Let’s say your organization want’s to setup a solution against a 3rd party web solution that is hosted in the cloud like a accounting system. And your organization has a rule about this should be Single Sing-On and use your domain login credentials. You already have Azure AD Connector setup with password sync and have all the users synced to Azure AD. And then you realize that the Provider does not have a finished application with a guide in the Enterprise Application store. So what to do then?
So as i am starting a new job in less then 2 months, i thought it was time to move this site from a Virtual Machine running on my current employers S2D cluster to Azure. So i decided to share my way there. So i started googling on how to do this. There where some guides here and there. Some older ones and one from docs.microsoft.com, this one did not move everything. So i started with one, got a timeout error. Tried another did not work.
This will be a short but happy blog post 🙂
In the spring we wanted to setup SSO with our support portal freshdesk. This did not work as we where using a custom url, and the Azure SSO was expecting oursite.freshdesk.com as the reply back adress and not our custom url. This was a limitation in the Azure SSO setup.
In this blog post i will show you how to setup a Microsoft VPN connection with the new NPS Extension for Azure AD MFA.
This is new service that the Microsoft NPS team just released, that adds an Extension to the Windows Network Policy Server.
When using the NPS extension for Azure MFA, the authentication flow includes the following components:
- NAS/VPN Server receives requests from VPN clients and converts them into RADIUS requests to NPS servers.
- NPS Server connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.
- NPS Extension triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.
- Azure MFA communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.
The following diagram illustrates this high-level authentication request flow:
In this little post i will do a step by step guide on how to deploy an Azure Web App with Octopus Deploy.
Prerequisite knowledge and already done
Azure Web App deployed via Resource Manager and some knowledge and access to the subscription.
Octopus Deploy already installed and you have some knowledge about Octopus Deploy
Now this is a cool new feature Microsoft has come up with. It allows you to mange your on premise servers with the Azure Portal. All you need to do is install a gateway server on your local network. Configure some steps in Azure, and install a small program and you are almost good to go.
Thought i should write a small post about setting up a Site to Site VPN between Azure Resource Manager and a Fortigate Firewall on 5.4.
Important thing to notice here. Use Route Based VPN Type on the Azure Virtual Network Gateway for this.
I used this guide to setup our Azure IPsec tunnel from Microsoft. I recommend using there guides when it comes to azure setup. Combine these with other relevant guides. Make sure they have been recently.