Login to you Azure Portal and locate the storage account you wish to prevent access to via http
Click configuration from the left pane, and then from the right pane, switch Secure Transfer Required to enabled, and click save
If you wish to secure your storage account further, lock down your storage account so only certain networks are able to access it. The default setting is All networks (including the internet, can access this storage account)
To lock down your storage account to a particular VNET or even a IP address, click Firewalls and Virtual Networks from the left pane
Click selected networks, and then click the link + Add existing virtual network, or if you wish to lock down the storage account to an IP address, scroll down a little further within your Azure Portal
Please note, the below post is from my personal experience using Zoom, so please configure your Zoom settings as per your own security requirements. I am in no way affiliated to Zoom but I am a keen user of the service.
For those who are not aware of what the Zoom service is, here is a snippet from the Zoom website.
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company on Nasdaq (ticker: ZM) and headquartered in San Jose, California.
Zoom has become a really popular platform since the outbreak of Corono Virus due to the company providing the ability for individuals, companies and schools to interact with each other online, whilst staying safe at home during this difficult time.
Zoom offer a number of packages which can be located on their website at zoom.us, including a free package with a 40 minute meeting limit. I have found the service really easy and quick to setup, but want to stress that security needs to be taken into account by users of the service. It’s not just a Zoom responsibility.
As we all know with popularity of a service comes attackers, security flaws are found and patched, and risks for users of the service when security is not taken seriously.
Zoom are responsible for resolving bugs and improving the service by releasing security updates, similar to when Microsoft publish new security windows updates for you to patch your windows desktop/laptop/server, but we as users need to take the responsibility for securing our environments, similar to when we set up a strong password to ensure no one can login to our laptop, we install Antivirus/Malware software to protect our devices from viruses, configure disk encryption, and secure the device when it’s not in use.
Like with any online service, Zoom security also needs to be taken seriously and friends who have also started to use Zoom recently have encouraged me to create a post on my personal experience and how I secure my Zoom meetings. I would like to discuss a number of the options available within Zoom which I use personally to secure my Zoom meetings. I may miss a few points but the aim of this post is to get you thinking about security. If you have an idea to share, please do leave a comment towards the end of this post.
ok, so here goes…
1) Don’t publish your meeting ID and password publicly I have lost count of the number of times I have mentioned this to first time and existing users of Zoom. Have a think before publishing your meeting ID and password to the World without any form of control or registration. It’s like advertising your home address and letting people know that you have left your house key outside under the mat.
If there is no requirement for users to interact with you such as a question and answer session, you could even use the feature to hook up your Zoom meeting to YouTube and advertise your YouTube link to participants. Before setting up a meeting, ask yourself whether you have made every effort to secure your meetings? Do you need to use YouTube Live for this event? As mentioned above, Zoom can be configured to connect to YouTube so your session could be streamed from Zoom to YouTube.
2) Enable waiting room This is a very useful Zoom feature which will allow you to manually admit participants into the meeting as they arrive. You could also move participants to the waiting room once they have been admitted if there was a requirement to do so (Right click the participant and send participant to waiting room). Or you could right click and remove the participant. If you wish to setup a message for those waiting to be admitted you can do so here by clicking ‘Customize the title, logo, and description’. See screenshot below.
3) Enable encryption
4) Disable Webcam and Mic on Entry
It can be embarrassing when your join a meeting not realising that your webcam is enabled, and then panic to locate the disable web cam button 🙂
The below options will ensure that webcam and mic are off upon participant and host entry.
Once you have started the meeting, there is a feature which will allow you prevent participants from unmuting themselves. I find this feature very useful to prevent participants accidentally unmuting themselves and disturbing the meeting.
To prevent participants from unmuting themselves; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below
Disable the option ‘Allow Participants to Unmute themselves’ as show below. If a participant attempts to unmute their mic, they will receive a message to inform them the mic has been disabled. The host can manually enable the mic for each participant when required. If any of the participants wish to ask a question, there is an option for them to click a button which raises a hand against their name to catch the attention of the Host. At this point the host could unmute the individual participant. Participants could also send a message to the host via Zoom’s chat feature.
Some may be thinking if there is a similar option to prevent participants from enabling Web Cam. At the time of writing this post, there was no option to prevent all participants to enable Webcam. I am hoping Zoom will introduce this feature soon, as it’s a great security feature. In the mean time, if you find a troublesome participant who continuously enables his/her webcam, the host can right click and stop the webcam for the individual participant. The participant will not be able to start their web cam again once it’s been disabled by the host unless the host permits. But this feature is only available to the host once the participant has enabled their web cam, and the host has had the opportunity to disable. This is the one feature I feel that Zoom is lacking and hoping they will release soon.
5) Join before host
Personally, I don’t allow participants to join before the host as I prefer to be the first to join the meeting and be in control over who is joining the meeting. Along with the waiting room option we discussed above, I switch off the below option.
6) Enable passwords for meetings Always setup a strong password for your meetings and enable the below option in case you forget to setup a password for future meeting scheduling. If someone was to guess a Meeting ID at random, they would be faced with a password prompt. Use the max 10 password length and include a mix of Numbers and Characters, including both uppercase and lowercase.
You can setup a password when creating your meeting. Here is the option:
7) Change your meeting password
If you have setup a reoccurring meeting you will be setup with the same Meeting ID which is useful, but make a habit of changing the password just incase someone has forwarded the password or even lost that piece of paper where the password was documented. Never document passwords on paper and store securely.
8) Embedded password with meeting ID
It’s easy sending out a link to your particpants which includes the meeting ID and password as a one click link to enter the meeting, but I prefer to disable this option and let the particpants type the password manually. I have not had to enable this feature as even non-tech people have managed to join my sessions with the system being easy to use.
9)Password for Participants coming in via Phone If there is a requirement for any participants to attend the meeting via a dial in number, don’t forget to enable this option so they are prompted to enter using a password. I have never had to use the dial in via phone feature because most join via the internet via laptop/desktop or smart phone using the Zoom Client Meeting app. Please don’t confuse joining via phone as being able to connect via a mobile phone with access to the Internet. This option involves dialing a telephone number to join the meeting. Would come in use for those who don’t have an internet connection but there is an additional cost for this service so please contact Zoom or visit the website.
10) Chat features
Personally, I disable the option to allow participants to send private messages amongst themselves. Including allowing participants to save chat conversation content. I allow for messages to be sent so all on the meeting can view, and participants have the option to send messages directly to the host. A personal choice and depends on your meeting requirements.
If there was a requirement to disable chat for all participants, both private and being able to post a message to everyone within the meeting; start the meeting, click the security shield icon and untick chat.
11) Sharing files
A great feature which allows the host and participants to share files, but I don’t like the idea of sharing files from personal computers and not knowing the state of those personal computers (No Anti Virus, not patched with latest windows updates etc) so I leave this option disabled.
12) Add Co-Hosts
I love this feature and always enable it. It allows the host to enable trusted/known members as co-hosts. Co-hosts can help with moderating participants waiting to be admitted, send them a message or even remove them. Co-Hosts can not promote further participants to co-hosts, as only the host can do this. If there was a requirement to do so the host can assign the host right to another participant. There can only be one host so the permissions would be transferred and the original host would become a normal participant with no moderator permissions. But the good thing is that Zoom have allowed for the original host to revoke permissions and take the host role back at anytime whilst the meeting is in progress.
13) Screen sharing
A great feature to allow the host or co-host to share their screen or switch on Zoom’s whiteboard. I disable the share screen option for participants and allow for hosts/co-hosts only.
This option allows participants to draw on your shared screen which I disable as there is no requirement for it to be enabled for me personally. But it could be used for fun, or if you were having a brain storming session where all in the meeting were taking part. It’s worth enabling and trying out. The feature can also be disabled from within the meeting if you found that participants were starting to annoy you 🙂
15) Virtual Background
This allows a bit of fun where participants can put up a background of a beach or any other background they wish using a image. We have used this feature and it does put a smile on everyone’s face. Personally, I disable it for participants. When disabled, hosts and co-hosts can still add a background within the meeting by accessing video settings.
16) Use the Lock Meeting Room Feature
Zoom offer a lock meeting room option so once your participants have joined the meeting, you could decide to Lock the meeting so no one else can enter.
To lock a meeting; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below
Click the option Lock Meeting
I hope this helps, and please do comment below if you have an idea to share. Thankyou
Azure Advisor is a great feature which provides recommendations on High Availability, Security, Performance and saving costs. Yes, that’s right, Microsoft help you save costs. It’s not all about making money for Microsoft, they want to help their customers save costs.
So how do they help customers save? Well, Microsoft will scan your Azure environment and report back any services which you could delete or downgrade via Azure Advisor. Services include:
– Optimize virtual machine spend by resizing or shutting down underutilized instances
– Reduce costs by eliminating unprovisioned ExpressRoute circuits
– Reduce costs by deleting or reconfiguring idle virtual network gateways
– Buy reserved virtual machine instances to save money over pay-as-you-go costs
– Delete unassociated public IP addresses to save money
– Delete Azure Data Factory pipelines that are failing
– Use Standard Snapshots for Managed Disks
How to access Cost recommendations in Azure Advisor
1) Login to the Azure portal 2) Search for and select Advisor
3) On the Advisor dashboard, select the Cost tab
It’s good to know that Microsoft are looking out for their customers when it comes to costs savings. It’s not all about making money for them, but they are passing down savings to the customers aswell.
I was lucky to attend Microsoft Ignite The Tour London on the 16th and 17th January 2020. Two days of great sessions by Microsoft employees and MVP’s. I enjoyed every minute of these two days, as it was a great opportunity to meet Microsoft employees and third party vendors including VMWare, Bit Titan, Netapp, CloudM. It was interesting talking to the third party vendors on the various solutions they were offering within Microsoft Azure/O365, and I returned with some great applications that I will be trialling in the coming weeks.
The exciting part of these two days were the many new features Microsoft were introducing across their cloud platforms, including Azure and O365. If you missed this event, there are more to come so I would highly recommend attending.
Now, returning to the main reason for posting, I wanted to remind you about the free exam voucher Microsoft are offering to those who attended Microsoft Ignite events recently. If you attended Microsoft Ignite 2019 or a Microsoft Ignite The Tour 2019-2020 event, you may be eligible to receive one free Microsoft fundamentals, role-based, or speciality certification exam. The free exam offer is available for redemption from the beginning of the event which you are attending and is valid for 180 days after the last day of the event. If you do not schedule an exam within that timeframe, you will not be able to redeem your offer.
This blog post will go through the process of creating an Azure Log Analytics workspace and connecting a test azure virtual server to the Log Analytics workspace. We will then setup the work space to collect System event logs from the test Azure VM.
1) Login to the Azure Portal
2) Search and select Log Analytics workspaces
3) Click Create Log Analytics workspace
4) Configure: – Give your new Log Analytics workspace a name – Select your subscription – Select a Resource Group – Select Location – Pricing Tier (Only one pricing Tier exists as of the year 2018). At the time of writing this blog post, the one available Tier was named Pay-as-you-go (Per GB 2018)
5) Click OK
6) Now that you have created your Log Analytics workspace, let’s join a VM to this new work space
Note that adding servers to the work space will automatically deploy a monitoring extension (agent) to the server
7) Click your new Log Analytics workspace
8) From the left pane under Workspace Data Sources, click Virtual Machines. As you can see from the screenshot, you can also connect other resources to your workspace
Note: Workspaces work across different regions, so you could add servers to a workspace no matter what region they are located in.
9) As you can see from the right pane, I have two virtual servers and the Log Analytics Connection is showing as not connected
10) Click a VM you wish to add to this work space (Ensure the VM is powered on)
11) As you can see from the below screen shot, the server is not connected to the work space, but we have the option to connect.
12) Click Connect
13) Wait for the virtual server to connect (A monitoring agent (Extension) is being deployed to the virtual server)
14) Now that the machine is connected to your workspace, the status is displayed as below. If you wish to disconnect, click disconnect.
Note: Now that the extension agent is deployed, you will find that the monitoring agent has been deployed to the VM. Locate the VM under virtual machines and click extensions from the left pane. The screenshot below shows the MicrosoftMonitoringAgent has been provisioned successfully.
15) If we go back to our workspace, we’ll find the server is now showing as a connection of this workspace along with a green tick.
16) Now, let’s enable logging for this workspace. Note that these logs will apply for all resources attached to this resource, so if you have different logging requirements for different resources, create different work spaces. You could also complete this step straight after the Logs Analytics Workspace has been deployed.
17) Click on your Log Analytics Workspace, and click Advanced Settings from the left pane.
18) The screen below will appear
Note: If you wish to connect physical servers to your Log Analytics Workspace, you can do so by downloading the required agent.
19) Click Data
20) A few different options appear which may be of interest to you. For this demo let’s click Windows Event Logs. Click the plus icon (blue box) to the right of the screen
21) For this demo, we will monitor the system logs, type system into the text box, select system and click the plus icon located within the blue box.
22) All logs are selected by default. You can select the logs as per your requirements.