Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I would like to limit access to my SQL Azure databases to only roles that are within the same subscription.
It seems the 'Allow other Windows Services to access this server' (0.0.0.0 - 0.0.0.0) rule would allow access attempts from any role within any subscription.
Is there currently any way to limit connection attempts to only my roles? If not what protection does SQL Azure offer against hostile roles?
Currently there is no way to limit connection attempts to only your roles. It's only a "normal" firewall which, when open for "other Windows Services" will open the 1433 port to all Azure services. No way to distinguish by role.
About the protection - I guess the only protection is the default SQL Server Authentication. I cannot say though if there is some auto blocking mechanism for too many wrong password attempts.
Something else - when you create a server, you have a unique server name, which is unique to your account and not other. So in order for the "hostile role" to begin attempting connect to your server, it must first discover your server name. Then your administrator user (which is something you create) or a valid login.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 days ago.
Improve this question
I enabled custom domain to access blobs on my storage account. On the storage account i initially had Secure transfer disabled. I was able to access the blob using custom domain. When i enabled Secure transfer i get the message AccountRequiresHttps
When i checked the tooltip on Secure transfer required it says "
The secure transfer option enhances the security of your storage account by only allowing requests to the storage account by secure connection. For example, when calling REST APIs to access your storage accounts, you must connect using HTTPs. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. When you are using the Azure files service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and some flavors of the Linux SMB client. Because Azure storage doesn’t support HTTPs for custom domain names, this option is not applied when using a custom domain name."
I was expecting the Secure tranfer required option wont really apply to custom domain
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 days ago.
Improve this question
I have an API Management instance provisioned, not within a virtual network (due to a cost constraint).
I am wanting to front API Management with Application Gateway to take advantage of the Web Application Firewall. Is this possible? I'm struggling to find any documentation that supports this (or similar) scenario.
I have routed traffic to a backend pool which points to the APIM FQDN to no success (502 errors).
APIM will use IP filtering to prevent non-AGW traffic from accessing the APIs.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
We would like to secure the connection to the Azure Portal from home because we are login every day to Azure Portal with very high privileged accounts.
We have already activated the MFA but we are not sure if it ’s enough and would like to add more security.
Does Azure have any VPN or certificate to allow only our company computers to login to our Azure Portail?
I believe what you are looking for is Continuous access evaluation. With that your company can set it up so that only the IP addresses of the company owned computers are allowed to access the tenant. It is currently in public preview.
According to the announcement it looks like Azure is not available yet but is coming in the future.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I was looking into to how import an API hosted locally/on-premise withing a internal network.
I found Microsofts documentation on: "Using Azure API Management service with an internal virtual network", but the prerequisites for that (as i understood it) was to either have a Developer or Premium tier on the APIM Resource.
As we want to be able to use the APIM in production environment we cant use the Developer tier and Premium is not profitable at this moment.
What i want to do is to be able to expose the on premises API's endpoints by proxying the endpoints via API Management.
Is there any other ways of doing this?
There are a couple of alternatives you could consider to exposing on-premises data, taking into account that the other tiers of APIM can access resources on the internet.
Application Gateway + VPN Gateway
App Service + Hybrid Connection
Logic Apps + On-Premise Data Gateway
With these setup, you could set these up as backends to APIM.
Also, you would want to protect these services from the public internet by setting up one or more of the following
IP Restrictions, if available for the service
Mutual Certificate Authentication
OAuth / Managed Identity
Also, there is a feature request for supporting Hybrid Connections directly in APIM which you could up vote for it to gain traction.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am doing some preliminary research on Windows Azure. The idea is to move 200+ ASP classic websites to Windows Azure. I am wondering if this is possible and feasible? Can I host that many websites on a single VM? Also note that each website needs to have its own set of email addresses.
There's absolutely no reason why you couldn't host all those sites on Azure VM (assuming you're talking about the preview Virtual Machine functionality). You get your own isolated machine, with its own IIS and IP. What you put on it is up to you, but it's no different than getting a VPS from any other company (rackspace etc.).
Obviously this is assuming that your sites are not very resource heavy and the memory etc. you get with different VM sizes can support the use.
Marek's answer isn't wrong, but please don't use "Virtual Machines" for this, and instead use Cloud Services (specifically, a web role). A web role lets you deploy just your code (in this case: websites) without having to mess with managing a full VM.
In short, PaaS is better than IaaS, as long as your app fits the model (which IIS-based websites do in Windows Azure).
I don't know what "each website needs to have its own set of email addresses" means or how it relates.