Mohammed Ali’s Post

🔒 Azure Bastion: Simplifying the Login Experience The Public Preview for native Entra ID login in Azure Bastion is available! You can now connect to your VMs via RDP directly through the Azure Portal using Bastion — authenticated via Entra ID identities. 🔧 What you need to get started: - The VM must have the AADLoginForWindows extension enabled (either during deployment or added later) - The user or group requires the Virtual Machine Administrator Login or Virtual Machine User Login RBAC role - An existing Azure Bastion deployment in the (or peered) VNet What I especially like is the way it works with RBAC inheritance — assign access at the subscription or resource group level and it automatically applies to all VMs. For admins like me, this makes it much easier to provide quick administrator access to all scoped VMs. Clean and straightforward. On my blog, I compared the previous authentication methods with this new capability. Feel free to check it out: https://lnkd.in/eK7Fms3Z #Azure #EntraID #AzureBastion #CloudSecurity #Microsoft #PublicPreview

Azure Bastion Bastion provides secure and seamless RDP and SSH connectivity to your virtual machines directly from the Azure portal using Transport Layer Security (TLS). Key benefits of Azure Bastion:- RDP and SSH directly in Azure portal -Remote session over TLS and firewall traversal for RDP/SSH -No Public IP required on the Azure VM -No hassle managing NSGs -Protection against port scanning Azure Bastion offers four SKU(Stock-Keeping Unit) Plans tiers—  "Developer, Basic, Standard, and Premium" *Developer (Free):-Offers basic private RDP/SSH access,No scaling, limited features like no peered network access. *Basic: Cost-effective,same-VNet connections, concurrent sessions, basic features Limited to 2 instances *Standard :- most use cases, offering flexibility and scaling,VNet peering,File Transfer/Copy-Paste,Supports multiple instances (host scaling) for more connections. *Premium: For enterprise needs, highest capability.Standard features plus session recording, high concurrency File Transfer/Copy-Paste #SC-900 #Microsoft Microsoft Learn

Enforce access policies for teams while maintaining permissions to on-prem apps without code changes. Start managing groups and users in the cloud with Microsoft Entra ID. https://lnkd.in/g7nW-Ksn Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. #IDGovernance #microsoftsecurity #azureactivedirectory #microsoftentraid #entra #microsoft

Enforce access policies for teams while maintaining permissions to on-prem apps without code changes. Start managing groups and users in the cloud with Microsoft Entra ID. https://lnkd.in/g7nW-Ksn Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. #IDGovernance #microsoftsecurity #azureactivedirectory #microsoftentraid #entra #microsoft

WOW, Microsoft has announced Entra ID support for RDP connections in the Azure portal! 🎉 This new capability simplifies secure remote access by integrating Azure Virtual Machines with Microsoft Entra ID authentication, reducing reliance on local accounts and improving compliance. What do you think about this feature? Will it change how you manage RDP access?

Migrate your critical AD groups to the cloud to secure access to important apps. See how to make Microsoft Entra the source of authority. https://lnkd.in/g7nW-Ksn Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. #IDGovernance #microsoftsecurity #azureactivedirectory #microsoftentraid #entra #microsoft

This is an excellent capability. RDP is an exposure everywhere, and any time it can be controlled via strong identity and MFA, jump on that. This will make cloud server management more secure, we need something similar for on premise

Windows Authentication for Cloud-Native Identities: Modernizing Azure SQL Managed Instance (Preview). Organizations moving to the cloud often face a critical challenge: maintaining seamless authentication for legacy applications without compromising security or user experience. Today, we’re excited to announce support for Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance, enabling cloud-native identities to authenticate using familiar Windows credentials. Why This Matters Traditionally, Windows Authentication relied on on-premises Active Directory, making it difficult for businesses adopting a cloud-only strategy to preserve existing authentication models. With this new capability: Hybrid Identity Support: Users synchronized between on-premises AD DS and Microsoft Entra ID can continue using a single set of credentials for both environments. Cloud-Only Identity (Preview): Identities that... #techcommunity #azure #microsoft https://lnkd.in/g42wKnFe

🚨 Most Common Azure VM Issue Every Azure Administrator Faces 🚨 ❌ Unable to connect to Azure Virtual Machine (RDP / SSH issue) This is one of the top recurring problems in day-to-day Azure administration. 🔍 What usually goes wrong? • Network Security Group (NSG) rules missing or misconfigured • Required ports not opened ° RDP – Port 3389 ° SSH – Port 22 • Public IP not assigned or changed • VM is stopped / deallocated • OS-level firewall blocking access 💼 Real-Time Scenario: A production VM goes live, but the application team reports: “We can’t access the server.” After checking: • VM is running • But NSG doesn’t allow inbound RDP • Once port 3389 is allowed → Access restored ✅ 🛠 How Azure Admins fix it: ✔ Verify VM power state ✔ Check NSG inbound rules ✔ Confirm Public IP association ✔ Use Azure Serial Console / Run Command if locked out ✔ Reset NIC or redeploy VM if required 🎯 Key Learning: 90% of Azure VM access issues are network-related, not VM-related. Understanding NSG + Networking basics is critical for every Azure Administrator. 💡 This issue alone is frequently asked in Azure Administrator interviews. #Azure #AzureVM #AzureAdministrator #CloudComputing #AzureNetworking #LearningAzure #AzureSupport #DevOpsJourney

Today's lesson: Why my Azure App Gateway subnet refused to save 😅 I was working on hardening our Azure infrastructure today and ran into a bit of a wall. I tried to apply a strict Network Security Group (NSG) to an Application Gateway v2 subnet, and Azure immediately threw this error: ❌ "Network security group blocks incoming internet traffic on ports 65200 - 65535... This is not permitted." (See the red box in the image below) I initially thought, "Why does it need these high ports open?" What I learned: Unlike the older V1 SKUs, the V2 Gateway requires a constant connection to the Azure Control Plane for health checks and auto-scaling. If you block this "heartbeat," the resource fails or won't provision. The Fix: You don't need to leave it wide open. The secure solution is using the GatewayManager Service Tag. As soon as I added this inbound rule, the subnet saved, and the gateway went healthy. A small configuration detail, but critical to know! #Azure #CloudSecurity #DevOps #LearningEveryday #AzureTips