![]() ![]() ![]() Of course I was thrilled that I got access again before my session, but… and this brings me to the point of this post which is to show about best practices and how we can properly secure an Azure environment, because in theory I didn’t have any access to the virtual environment but because of my access in Azure I could run some scripts and gain access in, this first post is going to be focused on Identity and role based access control in Microsoft Azure.įirst, of we need to start with securing the users which has access to Azure and also define a proper access control to resources and services. ![]() I ended up with using a Custom Script Azure Extension running a PowerShell Script (Set-ADUser -Identity $_.SamAccountName -PasswordNeverExpires:$FALSE) to disable the password expiration of my user before I had my presentation, which was run in Azure and therefore allowed me to gain access again. So basically locked out of my own environment with the single user account I had, so how could I solve this in Microsoft Azure?įirst of I intended to use the “Password reset” option that Azure provides in the portal but that is by design disabled if you want to run it on a domain controller so therefore that was not an option. Now one day before I had a speaking session, I got into an issue that the account password expired and I didn’t have a simple way to access the environment since I wasn’t able to disable NLA I couldn’t reset the password remotely since I don’t have console access to the environment. The demo environment was setup using a single admin account which had access to the domain. ![]() So let me start this post off with a story…Ī Couple of weeks ago I had some issues with a demo environment I was hosting in Microsoft Azure, where I had automated all of the infrastructure setups using ARM but there was still a lot of work done manually. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |