Blogs

Azure Firewall is a managed, cloud-based network security service that protects your Azure virtual network resources.

You can centrally create, enforce the network connectivity policies across subscriptions and virtual networks.

Firewall features

Built-in high availability: No additional load balancers are required because High availability is built-in so, you don’t need to configure anything.

Availability Zone:  Azure firewall can be configured during deployment to span multiple Availability Zones to increase the availability, availability Zones increases the availability up to 99.99% uptime.

There is no additional cost for a firewall deployed in the availability Zone, However, there are additional costs for inbound and outbound data transfer associated with availability Zones.

Unrestricted  Cloud Scalability:  Azure Firewall can scale up as much as you need to accommodate changing network traffic flows, so you don’t need to budget for your peak traffic.

Application FQDN  filtering rules:  you can limit outbound HTTP and HTTPS traffic or Azure  SQL traffic to a specified list of fully qualified Domain names (FQDN) including wild cards. This feature doesn’t require TLS terminations

Network traffic filtering rules: you can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. The Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections.  Rules are enforced and logged across multiple subscriptions and virtual networks.

FQDN tags: make it easy for you to allow well–known Azure Service network traffic through your firewall. For example, say you want to allow windows to update the network through your firewall. You create an application rule and include the windows update tag. Now network traffic from windows update can flow through your firewall.

Service tags:  A service tag represents a group of IP address prefixes to help minimize complexity for security rule creation. You can’t create your own service tag, nor specify which IP address is included within a tag. Microsoft manages the address prefixes encompassed by the service tag, and automatically updates the service tag as addresses change.

Threat intelligence:  Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/known malicious IP addresses and domains. The IP Addresses and Domains are sourced from the Microsoft Threats intelligence feed.

Outbound SNAT support: All outbound virtual network traffic IP addresses are translated to the azure Firewall public IP (Source Network address translation). You can identify and allow traffic originating from your virtual network to remote internet destinations. Azure Firewalls doesn’t SNAT when the destination IP is a private IP range per IANA-RFC-1918. If your organization uses a public IP  address range of private network, Azure Firewall will SNAT  the traffic to one of the firewall private IP  addresses in AzureFirewallSubnet. You can configure Azure Firewall to not SNAT your public IP address range.

Inbound DNAT Support: Inbound internet network traffic to your firewall public IP address is translated (Destination Network address translation) and filtered to the private IP addresses on your virtual networks.

Multiple Public IP addresses:  You can associate multiple public Ip addresses (up to 250) with your firewall.

This enables the following scenarios:

DNAT – you can translate multiple standard port instances to your backend servers. For example, if you have two public IP addresses, you can translate TCP Port 3389 (RDP) for both IP Addresses

SNAT- Additional Ports are Available for outbound SNAT connections, reducing the potentials for SNAT port exhaustion. At this time, Azure Firewall randomly selects the source Public IP address associated with your firewall. Consider using a public IP address prefix.

Azure Monitor logging:  All events are integrated with Azure Monitor, allowing you to archive logs to a storage account, stream, events to your event hub, or send them to Azure Monitor logs.

Forced Tunnelling: you can Configure  Azure Firewall to route all internet–bound traffic to a designated next hop instead of going directly to the internet.

For more details, contact us!

The AWS Directory Service provides several ways to use the Microsoft Active Directory (AD) with other AWS utilities. Information regarding users, groups, & devices can be stored in directories, & the administrators use them to retrieve the information & resources. AWS Directory Service offers many directory alternatives for clients who wish to utilize the current Microsoft AD or Lightweight Directory Access Protocol (LDAP)–aware applications in the cloud. There is also a provision of the same alternatives to developers who seek a directory to manage users, groups, devices, & access.

What to select?

I want Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) for applications in my cloud: Choose AWS Directory Service for Microsoft Active Directory

I develop SaaS applications: The developers of upscale SaaS applications can use Amazon Cognito.

AWS Directory Service for Microsoft AD

Also known by the name AWS managed Microsoft AD, the AWS Directory Service for Microsoft AD is backed by a verified Microsoft Windows Server AD, overseen by AWS in the AWS Cloud. AWS managed AD permits a wide range of AD–aware applications to be migrated to the AWS Cloud. 

The AWS Managed Microsoft AD can be used with Microsoft SharePoint, Microsoft SQL Server, & several .NET applications. It is also compatible with AWS managed services such as Amazon WorkDocs, Amazon WorkSpaces, Amazon Connect, Amazon QuickSight, Amazon Chime, & Amazon Relational Database Service for Microsoft SQL Server (Amazon RDS for SQL Server, Amazon RDS for Oracle, & Amazon RDS for PostgreSQL).

AWS Managed Microsoft AD is present in 2 editions: Standard & Enterprise.

Standard Edition: AWS Managed Microsoft AD (Standard Edition) has been optimized to be a central directory for small-scale & midsize businesses with as many as 5,000 employees. Enough storage capacity is allotted to support up to 30,000 directory objects, like computers, users & groups.

Enterprise Edition: AWS Managed Microsoft AD (Enterprise Edition) has been created to back firms with up to 500,000* directory objects.

Security in AWS Directory Service

Cloud security at AWS is of the utmost priority. As a customer of AWS, you can avail several benefits from a data centre & network architecture that has been modelled to match the needs of organizations, for whom top-notch security of their data is a priority.

You and the AWS have to share the charge of security. This is described under the shared responsibility model as ‘the security of the cloud & security in the cloud’:

Security of the cloud – AWS is in charge of handling & protecting the fundamentals that run AWS services in the AWS Cloud. AWS also gives you services that are absolutely safe. Third-party auditors are regulated to continuously evaluate the level of our security as a part of the AWS compliance program.

Security in the cloud – The AWS service you use is your responsibility. The sensitivity of your data, your company’s needs, & applicable laws & regulations are also in your own hands.

Infrastructure Security in AWS Directory Service

Since it is a managed service, the AWS Directory Service is protected by the AWS global network security protocols.

Identity & Access Management for AWS Directory Service

Credentials are required to get access to the AWS Directory Service, which the AWS can use to authenticate your requests. Those credentials should have valid permission to gain access to the AWS resources, like an AWS Directory Service directory.

Contact us to know more!

Deploying applications to end-user Windows machines has never been easier if you are a Microsoft Intune administrator. Earlier what used to be a painstaking process of installing each application and its required dependencies one by one, has evolved into a professional solution where you can package all the applications along with their required dependencies into one complete “.intunewin” package for a simplified solution.

The concept of modern management or modern device management takes this a step further by providing IT administrators an even simpler way of installing, managing, updating & uninstalling applications using package managers.

Linux adopted early the practice of maintaining a centralized location where users could find and install the software.

What is a “Package Manager”?

A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer’s operating system in a consistent manner. It keeps track of what software is installed on the computer and allows us to easily install new software, upgrade the software to newer versions, or remove software that was previously installed.

As the name suggests, package managers deal with packages: collections of files that are bundled together and can be installed and removed as a group. Often, a package is just a particular program. A software package is an archive file containing a computer program as well as necessary metadata for its deployment. The computer program can be in source code that has to be compiled and built first. Package metadata includes package description, package version, and dependencies (other packages that need to be installed beforehand).

Package managers are charged with the task of finding, installing, maintaining, or uninstalling software packages upon the user’s command. Typical functions of a package management system include:

• Working with file archivers to extract package archives
• Ensuring the integrity of the package by verifying their checksums and digital certificates, respectively
• Looking up, downloading, installing, or updating existing software from a software repository or app store
• Grouping packages by function to reduce user confusion
• Managing dependencies to ensure a package is installed with all packages required

Package Managers differ based on the packaging system as well as the operating systems for which they are used. For example, RPM-based Linux, Yum, and DNF are package managers. For DEB-based Linux, we have apt-get, aptitude command line-based package managers. For Windows, the two most used package managers are Winget & Chocolatey. Over the next couple of weeks, I am going to do a deep dive on how to leverage these platforms along with Microsoft Intune to make applications management easier.

In this part 1 of the 4-part series, we will investigate Chocolatey and what it does. In the next installment, I will walk you through steps to get it set up in your organization using Microsoft Intune and how you can use this to manage application installment & management. In parts 3 & 4 we will look into how the same can be achieved via Winget.

Chocolatey

Chocolatey is a machine-level, command-line package manager and installer for Windows software. It uses the NuGet packaging infrastructure and Windows PowerShell to simplify the process of downloading and installing software.

Some well known features of chocolatey:

• Deploy Anywhere: chocolatey supports all Windows versions after Windows 7. It requires PowerShell v2+ and Microsoft .NET Framework 4.x. You can deploy on-prem, to Azure, AWS, or any cloud provider you might be looking at
• Deploy with Everything. Anything that can manage endpoints or do remote deployments can either direct Chocolatey through commands, batches, or scripts. Full configuration management solutions like Ansible, Chef, PowerShell DSC, Puppet or Salt typically have providers/modules that allow you to work within their languages to manage both Chocolatey installation/configuration and software
• Packages are Independent and Portable. When you deploy through multiple systems or want to migrate from one to another, you can take the work you have done with Chocolatey with you. How is that for some major time-savings
• Completely Offline and Secure. You can step up your own local repositories and start using them without the need for an internet connection
• Create Your Own Deployment Packages and use them internally
• Manage Dependencies With Ease. You can build specific installation paths for your applications

One of the most time-consuming tasks with Microsoft Intune is the application portion, where you package applications up to deploy. Currently, if the application is bundled as an executable (exe), the steps are as follows:

• Grab the installation executable
• Find the install switches – most common one is the silent switch
• Find the install directory or registry key to tell Microsoft Intune if it installed correctly or not
• Find the uninstall executable and any switches it has as well
• Wrap the executable in an ‘INTUNEWIN’ format
• Import file into Microsoft Intune
• Configure the application with the install and uninstall switches as well as the directory it creates to Microsoft Intune knows if it installed correctly or not

With Chocolatey, the process gets reduced and we only need to do the following:

• Find any install switches
• Grab the installation executable
• Find the uninstall process and switches
• Configure the application with any install switches, or uninstall switches within the Intune blade

Stay tuned for part 2, where we install Chocolatey as a Win32 app using Microsoft Intune and install subsequent software.

Read more blogs!

This is one of the major cloud concerns for many companies, but it is irrational. Your IT team manages access, sets rights and restrictions, and provides smartphone access and options & your corporation remains the sole owner of the venture. You maintain your rights, title, and interest in the data contained in Office 365.

When safeguarding your data, we operate under several key principles:

•  We may not use your data for advertising purposes or for any reason other than supporting you with services that you have paid for.
•  If you want to change providers, you will be taking your data with you.
• Privacy controls enable you to configure who has access to and what they can access in your company.
•  Extensive auditing and monitoring avoid admins from getting inappropriate access to your files.
•  Customer Lockbox for Office 365 leaves customers with clear power in unusual cases where a Microsoft developer could perhaps need to access customer data to tackle an IT problem.

Strict safeguards and architecture elements preclude your data from mingling with those of other organizations, and our data centre workers will never have unprivileged access to your data which is one of the major cloud concerns. 

The standard establishes a uniform, international approach to protecting privacy for personal data stored in the cloud. It reinforces that:

• You are in control of your data.

• You are aware of what is happening with your data.

• We provide strong security protection for your data.

• Your data will not be used for advertising.

• Microsoft encourages government inquiries to be made directly to you unless legally prohibited and will challenge attempts to prohibit disclosure in court.

Follow us on Quora for Cloud related queries!

Please follow the below steps to use this feature.

• Step-1. Login in admin center with Global Admin ID.

• Step-2.  Click on SharePoint. 

• Step-3. Click on More features>User profiles OPEN

• Step-4. Click on Manage User Profiles

• Step- 5. Find User account name here,  (User1)Gopal’s one drive access has been given to another user2.

• Step- 6. Click on Searched Profile.

• Step- 7. Click on Manage site collection owners

• Step- 8. Search here User2, to whom you want give access. and OK. (User1-Gopal’s One Drive access has been successfully provided to User2-Sunil Rathi)

• Step- 9. Now we need to share the one drive link. (User1-Gopal’s One drive link will be share to User2-Sunil Rathi).

Go to Admin Center https://admin.microsoft.com/ > User>Active Users> Search Name>Click on User Profile.

• Step-10. Click on User1-Gopal’s OneDrive>Create link to files. (to create OneDrive shared link).

• Step – 11.  User1-Gopal’s OneDrive link has been created. Share it with User2-Sunil Rathi, Via using this link OneDrive can be accessed by authorized User.

Microsoft Secure Score is a security analytics tool that provides better security configuration and security features. It applies a numerical score to custom security that outlines the action that can be taken to improve that configuration. It improves the security standards of an organization and lessens the chances of being hacked.

Why use Secure Score?

Secure score is made to help you take actions to improve your security. It gives you parameters to keep your infrastructure secure. Microsoft also offers a comparison chart to show you how your security compares to other Office 365 subscribers. Secure Score helps you understand the extent to which you have a good security configuration. It also informs you about behaviors and best practices to have inside your organization.

How does Secure Score work?

Secure Score determines what services you’re using (Exchange, OneDrive, SharePoint, etc.). It looks at your settings and activities and compares them on a baseline established by Microsoft. You’ll get a score based on how you are aligned with security best practices. It creates a full inventory of all the security configurations that reduces risk. Each control that reduces risk is calculated with points. Some controls are more effective and have more points assigned to them.

It is measured by how they are being implemented. The points provide an overall secure score. More the secure score is more is your organization protected in terms of security measures. This score below in the image represents how secure your environment is. You can measure it over time to track your progress

Office and Microsoft 365 risk assessment

Secure Score provides an overall risk assessment. It gives you links to make you aware of the risk you’re facing if you don’t follow the recommended actions.

This example shows some of the potential risks:

Account Breach – the risk indicates a tenancy breach that can be used by an attacker to interact with either resource in Office and Microsoft 365, or with on-premises infrastructure

Elevation of Privilege – an attacker has managed to compromise one or more accounts in the tenancy and is now working to increase their power

Data Exfiltration – an attacker has found a way to move data out of the tenancy

From the summary page, you can get a glimpse of how your score compares to the average score of all Microsoft customers.

Taking action

Your target score can fall into the range from Basic to Balanced, to Aggressive.

Depending on where you set your target, Secure Score would share with you a number of suggestions to help you reach your goal.

Suggestions are based on priority and the effectiveness of the action compared to the level of impact to the end-users.

Actions that are highly effective, with a low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users.

You can filter these actions by category, such as User Impact, Implementation, etc. Seeing how each of these actions affects the users, allows you to balance your organization’s productivity against your security.

Some actions are not scored, which means even if the corresponding actions are implemented, the secure score won’t increase. These actions are marked as [Not Scored] in the queue. Microsoft has stated over time Microsoft Secure Score will be able to better measure these controls and adjust the score accordingly.

Score analyzer

This allows tracking and reporting of the score over time. As with the secure score summary, your score is compared daily to the average score of all Office and Microsoft 365 customers, so you can see the relative position in the security landscape to make planning and communication easier with the team and the leaders.

The graph below shows the secure score in time.

Organizations always try to ensure the highest level of security for their data and processes, in this quest Secure Score can be one easy and quick indicator, allowing for appropriate actions to be taken in order to gain umpteen level of prevention from various kinds of cyber-attacks. Optimum utilization of these features as you use the tool helps you get further peace of mind that you’re taking the right steps to protect your organization from threats.

Click here to view more such blogs by Mismo Systems!

In this blog I will be talking about the Top 10 elements of Cloud.

Virtual Network: Create a logically isolated section in Microsoft Azure and securely connect it outward.

VM: Windows Azure Virtual Machines is a scalable, on-demand IaaS platform you can use to quickly provision and deploy server workloads into the cloud. Once deployed, you can then configure, manage, and monitor those virtual machines, load-balance traffic between them.

Azure Storage: Microsoft Azure Storage is a Microsoft-managed cloud service that provides storage that is highly available, secure, durable, scalable, and redundant.

Load Balancer: A load balancer that distributes incoming traffic among backend virtual machine instances.

Azure Traffic Manager: Microsoft Azure Traffic Manager allows you to control the distribution of user traffic for service endpoints in the different datacentre.

Application Gateway: Scalable layer-7 load balancer offering various traffic routing rules and SSL termination for the backend.

Business continuity and disaster recovery (BCDR): BCDR plan is a plan to keep your data safe, and apps/workloads running when planned and unplanned outages occur.

Azure Active Directory:  (Azure AD) is Microsoft’s Cloud-Based identity and access management service, which helps your employees sign in and access.

Azure Backup: Simple and reliable server backup to the cloud.

Reliable off site data

a) Convenient offsite protection
b) Safe data
c) Encrypted backups

A simple and integrated solution

a) Familiar interface
b) Windows Azure integration

Efficient backup and recovery

a) Efficient use of bandwidth and storage
b) Flexible configuration
c) Flexibility in recovery
d) Cost-effective and metered by usage

Content Delivery Network (CDN) is a distributed computing model designed for developers to stream high-bandwidth files faster, efficiently, and reliably to worldwide customers. Azure CDN is typically used for delivering static content such as Images, Videos, Style sheets, documents, files, Client-side scripts, and HTML pages to customers using servers that are closest to users.

 App Service Plan: App Service plans to represent the collection of physical resources used to host your apps.

Azure Web Apps: Azure Web Apps enables you to build and host web applications in the programming language of your choice without managing infrastructure.

Azure SQL: A relational database-as-a-service, fully managed by Microsoft. Delivers predictable performance, elastic scale, business continuity, and programmatic functionality. For cloud-designed apps when near-zero administration and enterprise-grade capabilities are key.

Thanks for reading!

AWS CodePipeline is an Amazon Web Services tool that automates the app deployment process, enabling the developer to easily create, design, and execute software for new functionality and upgrades. The approach is known as continuous distribution.

AWS CodePipeline dynamically builds, checks, and launches the program any time the specification is changed; the developer uses a virtual user interface to model workflow settings for the release phase in the pipeline. AWS CodePipeline incorporates a range of Amazon services. It also facilitates tailored programs and activities via the AWS command-line interface.

The development team could define and execute actions, or a set of actions called a level. The developer should decide which CodePipeline testing should run and the pre-production environments it will run. The software will then run these activities into a concurrent execution cycle, in which several processors perform computational functions concurrently to optimize workflows. It takes source code from Amazon Simple Storage Service and deploys it on both AWS CodeDeploy and AWS Elastic Beanstalk. Developers can also add AWS Lambda functions or third-party DevOps platforms, such as GitHub or Jenkins.

All custom acts include creating, deploying, checking, and invoking, which promote special release processes. The developer will set up a worker to test the CodePipeline for job demands, then execute the task and return the status response.

The administrator gives access to AWS CodePipeline by AWS Identity and Access Management (IAM). IAM Roles Monitor which end-users may make improvements or changes to the release process of the program.

Cloud computing provides users with access to files, applications, data, and services from their Internet-connected devices, such as smartphones, laptops, and computers. Cloud computing also allows data collection and storing in a role that is independent of end-users. How Cloud Computing Can Boost Your Enterprise? This method is intended to allow companies of any size to make use of advanced software and information technology infrastructure to become more predominant and versatile, as well as to compete with much larger companies. Cloud computing, unlike traditional software and hardware, encourages companies to remain at the forefront of new tech without the need to make major investments in making purchases. In general, cloud computing requires being able to view and store services and data over the Internet rather than over hard drives.

Realizing the many benefits cloud computing provides to organizations and enterprises, we may make a strong argument that cloud infrastructure is also becoming a modern trend. Cloud infrastructure allows the world to address potential issues such as the management of big data, quality control, and cybersecurity. (Read:- How moving to the cloud reduces your impact on the environment?)

We at Mismo Systems have laid down a few important benefits of cloud computing that would help your business in increasing productivity!

Budget-friendly operations

You do not have to pay a penny on data upkeep, fuel costs, updates, or app licenses. This influence is the primary explanation of why a significant proportion of start-ups and small businesses use cloud computing to lower their costs.

24/7 Data Backup

If you want to secure your data and you do not have access to stable infrastructure, you need to implement a cloud storage backup plan.

If you want to keep your backup records on-site or want to access your finances from anywhere at any moment, cloud storage is the perfect way to protect your data.

In emergency conditions or system faults, such as flooding or burning, the data will never be destroyed as cloud storage immediately saves the data to their secure database servers. Or, if unexpected situations arise, you can quickly back up the data in minutes. In addition, it provides geo-redundancy measures in order to protect the data in a variety of centres in different locations.

Magnified Teamwork

Cloud technology helps enhance collaboration by helping different groups of people to compile a report remotely and effectively in real-time and via shared storage. This effect can reduce the amount of time on the market and enhance services and customer development.

In addition, you can save a huge amount of cash that you have to waste on upgrading the devices. By funding cloud computing providers with a low monthly charge, you can perform your company transactions effectively. It would also enable you to reduce your expenses by eliminating new users by using more restricted storage capacity to help decrease your running costs.

Improved Actions

You will be able to manage the business processes on a timely basis by running cloud computing programs. This feature will not only alert you as to what is latest, but it will also help you save a substantial amount of time. As a result, you can spend your precious time improving your efficiency.

With a variety of servers, cloud infrastructure allows customers to run their enterprises without any issues. We all recognize that individuals who are important members of the team will be able to access cloud services from different areas of the world in minutes.

Amplified Output

We also understand that we require balanced capital to increase productivity. Since cloud storage firms would work together better by storing information and records on the cloud, the productivity of each team member will gradually increase. This influence is the reason why companies carry out all their cloud-based initiatives to offer connectivity to those who are core components of their ventures.

You may change access conditions, and you can easily delete any limitations if any team members have permission to work on the project from other areas. Therefore, if you are still looking for something that can improve performance and competitiveness, then you need to choose this modern method.

Visio Tabs in Microsoft Teams allows team members in a dedicated space to access resources and information in a channel or chat. This helps the team to deal with resources and data directly and to have discussions about the tools and data within the structure of this forum or conversation.

Owners and members of the team can add additional tabs to a channel or chat by clicking Add a tab on top of the page (channel or chat).

You can use one click to create a tab of a Visio file in teams, as seen below. Either you can add an existing file to Teams, or you can create a new file from within Teams.

Visio Tabs in Microsoft Teams will assist you in a range of businesses-wide positions. Here are just a few cases for the business to ignite creativity –

Improving efficiency when you co-author a diagram in real-time — Multiple contributors normally generate design diagrams (for example, an architect for companies, a database architect and an architect for software are collaborating together to create an architectural model for a new module). You can ensure that coauthors can easily view the diagram and edit it as and where necessary by scanning the file by pinning the diagram in the tab. (Know more about our Workplace Managed Services)

Maintain critical procedures — companies also have systems to be successfully managed. For example, client representatives may take concrete measures to answer consumer issues in Business Process Outsourcing (BPO). If these company procedures are registered in a Visio folder, they can be applied to the workers as a team source to connect on nearly any platform at any time. Diagrams can be modified on a Visio Plan 1 or Plan 2 license in real-time as well, with updates available automatically to others.

Get up to speed quickly — A team member who did not originally draw up a diagram also needs a clearer grasp of the diagram such that an idea is communicated to other teams. An Azure consultant, for example, would compare azure with a client’s architecture. You can easily access, evaluate, apply comments to the diagram, and analyse it in detail in order to collect information, by turning the diagram into a Tab in Teams.

Simplify the discussion and revision phase — Industry experts from a wide range of industries timely think on business diagrams like Venn diagrams, pyramid diagrams, etc. Typically, these diagrams require several iterations, considering various stakeholder feedback. You can conveniently view the diagram(s) quickly and efficiently by creating a tab in an important Team Channel or conversation. by supplying all stakeholders.

All team members are supported with the inclusion of a team tab, but editing is open only to those who have a subscription to Visio Plan 1 or Plan 2. Compare plans here.