In this post, I will be installing an Ubuntu Desktop instance and join it to Microsoft Intune to leverage Device Management on Ubuntu devices including some extra steps for proper device management.
A great way to encrypt your Microsoft 365 outbound emails using a similar technique as SSL is to use S/MIME. In this guide I will show you how to get certificates and configure S/MIME for your mailboxes.
Microsoft Defender for Endpoint is a built-in antivirus and security solution that helps protect your Windows devices. Because we want as less overhead as possible at certain moments, I though of using Defender with PowerShell. Using PowerShell, you can manage Defender by checking its status, running Full and Quick scans, updating protections, and handling detected threats. In this guide, I will explain some PowerShell commands with simple steps to help you control Defender effectively from PowerShell, remotely or even to use in your scripts.
Over time, Microsoft Entra ID environments often become filled with old and inactive devices. These can be devices from former employees, reinstalled systems, test devices or machines that simply no longer exist. Cleaning up these devices manually takes time and is easy to forget. By using Azure Automation, we can fully automate this process and remove devices that have been inactive for more than 180 days. Azure Automation is a service in Azure that allows you to automate tasks. Automation tasks usually work with schedules/timers and scripts and normally require infrastructure to run. In traditional environments this often means deploying and maintaining servers or virtual machines. In the cloud era we naturally want to avoid this as much as possible. With Azure Automation you can run different types of scripts whenever you want. These scripts run directly on the Azure platform without the need to deploy, design, maintain or secure your own server. This makes it a very robust solution. Azure Automation can also run in the context of a Managed Identity connected to the Automation Account. This removes the need for separate service accounts.
Microsoft Defender External Attack Surface Management (EASM) is a separate Defender solution which can be used to defend and monitor some of your external attack surfaces like websites, servers, SSL certificates and domains. All of this is achieved through a single admin panel in your Azure Portal.
In this guide, I show the path from install to deployment: I install Terraform, I prepare my Azure login using Azure CLI, and then I run a “single server” Terraform setup so you can see the process end-to-end.
When you reinstall your admin workstation or setup a fresh workstation, there are always a couple of PowerShell modules and tools must be installed install directly. These modules save a lot of time and make managing Azure and Microsoft 365 environments much easier but you always have to remember them correctly to actually install them.
This guide explains how to join an Azure virtual machine to Azure Active Directory (Azure AD). Please note that this process has several prerequisites that must be met before configuration which are described in the guide itself.
Dynamic Groups are really great for automating certain things. They are basically like groups like we know them for several years but they always required some sort of manual action or assignment. Dynamic Groups will help us eliminating this. I will give some examples how I implemented certain actions in production. I will also share the rules syntaxes which can be used directly into your environment and can be changed to your likings.
Cost management is very important when leveraging cloud services. Unexpected costs of cloud services can really disallow us from using any more services, and knowing from week to week what happens can help us with this. To partly address this issue for Azure Consumption costs, I have made a Logic App that sends us the actual consumption on weekly level. This because Logic Apps gives us much more customization options as the default built-in "Subscribe" feature.
In Azure we can link tags onto different resources, resource groups and subscriptions. We can use resource tagging for various reasons. With Azure Policy we can automate this process even further, linking different resources automatically based on what we want to achieve. For example, giving every resource in a specific resource group a tag.