Knowledge Check on justinverstijnen.nl

Getting started with GitHub Pages

Thu, 19 Mar 2026 00:00:00 +0000

Requirements

A GitHub account (free)
A domain name for your website, or you can use the default domain name of GitHub
- youraccount.github.io
A template website to upload to your domain name
Some basic knowledge about websites and DNS

What is GitHub Pages?

GitHub Pages allows you to host a static website directly from a GitHub repository. This can be done without managing a server, infrastructure, or hosting provider. The only thing you do is create a repository, upload a website, and optionally connect it to a domain name of your choice. We can compare this to Azure Static Web Apps if you are familiar with that.

Azure Virtual Desktop V6/V7 VMs imaging

Thu, 12 Mar 2026 00:00:00 +0000

The VM size ‘Standard_E4as_v7’ cannot boot with OS image or disk. Please check that disk controller types supported by the OS image or disk is one of the supported disk controller types for the VM size ‘Standard_E4as_v7’. Please query sku api at https://aka.ms/azure-compute-skus to determine supported disk controller types for the VM size. (Code: InvalidParameter)
This size is not available because it does not support the SCSI disk controller type.

Because I really wanted to use higher version VMs, I went to research on how to solve this problem. I will describe the process from creating the initial imaging VM, to capture and installing new AVD hosts with our new image.

What is MTA-STS and how to use it to protect your email flow

Thu, 08 Jan 2026 00:00:00 +0000

Requirements

Around 30 minutes of your time
Access to your domains’ DNS hosting to create DNS records
An Azure Subscription if you want to publish your policy with a Static Web App
- A Github account if you use this option
An Azure Subscription if you want to publish your policy with a Function App
Basic knowledge of DNS records
Basic knowledge of Email security

MTA-STS versus SMTP DANE

MTA-STS overlaps with the newer SMTP DANE option, and they both help securing your email flow but each in its own manner. Some differences:

Azure Virtual Desktop FSLogix and Native Kerberos authentication

Tue, 16 Dec 2025 00:00:00 +0000

In this guide I will dive into how I configured an simple environment where I placed every configuration action in separate steps to keep it simple and clear to follow and also will give some describing information about some concepts and settings.

I also added some optional steps for a better configuration and security than this guide already provides for a better user experience and more security.

The solution described

The day has finally come; we can now build a Azure Virtual Desktop (AVD) hostpool in pooled configuration without having to host an Active Directory, and/or having to host an unsecured storage account by having to inject the Storage Access Key into the machines’ registry. This newer setup enhances performance and security on those points.

FSLogix and maximum Azure Files security

Sun, 14 Dec 2025 00:00:00 +0000

The Maximum Security preset in the Azure Portal

We can also run the SMB security on the Maximum security preset in the Azure Portal and still run FSLogix without problems. In the Azure Portal, go to the storage account and set the security of the File share to “Maximum security”:

This will only allow the AES-256-GCM SMB Channel encryption, but Windows 11 defaults to the 128 version only. We now have to tell Windows to use the better secured 256 version instead, otherwise the storage account blocks your requests and logging in isn’t possible. I will do this through Intune, but you could do this with Group Policy in the same manner or with PowerShell.

Azure Virtual Desktop RDP Properties

Thu, 27 Nov 2025 00:00:00 +0000

What are RDP properties?

RDP properties are specific settings to change your RDP experience. This can be to play sound on the remote or local PC, enable or disable printer redirection, enable or disable clipboard between computers and what to do if connection is lost.

In the previous years, this was also the case for normal RDP files or connections to Remote Desktop Services, but Azure Virtual Desktop brings this to a nice and centralized system which we can change to our and our users’ preference.

Wordpress on Azure

Thu, 04 Sep 2025 00:00:00 +0000

Requirements

An Azure subscription
A public domain name to run the website on (not required, but really nice)
Some basic knowledge about Azure
Some basic knowledge about IP addresses, DNS and websites
Around 45 minutes of your time

What is Wordpress?

For the people who may not know what Wordpress is; Wordpress is a tool to create and manage websites, without needing to have knowledge of code. It is a so-called content management system (CMS) and has thousands of themes and plugins to play with. This website you see now is also running on Wordpress.

RDP Multipath - What is it and how to configure?

Wed, 16 Jul 2025 00:00:00 +0000

Let’s take a look what RDP Multipath adds to your connections:

Green: The normal paths of connecting with RDP/Shortpath Purple: The paths added by RDP Multipath

This adds extra ways of connecting session hosts to the end device, selects the most reliable one and therefore adds stability and decreases latency.

RDP Multipath now has to be configured manually, but the expectation is that it will be added to new AVD/Multi Session images shortly, just ad RDP Shortpath did at the time.

Enhance email security with SPF/DKIM/DMARC

Mon, 16 Jun 2025 00:00:00 +0000

Microsoft announced that starting from May 5, 2025: SPF, DKIM and DMARC will become mandatory for inbound email delivery. Not configuring all three can result in your emails not being delivered correctly.

These 3 techniques are:

SPF: Sender Policy Framework
DKIM: Domain Keys Identified Mail
DMARC: Domain-based Message Authentication Reporting and Conformance

When using Microsoft 365 as your messaging service, I also highly recommend to configure SMTP DANE. A detailed guide of configuring this can be found here: https://justinverstijnen.nl/configure-dnssec-and-smtp-dane-with-exchange-online-microsoft-365/

Introduction to Networks

Wed, 04 Jun 2025 00:00:00 +0000

Requirements

Some basic networking knowledge
Some basic subnetting knowledge
Around 20 minutes of your time

Introduction to Networking

Networking is the process of connecting devices to share data and resources. It allows communication between users over local or global distances. Networks can range from small home setups to large corporate infrastructures. Key components include routers, switches, and protocols that manage data traffic. Effective networking ensures reliable, secure, and efficient information exchange. As technology advances, networking plays a critical role in enabling digital communication worldwide.

Creating Static Web Apps on Azure the easy way

Thu, 29 May 2025 00:00:00 +0000

Requirements

Around 45 minutes of your time
An account for Github (recommended)
An Azure subscription to host your Static Web App
Some basic knowledge of Azure
A custom domain to link the web app to your domain

Introduction to Static Web Apps and Github

Before we dive into Static Web Apps and Github, I want to give a clear explaination of both the components that will help us achieving our goal, hosting a simple web app on Azure.

The Basics and Benefits of IPv6

Fri, 14 Feb 2025 00:00:00 +0000

Requirements

Around 15 minutes of your time
Basic networking knowledge is great

IP addressing with IPv4 and IPv6

When we speak of a network, we speak of a set connected devices (we call them clients/nodes) where each device has its own use. Also there are some fundamental components every network has:

Router (this device connects your network to other networks like the internet)
Client

Like i said, your network contains several devices and each devices has to know how to connect to an other device. This will be done using an IP address. Using IP addresses enables you to have a very efficient network in terms of cabling. In the past there some coaxial based networks where every device was physically connected to each other.

Active Directory FSMO roles

Tue, 04 Feb 2025 00:00:00 +0000

What are the FSMO roles of Active Directory?

FSMO stands for Flexible Single Master Operations. Active Directory is normally multi-master, meaning changes can be made on any domain controller. However, some operations must be handled by one specific domain controller at a time to avoid conflicts. These special responsibilities are called the FSMO roles.

There are five FSMO roles:

Two forest-wide roles
Three domain-wide roles

Let’s look at them all and explain what their function is:

Configure DNSSEC and SMTP DANE Microsoft 365

Thu, 31 Oct 2024 00:00:00 +0000

Domain Name System Security Extensions (DNSSEC)

DNSSEC is a feature where a client can validate the DNS records received by a DNS server to ensure a record is originated from the DNS server and not manipulated by a Man in the Middle attack.

DNSSEC is developed to prevent attacks like in the topology below:

Here a attacker injects a fake DNS record and sends the user to a different IP-address, not the actual IP-address of the real website but a fake, mostly spoofed website. This way, a user sees for example https://portal.azure.com in his address bar but is actually on a malicious webserver. This makes the user far more vulnerable to credential harvesting or phising attacks.

Automatic AVD/W365 Feed discovery for mobile apps

Wed, 09 Oct 2024 00:00:00 +0000

Did you know we can automate this process? I will explain how to do this!

Fast path for URL: https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery

The problem explained

When downloading the apps for your mobile devices, we get this window after installing:

After filling in our emailadress that has access to a Azure Virtual Desktop hostpool or Windows 365 machine, we still get this error:

We couldn’t find any Workspaces associated with this email address. Try providing a URL instead.

Now the client wants a URL, but we don’t want to fill in this URL for every device we configure. We can automate this through DNS.