Use the calculator Pricing Calculator | Microsoft Azure Compute Storage Network Management and governance Security

Add an existing Azure subscription to your tenant – Azure AD – Microsoft Entra | Microsoft Learn An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Attach a managed data disk to a Windows VM – Azure – Azure Virtual Machines | Microsoft Docs diskmgmt GPT

Azure Monitor overview – Azure Monitor | Microsoft Docs Must of the resources does not have monitoring enabled by default. Search monitor in Azure. Now lets have a look at Diagnostics settings under monitor Her we see that all is disabled, to enable it diagnostics (log and more), press the resource. If we press the the NSG, we get all available options for diagnistics. Typically if there are issues, we turn on more monitoring and we the issues i solved, we turn off most of the diagnostics logs. They will impact the resource and you need to store the logs also. There are still some monitoring we can check, under…

Tutorial`:` Use managed identity to access Azure Storage using SAS credential – Azure AD – Microsoft Entra | Microsoft Docs Create a storage account Grant your VM access to a storage account SAS in Resource Manager Get an access token using your VM’s identity, and use it to retrieve the SAS from Resource Manager Vm is deployed with this script (good to test all ARM templates over and over again) azure-arm-104/deploy_vm.ps1 at master · spawnmarvel/azure-arm-104 · GitHub So the VM is ready We deployed it in a secure extrenal vnet and subnet with its own security group on the subnet. So this bypasses all rules that was deployed automatic in…

Start by search “Network watcher” , to get the all the functions IP FLOW Lets test the IP flow for a VM from. There are two IP addresses for cn.bing.com: 202.89. 233.100 and 202.89. 233.101 (from nslookup). For this VM we are using a VNET with a global NSG. Success, and we see what rule it is. Lets remove the Port_80 rule. And the default rule kick’s in, DenyAllInbound Packet Capture Add packet capture The trick is how you filter it.

All the templates from the repository can be deployd with one click and a small bit of configuration. The configuration is usually for the resource group and name(s) azure-quickstart-templates/quickstarts at master · Azure/azure-quickstart-templates · GitHub If we take a look at microsoft.storage, we see there is a “Deploy to Azure” button. We can test the storage-file-share. After clicking the button it opens up Azure. Now lets deploy it. Click deploy to Azure Make a new rg Choose a region Name the file share At the Azure tab you see that there are 2 resources that will be created. And then, review and create. Deployment succeededDeployment ‘Microsoft.Template-20220809135158’ to resource group ‘test-quickstart’…

Control access to Azure file shares – on-premises AD DS authentication | Microsoft Docs