Cloud Coffee
221 FOLLOWERS
Enjoy freshly brewed articles explaining Basics as well as advanced concepts about Microsoft Azure. Learn from Step-by-step guides and Best practices manual to master various tricks, tasks, and deployment measures. Cloud Coffee is a blog dedicated to providing readers with an illuminated perspective on using Microsoft Azure.
Cloud Coffee
3w ago
The Microsoft Entra Conditional Access for authentication flows regulates the use of the device code flow and authentication transfer. The device code flow is used to authenticate devices that do not have a browser or whose input is restricted, such as smart TVs, IoT devices, or printers. The device code flow represents a high-risk authentication flow, which could be exploited in phishing attacks or to gain access to corporate resources on unmanaged devices. The authentication transfer is a new flow that provides a seamless way to transfer the authenticated state from one device to another. In ..read more
Cloud Coffee
1M ago
A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods. These secure authentication methods include passwordless methods such as FIDO2 security keys or the Microsoft Authenticator App. The limited time period for access authorisations makes the Temporary Access Pass (TAP) an indispensable tool for security guidelines and compliance requirements.
This blog post explains how to acti ..read more
Cloud Coffee
2M ago
Privileged roles and permissions in Microsoft Entra ID allow you to manage all aspects of Microsoft Azure and Microsoft 365. To make phishing and other attacks more difficult, a secure password for privileged Microsoft Entra roles is no longer enough. Phishing-resistant multi-factor-authentication, such as FIDO2 protocol on a security key in combination with Microsoft Entra Privileged Identity Management (PIM), significantly increases security for the Microsoft Tenant and convenience for the user.
This blog post demonstrates how to configure Microsoft Entra Privileged Identity Management (PIM ..read more
Cloud Coffee
4M ago
Microsoft Entra Internet Access is a cloud-delivered solution that secures access to web content. It protects users, devices, and data from internet threats. This solution is part of Microsoft’s Security Service Edge (SSE), which also includes Microsoft Entra Private Access. This solution is based on the core principles of Zero Trust Network Access (ZTNA), which aims to apply the principle of minimal rights, explicit verification and assumption of an attack. Microsoft Entra Internet Access implements adaptive access controls, simplifies network security, and enables a consistent user experienc ..read more
Cloud Coffee
5M ago
A Microsoft Entra Emergency Account (Break Glass Account) is a highly privileged account for emergency access to Azure resources in critical situations when traditional access paths are not available. For example, this may be a service outage, so that multi-factor authentication cannot be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored and restricted.
In this post, you will learn how you can use Microsoft Entra emergency accounts and YubiKey (FIDO2) to secure access to Azure at all times and minimise risks at the same time.
Prerequisites and Licens ..read more
Cloud Coffee
6M ago
Microsoft Entra Private Access gives users secure access to the internal network and cloud-based services from anywhere in the world. Setting up and maintaining (complex) VPN connections is now a thing of the past. Microsoft Entra Private Access is part of Microsoft Global Secure Access, which includes a range of identity and network access security products. The service is based on the SASE framework (Secure Access Service Edge), which combines WAN functions and zero-trust network access (ZTNA) in a cloud-based platform.
This blog post highlights the configuration steps for Microsoft Entra Pr ..read more
Cloud Coffee
7M ago
An essential aspect of using cloud services is ensuring availability and performance. Outages or performance problems have a significant impact on today’s business processes and lost revenue, image damage and angry customers.
Azure Service Health is a free service from Microsoft Azure. The service provides real-time information in a dashboard about the status and performance of Azure services. The service continuously monitors resources and proactively informs about service problems.
Azure Service Health provides information in the following categories:
Service issues
Notifications about unex ..read more
Cloud Coffee
8M ago
SMB over QUIC is a network protocol used by Windows. It allows secure, shared use of resources such as files on the network. To use SMB (Server Message Block) without QUIC, TCP port 445 is required. Some Internet providers block TCP port 445 for security reasons. Therefore, it is not possible to connect to a file share on Azure by SMB successfully.
To bypass the blocking of TCP port 445, there are several options to choose from, including the following:
VPN (Virtual Private Network), e.g. AlwaysOnVPN
Third party software, e.g. MyWorkDrive
SMB over QUIC (Quick UDP Internet Connection)
Some wa ..read more
Cloud Coffee
9M ago
Microsoft Azure Arc is a solution that enables resources to be centrally managed and monitored across multiple environments. Azure Arc extends the management capabilities of Azure to on-premises resources or other cloud providers such as Amazon Web Services (AWS) or Google Cloud Platform (GCP).
Resources integrated into Azure Arc are administered via the unified Azure Portal. Regardless of where they are physically or geographically located. Overall, Azure Arc provides consistent, centralized and simplified management of resources.
This guide describes how to deploy a Windows Server hosted out ..read more
Cloud Coffee
10M ago
First Contact Safety Tip is a feature in Microsoft Office 365 to better protect users from phishing attacks. First Contact Safety Tip is part of Microsoft Defender for Office 365 or Exchange Online Protection and helps users detect fake or fraudulent mails.
If a suspicious email is received, the email will have a warning in the header informing the user that it may be phishing email. The warning is shown in one of the following cases:
– the sender sends an email to the mailbox for the first time
– the sender very rarely sends an email to this mailbox
Prerequisites and Licensing
The Exchange On ..read more