https://cd.infostar.me/ 2026-04-07T05:44:06+00:00 https://cd.infostar.me/ https://cd.infostar.me/_media/wiki:logo.png text/html 2022-03-25T13:42:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:active_directory?rev=1648215757&do=diff Azure Active Directory * Active Directory * Securing Active Directory * replica sets Azure AD DS * <https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance> * <https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync>, there is something funky about how on-prem password hash syncing works Ephemera * <https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/az… text/html 2025-06-04T12:16:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:application_management?rev=1749039384&do=diff Application Management * app registration * authentication and authorization * <https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/> * <https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals> * The configuration that is under Enterprise applications is the security/service principle used by the app. * <https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent> * application permissions vs… text/html 2024-09-24T18:32:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:arm_templates?rev=1727202754&do=diff ARM Templates * <https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/overview> Deployment Modes * In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template. * In incremental mode, Resource Manager leaves unchanged resources that exist in the resource group but aren't specified in the template. Resources in the template are added to the resource group. text/html 2024-11-12T19:04:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:authentication_and_authorization_examples?rev=1731438265&do=diff Authentication and Authorization Examples Fill in the client Id and secret to get an access token. curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=&client_secret=&resource=https://management.azure.com" "https://login.microsoftonline.com/f4817ec4-5e1a-42c0-a96a-b89179f9ed9d/oauth2/token" text/html 2024-10-08T12:31:48+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:az-104_learning_in-progress?rev=1728390708&do=diff AZ-104 Learning In-progress * Review firewall capabilities for storage accounts * Review redundancy options for storage accounts * Review object replication for storage blobs * Review soft delete vs. file versioning for file recovery * Review the tiers of blob storage (e.g. hot, cool, etc) text/html 2022-11-07T13:17:35+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_admin_tools?rev=1667827055&do=diff Azure Admin Tools To Explore * <https://github.com/DanielChronlund/DCToolbox> text/html 2023-01-31T19:17:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_api?rev=1675192624&do=diff Azure API * Azure Graph API vs MS Graph * AAD Graph App Registration * <https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-change-management-simplified/ba-p/2967456> text/html 2024-09-12T19:31:48+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_app_service?rev=1726169508&do=diff Azure App Service * <https://learn.microsoft.com/en-us/training/paths/create-azure-app-service-web-apps/> * <https://learn.microsoft.com/en-us/azure/architecture/web-apps/app-service/architectures/multi-region> * <https://learn.microsoft.com/en-us/azure/app-service/tutorial-multi-region-app> text/html 2021-09-20T18:31:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_arc?rev=1632162681&do=diff Azure Arc To Explore * <https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal>, deploying the Connected Machine agent at-scale text/html 2024-08-16T13:21:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_certifications?rev=1723814464&do=diff Azure Certifications * AZ-104 text/html 2022-03-14T12:08:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_high_availability?rev=1647259688&do=diff Azure High Availability * DR, disaster recovery To Explore * <https://docs.microsoft.com/en-us/azure/architecture/example-scenario/infrastructure/iaas-high-availability-disaster-recovery> text/html 2024-09-13T14:21:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_iac?rev=1726237306&do=diff Azure IaC * <https://github.com/Azure/azure-quickstart-templates>, templates and examples of ARM Templates and Bicep Templates text/html 2026-04-06T19:20:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_iam?rev=1775503234&do=diff Azure IAM * Microsoft Entra * Privileged Access Management * AzureAD vs. AzureRM roles * Entities that can be granted access to resources in Azure are generally called security principals. This includes users, groups, service principles and managed identities. * Authentication and Authorization * Application Management * Least privileged role for certain tasks * Lighthouse * text/html 2025-02-27T16:58:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_learning_path?rev=1740675533&do=diff Azure Learning Path Alpha * Learn about AAD App Registration and Admin Consent/Permission Delegation * Application Management * Azure VPN * identity_and_access_management * Azure Landing Zones * Learn ARM Templates text/html 2021-09-30T12:11:41+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_monitoring_solutions?rev=1633003901&do=diff Azure Monitoring Solutions * monitoring technologies text/html 2025-06-17T00:25:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_organization?rev=1750119929&do=diff Azure Organization * Azure Resource Manager is the control plane of Azure Subscriptions " You might want an additional subscription to avoid reaching subscription limits, to create separate environments for billing and security, or to isolate data for compliance reasons. text/html 2024-10-04T14:13:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_policy?rev=1728051217&do=diff Azure Policy * Azure Policy * Azure Policy helps to enforce organizational standards and to assess compliance at-scale. * Policies can be grouped together into Initiatives (aka policySets). * Azure Policy Guest Configuration agent is the service that runs on a VM to audit and remediate configuration issues text/html 2026-02-12T21:25:31+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_powerpipe?rev=1770931531&do=diff Azure Steampipe/Powerpipe * Azure Compliance Mod, CIS, NIST, etc * This page includes a list of the raw queries that can be ran using the Steampipe steampipe query --output line command. * Details on installing are here, <https://github.com/turbot/steampipe-mod-azure-compliance> Installation * Install Powerpipe * text/html 2023-02-06T19:08:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_resource_deployment?rev=1675710486&do=diff Azure Resource Deployment deployment, configuration and maintenance * ClickOps * ARM Templates * Blueprints * Landing Zones * Bicep * Azure Policy * Terraform text/html 2025-06-17T01:49:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_resource_graph_explorer?rev=1750124994&do=diff Azure Resource Graph Explorer Find all regions where resources are located. resources | summarize resourceCount = count() by location | project location, resourceCount Find all regions where VNets are located. resources | where type == 'microsoft.network/virtualnetworks' | summarize count() by location | project location text/html 2026-03-25T12:25:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_resource_manager?rev=1774441534&do=diff Azure Resource Manager Resource Provider An Azure Resource Provider is a service in Azure that supplies a set of related resources and operations. Think of it as a collection of capabilities that Azure exposes through the ARM (Azure Resource Manager) text/html 2025-04-11T15:10:43+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_security?rev=1744384243&do=diff Azure Security * Azure Sentinel * Azure Policy * Azure Security Assessments * Microsoft cloud security benchmark (MCSB) is the basis for the Microsoft Secure Score Learning/To Explore * <https://docs.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network> * <https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting>, management group visualization and more Miscellanea * Azure Security Center is a centered on infrastructure monitoring and hygiene tool. Loggin… text/html 2025-06-25T18:59:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_security_assessments?rev=1750877954&do=diff Azure Security Assessments * Azure Security Assessments Exploration * Azure Powerpipe * Azure Resource Graph Explorer * <https://github.com/microsoft/ARI> Methodology To begin an assessment list all resources that are in all subscriptions that are in scope to get a sense of the environment. List All Resources $subs = Get-AzSubscription foreach ($sub in $subs) { Set-AzContext -Subscription $sub.id $resources += Get-AzResource } $resources | convert-to-json | out-file " . \reso… text/html 2025-04-25T13:37:03+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_security_assessments_exploration?rev=1745588223&do=diff Azure Security Assessments Exploration * What is the Microsoft Cloud Security Benchmark? * How can the Azure Resource Graph Explorer be used for assessments? text/html 2023-06-14T21:40:09+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_sentinel?rev=1686778809&do=diff Azure Sentinel Quick-n-Dirty * Azure Monitor Agent (AMA), collects monitoring data from VMs and sends it to Azure Monitor * For non-Azure VMs to be integrated with Sentinel they need to be have the Azure Arc agent installed, which makes them Arc-enabled text/html 2022-03-12T13:24:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_sql?rev=1647091464&do=diff Azure SQL text/html 2025-08-29T19:32:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_storage?rev=1756495943&do=diff Azure Storage * <https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction> Azure Storage Accounts * storage accounts provide the logical container/namespace for storage services like, blob containers, file shares, queues and tables. * By default, storage accounts are accessible from any network, including the Internet. text/html 2023-02-28T14:27:30+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:azure_vpn?rev=1677594450&do=diff Azure VPN P2S VPN * <https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant> * Azure Point-to-Site VPN with Azure AD Authentication and MFA, video * Grant consent to VPN client * <https://jussiroine.com/2021/10/building-a-point-to-site-vpn-setup-to-azure-using-azure-ad-authentication/> text/html 2023-07-24T19:57:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:lighthouse?rev=1690228669&do=diff Lighthouse * Custom roles are not supported * The Owner role cannot be given to delegated users * data plane permissions are not supported * cannot cross environment (i.e. standard commercical, Gov Cloud, China, ...) boundaries Lighthouse vs. Partner Admin Link (PAL) text/html 2026-01-08T14:42:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:microsoft_entra?rev=1767883340&do=diff Microsoft Entra * <https://learn.microsoft.com/en-us/entra/identity/conditional-access/> Condition Access * <https://idpowerapp.com/>, Condition Access policy visualizer text/html 2025-06-17T17:56:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:monitoring_and_logging?rev=1750182961&do=diff Monitoring and Logging * Azure Platform Logs include: Resource Logs (previously diagnostic logs), Activity log, and Azure AD (sign-in logs), <https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview> * Resource Logs capture activity to the data access plane while the Activity log is a subscription-level log for the control plane text/html 2021-06-11T14:44:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:patch_management?rev=1623422682&do=diff Patch Management * Azure Update Management uses agents, Automation Accounts, and Log Analytics to build the Update Management solution To Explore * <https://feedback.azure.com/forums/905242-update-management/suggestions/31543825-update-s-rollback> text/html 2025-04-25T15:05:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:programmatic_access?rev=1745593544&do=diff Programmatic Access * Azure Powershell * Azure Resource Graph Explorer Related * jq text/html 2024-10-03T14:27:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:resource_locks?rev=1727965622&do=diff Resource Locks " As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions." * Resource Lock Considerations * A read-only lock on a resource group prevents you from moving existing resources in or out of the resource group. But note that a resource (not a resource group) with read-only lock can be moved to another resource group. text/html 2024-11-05T20:55:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:service_principles?rev=1730840123&do=diff Service Principles I used the following Powershell commands to setup a session using a service principle. I also had to give the SP the Reader role over the scope over the subscription. $appId = "xxxx" $clientSecret = $env:appsecret $securePassword = ConvertTo-SecureString -String $clientSecret -AsPlainText -Force $tenantId = "xxxx" $subscriptionId = "xxxx" $credential = New-Object -TypeName System.Management.Automation.PSCredential $appId, $securePassword Connect-AzAccount -ServicePrincipal … text/html 2024-08-27T14:21:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:subscriptions?rev=1724768468&do=diff Subscriptions * <https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions> text/html 2022-11-09T22:58:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:virtual_machines?rev=1668034694&do=diff Virtual Machines * Scale sets provide a way to create multiple VMs (based on the same image) dynamically as demand grows and shrinks. * Availability sets are a way of grouping VMs to spread them across multiple fault domains and update domains to provide high availability. Availability sets are a way to ensure that VMs are spread across different physical servers, switches, power supplies, etc, so that a failure of these does not affect all VMs. text/html 2024-08-28T18:45:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:virtual_networks?rev=1724870756&do=diff Virtual Networks Routing * Virtual network traffic routing §§§ Service Endpoints * When Service Endpoints are added ARM adds and updates routes in the route tables for subnets where the endpoint is enabled. * Service Tags can be used for address prefixes in User Defined Routes text/html 2021-02-18T16:28:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://cd.infostar.me/azure:windows_virtual_desktop?rev=1613665739&do=diff Windows Virtual Desktop * WVD Notes * WVD is a newer/better way to provide virtual desktops than traditional Remote Desktop Services (RDS). It removes a lot of the complexity of deploying RDS. Quick-n-dirty * Validation environments (pools)