@NathanMcNulty The solution as they also wrote, would be to make a proper evaluation of what actually is your control plane resources. If intune can control your control plane, then management of that must be included and protected by the same processes as for global admin.
@0fflineDocs @NathanMcNulty@ITguySoCal@JoshuaGatewood Haha yeah noticed that today with a customer. Missed the normal options but we migrated everything to the new experience.
How did I miss the news that @Azure cancelled #azure support for enterprise customers. Apparently the sales reps for my customers forgot to mention it as well…
https://t.co/DXRcMpxaJB
Trying to decide if you should use Network Rules or Application Rules in Azure Firewall? Or are you battling a weird SSL/TLS failure to an Azure-hosted service through Azure Firewall? Read this post to understand what is going on: https://t.co/euqo1cggwu #Azure#AzureFirewall
@joe_elway Totally agree, the modules are often built in a complex way and it’s not worth troubleshooting since it’s so much logic to in them. When they work, great, if not build your own straight away.
Enforcing reauthentication when activating privileged roles can be achieved by #MicrosoftEntra#ConditionalAccess now. This is a great enhancements for protecting privileges. Can't wait to test other new scenarios. Check out the #TechCommunity article: https://t.co/DeaC1suzZS
As a reminder - I have a 3-part series on configuring a Site-2-Site VPN between #Azure and #OPNSense (policy, routed, and BGP)
https://t.co/fVmCw9FKmD
https://t.co/zwwc40nvOM
https://t.co/zuymcdCbJY #MVPBuzz#Community
@BrettMiller_IT @Azure What is the alternative? I think alz is good but you need to do more work yourselves defining what a landing zone is for you and how to work with it. Not all teams/apps should be/have their own LZ since someone must be responsible for things like budgets, networks and so on.
Yay, another article! I often get asked, "Which Azure Container Service is best for my application?" My answer, as always, is "it depends." Your application's requirements and constraints significantly influence which Azure Container Service is the best fit. In this article, I've highlighted the major factors to consider when choosing a solution. I hope you’ll find it as helpful as I enjoyed writing it😊🚀
https://t.co/ifNgMUPkHS
#TechCommunity #Kubernetes #CloudInfrastructure #CloudNativeComputing #AzureFamily #CloudFamily #LearningInPublic #Azure #mvpbuzz #mvp
Do not put any service except transit connectivity in your network hubs in #Azure!
Microsoft have a design pattern they call "virtual hub extension" on how to deal with it using virtual wan, follow it for hub and spoke as well
https://t.co/dAwhVniFLF
@joe_elway Do you have permanent read? My feeling is that PIM to higher roles works better and faster if you initially have a read role. I even think I have read it as a recommendation in the official docs somewhere, for some specific scenario (maybe it was for CSPs)
@joe_elway This is so good guidance. Wish I knew this before I set up one of my first hub following recommendations 🙃 now me and the customer lives with adding extra routes to every single spoke to force traffic through the firewall instead of just using the default route
@NathanMcNulty I think the first mistake you mention is “even using a root CA”. Most companies use it for internal services and does not sell CA services to others. Who cares about the CA being hacked if they already own your domain admins and all your servers, clients and all data 🤷♂️
Question for people who use bicep.
When you are creating your main.bixep where it uses modules.
Do you go parameters, global variables then modules with module variables above each module.
Or do you put all of your parameters and variables at the top?
#Azure#Bicep#IaC
📢 Ahead of out #MSIgnite session, we put together a blog announcing everything new across Azure Governance!
👉🏾 https://t.co/KOu6D2I0Uz
💡The blog features updates from Resource Graph, Policy, Machine Config, Resource Notifications and more!
#Azure#Kubernetes#MVPBuzz
The Microsoft Azure Well-Architected Framework has been refreshed! 😎
Comprehensive refresh of the Well-Architected Framework for designing and running optimized workloads on Azure
https://t.co/xPUFx74c2V
If you are doing work with #Azure#DefenderForCloud I can recommend checking the docs to learn more what the different workload protections checks for you.
https://t.co/WcVryhtew5