cloudcoffee.ch - Freshly brewed with Microsoft Azure and Microsoft 365

Deploy Azure Bastion and shareable links

On 14. May 2023

With Azure Bastion and shareable links deployment, RDP and SSH connections to virtual machines in Azure can be made quickly and securely from anywhere. The virtual machines do not need a public IP address, agents or other software, and the time-consuming management of NSGs (network security groups) or VPNs is also eliminated.

Azure Bastion uses a web client based on HTML5 that uses TLS over port 443 and is a PaaS (Platform-as-a-Service) service. Regular updated and managed by Microsoft, this Azure service provides an extra layer of protection against zero-day exploits.

Windows LAPS in Microsoft Intune

By Oliver Müller

On 1. May 2023

In Microsoft 365

Last Updated on 11. May 2023

Windows LAPS (Local Administrator Password Solution) provides centralized, simple and secure management of local administrator passwords in Microsoft Intune. Each device receives its own temporary administrator password. Windows LAPS automatically manages the administrator passwords in terms of expiration and rotation. Local administrator passwords are stored in either Azure Active Directory or local Active Directory.

Windows LAPS thus offers, for example, higher protection against pass-the-hash and lateral traversal attacks.

Create an Azure snapshot of a virtual hard disk

By Oliver Müller

On 1. April 2023

In Microsoft Azure

An Azure Snapshot is an exact image of a disk at a specific point in time. This is a quicker way to back up the state of a hard disk than with an Azure backup.

Azure snapshots are best suited when, for example, operating system or software updates are to be tested. Additional virtual machines can be cloned from an Azure snapshot for this purpose. An existing virtual machine can also be restored to the original state of the snapshot if required.

This guide describes how to create an Azure snapshot, how to download a snapshot in VHD format, and how to clone a virtual machine from an Azure snapshot.

Setting up SPF, DKIM and DMARC in Exchange Online

By Oliver Müller

On 4. March 2023

In Microsoft 365

Last Updated on 14. April 2023

SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain based Message Authentication, Reporting and Conformance) are used to check email messages. In combination, the three procedures achieve a high level of security with regard to the authenticity of the sender and content of an email.

This guide sets up SPF, DKIM and DMARC for Exchange Online.

Protect Azure resources from accidental deletion with Azure Resource Locks

By Oliver Müller

On 4. February 2023

In Microsoft Azure

Azure Resource Locks can be used to easily and effectively protect Azure subscriptions, resource groups or individual resources from accidental deletion. The lock overrides any user permissions.

This guide shows how to enable Azure Resource Locks and which properties can be configured.