Share this:

As Yesterday was the renewal day 1^st of July and waiting for THE email and waiting and the MVP website was slow and down all the MVP’s are checking the status. As I did not see any email till 18:00 thought well I need to go and do some stuff Lets see this tomorrow.

and there it is at 18:10 the email with the proof. Got my 12th MVP Award.

I Would thank the Community as I could not do this without you, this get me the inspiration on the blog Items and during the events with the AMA sessions.

For me, being awarded as a Microsoft MVP is a great honor. This award is a marvelous acknowledgment for all my activities.

I started as a MVP for “Clustering” in 2009 which then a small team of 4 MVP’s  It was a very exiting time to be part of that group among great personalities! Today, I’m doing mostly projects around Microsoft Azure and Windows Modern Workplace, so I’m really proud and happy that my community contributions ended up in a renewal for Azure.

 

Congrats to all new and renewed MVP colleagues!  #MVPBuzz @MVPAward

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

There a several ways on using an external IP in Azure, What method to use is up to you. Remember there is no good or wrong but only different opinions or insights on how to use it.

Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address assigned to the resource. The address is dedicated to the resource, until it is unassigned by you. If a public IP address is not assigned to a resource, the resource can still communicate outbound to the Internet, but Azure dynamically assigns an available IP address that is not dedicated to the resource.

Some of the resources you can associate a public IP address resource with are:

• Virtual machine network interfaces
• Internet-facing load balancers
• VPN gateways
• Application gateways
• Azure Firewall
• NAT Gateway

Matching SKUs must be used for load balancer and public IP resources. You can’t have a mixture of basic SKU resources and standard SKU resources. You can’t attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously.

Virtual Network NAT (network address translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without load balancer or public IP addresses directly attached to virtual machines. NAT is fully managed and highly resilient.

So this is only for the Outbound connection. why not use the Resource group IP this is also “static” ? using this IP means that al VM’s must be in the same resource group and when the resource group changed the IP is also changing.

NAT is compatible with standard SKU public IP address resources or public IP prefix resources or a combination of both. You can use a public IP prefix directly or distribute the public IP addresses of the prefix across multiple NAT gateway resources. NAT will groom all traffic to the range of IP addresses of the prefix. Any IP whitelisting of your deployments is now easy.

So How to implement this. a step by step guide. GUI and powershell Looking at my demo setup, There are 2 vm’s both in a different Resource group.

Setting up the NAT gateway is done by 3 tabs to fill in the name and what vnet to use

We add a new NAT gateway.

We create a new resource group and choose NAT gateway name.

The Timeout we leave this on 4 min for now.

We configure an external IP and with a standard SKU. Basic is not supported.

the next step is choose the External outbound IP pool minimal is 2 and max is 256. this is not needed but only if you want to have a pool of External IP’s else it just go the one external ip

you can select max 2 prefixes

Configure which subnets of a virtual network should use this NAT gateway. Subnets with Basic load balancers or virtual machines that are using a Basic public IP are not compatible and cannot be used.
Note: While you do not have to complete this step to create a NAT gateway, the NAT gateway will not be functional until you have added at least one subnet. You can also add and reconfigure which subnets are included after creating the NAT gateway.

in the last step we tag the NAT gateway to a subnet. When checking the VM’s on this subnet for the outbound IP ( remember the VM does not need a public IP on the network card)

Here I have 2 VM’s getting both an IP from the prefix

If there is only a small prefix then both machines will get the same external outbound IP

With this time flow it recycles the External IP, depending on the scope and usage.

So in just a few steps you can use a useful gateway for all your outbound traffic.

Building this in Powershell is also easy. I use a semi automatic script as I want to choose my network. but you can change this to a fixed network if you want.

remember this will need the az.network latest module. in the old modules there is no get-AzNatGateway command. without this the posh is not working.

First we have some parameters

# Set the variables for the NAT Gateway.
$rg = ‘rg-rsm-natgw001’
$Location = ‘Westeurope’
$sku = ‘Standard’
$PublicIpname = ‘pup-rsm-natgw001’
$Publicprefixname = ‘pxp-rsm-natgw001’
$NatGatewayname=’gwn-rsm-natgateway001′

#create Rsource group
New-AzResourceGroup -Name $rg -Location $Location 

First we make some external IP and or a range.

#create Standard SKUP public IP
$publicIP = New-AzPublicIpAddress -Name $PublicIpname -ResourceGroupName $rg -AllocationMethod Static -Location $Location -Sku $sku
$publicIP | Select-Object Name, ResourceGroupName, IpAddress, IdleTimeoutInMinutes, ProvisioningState

With the Zone attribute you can create zone redundancy, but this is not needed for this resource.

#create  IP prefix ( how many IP’s are needed)
$publicIPPrefix = New-AzPublicIpPrefix -Name $Publicprefixname -ResourceGroupName $rg -Location $Location -PrefixLength 29

$publicIPPrefix | Select-Object Name, IPPrefix, PrefixLength, ProvisioningState

You can skip this if you want only one external IP.

Next is creating the gateway.

#Create NAT gateway
$natGateway = New-AzNatGateway -Name $NatGatewayname -ResourceGroupName $rg -PublicIpAddress $publicIP -PublicIpPrefix $publicIPPrefix -Location $Location -Sku $sku -IdleTimeoutInMinutes 4
$natGateway  | Select-Object Name, ResourceGroupName, IdleTimeoutInMinutes , SKuText | Format-table -autosize –wrap

Now that the Gateway is created we can add a subnet to this. I used a point an click so that I can choose the network and subnet. but you can also use a variable to do this.

$virtualNetwork = Get-AzVirtualNetwork | Out-GridView -PassThru -Title "Pick the vnet that will be used for the NAT gateway"

$NATSubnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $virtualNetwork | Out-GridView -PassThru -Title "Pick the Subnet that will be used for the NAT gateway"

$NATSubnet.NatGateway = $natGateway
$virtualNetwork | Set-AzVirtualNetwork

The network is chosen and the subnet is selected.

In the Azure portal you can see the result.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Share this:

If you do a lot with Azure and PowerShell you may noticed that the latest module is important. as functions may not be there or properties are not listed correctly.

There are plenty of scripts around on how to update these modules. 

With the  Get-InstalledModule you will get a list of the modules on your system

When doing get module with the –listAvailable you will see all the versions

Get-Module -Name az.* -ListAvailable

here is the powershell code Like I said before there are tons of the same scripts around on github or blog post. So don’t invent the wheel again reuse and modify to your needs

Get-Module -Name az.* -ListAvailable |
  Where-Object -Property Name -ne ‘Az.’ |
  ForEach-Object {
    $currentVersion = [Version] $_.Version
    $newVersion = [Version] (Find-Module -Name $_.Name).Version
    if ($newVersion -gt $currentVersion) {
      Write-Host -Object "Updating $_ Module from $currentVersion to $newVersion"
      Update-Module -Name $_.Name -RequiredVersion $newVersion -Force
      Uninstall-Module -Name $_.Name -RequiredVersion $currentVersion -Force
    }
  }

Running this can tike some time as you can see In this case I have a lot of old and new modules and these are being updated to the latest versions

When updating this I had some PowerShell windows still open and got some errors, you can also do this by hand.

For sample  – Install-Module -Name Az.Accounts -RequiredVersion 1.8.0 –Force

Hope this helps you to a better Azure PowerShell experience. 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Assign policies for tag compliance

When starting With Azure The Costs are important. If you have created a lot of resources you might want to know who owns the resources or what is the purpose of this resource.

Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Tagging resources  is the way to find the resource and keep it with the purpose that you used it for. but over time things may change or added.

There are tons of reasons why you should use Tagging

• Cost management and optimization
• Cloud accounting models
• ROI calculations
• Cost tracking
• Budgets
• Alerts
• Recurring spend tracking and reporting
• Post-implementation optimizations
• Cost-optimization tactics
• Operations management
• Security
• Governance and regulatory compliance
• Automation
• Workload optimization

That way items in your resource groups may be un tagged. You can set policys for this but when there is some wild resource you might wan to check it first be for tagging.

As you can see the TAG’s are not applied to all the resources.

When you check the cost on the tag or on the resource group you will see different numbers. For adding the tag to all resources in the Resource group We use a PowerShell line.

First we connect to the Azure subscription or use the CLI

Connect-AzAccount
Login-AzAccount
Get-AzSubscription
Select-AzSubscription -Subscription "Microsoft Azure”

We select the resource group.

$RG = "rsmvprsg01"

When we check that resource group it has a tag. So there is no need to set an tag unless you want to set an extra tag to the resources.

Now We are setting the tag to all the resources that are in the resource group. Get-azresourcegroup and set the TAG.

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }

 

When looking in the Billing you might not see this directly

Drilling down on the resource you can see it is set.

If you did not had set the Tags then you need to define a tag first.

#Force Tags to all resources
#set tag no pre defined
Set-AzResourceGroup -Name $rg -Tag @{ env="Robert Smit"; RSM="ClusterMVP" }

• Define what each tag should be used to identify.  Tag name : The exact term used for the tag, e.g. “Application” , “Department” , “Project”
  Values:  List all potential values for each tag name, e.g. “finance”, “website” , “name”
• Tag names can have up to 512 characters, values can have up to 256
• These characters aren’t supported with tags: < > % & / ?

$group = Get-AzResourceGroup -Name $rg
Get-AzResource -ResourceGroupName $group.ResourceGroupName | ForEach-Object {Set-AzResource -ResourceId $_.ResourceId -Tag $group.Tags -Force }

And you can do this also with the Azure CLI

Open the CLI in the Azure portal

I’ll use the same settings

env="Robert Smit"; RSM="ClusterMVP"

 

az tag create –name Env

az tag add-value –name Env –value "Robert Smit”

 

 

Now that the Tags are created we can add them to a resource group

 

az group update -n rsmdemo01–set tags.Env="Robert Smit" tags.MVP=ClusterMVP

 

Is sett two tags but you can set just one or multiple.

Enforce tagging rules with Azure policies can done easily as there are many examples here https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies

The Link will take you to the Github repository https://github.com/Azure/azure-policy 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

 

ALTARO Software – Webinar

Critical Security Features in Office/Microsoft 365 Admins Simply Can’t Ignore

According to reports, since COVID-19 forced millions to work remotely, hackers have been taking this opportunity to exploit new vulnerabilities that have arisen. If your business uses Microsoft 365 or Office 365 to support remote workers, you need to be sure your security is as strong as it can be to avoid becoming another statistic in the coronavirus hackers hit list.

Office/Microsoft 365 has a serious amount of in-built security measures, but it’s not straight forward to enable them and ensure they are all configured correctly for your requirements. A free upcoming webinar from Altaro on May 27^th is a must-attend event for all users of Office/Microsoft 365, even more so due to current concerns over COVID-19 exploits.

Presented by Microsoft MVP Andy Syrewicze and Altaro Technical Consultant and former Microsoft Senior Technical Evangelist Symon Perriman, this live demo webinar covers security features in the Office 365 stack that every administrator should be using including Azure AD, EMS Suite, Secure Score, Licensing for Security Features, and more!

As usual, Altaro hosts the webinar live twice on the same day to give as many people as possible the chance to attend live and ask their questions to the presenters. The first is at 3pm CEST/ 9am EDT/6am PDT and the second at 7pm CEST/ 1pm EDT/ 10am PDT. Both sessions have the same content so just choose the session with the best time for you. I’ll be attending so I’ll see you there!

Webinar Title: Critical Security Features in Office/Microsoft 365

Date: Wednesday, May 27, 2020

Time: Webinar presented live twice on the day.

Choose your preferred time:

· 3pm CEST / 6am PDT / 9am EDT

· 7pm CEST / 10am PDT / 1pm EDT

Save my seat.

 

 

Thanks for visit my blog

Robert

https://robertsmit.wordpress.com/