebuild – modernize/transform Workloads Typically dictates your migration options. Windows Server 2008/R2 Lift-and-shift to Azure offers free extended security…

Read the full article

Microsoft Ignite 2019 – Global Transit Network Architectures With Azure Virtual WAN

Speakers: Reshmi Yandapalli (main speaker), Principal Program Manager Ben Peeri, KPMG customer story Lots more content in the hidden slides in the download. Scale Usual stats. Interesting note: a new POP being built almost every day. Azure WAN: Global Transit Architecture The Beginning HQ/Bigger Office Branhc office(s) Users Private WAN Shared services Start with HQ.…

Read the full article

Microsoft Ignite 2019 – End-to-End Security for All Your XaaS Resources

Speaker: Yinon Costica Intelligent Security Identity and access management Threat protection Information protection Cloud security Threat Actors Exposure -> Access -> Lateral Movements -> Actions How Your Teams and Users Work With The Cloud Users use SaaS (sanctioned), apps you build. Developers code apps you build, deploy to IaaS/PaaS (sanctioned). DevOps operate apps you build…

Read the full article