Azure Policy Guest Configuration - Find a VM with deactivated Windows Firewall - azure

i have a short Question about the Azure Policy Guest Configuration with a Windows VM at Azure.
I would like to write a Policy to find VMs with deactivated Windows Firewall.
Can someone help me?
At Azure Policy Templates i only have found a Policy with detailed Rules for the Windows Firewall.
Many thanks.
Best Regards,
Phil

I don't know the answer for Guest Policies. But have you considered using Azure DSC to enforce it? You can also monitor the compliance then within the automation account.
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
E.g. using this module https://github.com/dsccommunity/NetworkingDsc/blob/main/source/Examples/Resources/FirewallProfile/1-FirewallProfile_ConfigurePrivateFirewallProfile_Config.ps1

Related

Access Azure DevOps repo connectivity on Azure VM without Internet

We have code repositories on Azure Devops example url :https://dev.azure.com/myorg/myproject
We also have Azure VM created. Our Azure VM is windows 10. When we create a new VM on azure, Internet is enabled by default.
The VM will be shared with development team member. To secure code, developer should NOT be able to use personal email boxes and any other drives like dropbox, onedrive etc. So what i feel i need is we need is Internet disabled but only access to Azure DevOps repo. Is this possible? How to achieve this?
You can use Network Security Group resource in Azure. Set rules to allow traffic only to specified services (in your example Azure DevOps) and deny rest of the connections.
https://learn.microsoft.com/pl-pl/azure/virtual-network/security-overview

Azure migrate from VMware host not found

I am trying to migrate a VM from VMWare to Azure portal. the VM appliance is configured . But the hosts are not recognized . What is the solution for this.
When you mention 'Hosts are not recognized', are you unable to discover them via the Portal? or do you receive any specific error message? Are you using agentless or agent-based migration? Please do more details on your scenario:
Couple of things you could try to isolate the issue:
Review the "Status" in the Azure Portal.
If this doesn't work and you're discovering VMware servers:
Verify that the vCenter account you specified has permissions set
correctly, with access to at least one VM.
Azure Migrate can't discovered VMware VMs if the vCenter account has
access granted at vCenter VM folder level. Learn more about scoping
discovery. Kindly review the requirement and common app discovery errors to tackle any errors you may be receiving.

Azure VM with VPN

This is more one for curiosity and learning.
I currently have an Azure VM (Windows 2016 and SQL 2017) which I just use for R&D. The RDP port is enabled - no big deal as there is nothing top secret.
But just to learn more about Azure I wanted to create a VPN so I can connect via that. Googling, has left me a tad confused as how to go about this gateways, gateway subnet etc etc. I'm not sure if the articles I am reading are the right ones as whatever I try doesn't appear to work.
Does anyone know of any links that might help me start from scratch with VPN settings to connect?
You can try to set up a VPN type of P2S, you can make a Self-signed root certificate for free. And the steps are also simple. And you can follow the document Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: Azure portal. I'm glad if this can help you.
I found these series of Microsoft training guides to be super helpful. (you can find them via the azure portal on the overview page of a virtual network resource)
https://learn.microsoft.com/en-us/learn/modules/introduction-to-azure-virtual-networks/
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=portal
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-monitoring/
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-security-monitoring/
https://learn.microsoft.com/en-us/learn/modules/integrate-vnets-with-vnet-peering/
https://learn.microsoft.com/en-us/learn/modules/design-a-hybrid-network-architecture/

Set up SSL on Azure VM (Linux)

I currently have an Azure VM (linux) configuration with a custom domain name. Can someone please provide a tutorial (or explain) how I can go about setting up a SSL certificate?
Tried searching but no luck - appreciate all the help!
As Bruno has mentioned in the comment, certificate needs to be configured on OS level.
Here is a good article about how to create a certificate on Apache.
Azure VM is IaaS. It can not configure the settings on OS directly. That's the reason why we need the Azure VM Agents.

Are Docker Cloud nodes managed?

If I create a node on Azure through the Docker Cloud Service, will the Azure vm be managed for me? For example, will I have to manage security on the VM (firewalls etc), and updates?
Every virtual machine created in Azure will be secured by Microsoft by various ways. But here it would be helpful to know what you mean by the security - some of features are enabled as a service.
There is Azure Trust Center where you can find what Microsoft does for the security.
Basic information, including some Security-Features-As-a-Service, can be found on the Azure VMs landing page.

Resources