Login to you Azure Portal and locate the storage account you wish to prevent access to via http
Click configuration from the left pane, and then from the right pane, switch Secure Transfer Required to enabled, and click save
If you wish to secure your storage account further, lock down your storage account so only certain networks are able to access it. The default setting is All networks (including the internet, can access this storage account)
To lock down your storage account to a particular VNET or even a IP address, click Firewalls and Virtual Networks from the left pane
Click selected networks, and then click the link + Add existing virtual network, or if you wish to lock down the storage account to an IP address, scroll down a little further within your Azure Portal
Azure Advisor is a great feature which provides recommendations on High Availability, Security, Performance and saving costs. Yes, that’s right, Microsoft help you save costs. It’s not all about making money for Microsoft, they want to help their customers save costs.
So how do they help customers save? Well, Microsoft will scan your Azure environment and report back any services which you could delete or downgrade via Azure Advisor. Services include:
– Optimize virtual machine spend by resizing or shutting down underutilized instances
– Reduce costs by eliminating unprovisioned ExpressRoute circuits
– Reduce costs by deleting or reconfiguring idle virtual network gateways
– Buy reserved virtual machine instances to save money over pay-as-you-go costs
– Delete unassociated public IP addresses to save money
– Delete Azure Data Factory pipelines that are failing
– Use Standard Snapshots for Managed Disks
How to access Cost recommendations in Azure Advisor
1) Login to the Azure portal 2) Search for and select Advisor
3) On the Advisor dashboard, select the Cost tab
It’s good to know that Microsoft are looking out for their customers when it comes to costs savings. It’s not all about making money for them, but they are passing down savings to the customers aswell.
I was lucky to attend Microsoft Ignite The Tour London on the 16th and 17th January 2020. Two days of great sessions by Microsoft employees and MVP’s. I enjoyed every minute of these two days, as it was a great opportunity to meet Microsoft employees and third party vendors including VMWare, Bit Titan, Netapp, CloudM. It was interesting talking to the third party vendors on the various solutions they were offering within Microsoft Azure/O365, and I returned with some great applications that I will be trialling in the coming weeks.
The exciting part of these two days were the many new features Microsoft were introducing across their cloud platforms, including Azure and O365. If you missed this event, there are more to come so I would highly recommend attending.
Now, returning to the main reason for posting, I wanted to remind you about the free exam voucher Microsoft are offering to those who attended Microsoft Ignite events recently. If you attended Microsoft Ignite 2019 or a Microsoft Ignite The Tour 2019-2020 event, you may be eligible to receive one free Microsoft fundamentals, role-based, or speciality certification exam. The free exam offer is available for redemption from the beginning of the event which you are attending and is valid for 180 days after the last day of the event. If you do not schedule an exam within that timeframe, you will not be able to redeem your offer.
A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control.
To enable system assigned identity within a Azure VM:
1) Click the VM within Azure 2) From the left pane, click identity
3) Change status to On and click save
4) Click yes to confirm
5) Once enabled, you’ll find an additional message appears confirming what this feature will enable:
‘This resource is registered with Azure Active Directory. You can control its access to services like Azure Resource Manager, Azure Key Vault, etc.’
While most of you were away relaxing, i focused on preparing for my AZ-500 Microsoft Azure Security exam, and what a great way to end 2019, passing this exam was a great achievement.
A few have already asked me what i did to prepare so i would like to take this opportunity to blog about my experience.
First of all, i highly recommend you setup an Azure account if you don’t already have one. You can sign up for an account at Azure Free Account. The exam included labs so research and implement the various security features within the Azure portal.
So what did i do to prepare for my exam? Firstly, I can not stress enough that hands on experience and understanding all Azure security features is an important part for you to pass this exam.
Preparing for the exam:
1) Azure Updates – Keep up to date via the Microsoft Azure updates site
2) Azure Social Media accounts. I follow most Microsoft Azure twitter accounts. A great way to stay up to date with what’s going on with Microsoft Azure.
3) Research what Microsoft recently announced at events such as Microsoft Ignite. There are blog articles available from those who have attended the previous Microsoft Ignite events where new features are announced. I am looking forward to attend the event in London this month 🙂
4) Azure Security course available from udemy.com (Microsoft AZ-500 Certification: Azure Security Technologies by Nick Colyer from Skylines Academy). A really good course and highly recommended.
6) If you don’t understand something, look it up. There are a ton of Microsoft you tube videos and articles out there which explain the features well. I have lost count, but i did go through a large number of Microsoft videos and articles. You really need to understand what you’re learning. If you’re watching a training video, pause the video and go look up the feature being explained and implement within your test Azure Portal if required.
More info on what you will be tested on can be located at Microsoft Azure AZ-500 Exam (The exam format was recently updated so keep an eye on this article)
Overall, i did spend a large number of hours preparing for this exam but the end result was well worth it. I spent about 3 weeks studying, and was working within the Azure Portal everyday. I really enjoyed preparing for this exam and i am sure you will too. All the best
Please follow and like us:
Enjoy this blog? Please spread the word. Thankyou :)