Intune – Mobile Device Management – Register and Assign a Intune License

Setting up Intune on your current Office365 subscription.

Things to know..

  1. Check your Pre Reqs/Supported devices
  2. More than 150 licenses for EMS? Check out FastTrack Center Benefit!
  3. DNS registration
  4. Users and Groups
  5. Intune license required
  6. Apps can be assigned to groups to be installed automatically
  7. You can create profiles on devices
  8. Define app policies / and restrictions

Getting started

Signup, Already using Office 365 = You already have an account

Yes, add it to my account

Try now

Continue

Check your email

Assign the license

Editing users (User Management) https://admin.microsoft.com

Add the Intune license

Save

You will now see the license is assigned to the user

Secure Connectivity to Azure


05.03.2020 – Stephen Hackers, attended the North East Azure User Group – 14th Meetup. Hosted by Frank Recruitment Group.

The core presentation was on Secure Connectivity to Azure by Matthew Bradley Chief Engineer (Azure) at ClearCloud

The session covered:

VPN Offerings, Service Endpoints, VNet Peering and Private Link

The presentation was focused on educating and sharing experiences in securing connectivity into Azure.

A key point : Security to Azure is required and it doesn’t need to come at a great expense to the business. Build it in to your solution from day 1.

Presentation Notes

VPN offerings:

  • Basic options start at £20 a month roughly (06.03.2020)
  • Bandwith is the key difference between levels
  • Number of S2S tunnels is mostly limited to 30 except basic is 10.

Service Endpoints:

  • No additional cost for VNet Service Endpoints
  • VNet ACLs are not supported across AD tenants
  • Service Endpoints add a system route which takes precedence over other routes

VNet Peering:

  • Traffic between resources is private/isolated. Not encrypted
  • Network address space must not overlap
  • VNet peering doesn’t impose bandwiths

Private Link

  • Connect to Azure without a public IP address
  • Private end points mapped to an instance of PaaS (in Preview)
  • Private Link works a bit like NAT, Private Link endpoint is given a private IP in the VNet of the source
  • IP ranges can overlap

Summary

Small event, around 45 technical Azure focused people attended. Keeping the event simple with one good presentation. There are a great community bunch attending this up and coming North East Azure User Group. Thanks to Frank Recruitment Group for hosting the event and essential beer and pizza. Having a recruitment company hosting, minimal sales pitch was a double win. We did discuss careers a little too at the end (in the optional pub near by).

Looking forward to the next event. For anyone wishing to attend https://www.meetup.com/North-East-Azure-User-Group/

AZ-104 – Azure Administrator Study Guides

Thomas Maurer – Study Guide AZ-104 Azure Administrator

https://www.thomasmaurer.ch/2020/03/az-104-study-guide-azure-administrator/

Richard HooperPixel Robots – Study resources for the AZ-104 Microsoft Certified Azure Administrator

https://pixelrobots.co.uk/2020/02/study-resources-for-the-az-104-microsoft-certified-azure-administrator/

WVD – Windows Virtual Desktop – Admin Tasks, Tips and Useful Blogs

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems

Office 365 – Security (Part 1)

Have you setup MS Office 365? Did you start with security in mind?

Have you reviewed your Security and privacy settings? Nothing is configured out of the box. When implementing o365, start treating the platform as if you were securing your On-Prem infrastructure.

Start with the basics:

  • Password Policies
  • Privacy Statements

Can you add additional security to users?

Have you enabled and enrolled users to use MFA? Is it Enfored MFA?

Has access been restricted?

https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location

Mobile Device Management, are you applying any controls to apps accessing OneDrive?

Has logging been enabled for the Office 365 Security and Compliance reports and stats

Azure Administrator – Tasks and Guides

Your one stop shop for the Azure Administrator resource pool of tasks.

Task
Set the tenant, subscription, and environment for cmdlets to use in the current session.
Plan virtual networks
Configure Azure Multi-Factor Authentication settings
Create DNS records in a custom domain for a web app
Add your custom domain name using the Azure Active Directory portal
Create a route-based VPN gateway using the Azure portal
Connect virtual networks with virtual network peering using the Azure portal
Troubleshoot password hash synchronization with Azure AD Connect sync
Manage device identities using the Azure portal
How to manage the local administrators group on Azure AD joined devices
Azure Load Balancer For RDP
Create a virtual network (classic) with multiple subnets
Point-to-Site VPN routing
Back-end health and diagnostic logs for Application Gateway
All things Azure and Sysadmin stuff
Set up Disaster Recovery for Azure IaaS VMs
Migrate AWS S3 buckets to Azure blob storage
Azure Security Center: Learning the ropes (resources)
Copy Files to Azure VM using PowerShell Remoting
How to manage Azure VMs with Windows Admin Center
Conditional Access rules for Admin MFA
Tag @stephenhackers on Twitter with your Azure blog pages

AZ-103: Microsoft Azure Administrator – EXAM PASSED!!!

Jan 16, 2020

AZ-103: Microsoft Azure ADMINISTRATOR

EXAM PASSED!!!

#Azure #Administrator #CertifiedProfessional #MicrosoftAzure #MicrosoftCloud #Microsoft #alwaysbelearning #AZ103 #EXAM #PASSED 

OMS – Azure Automation

What is OMS? .
Is it.. System Center Online rebranded?
OMS is used to gather logs centrally and make decisions upon this information.

What can you do with Operations Management Suite (OMS)?
PaaS application which is running on Azure
Use it to manage on prem or azure based VMs

How do you create and OMS setup
Ideal concept, Log all the information to a storage account. OMS will trawl the logs to make use of the information. The default agent in a VM has the information to transfer to a storage account and passing it to OMS.

Grab solutions from a portal.

  • Check status of patches
  • Change management
  • Log queries
  • Identify weakness in the environment

How you access OMS
OMS workspace is accessed via a web browser to view the information.

OMS Pricing
OMS free version holds data for upto 7 days
OMS costs for per machine monitoring

Identify Weakness or Issues.
For example No End Point security on VMs might be flagged
A recommendation to install a 3rd party tool.
Example : Deep Security – Trend Micro. An Azure recommended product for end point protection appears on the list in the filtered market place