Cloud Journey

JIT VM Access - One way to reduce VM attack surface area When a cloud resource is publicly accessible, it means it also ready for attack. In this post, we will see how JIT helps azure virtual machine with public IP enabled securing briely. Organizations need a VM with public IP sometimes. In this kind of scenario, we need secure the VM from attacker. Just-In-Time (JIT) is one of the way to secure the VM in following ways. It can block RDP (3389) and SSH (22) ports. It allows to set specific port can be opened for a specific time for specific IP ranges. It can work with VMs only have private IP as well. Azure Bastion can be used to block traffic for a private IP VM until JIT access is enabled. To enable JIT VM access, Go to configuration and enable it.

Azure - Find hint about the IP address using KQL #cloud #azure Hi All! As we are in cloud, we may have a thought / necessitate to find about the public IP details like country, city. Consider a scenario that one of a storage account in your organization's azure subscription has the public network access as "Enabled from selected virtual networks and IP addresses" i.e. It can be accessed from the VNet/Subnet associated with and also included Firewall address range (Individual IP when you're working from home). Now, aforementioned storage account has some individual IP(s), you need to find the last/latest IP added details/Clue. Azure KQL offers a feature called geo_info_from_ip_address() to get some hint about the public IP like country, city, langtitude etc.. Above mentioned scenrio is just for an example but you can have different scenarios. Note: This feature is not giving you exact details about IP address You can got to Logs menu

Azure - Change custom lookback period for Azure Advisor VM/VMSS right-sizing recommendations #cloud #azure Hi All! Azure Advisor advises/recommeds us to optimize our cloud resources in various places like scaling, security, sizing, performace, cost etc., Now azure releases a new feature that changing lookback period for azure VM/VMSS to get right sizing. Let's consider a scenario that a company is running business and it has some workloads in either azure VM or VMSS. Some of the times VM's usage like CPU or memory is high. Due to this, application performace may be slower adnd user feels some bad experience. Company asks its azure admin to investigate it and when he/she viewd at azure advisor first, it recommends some solution based on last 7 days usage of VM. Here, Company needs the VM usage details biweekly or in someother pattern, not with the default 7 days. Here the new custom lookback period helps to achieve what the company wants. By this featur

Azure - Cross region service endpoints for azure storage (GA) #cloud #azure Hi All! To bring an azure storage under virtual network and/or restrict storage account to be only accessed from VNet/not allowing to publicly accessible, we have private endpoint and service endpoint. We typically use either private endpoint or service endpoint. Herebefore azure has service endpoint for storage only allows to access/connect to VNet from the same or paired region. As per the latest feature Cross region service endpoints for azure storage generally available, service endpoint can be configured to allow access to an Azure Blob or Data Lake storage account from VNets in any region. The earlier service endpoint type is Microsoft.Storage The new service endpoint type is Microsoft.Storage.Global The only and main thing is we can't have both type of above service endpoint in a subnet at a time. (i.e. If Microsoft.Storage chosen, Microsoft.Storage.Global cannot be cho

Azure Devops - work items bulk import-update-publish to Devops using Excel #cloud #azure #devops Hi All! As a azure devops guys and work on scrum or any other methodologies, we have many chances to update our tasks in devops. There are chances that project manager and/or project lead need to work on consolidated work items for presentation. We can update our task one by one individually which takes more time and Consider the below scenaio. Project lead or we need to modify the state of 100 work items. More than 15 work items title need to be modified. To achieve the above with minimal effort and time, we have Azure Devops Office Integration feature which will help us to work on excel and update the work items altogether from excel to Devops all at once. Here before, we used query in Devops and then we would export into CSV. Now with the help of above software, we can work in an excel for updation very easily. Please look into the below images. In th

Azure - DDoS IP Protection #cloud #azure Hi All! Security is one of the main pillar and inevitable in cloud irrespective of providers (Microsoft, Amazon, Google). Attackers do attacks mostly on publicly accessible resources which all are easily reachable than private resources. There are many type of attacks. Azure gives us the IP Protection SKU Generally Available for DDoS Protection to defend our public IP(s) Let's recall what is DDoS attack? Attackers send request from multiple/various sources against our resource. So that resource would be flooded or overwhelmed by large amount of requests. By this attack, legitimate users could not access the system which is inaccessible. We can apply Azure DDoS IP protection on individual IP or organizational level (VNet). It incurs some cost. so before implement, we need to pay attention but it is fixed mostly per resource. Note: This feature is only available for Standard SKU , not for Basic as of now. Az

🤠 ChatGPT - Use ChatGPT for cloud 🤠 #cloud #azure #chatGPT Hi All! ChatGPT is a nice tool/extension for learning. In this post we're not going to learn ChatGPT. Instead learn using ChatGPT. Let me share my experience that I used an extension called ChatGPT: write and improve code using AI in visual studio code. To survive in IT world, we need to update and upgrade our knowledge often and we could not say I won't do this one as I don't know. If we come out of it, we can miss a wonderful oppurtunity/growth of your future Here we should accept the challenge as well as learn parallely. Even though we could get KT from the team, we need to dig into the concept well to do better. Here ChatGPT appears infront of us to help. Consider a scenario that you joined in a company as cloud developer or deploying into new team in existing company and tasked of terraform or AKS or something else which is new to you. Let's say I joined into a new tea