Sander Rozemuller | All about Automation, Monitoring for Identity, AVD and Intune

Update deallocated AVD session hosts with scheduled agents updates feature

Sander Rozemuller
Date : November 30, 2022
Categories : Avd
Tags : Log analytics ,Azure functions ,Virtual machines ,Power shell

Recently, a question passed my screen if the AVD scheduled agent feature supports deallocated machines. The answer is short, no. Also when not enabling the feature, Microsoft does not start deallocated machines. So, how do we make sure when a new agent becomes available also deallocated machines are updated?

The Endpoint Security Train - Introduction

Sander Rozemuller
Date : November 20, 2022
Categories : Endpoint ,Security
Tags : Endpoint ,Zero trust ,The endpoint security train ,Microsoft intune ,Azure ,Entra ID

The IT landscape is changing. Private becomes public, local resources are moving to the public cloud. More and more workloads return to the local endpoint. Cloud endpoints (AVD, W365) are mostly used to run legacy software. With all those movements, it could be challenging to keep the herd in the pasture. Devices are everywhere and what about security?

Disable user tenant creation

Sander Rozemuller
Date : November 17, 2022
Categories : Entra ID ,Security
Tags : Azure ,Entra ID

It looks like Microsoft has added a new option that allows users to create tenants. Some people have seen the Tenant Creation option in the regular Azure portal but was removed fast. For now, the option is still available in the Preview Azure Portal (https://preview.portal.azure.com/)

Deploy Azure Bastion host in AVD environment automated

Sander Rozemuller
Date : November 11, 2022
Categories : Azure virtual desktop ,Security
Tags : Azure bastion ,Virtual machines ,Power shell ,The endpoint security train

The IT landscape is changing. Hardware takes place for serverless and resources are moving to public cloud platforms. With that, also the IT processes are changing. In this blog post, I show how to make one of the most common processes more secure in the public cloud. Manage a client endpoint with remote control.

Route AVD traffic through static WAN IP with Azure Firewall automated

Sander Rozemuller
Date : November 4, 2022
Categories : Azure virtual desktop ,Network
Tags : WAN ,Azure ,Firewall ,Security

Recently I had a situation where a customer asked me how to make sure the AVD environment always has the same WAN IP. To give Azure Virtual Desktop a fixed external IP, some options are available. Think about a NAT gateway or an Azure Firewall. In this blog post, I show how to configure a static WAN IP for AVD with the use of the Azure Firewall in an automated way.

Use internal main.iam.ad API with Logic Apps

Sander Rozemuller
Date : October 24, 2022
Categories : Azure ad ,Graph API
Tags : Security ,Monitoring

This blog post is a follow-up to my post about using the hidden API in automation. In that post, I explained how to authenticate to the https://main.iam.ad.ext.azure.com/api/ endpoint and, how to get information from it. If you haven’t already, I would suggest reading that post first. I used Azure Functions to run the automation tasks.