Author: rzomerman

F5 – Allowing AAD Guests Kerberos Access

F5 – KCD – AAD – B2B In my last post I gave you a script that allows the automatic creation of B2B users in your local AD to enable you to publish (on-premises) Kerberos applications using Constraint Delegation. In this post, we will enable an F5 to use this setup to actually publish the […]

Read more

B2B Users & INternal apps

AAD B2B & AD KCD – AAD App Proxy In a previous post I talked about using Azure AD App Proxy in combination with B2B accounts. This is to allow B2B invited guest users to be able to connect to internal applications using Kerberos, without them knowing their sAMAccountName or password. In that post, I […]

Read more

Azure KeyVault BYOK

In a previous post I went into the cloud encryption architectures. One of the topics in the post was the use of your own keys in KeyVault. In this post I’ll go hands-on with an nCipher HSM that their team graciously gave me….. (ok I borrowed it and I have to give it back..) to […]

Read more

Privately moving data to Azure Storage

Azure Storage is awesome it’s a durable, highly available, massively scalable cloud storage solution with public endpoints. But what if you don’t want public endpoints. What if you want a private endpoint only? A customer asked me, how can I copy data using Azure Data Factory over my ExpressRoute link to my Azure Storage account […]

Read more

AZ Cleanup

I already published a script for cleaning up Azure resources, but found that with the introduction of the new AZ commands and later versions of the PShell CMDLets it was getting out of date fast. So I worked on a new module (.psm1) to replace it and give me more freedom to use the unused […]

Read more

F5 BIG-IP & AAD & KCD Simplified

With the release of an Application in Azure AD, the configuration of F5 publishing Kerberos backend applications have just been made a whole lot easier. This we cover in this post, but as an added bonus, the previous post adds the possibility of authenticating (Forest) trusted users on the same backend server using KCD (although […]

Read more

F5 BIG-IP & AAD & KCD – Cross Forest – Part 2

In the previous F5 posts we did, we always used a single forest, single domain setup. Obviously, this is not always the case, certainly when cross-forest migrations are being performed. Even in these situations we could leverage F5 and AAD’s federation capabilities to provide an SSO experience. Requirements: 2 Forests with a forest trust (two-way) […]

Read more

Enable/Disable Accelerated Networking on Azure VM’s part 2

In my previous post, I talked about using a custom script to redeploy VM’s with Accelerated networking enabled or disabled. The latest PowerShell cmd’lets however make things a lot easier and don’t require you to re-deploy the entire VM anymore. So, this post is a followup to the previous one and explains how to enable […]

Read more

Encryption in the Cloud

One of the hottest topics with customers in their “journey” to adopt cloud is the topic of encryption. Data that goes up into space needs to be controlled to avoid leakage to hackers, script kiddies and what not. In the next few series I will be looking at Encryption in Azure, but let’s start with […]

Read more

Forcing re-authentication on (some) applications

Sign-In Frequencies in Azure AD: You might have seen on Azure Active Directory a new feature called Sign-In Frequency. In this post we are taking a closer look at this feature. First, we need to understand how authentication works and which tokens we are receiving. When you sign-in to an application which is dependent on […]

Read more