Adding a new Address Space to a Azure vNet and peering not updated

So last week i had to add a new address space to a vNet as i needed a seperate subnet for Private Endpoints. I added a address space, configured the subnet and setup the private endpoints.

When i started testing i could not reach the private endpoints. I could see the traffic flow in the NSG logs and from other vNets trough the Azure Firewall. And i could not figure it out. I asked a few MVP friends and the answer was that this is a limitation in Azure.

Read more

Azure Firewall Routing to a Public IP Range in your On-Premises environment

This week we have been deploying a new environment in Azure for a client. With a secured vWAN Hub with Azure Firewall. The vWAN Hub is connected to a Cisco SD-WAN appliance that connects all of the clients physical location. We configured 2 new Domain Controllers, opened up the traffic between the Azure DC and on-premises DC. We could reach the Azure DC’s but not the other way arround.

Read more

Configuring Azure Update Management for Virtual Machine Manager

With VMM 2019 we got the possibility to setup Azure Update Management for all new VM’s being deployed with VM Templates in VMM.

I see a great value in this as you do not need to setup a local WSUS server to do patching. And for any hoster you can easy have 1 single pane of glass in Azure to monitor and update the VM’s in your environment.

Read more

Azure Monitor with System Center Data Protection Manager 2019, and what’s new

A few day’s ago the System Center team posted a blog on the Windows Server blog post about the upcoming 2019 release this month.

For the 2019 release there was not alot of new features but i wanted to highlight one, the new Azure Monitor overview page. It’s an integration between the DPM server wich is connected to Azure Backup and Azure Log Analytics.

Read more

Creating a Custom Enterprise Application with Azure SSO

Let’s say your organization want’s to setup a solution against a 3rd party web solution that is hosted in the cloud like a accounting system. And your organization has a rule about this should be Single Sing-On and use your domain login credentials. You already have Azure AD Connector setup with password sync and have all the users synced to Azure AD. And then you realize that the Provider does not have a finished application with a guide in the Enterprise Application store. So what to do then?

Read more

How to move your On-Premise WordPress site to a Azure webapp

So as i am starting a new job in less then 2 months, i thought it was time to move this site from a Virtual Machine running on my current employers S2D cluster to Azure. So i decided to share my way there. So i started googling on how to do this. There where some guides here and there. Some older ones and one from, this one did not move everything. So i started with one, got a timeout error. Tried another did not work.

Read more

Setup VPN to use MFA with NPS Extension

In this blog post i will show you how to setup a Microsoft VPN connection with the new NPS Extension for Azure AD MFA.

This is new service that the Microsoft NPS team just released, that adds an Extension to the Windows Network Policy Server.

When using the NPS extension for Azure MFA, the authentication flow includes the following components:

This is copied from

  1. NAS/VPN Server receives requests from VPN clients and converts them into RADIUS requests to NPS servers.
  2. NPS Server connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.
  3. NPS Extension triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.
  4. Azure MFA communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.

The following diagram illustrates this high-level authentication request flow:

Authentication flow diagram

Read more