36 C
Dubai
Saturday, April 26, 2025
Home Blog Page 15

Azure DevOps Pipelines for App Service with GitHub

Satheshwaran Manoharan
-
0
Azure DevOps Pipelines for App Service with GitHub

In this requirement. Dedicated Application Gateways and App services are needed without the usage of staging slots as multiple hardening rules have to be tested where a dedicated application gateway is chosen so that no one will mess with the production application gateway for testing.

Pipelines are integrated with GitHub Repo for CI / CD, and it deploys to UAT where they can be tested if it gets approved after testing it will be deployed to Production.

Let’s get started with a service connection. So that pipelines can have full permission over the subscription to modify resources in this case.

Add a Service Connection for GitHub –

Let’s create a new release pipeline.

Utilizing Source Type GitHub Artifact

For UAT App Service Deployment

Post Deployment Approval is set

Scenario #1 – For Production App Service Deployment ( PHP 8.0- Web Application is used in this scenario)

Scenario #2 – For Production App Service Deployment (Yii PHP Framework Web Application is used in this scenario collecting the files published from Artifact)

Let’s see how to Publish Artifacts So that Azure Pipelines can pick from above

Installing composer for YII framework to use

composer install
composer dump-autoload

Scenario #3 – For Production App Service Deployment (Node Js Web Application Front End is used in this scenario)

Let’s see how to Publish Artifacts So that Azure Pipelines can pick from above

$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip

The artifact location and zip name can be found here.

You can see releases shown below ,

Now if you create a new release

First, it deploys to UAT, and after approval, it gets to the Prod App service

Using Personal Access Tokens in GitHub for Azure DevOps

Satheshwaran Manoharan
-
0
Using Personal Access Tokens in GitHub for Azure DevOps

For Azure DevOps Service Connections you need personal access tokens to provide granular permissions, also if you are a consultant, you don’t want your account to get mapped into the customers service connection. it would be a decent way to keeping the tokens within the organization connections.

Go to your GitHub organization profile or your repo profile.

New Fine-grained Personal Access Token (github.com)

Choose specific Repo. –

Added repo permissions for the token

now you can use this access token in the azure DevOps service connection.

Azure Web-App with Azure SQL (Private Link)

Dinesh D P
-
0
Azure Web-App with Azure SQL (Private Link)

This document provides in-depth configuration of Azure App-Service with Azure SQL (Private Link)

  • Create a New Resource Groups for App-Service & Azure SQL
  • Create an App-Service(SQU: dotnet 6 LTS) with App-Service Plan
  • Search and Create Azure SQL
  • Create Azure SQL Database Server
  • Create Azure SQL Database
  • Create Virtual Network
  • Create New Resource Group for Virtual Network
  • Create two subnets for application & database
  • Creating a Private Link Endpoint on Azure SQL Server
  • Select the Azure Sql Resource Group
  • Select Database Subnet
  • Select Azure Sql Resource Group
  • Interacting App-service Network – Outbound Traffic
  • Select App Subnet

Testing Network Connection

  • Create a Azure Windows Virtual Machine connection to Database Subnet
  • On the Virtual Machine search for ODBC

Use the Azure SQL’s Connection Sting to Connect

Microsoft 365 Deployment Settings Check List

Satheshwaran Manoharan
-
0
Microsoft 365 Deployment Settings Check List

Microsoft 365 High-level deployment settings check List for Architects and Optimization teams: It covers many topics and requires extensive knowledge of various technologies before configuring them. Please do the appropriate research before changing any settings in a production tenant. It also requires multiple licenses to utilize some of the features part of the deployment settings.

.

  • Microsoft 365 Login Page Branding – In Azure Portal

.

  • Microsoft 365 Organization Profile Branding – In Admin Microsoft Portal

.

.

  • Restricting Users from creating Azure AD Tenants
  • Users can create Azure AD Tenants – Set to NO.
  • Users can create Security Groups – Set to NO ( For Large Enterprises)
  • Show keep user signed in – Set to No
.

Couldn’t save new migration state: you cannot move to migration complete until disabling all methods in the legacy SSPR policy.

.

As SMS is insecure, we recommend to keep it unchecked.

.

  • Enable Multifactor authentication registration policy.

.

  • Restricting users joining their Personal Devices to Azure AD

.

  • Moving Coexistence Mode from Islands to Teams Only

.

  • Allowing Admin Roles to Invite Guests to have SSO for External Users added to Azure AD IAM
  • Enable Admin Consent Requests with Reviewers – For Application Consents

.

  • Enabling Integration with Defender to Endpoint Manager to Test Defender Onboarding from Endpoint Manager

.

  • Configure Conditional Access

  • CA001: Require multifactor authentication for admins
  • CA002: Securing security info registration
  • CA003: Block legacy authentication
  • CA004: Require multifactor authentication for all users
  • CA005: Require multifactor authentication for guest access
  • CA006: Require multifactor authentication for Azure management
  • CA007: Require multifactor authentication for risky sign-ins
  • CA008: Require password change for high-risk users
  • CA009: Require compliant or hybrid Azure AD joined device for admins
  • CA010: Block access for unknown or unsupported device platform
  • CA011: No persistent browser session
  • CA012: Require approved client apps and app protection
  • CA013: Require compliant or hybrid Azure AD joined device or multifactor authentication for all users
  • CA014: Use application enforced restrictions for unmanaged devices

With Devices-based Conditional Access.

.

  • Enable Intune Advanced Features

.

  • Idle Session Timeout

.

  • Enable Self-Service Password Reset
  • Configure the Service Desk Link or email.
  • Enable DKIM for your domain
  • DMARC Sample Record
TXT _dmarc "v=DMARC1; p=reject; pct=100; fo=1;rua=mailto:dmarc@azure365pro.com; ruf=mailto:dmarc@azure365pro.com"

.

  • Device Clean-Up Rules

Delete devices based on last check-in date – Yes
Delete devices that haven’t checked in for this many days – 180

  • Security Setting Management

Allow security settings in Microsoft Endpoint Manager (MEM) to be enforced by Microsoft Defender for Endpoint (MDE).
This configuration setting will apply to devices not yet enrolled in Microsoft Endpoint Manager.
You’ll need to turn on the integration in Microsoft Defender for Endpoint connector settings under Microsoft Endpoint Manager.”

.

Use MDE (Microsoft Defender for Endpoint) to enforce security settings from MEM (Microsoft Endpoint Manager)
So that Servers and Client Policies can be managed from MEM (Microsoft Endpoint Manager) and not from SCCM

.

Setting Deletion Threshold on Azure AD Connect

It’s wise to reduce your Azure AD Connect deletion threshold from 500 to 50. suppose your total user base is from 3000 to 5000 users. So that you are Cloud environment is unaffected when something worse happens on your on-premises Active Directory.

The default value is 500.

Get-ADSyncExportDeletionThreshold
Enable-ADSyncExportDeletionThreshold -DeletionThreshold 50

if the action is intentional.

Disable-ADSyncExportDeletionThreshold

.

.

  • Add Anti-Phishing Policy

https://security.microsoft.com/antiphishing

.

Intune Customization Policy – Hide Reset

  • Hide remove button on corporate Windows devices
  • Hide reset button on corporate Windows devices
  • Hide remove button on corporate iOS/iPadOS devices
  • Hide reset button on corporate iOS/iPadOS devices

    Enter Organization Name and Privacy URL – Otherwise it will not allow to save

.

Enable Intune to access Windows Diagnostic Data

.

Questionable URLs detected in message – Microsoft 365

Azure REDHAT Expand Virtual Disks

Dinesh D P
-
0
Azure REDHAT Expand Virtual Disks

This document is on, How to utilize the azure attached virtual disk on REDHAT Environment.

sudo -i

Command to determine which logical volume (LV) is mounted on the root of the file system (/)

lsblk -f

Display Volume Group Size 

vgdisplay rootvg

Install the cloud-utils-growpart package to provide the growpart command, which is required to increase the size of the OS disk and the gdisk handler for GPT disk layouts This package is preinstalled on most marketplace images

yum install cloud-utils-growpart gdisk

Scan Physical Volume & Check Drives

Growpart, Select the volume SDA2.

growpart /dev/sda 2

Select Physical Volume SDA2 resize command 

pvresize /dev/sda2

Volume Resize ==> rootlv

lvresize -r -L +200G /dev/mapper/rootvg-rootlv

Example for Var & User Volume

lvresize -r -L +100G /dev/mapper/rootvg-varlv
lvresize -r -L +5G /dev/mapper/rootvg-usrlv

Deploying Netbrain on Azure

Dinesh D P
-
0
Deploying Netbrain on Azure

Download the Netbrain Package and follow the steps below

Netbrain Linux Dependency Installation

Installing NetBrain Dependency & Database Server on Redhat Linux

Note: On this example Redhat Linux IP > 10.51.2.4 / Windows OS IP > 10.51.1.4

Connect to the linux machine

Switch to super user

sudo su

Check Log Socat & logrotate are installed

If not install the packages by running 

yum install socat
yum install logroatate

Run and check not installed packages

yum install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel libffi-devel gcc

Check installation

rpm -qa|grep -E "zlibdevel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-devel|tk-devel|libffi-devel|gcc"

Install numactl

yum install numactl

Pre-check ssl certificate folder on /etc/ssl

Installing Data Base server

Create folder in opt netbraintemp10.1

mkdir /opt/netbraintemp10.1

Change Directory 

cd /opt/netbraintemp10.1

Download the package

wget (URL provided by netbrain)

Extract the package

tar -zxvf netbrain-all-in-two-linux-x86_64-rhel-10.1.tar.gz

Change directory to extracted folder

cd netbrain-all-in-two-linux-10.1/

Install package

./install.sh

Installation answer key’s

  1. Yes
  2. I Accept
  3. [/var/lib/netbrain]: HIT Enter KEY
  4. [/var/log/netbrain]: HIT Enter KEY
  5. [10.51.2.4]: HIT Enter KEY
  6. [admin]: HIT Enter KEY
  1. Type password twice
  2. Use SSL on Netbarain service (yes/no)? [no]: Type NO
  3. Use customized server ports (yes/no)? [no]: Type NO
  4. [http(s)://<IP address or hostname of NetBrain Application Server>/]: http://10.51.1.4/
  1. Do you want to continue using these parameters? [yes]: Type yes

After installation Check All Services Running Status

  1. systemctl status mongod
  2. systemctl status netbrainlicense
  3. systemctl status elasticsearch
  4. systemctl status rabbitmq-server
  5. systemctl status redis
  6. systemctl status netbrainagent

Mongo DB FQDN Check

cd /etc/netbrain/nbagent/checks

Edit mongodb yaml file

vi mongodb.yaml

Also Configure the port number in same file port number 27000

Add this line(Hit Insert key to edit) dns: mongo2.cloud.netbraintech.com & Write and quit ==> Shift+: ==> wq

Netbrain Frontend Windows Installation

Netbrain Login

  • http(s)://<hostname or IP Address of NetBrain Application Server>
  • Login Page ==> https://10.51.1.4/
  • Click Administrator Login

Default Credentials

Username: admin

Password: admin

First login will ask to create a new password

1...141516...113Page 15 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?