Azure
This is a snapshot of portal.azure.com using SSLLabs.com to scan the TLS configuration. The image below is a point in time snapshot of the configuration.
The summary screen is repeated here so it can be used as the feature image for the post.
Install the Microsoft Defender for Identity (MDI) sensor onto a newly built DC? Easy you say, and that should only take 5 minutes. Well, if that was the case there would be no need for this post, and as my Dad would say, there is no such thing as a 5 minute job.
The below is a brand new Windows Server 2019 DC. It was built, fully patched and then promoted. Next up is to install the standard Mi… Read the rest “MDI Install Error 0x80070643 Windows Server 2019”
As part of your regular security and operations review, it is important to check and verify the configuration of Azure AD Connect. Ensuring the OS and Azure AD Connect are up to date is one aspect. In this post we want to look at the scope of objects which connect is synchronising. This is valuable for a few reasons. For example:
A recent discussion revolved around adding domains to Azure, and how that would manifest iteslf in Office 365 and Azure. This was a customer where one set of admins was focused on Azure and others on Office 365 and they did not interact much.
You will note that initially there are three domains shown in Exchange Online portal. One is a custom vanity domain - tailspintoys… Read the rest “Add Domain to Azure, What Is Its EXO Status?”
There have been some recent feature additions to Azure AD Connect. If we look at the Azure AD Connection Version History after a brief hiatus, there are newer versions as of March 2021. At the time of witing, the latest version is 1.6.4.0 and was released on the 31st May 2021.
There are multiple new features and changes in this build.
As more people are starting to use the Exchange Online V2 module (yay!), there are some new and different issues appearing.
In this case, the command to connect to the tenant was failing when App-Only authentication was used. A certificate was installed onto the machine where PowerShell was running.
The command used is shown followed by a glorious error.
Error Acquiring Token:
System.Exception:… Read the rest “Exchange Online App-Only Authentication Error AADSTS70011 Invalid Scope”
The days change, but sometimes the issues stay the same. This is a redux of an existing post where there was an issue back in 2016 when I was not able to easily re-create a VM in a different Availability Set. As you can see in Create Azure RM VM Using Existing VHD – 250 Hello (rmilne.ca) PowerShell was used to re-create the VM as it allowed all of the resources to be specified.
The original VM was… Read the rest “Create Azure Az VM Using Existing UnManaged VHD”
The below is from a customer situation where an Azure Network Security Group (NSG) firewall rule entry was not working as they expected. This was was created to allow RDP connectivity for some of their test servers.
However they were not able to connect to the server, and were being blocked by the NSG.
Ideally we do not want to allow RDP to our Azure VMs are there are more secure methods such as cli… Read the rest “Azure Firewall Rule Not Working – Orange Triangle”
The default option for DNS resolution on an Azure virtual network is to use the Azure DNS service. This is perfectly fine for regular Internet requests, if you need the capability to register internal DNS records for Active Directory then you will typically need to run your own DNS service. This is the case here and is also something observed with multiple customers. In each of these cases the … Read the rest “Intermittent Azure DNS Resolution Issues With With New Domain Controller”
When you try to install a PowerShell module or connect to the PowerShell Repository you may get the below error messages:
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
For make most glorious benefit engine of search:
PackageManagement\Install-Packag… Read the rest “Unable To Install PowerShell Modules – Unable To Download From URI Error”