An important Security measure when running workloads in Azure or any Cloud service is to control the type of traffic that flows in and out of resources. The resources can be virtual machines running a SQL database, web applications or domain services.
The Azure platform consists of a variety of resources that generate large volumes of activity and diagnostic log data. The source of this data can be subscription level events such as deallocating a virtual machine, deleting a resource group or creating a load balancer – essentially any create, update or delete operation on a resource. It can also include resource level activities such as a VM Windows event logs, VM performance data, web app response times – logs related to resource utilitization.
We’ve now reached the final article in this three part series covering Configuration Management in Azure automation. In Part 1, I discussed the Inventory tool and how to onboard an AWS EC2 virtual machine to Azure. Part 2 covered Change tracking and how to monitor changes to various resources on the AWS instance. In this article, Part 3, I will cover Azure State configuration (DSC) and how to register an AWS VM as a DSC node to apply a desired state.
In part 1 of this series, I discussed the Inventory tool that is a part of Azure Automation’s config management and how to on-board an AWS VM for management. In this article, I will cover Change Tracking. With Inventory, you get a report on the Windows files, registry and services, as well installed software for the machines being monitored. However, Change Tracking takes it a step further and provides a notification whenever there is a change to anything that’s being tracked on the machine. It also provides the capability to perform queries against the change logs. Let’s take a look and see how it works.
I attended this year’s Microsoft Ignite conference in Orlando, FL and decided i would provide my reflections on the event. The annual conference provides a plethora of sessions on Microsoft technology offerings and solutions related to Microsoft 365, IoT, containers, DevOps, Team collaboration, Azure services and more. Also, there’s an Expo of various IT vendors; panel discussions on Diversity in IT; and hands on labs to provide IT skill development. It’s a huge event with attendees in all walks of IT from around the world.
Azure Ad Connect provides organizations with the ability to synchronize their On-premises users and groups to Azure Active Directory. When synchronizing objects to Azure, administrators have the ability to control which users or groups are synchronized to the cloud. Furthermore, it’s also possible to select which user or group attributes are synchronized. Some organizations may have Security policies that prohibit certain information, such as phone numbers and addresses, from appearing in the cloud. Luckily, attributes can be easily filtered by unchecking the attribute on the AD connector object in Synchronization Service Manager.
Back in April of this year, I passed Azure exam 70-533: Implementing Microsoft Azure Infrastructure Solutions. To be honest, this was actually my second attempt at the exam. I failed on my first try about three weeks earlier. But who’s counting? All that matters is that I persisted and eventually passed. I’m not mentioning this to be discouraging to anyone intending to take the exam. However, my intention is to provide encouragement if you don’t pass the first time around. No one likes seeing the word “Fail” on the exam printout, but it’s not the end of the world. With that being said, I thought I would write an article outlining the methods I employed to prepare for the test.