tdannecy@gmail.com
A company I work with is using BioEdit, an old application that's used for DNA sequencing. They recently moved to Intune management for all of their devices and needed this app packaged up for deployment to all of their Windows devices.
I couldn't find any information about this app for deployment or installation, so I had to figure it out on the fly. I wrote this guide for anyone needing to deploy this app in Intune.
Recently, a company I work with submitted a request to give users the ability to power off and deallocate their Azure Virtual Desktop VMs. They currently have the “Start VM on connect” feature enabled on the Host Pool, but there is no foolproof way to shutdown a VM and deallocate it at the same time. Users were clicking “Shutdown”, but this doesn't reduce the cost of the Azure bill and the company wanted to avoid having an Azure administrator make these power changes.
In general, regular users are not familiar with the Azure Portal and can't be expected to navigate through a series of blades to power off a VM. They also should not be expected to know the name of the Virtual Machine they're signed into to identify which resource they need to select.
To work around these issues, you can create a small shortcut on the Public Desktop in the AVD that sends a PowerShell command to deallocate the Virtual Machine. This solution works great for Personal desktop configurations because only one user is expected to be logged on at a time and no other users will be kicked off. Paired with the “Start VM on Connect” feature, users can have the ability to control their VM status and Azure will only allocate it when they need it.
This post will go through the steps for how you can implement this in your environment and give users the ability to power Azure VMs off and deallocate them at the same time.
The Temporary Access Pass (TAP) is a strong authentication method in Azure Active Directory that allows a user to bypass a second MFA method for a short period of time. This feature is intended to be used in both passworded environment and passwordless envrionments (FIDO2, Hello for Business). The TAP's primary use is to give users a temporary second factor for authentication while keeping your existing security controls in place. If a user knows their password, but doesn't have access to a second authentication method (new phone or phone number, network outage, travelling, etc), an Azure AD admin can generate a TAP code and relay it to them so they can sign in.
This post will discuss how to generate Temporary Access Passes in Azure AD and how users will sign in using this code.
#Azure #DNS #security #Exchange
Your organization may have a primary domain that's used for sending and receiving email (e.g. bill@company.com), but you may also have other domains that aren't used for email routing (company.net, companywebsite.com). You or another administrator may have setup SPF, DMARC, and DKIM records for these externally facing domains that handle email, but there is still a risk of email spoofing attacks on your non-sending domains.
Without SPF, DMARC, and DKIM records in your DNS, there's a potential for anyone to send email as if it comes from your domain. This can cause you a huge headache as an administrator to clean up and organizations can lose brand trust from customers if they receive these emails.
To prevent this spoofing attack, all you need to do is add 3 records to your DNS config for each domain. These records are used by the recipient's email server to verify whether the sender is authenticated to use the domain. If the record check fails, the message is rejected and the recipient doesn't receive the email.
After a domain migration or other large organizational change, you may need to update hundreds of staff at the same time with manager information in Azure AD.
This can be a huge pain to do it through the GUI and there's an easier way to do it with PowerShell and a CSV file.
A company I work with is looking to reduce the cost of their Azure environment. After a quick look, I noticed that they have a number of VMs that are running 24/7 and are not used all the time. Some of these VMs are user-facing and only need to be online during business hours during the week. Other VMs are used for batch jobs and are only used once or twice day. The rest of the time they sit idle, consuming resources and costing money.
Adding some logic to the VMs to start and stop them at certain times of the day can reduce your Azure spend and is easy to implement.
Recently, a company I work with requested a way for users to access a web app that they were hosting on-premises, but didn't want to open up connections to the app to the internet. The app is out of support from the vendor and can't be opened outside of their secure network.
We planned to allow access to the app by instructing users to connect over a VPN, but we found this would be a hassle for users, as they would need to install the VPN client, connect to the VPN, and then launch a browser to access the app. In this case, the site also requires IE11 with a custom extension to be installed. These requirements just to access a single site really made it a headache for users and the Helpdesk received regular tickets from staff who had issues accessing the site.
Instead of the VPN approach, we deployed a Microsoft Edge shortcut in Azure Virtual Desktop. This approach has advantages because it allows users to launch a browser window and jump onto the network that the Host Pool is connected to. If you have your networking configured correctly in Azure, you can access internal sites and apps without going over the internet directly from the client PC. This also allows you to control the browser version and other settings that are configured in the Host Pool. If paired with Intune policies, you can define the browser settings and extensions that are available to users and require certain sites to open in Internet Explorer Compatibility Mode. This could be helpful if you have a legacy app that only works in IE11 and requires a specific extension to be installed.
In this post, I'll show you how to deploy a Microsoft Edge shortcut in Azure Virtual Desktop.
UPDATE: On April 18, 2023, Microsoft released a Public Preview of the new Azure Virtual Desktop app in the Microsoft Store. This should fix the issues noted in this post. Download the new app here: http://aka.ms/AVDStoreClient
I recently had an issue with an Azure AD Joined host pool in Azure Virtual Desktop where users could not successfully login using their Azure AD credentials.
In our environment, both the client computer and the Azure Virtual Desktop host computer are Azure AD Joined. The user was able to log in to their Azure AD Joined computer, but when they tried to log in to the Azure Virtual Desktop host computer, they would get an error message:
Couldn't connect. Something went wrong when we tried to connect. If this keeps happening, ask your admin or tech support for help. Error code: 0x9735 Extended error code: 0x0 Activity ID: {e194ae11-b2ed-4d33-9520-c1d5ed140000}
I recently had a request to make expense reporting easier for a finance department. They wanted an easier way to get their employees' reported expenses into Netsuite and associate them to an expense report without a lot of manual entry. The process they were using required the employee to email receipts to the finance department, then someone would take time out of their day to manually enter the expenses one-by-one into Netsuite. This was a time consuming process and prone to errors.
To make things easier, I created a CSV import that would allow them to import expenses in bulk and then review them before submitting the expense report.