Showing items from Security

Add Windows Cloud Login application to Conditional Access automated

Sander Rozemuller
Date : June 14, 2024
Categories : Conditional access ,Azure virtual desktop
Tags : Conditional access ,Azure virtual desktop ,Single sign on ,Microsoft graph ,Security

Single Sign On (SSO) for Azure Virtual Desktop (AVD) gives users a seamless login experience from their Windows 10 or Windows 11 device to AVD. This feature is available for a while and most people have configured this feature already. Also, most are also using Conditional Access (CA) (I hope). To make Single Sign On work for AVD in combination with CA policies you need to add the applications Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c) to your CA policies. Based on your situation the applications are in- or excluded. Now, Microsoft announced that the Single Sign On traffic will be transitioned from the Microsoft Remote Desktop app to Windows Cloud Login. This means you have to add this application to your CA policies. This can be done manually, but I prefer to automate this. In this blog post, I will show you how to add the Windows Cloud Login application to your CA policies automated.

Monitor Security Baseline Insights Recommendations

Sander Rozemuller
Date : April 7, 2024
Categories : Microsoft intune ,Monitoring
Tags : Settings catalog ,Power shell ,Security

Microsoft has updated their security baselines in Microsoft Intune which you can read in the What is new in Intune. A part of the updates is that Microsoft has added recommended settings based on your organisation. In this blog post, I show how to monitor these recommendations that are part of the security baseline and generate a response when a setting does not met Microsoft’s recommendation.

Route AVD traffic through static WAN IP with Azure Firewall automated

Sander Rozemuller
Date : November 4, 2022
Categories : Azure virtual desktop ,Network
Tags : WAN ,Azure ,Firewall ,Security

Recently I had a situation where a customer asked me how to make sure the AVD environment always has the same WAN IP. To give Azure Virtual Desktop a fixed external IP, some options are available. Think about a NAT gateway or an Azure Firewall. In this blog post, I show how to configure a static WAN IP for AVD with the use of the Azure Firewall in an automated way.

Use internal main.iam.ad API with Logic Apps

Sander Rozemuller
Date : October 24, 2022
Categories : Azure ad ,Graph API
Tags : Security ,Monitoring

This blog post is a follow-up to my post about using the hidden API in automation. In that post, I explained how to authenticate to the https://main.iam.ad.ext.azure.com/api/ endpoint and, how to get information from it. If you haven’t already, I would suggest reading that post first. I used Azure Functions to run the automation tasks.

Use internal main.iam.ad API in automation

Sander Rozemuller
Date : October 17, 2022
Categories : Azure ad ,Graph API
Tags : Security ,Monitoring

We all know the Graph API, graph.microsoft.com, and the Azure management API, management.azure.com. Both APIs are used very often and lots of automation tasks depend on those APIs. Also, most PowerShell modules rely on them and, the Graph and Azure management APIs are well documented.

Secure and optimize AVD and CloudPC using Microsoft Intune

Sander Rozemuller
Date : January 12, 2022
Categories : Azure ,Azure virtual desktop ,Microsoft intune ,North star ,Security
Tags : Automation ,Azure virtual desktop ,Rest API ,Security

In this blog post, I explain how to secure and optimize AVD and CloudPC environment using Microsoft Intune automated. The configuration is all deployed automated based on PowerShell, JSON templates, and Graph API. I explain how to create a security baseline and how to deploy a configuration profile with settings.