Sander Rozemuller | All about Automation, Monitoring for Identity, AVD and Intune

Disable user tenant creation

Sander Rozemuller
Date : November 17, 2022
Categories : Entra ID ,Security
Tags : Azure ,Entra ID

It looks like Microsoft has added a new option that allows users to create tenants. Some people have seen the Tenant Creation option in the regular Azure portal but was removed fast. For now, the option is still available in the Preview Azure Portal (https://preview.portal.azure.com/)

Deploy Azure Bastion host in AVD environment automated

Sander Rozemuller
Date : November 11, 2022
Categories : Azure virtual desktop ,Security
Tags : Azure bastion ,Virtual machines ,Power shell ,The endpoint security train

The IT landscape is changing. Hardware takes place for serverless and resources are moving to public cloud platforms. With that, also the IT processes are changing. In this blog post, I show how to make one of the most common processes more secure in the public cloud. Manage a client endpoint with remote control.

Route AVD traffic through static WAN IP with Azure Firewall automated

Sander Rozemuller
Date : November 4, 2022
Categories : Azure virtual desktop ,Network
Tags : WAN ,Azure ,Firewall ,Security

Recently I had a situation where a customer asked me how to make sure the AVD environment always has the same WAN IP. To give Azure Virtual Desktop a fixed external IP, some options are available. Think about a NAT gateway or an Azure Firewall. In this blog post, I show how to configure a static WAN IP for AVD with the use of the Azure Firewall in an automated way.

Use internal main.iam.ad API with Logic Apps

Sander Rozemuller
Date : October 24, 2022
Categories : Azure ad ,Graph API
Tags : Security ,Monitoring

This blog post is a follow-up to my post about using the hidden API in automation. In that post, I explained how to authenticate to the https://main.iam.ad.ext.azure.com/api/ endpoint and, how to get information from it. If you haven’t already, I would suggest reading that post first. I used Azure Functions to run the automation tasks.

Use internal main.iam.ad API in automation

Sander Rozemuller
Date : October 17, 2022
Categories : Azure ad ,Graph API
Tags : Security ,Monitoring

We all know the Graph API, graph.microsoft.com, and the Azure management API, management.azure.com. Both APIs are used very often and lots of automation tasks depend on those APIs. Also, most PowerShell modules rely on them and, the Graph and Azure management APIs are well documented.

Deploy and monitor conditional access authentication strength automated

Sander Rozemuller
Date : October 6, 2022
Categories : Azure ad ,Security
Tags : Conditional access ,Monitoring

Conditional access is an indispensable configuration setting in Azure AD. Conditional Access policies are in basic if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it. Or, it requires everyone to use multifactor authentication. Multifactor authentication can be a password in combination with an SMS or the use of the Microsoft Authenticator app for example. In the past, a user can choose to use SMS or the authenticator or what the admins provide you to use.