Tag: Azure

Strengthening Security: MFA Required for Microsoft Admin Access

Starting on or after October 15, 2024, Microsoft will implement a significant security enhancement by mandating multi-factor authentication (MFA) for admins accessing the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. This requirement will also extend to any services accessed through the Intune admin center, such as Windows 365 Cloud PC. The introduction of MFA is a proactive measure to bolster security, providing an extra layer of protection against unauthorized access. Microsoft strongly recommends enabling MFA as soon as possible to take full advantage of its security benefits. For detailed guidance, admins are encouraged to review the document “Planning for mandatory multifactor authentication for Azure and admin portals.”

This change will have a direct impact on organizations by necessitating the activation of MFA for their tenants. Admins will need to ensure that MFA is enabled to maintain access to the Azure portal, Microsoft Entra admin center, and Intune admin center post-implementation. The transition to mandatory MFA underscores Microsoft’s commitment to enhancing security protocols and safeguarding sensitive information.

To prepare for this change, organizations must set up MFA before the October 15, 2024 deadline. This proactive step will ensure that admins can seamlessly access the necessary portals without interruption. In cases where setting up MFA before the deadline is not feasible, organizations have the option to apply for a postponement of the enforcement date. However, it is crucial to note that if MFA is not configured before the enforcement begins, admins will be prompted to register for MFA upon their next sign-in to the Azure portal, Microsoft Entra admin center, or Intune admin center.

The introduction of mandatory MFA is a strategic move by Microsoft to enhance the security framework of its admin portals. By requiring an additional authentication factor, Microsoft aims to mitigate the risks associated with single-factor authentication, such as password breaches and unauthorized access. This initiative reflects a broader industry trend towards strengthening security measures in response to evolving cyber threats.

Organizations are advised to communicate this upcoming change to their admin teams and ensure that all relevant documentation is updated accordingly (see Planning for mandatory multifactor authentication for Azure and admin portals). By doing so, they can facilitate a smooth transition to the new security requirements and minimize any potential disruptions. The implementation of MFA is not just a compliance measure but a critical step towards safeguarding organizational data and maintaining the integrity of admin operations.

Microsoft’s decision to mandate multi-factor authentication for admin access to key portals is a pivotal enhancement in its security strategy. This change, effective from October 15, 2024, will require organizations to enable MFA to ensure uninterrupted access for their admins. By taking proactive steps to implement MFA, organizations can significantly bolster their security posture and protect against unauthorized access. Admins are encouraged to familiarize themselves with the new requirements and prepare accordingly to leverage the full benefits of this enhanced security measure.

By mandating MFA, Microsoft is taking a significant step towards bolstering the security of its admin portals. Organizations should prepare for this change to ensure seamless access and enhanced protection for their admin operations.

Permanent link to this article: https://www.robertborges.us/2024/08/cloud-computing/strengthening-security-mfa-required-for-microsoft-admin-access/

Leverage Redundancy to Improve System Uptime

In the business world just a couple of decades ago, a certain amount of occasional downtime was almost expected in business systems.  It wasn’t uncommon for email systems, web servers, and file/applications servers to need occasional reboots, fall victim to memory leak errors, succumb to internet outages, or crash all together.  Avoiding unplanned downtime was possible, but doing so tended to be very costly for a truly redundant solution.  This limited the highly coveted 4 and 5 nines (9.999% and 9.9999%) of uptime to the large enterprise environments which could afford this level of redundancy.

Since then, even the smallest businesses have become less and less accepting of unplanned downtime in our production environment.  After all, our internet provider connections have become much more affordable to allow redundant connections, power protection is the norm, and operating systems have become much more reliable (though at times it doesn’t always feel that way).

SaaS (software as a service) and PasS (platform as a service) solutions like Microsoft 365, Azure SQL services, Azure Virtual Desktop, Azure Front Door, and others, often build in redundancies or make them easily deployable.  But what if you are still running virtual machines in the Azure cloud or in your on-premises environment?

It also goes without saying that taking the appropriate posture on cybersecurity and employing a good data backup solution is critical, but for the purpose of this discussion, I will stick to redundancy options.

Protecting Virtual On-Prem

Whether you’ve invested in Hyper-V or VMware for your virtualization hypervisor platform, there are a few things to consider.

  • Redundant networks – Multiple physical host adapters for management and VM traffic, preferably all connecting to different network switches.
  • Redundant power – Multiple power supplies in each virtualization host, each connected to a different UPS (uninterruptible power supply). Having a backup generator on top of this is a plus for any power outage beyond a few minutes.
  • Scale-out file server / SAN – Storage used by the hypervisors should be well thought out, allowing for resiliency not just within disk sets, but between disk arrays. Don’t just plan on individual disks failing. Disk controllers and even entire arrays can have critical issues. 
  • VM (virtual machine) clustering – Just like everything else, virtualization hosts are not immune to having issues.  Failover clustering allows a VM to automatically (or sometimes manually) start up on a different host when its primary host is either down unexpectedly or needs maintenance.  Clustering in the VMware world is pretty simple leveraging vSphere.  In Hyper-V, clustering is a little more complicated, but Microsoft has a lot of great resources to help you along the way.  There are also some really great 3rd party tools to manage failover and make failback a cinch. 

Storage Redundancy and SLAs

Storage in Azure has multiple resiliency options depending on your uptime requirements. Here are a few of Microsoft’s SLA (service level agreement) guaranteed uptimes for Azure Storage:

  • At least 99.99% (99.9% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to read data from Read Access-Geo Redundant Storage (RA-GRS) accounts, provided that failed attempts to read data from the primary region are retried on the secondary region. Rehydration is not supported in the secondary region.
  • At least 99.9% (99% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to read data from Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS) accounts.
  • At least 99.9% (99% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to write data to LRS, ZRS, GRS accounts, and RA-GRS accounts.

Protecting Azure Virtual Machines

Simple VMs in Azure should have at least a 95% uptime guarantee from Microsoft without any additional work.  If 95% uptime is not quite good enough, there are plenty of options to improve this score considerably.

For example, you can expect a 99% SLA simply by using Premium SSD, Ultra Disk, or Premium SSD v2 for all Operating System Disks and Data Disks. 

Availability Zones in Azure. Source: Microsoft

An Availability Set is two or more VMs deployed across different Fault Domains to avoid a single point of failure. When deploying two or more VM instances in the same Availability Set or in the same Dedicated Host Group, you can expect an SLA of up to 99.95%. 

Availability Zones are fault-isolated areas within an Azure region, providing redundant power, cooling, and networking.  They can make reliability even better with an SLA of up to 99.99% when two or more instances are deployed across two or more Availability Zones in the same Azure region.

Availability Sets and Availability Zones can be leveraged for VMs and also with Azure Virtual Desktop (AVD) to ensure a significant reduction in any single point of failure.

If you are planning an AVD deployment, then also consider On-Demand Capacity Reservations, since it will guarantee you will receive compute capacity up to the reserved quantity of VMs at least 99.9% of the time.

For more, here is a list of Microsoft’s SLAs for online services: https://azure.microsoft.com/en-us/support/legal/sla/

Permanent link to this article: https://www.robertborges.us/2022/12/cloud-computing/leverage-redundancy-to-improve-system-uptime/

Save Money with Azure VMs by Using Azure Hybrid Use Benefit

Traditionally Windows VMs (virtual machines) in Azure would include a Windows Server Datacenter license.  The cost of this license was built into the hourly/monthly fee for that VM.  This made systems easy to roll out using the GUI wizards and made licensing a cinch.  If you are moving existing virtual machine workloads to the cloud, this can be expensive since you paying again for licenses you’ve already purchased.

According to their new announcement, Microsoft says “now you can move your existing Windows Server licenses to Azure when you extend your datacenter to the cloud. With the Azure Hybrid Use Benefit, you can use on-premises Windows Server licenses that include Software Assurance to run Windows Server virtual machines in Azure at the base compute rate.” Continue reading

Permanent link to this article: https://www.robertborges.us/2017/06/windows/save-money-with-azure-vms-by-using-azure-hybrid-use-benefit/

Public Preview: Azure Active Directory Connect pass-through authentication

Imagine if you could set up single sign-on for your online services with just the check of a box, and allow all of your users to authenticate to services such as Office 365 automatically.  Imagine you could do this without the complexity of ADFS and the many hours of planning and implementation that go along with it.

On Wednesday, Microsoft announced the public preview of Azure Active Directory Connect pass-through authentication.  This new method of authentication allows for a single sign-on (SSO) experience without the need for Active Directory Federation Services (ADFS). Continue reading

Permanent link to this article: https://www.robertborges.us/2016/12/cloud-computing/public-preview-azure-active-directory-connect-pass-through-authentication/

Backing Up Azure ARM VMs with Backup and Site Recovery

Cloud-AzureIn my previous post titled Backing Up Azure ARM VMs with new Azure Recovery Services, I discussed a new feature set which was in Preview (A.K.A. beta). Before the Preview of Azure Recovery Service, we could backup “Classic” Azure VMs (virtual machines) by using Azure Backup, but not VMs created with the newer Azure Resource Monitor (ARM). Azure Recovery Service was not feature-complete, but it was the first time we could backup Azure VMs built using the new Azure Resource Monitor (ARM).

The public preview of Azure Recovery Service was a success, and now we have a final version with a new name: Backup and Site Recovery Continue reading

Permanent link to this article: https://www.robertborges.us/2016/12/cloud-computing/backing-up-azure-arm-vms-with-backup-and-site-recovery/

Improved SLA for Azure Virtual Machines

Up until now, Microsoft has guaranteed a 99.5% uptime SLA for IaaS (Infrastructure as a Service) virtual machines. While this level of uptime is very good, it is not enough for critical applications which require 24×7 access. Continue reading

Permanent link to this article: https://www.robertborges.us/2016/11/cloud-computing/improved-sla-for-azure-virtual-machines/

Microsoft Retires Azure RemoteApp

Today, in an announcement by Microsoft’s Remote Desktop Team, Azure RemoteApp is being retired.  Microsoft Azure RemoteApp is an application virtualization platform in the cloud.  Using Remote Desktop technology, applications can be presented to users without the need of installing anything on the user’s computer.  In addition to ease of management, it allows users to access applications securely on just about any device with internet access.  Azure RemoteApp was launched less than two years ago. Continue reading

Permanent link to this article: https://www.robertborges.us/2016/08/cloud-computing/microsoft-retires-azure-remoteapp/

Azure Site-to-Site VPN

Microsoft Azure gateway objects give the ability to configure site-to-site or device-to-site VPN (virtual private network) connections. With a site-to-site VPN, your physical network will be connected to your Azure hosted virtual network. This is an easy way to create a hybrid cloud environment, where some of your servers are on your local network, and some hosted as Azure Virtual Machines. Setting up a site-to-site network will allow these servers to communicate with each other, and allow client workstations to communicate with the Azure hosted Virtual Machines as if they were locally on your LAN. Continue reading

Permanent link to this article: https://www.robertborges.us/2016/03/cloud-computing/azure-site-to-site-vpn/

Running WordPress with Azure SQL using Project Nami

Typically WordPress uses MySQL as the database back-end.  The guys over at Project Nami found a way to easily utilize Azure SQL instead.  This video will walk you through the deployment process.  The wizard creates the Azure SQL database, installs the WordPress website, and configures the firewall security rules for you.  Take a look and see how easy it is.

http://projectnami.org/
https://github.com/ProjectNami/projectnami

Azure Blog: Project Nami: WordPress for Azure SQL Database/SQL Server

[01:14] – What Project Nami is about
[11:43] – Deploying Project Nami
[18:41] – Migrating to Project Nami
[23:43] – Deeper into Project Nami
[29:50] – Updating Project Nami
[32:36] – Where is Project Nami in the wild

Permanent link to this article: https://www.robertborges.us/2016/03/cloud-computing/running-wordpress-with-azure-sql-using-project-nami/

Introducing the Microsoft Azure Preview Portal

Microsoft has introduced the new Azure Preview Portal to create and manage your Microsoft Azure environment. This new portal is not only easier to use, but provides more detailed information and lots of new functionality.

While there are still a few items which cannot yet be managed using the new portal (such as Azure Backup), most can. There is even a new generation of many object types giving additional levels of security and usability. Continue reading

Permanent link to this article: https://www.robertborges.us/2016/03/cloud-computing/introducing-the-microsoft-azure-preview-portal/

SQL Database Geo Replication in Azure Portal

Designing your application for business continuity requires you to answer the following questions:

  1. Which business continuity feature is appropriate for protecting my application from outages?
  2. What level of redundancy and replication topology do I use?

Continue reading

Permanent link to this article: https://www.robertborges.us/2016/02/cloud-computing/sql-database-geo-replication-in-azure-portal/

Free eBook: Introducing Windows Azure for IT Professionals

Continuing a spree of free eBooks, Microsoft has done it again. This time they have released Mitch Tulloch’s “Introducing Windows Azure for IT Professionals”. This book covers not only web sites and databases, but also the new IaaS Virtual Machine offerings. Below are the download links for PDF, ePub, and MOBI formats. Continue reading

Permanent link to this article: https://www.robertborges.us/2013/10/learning-resources/free-ebook-introducing-windows-azure-for-it-professionals/

Learning Tools & Resources from Microsoft

On many occasions I have had people ask me “Where can I learn about Microsoft’s product X”, or “Is there anywhere I can go to get free training”. Well, here is a list of just a few of the resources Microsoft provides to us all so we can get educated and try out many software titles before making an investment. Continue reading

Permanent link to this article: https://www.robertborges.us/2012/04/learning-resources/learning-tools-resources-from-microsoft-2/

Cloud Computing: Why Go to the Cloud?

What is Cloud Computing?

There are many definitions as to what constitutes “Cloud Computing”. Some organizations say that server failover clustering is a requirement. Others say that metered services are required. At its core, cloud computing simply means that these products/services are hosted on the web and you pay for what you use (to varying degrees). Continue reading

Permanent link to this article: https://www.robertborges.us/2012/03/cloud-computing/cloud-computing-why-go-to-the-cloud/

Will Cloud Computing Be Getting More Affordable?

Microsoft cloud computingIf you haven’t read it yet, check out Microsoft’s recent white paper on the economics of cloud computing. How do you reduce your IT infrastructure costs by 80%? Well Microsoft thinks that one day cloud could be that cost effective! Microsoft released a new white paper in November called The Economics of the Cloud which describes in detail how the cloud could become so inexpensive (compared to traditional infrastructure) that may not consider anything else. Microsoft looks at a vast array of factors from cost saving per server as larger datacenters get larger, to making physical host servers more efficient by analyzing the time of day each client virtual machine is most highly utilized. View Microsoft’s white paper at: Technet Blogs

Permanent link to this article: https://www.robertborges.us/2011/12/cloud-computing/will-cloud-computing-be-getting-more-affordable/