Forem: Jimi

Starting Your Cloud Journey: Roles, Resources, and Realistic Expectations

Jimi — Sun, 01 Dec 2024 01:46:25 +0000

Starting Your Cloud Journey

Over the past week, many people have reached out to me, curious about starting a career in the cloud and how to begin their journey. As someone who has recently started this journey myself, I understand the excitement and uncertainty that comes with exploring this field. These conversations inspired me to share my early experiences to encourage and guide those considering a career in cloud computing.

In this post, I’ll discuss:

Finding your role in the cloud
Educational resources to get started
Setting realistic expectations

Finding Your Role in the Cloud

The cloud industry is vast, with roles that cater to different skills and interests. Do you enjoy meeting people, understanding their goals, and crafting solutions? Are you passionate about spotting patterns and anomalies? Or perhaps you love developing applications and scaling them globally?

Each cloud role has unique responsibilities and focuses. Personally, I spent over a decade working in Client Solutions roles, where I honed my ability to understand objectives and provide tailored solutions. This background, combined with my education in IT, shaped my aspiration to pursue the Solutions Architect path. I enjoy visualizing business objectives, designing architectural diagrams, and guiding others through potential solutions.

Identifying a cloud role that aligns with your skills and passions can make your journey in this field deeply fulfilling. Whether you gravitate toward designing infrastructure, managing operations, or developing applications, there’s a place for you in the cloud.

Educational Resources

The modern age offers countless resources to learn cloud technologies—many of them free. Here are some I found particularly useful:

Free Resources

Cloud Provider Learning Platforms: Providers like AWS, Azure, and GCP offer free resources, labs, and tutorials to help you gain hands-on experience.
AWS Skill Builder: AWS's interactive learning paths and Cloud Quest gamified challenges provide hands-on experience. When I started, these tools helped me master architectural concepts and implementation.
Developer Roadmaps: This community-driven platform covers essential topics like networking, cloud design patterns, and DevOps fundamentals. It’s an excellent guide for building a learning plan.
YouTube: Don’t underestimate the wealth of tutorials and walkthroughs available on YouTube. When I built a trading card project using AWS Amplify, YouTube tutorials helped me navigate technologies like TypeScript, React.js, and Node.js.

Paid Resources

Certifications: Earning certifications like AWS Solutions Architect Associate deepens your understanding of cloud services and validates your skills.
Bootcamps: Bootcamps are especially useful for those who thrive in structured, intense learning environments. I attended a six-month bootcamp focused on Azure, where I earned credentials and built a cloud portfolio. Shoutout to my instructor and career coach @realcloudprojects, who also taught me the art of professional blogging (hence, this post!).
Higher Education: While college isn’t the only path, it offers a structured environment to build valuable skills. My degree in Computer Science provided a strong foundation in programming and problem-solving.

Setting Realistic Expectations

You may have heard, “The cloud is not an entry-level role.” I certainly did. Many advised me to gain years of development or tech support experience before considering the cloud. But I was determined to make cloud computing my starting point.

Breaking into the cloud without extensive IT experience is possible but challenging. Many roles are mid- to senior-level, reflecting the responsibility of managing critical infrastructure. Some companies, however, do offer entry-level roles like Cloud Support Associate or Junior Cloud Engineer, which are great stepping stones into this field.

With the industry’s rapid shift to hybrid and multi-cloud solutions, there’s never been a better time to start learning and pursuing opportunities in this space.

Conclusion

A career in the cloud is achievable, even without years of prior experience. With the abundance of free and paid resources available, you can build the knowledge and confidence to succeed. Don’t let doubt hold you back—take the first step and begin your journey.

If you have questions or want to share your own journey, feel free to connect or comment below. Let’s inspire and learn from each other.

Managing Revisions in Azure Container Apps

Jimi — Wed, 18 Sep 2024 00:36:35 +0000

Introduction

In this final guide of the series, we'll explore the essential aspect of managing revisions in Azure Container Apps. By effectively managing revisions, you can control the deployment of new features, roll back changes, and experiment with different versions of your application.

Benefits of Revision Management

Flexible Deployment: Multiple revisions allow for gradual feature rollouts and experimentation.
Rollback Capability: You can easily revert to a previous revision if issues arise.
Improved Control: Managing revisions provides greater control over your application's behavior and updates.

Prerequisites

Azure Subscription: An active Azure subscription.
Container Registry: A container registry containing your container images.
Virtual Network and Subnets: A virtual network with subnets for your container app and private endpoint.
Service Bus Namespace: A Service Bus namespace for communication.
Managed Identity: A user-assigned managed identity.
Private Endpoint: A private endpoint connecting your container registry to your virtual network.
Container App: A deployed container app.

Step-by-Step Guide

Enable Multiple Revisions:
- Navigate to your container app's settings.
- Under "Application," go to "Revisions and replicas."
- Select "Choose Revision mode" and confirm the switch to "multi-revision mode."
Create a New Revision:
- Click "+ Create a new revision."
- Provide a name/suffix and select your container image.
Configure Ingress Labels:
- Under "Settings," select "Ingress."
- Enable ingress and configure the necessary settings (ingress traffic, type, client certificate mode, transport, insecure connections, and IP security restrictions).
Configure Traffic Percentage:
- In the "Revisions and replicas" page, adjust the traffic percentage for each revision to control their distribution.

Conclusion

Congratulations! By following these steps, you've successfully configured revision management for your Azure Container App. This empowers you to manage different versions of your application, experiment with new features, and roll back changes if needed.

By mastering the concepts of securing an Azure Container Registry, creating and configuring a secure container app, and effectively managing revisions, you've laid a strong foundation for building and deploying robust containerized applications on Azure. These essential components work together to ensure the security, performance, and flexibility of your container-based solutions.

Creating and Configuring a Secure Container App in Azure Container Apps

Jimi — Wed, 18 Sep 2024 00:35:25 +0000

Introduction

In the previous post, we discussed securing an Azure Container Registry with a private connection and role-based access. Now, we'll delve into creating and configuring a secure container app in Azure Container Apps. By leveraging the security measures we implemented in the previous post, we'll ensure that our container app operates in a controlled and protected environment.

Benefits of Secure Container Apps

Enhanced Security: By building upon the secure foundation of our container registry, we'll create a container app that is protected from unauthorized access and potential threats.
Improved Performance: Leveraging private endpoint connections and optimized network configurations can enhance the performance and reliability of our container app.
Simplified Management: Azure Container Apps provides a managed service, reducing the operational overhead and complexity of managing containerized applications.

Prerequisites

Before you begin, ensure you have the following:

Azure Subscription: An active Azure subscription.
Azure Container Registry (ACR): A container registry containing your container images.
Virtual Network and Subnets: A virtual network with at least two subnets: one for the private endpoint and another for the container app.
Service Bus Namespace: A Service Bus namespace for communication between the container app and external services.
User-Assigned Managed Identity: A managed identity associated with your container registry.
Private Endpoint: A private endpoint connecting your container registry to your virtual network.

Step-by-Step Guide

Create a Container App:
- Navigate to the Azure Portal and search for "Container App."
- Click on "Create" and provide the necessary details (resource group, container app name, and region). Once complete, click on "Create new" underneath "Container Apps Environment."
- In the "Networking" tab, select "Use your own virtual network" and choose the subnet for your container app. Click "Create" at the bottom.
Configure Container App Image:
- Select "Azure Container Registry" as the image source.
- Choose your container registry and image. Click "Review + create" at the bottom.
Authenticate with Managed Identity:
- After deployment, navigate to your container app's settings and select "Identity" under "Settings".
- Under the "User Assigned" tab click "+Add" and add the managed identity you created earlier.
Configure Service Bus Connection:
- Under "Settings" select "Service Connector (Preview)" and click "+Create."
- Select "Service Bus" as the service type and choose the appropriate client type.
- In "Authentication" select the user-assigned managed identity.
- Continue until the end then review and create the Service Connection.
Configure HTTP Scale Rules:
- Under "Application," go to "Scale."
- In the "Scale" section, configure minimum and maximum replicas then click "Add" under "Scale rule."
- Create a name for the scaling rule and select the "HTTP scaling" Type. Decide an amount of concurrent requests for the rule.
- Click on "Save as new revision" on the bottom.

Conclusion

Congratulations! You've successfully created and configured a secure container app in Azure Container Apps. By leveraging the security measures implemented in our previous post, we've ensured that our container app is protected from unauthorized access and operates efficiently. This provides a strong foundation for building and deploying secure, scalable containerized applications on Azure.

Next Steps

In the next guide, we'll look at using Azure Pipelines to handle continuous integration for your Azure Container Apps.

Securing an Azure Container Registry with Azure Container Apps

Jimi — Wed, 18 Sep 2024 00:27:39 +0000

Introduction

In today's cloud-native landscape, ensuring the security of container registries is paramount. This post will guide you through the process of configuring a secure connection between your Azure Container Registry (ACR) and Azure Container Apps. By implementing user-assigned managed identities and private endpoint connections, you'll significantly enhance the security of your container deployments.

Benefits of Secure Connection

Reduced Attack Surface: Private endpoint connections limit access to your ACR to only the authorized resources within your virtual network, minimizing the risk of unauthorized access.
Enhanced Compliance: Implementing role-based access control (RBAC) using managed identities aligns with industry best practices and helps meet compliance requirements.
Improved Security Posture: By restricting access and applying appropriate permissions, you can strengthen the overall security of your container environment.

Prerequisites

Before you begin following the steps outlined in this post, ensure you have the following:

Azure Subscription: An active Azure subscription is required to create and manage resources.
Azure Container Registry (ACR): A container registry containing your container images.
Virtual Network and Subnet: A virtual network with a subnet where you'll create the private endpoint.
Service Bus Namespace (Optional): If you plan to use Service Bus integration with your Container Apps, you'll need a Service Bus namespace.

Step-by-Step Guide

Create a User-Assigned Managed Identity:
- Navigate to the Azure Portal and search for "Managed Identity."
- Click on "Create" and provide the necessary details (resource group, region, and name).
- Review and create the identity.
Grant AcrPull Permissions to the Managed Identity:
- Open your ACR resource in the Azure Portal.
- Go to "Access Control (IAM)" and click "+ Add."
- Select "Add Role Assignment."
- Search for and select the "AcrPull" role.
- Assign the role to your user-assigned managed identity.
Configure a Private Endpoint Connection:
- In your ACR resource, select "Networking" underneath "Settings"
- Select the "Private Access" tab and click "Create a private endpoint connection."
- Provide the necessary details for your endpoint.
- Ensure the "Target Sub-resource" is set to "registry."
- Select your virtual network and subnet.
- Enable private DNS integration.
- Review and create the private endpoint.

Conclusion

Congratulations! You've successfully established a secure connection between your Azure Container Registry and Azure Container Apps. The combination of user-assigned managed identities and private endpoint connections provides a robust security posture for your container deployments. This ensures that only authorized entities can access your container images, reducing the risk of unauthorized access and data breaches.

Next Steps
In the next guide, we'll delve into creating and configuring a container app using Azure Container Apps.

Configuring Azure Arc-Enabled Windows Servers with Azure VM Extensions

Jimi — Thu, 15 Aug 2024 22:15:58 +0000

Introduction

In our final guide for the series we'll walk through the process of configuring Azure Arc-enabled Windows servers using an Azure VM extension. We'll cover essential steps like installing IIS and blocking the legacy Azure Log Analytics agent. Whether you're a system administrator new to Azure Arc or looking to refine your configuration, this post will provide valuable insights.

Step-by-Step Guide

Installing IIS

Log into your Windows VM: Establish a Remote Desktop connection to your Windows VM.
Open PowerShell ISE: Launch Windows PowerShell Integrated Scripting Environment (ISE) with administrative privileges.
Create the installation script:
- Paste the following script into PowerShell ISE: ```powershell

Install-WindowsFeature -name Web-Server -IncludeManagementTools
Remove-Item -Path 'C:\inetpub\wwwroot\iisstart.htm'
Add-Content -Path 'C:\inetpub\wwwroot\iisstart.htm' -Value "$env:computername"

    ![Pasting script in powershell](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/l6p89wdoaukh6945hiul.jpg)* Save the script as `Install_IIS.ps1` in your Documents folder.

    ![Pasting the script into a text document](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4960rvls374s7cm5e5y6.jpg)

4. **Create an Azure storage account:**
   * Navigate to the Azure portal and create a new storage account.

    ![Locating storage account](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z3726rfrod35bteo5zah.jpg)
   * Configure the storage account with your Subscription, Resource Group, and create a globally unique name.
   * Select Locally Redundant Storage (LRS) for redundancy and click "Review + Create".

    ![Configuring Storage Account](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/taynx0kfx1b66483gpci.jpg)
5. **Create a storage container:**
   * Within the storage account, click on "Container" to create a folder for the script.

    ![Creating Storage Container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/v4zlv4hkdbfme5ljdknb.jpg)
   * Click on "+ Container"

    ![Creating the storage container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pemkxohn153jau1hti54.jpg)
   * Create a name for the storage container then click on "Create"
    ![Creating the container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xtcmi61pvc3mqoko5k80.jpg)
6. **Upload the script:**
   * Upload the `Install_IIS.ps1` script to the created storage container.
    ![Clicking upload](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4stqpzxlg98g5ry3rx1t.jpg)
    ![Uploading the created script](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/r28vqnex3jve3audvmdj.jpg)

7. **Configure the Azure VM extension:**
   * In the Azure portal, navigate to your Azure Arc-enabled machine.
   * Underneath "Settings" click on "Extensions"
    ![Finding Extensions](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zpsqxqqmjzyuiwqcmdjg.jpg)
   * In the Extensions page, search for and add "Custom Script Extension for Windows - Azure Arc."

    ![Searching for the custom extension](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/g3hkzkbqhihdosi2hs0w.jpg)
   * Configure the extension to use the storage account and container containing the script.

    ![Picking the Storage Container](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dqkvfk0ov3f88w7l9j12.jpg)

    ![Picking the script](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qadyrill1eyvx9p8ppb8.jpg)

    ![Clicking "Review+Create" to create extension](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/s1fb776o93q5ln1kilf6.jpg)

8. **Verify IIS installation:**
   * Wait for the deployment to complete.
   * Open a web browser and navigate to `https://localhost`. You should see the server's name. Alternatively, check the contents of `C:\inetpub\wwwroot\iisstart.htm`.

#### Blocking the Legacy Azure Log Analytics Agent

1. **Open Command Prompt:** Launch Command Prompt on the Windows VM.

    ![Opening command prompt](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ok3mfwt19xpfj259ltn8.jpg)
2. **Check current configuration:**
   * Run `azcmagent config list` to view the current configuration.
3. **Block the agent:**
   * Execute `azcmagent config set extensions.blocklist "Microsoft.EnterpriseCloud.Monitoring/MicrosoftMonitoringAgent"` to block the agent.
4. **Verify the change:**
   * Run `azcmagent config list` again to confirm the blocklist entry.

    ![Checking the environment](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nxll8ocmoch19uyklpa9.jpg)

**Conclusion:**
Congratulations on completing this guide! You've successfully transformed your Windows Server into a managed Azure Arc-enabled machine. By integrating Azure Policy, Microsoft Defender for Cloud, Azure Monitor, and Azure Update Manager, you've established a strong foundation for security, compliance, and management.

To deepen your understanding, explore the Azure portal for detailed insights into your environment. Remember to clean up resources when finished to avoid unnecessary costs.

Managing Azure Arc-Enabled Windows Server Updates by Using Azure Update Manager

Jimi — Thu, 15 Aug 2024 22:15:13 +0000

Introduction

In our previous guide, we used Insights to monitor our Azure Arc-enabled servers. Building upon that foundation, this post will delve into how to effectively manage updates for these servers using Azure Update Manager.

Prerequisites:

An Azure account with an active subscription.
A Windows VM enabled with Azure Arc.

Step-by-Step Guide

Access Azure Update Manager:
- Log in to your Windows server and then sign into your Azure account.
- Search for "Azure Update Manager" in the Azure portal and select it.
Discover Your Machine:
- Under the "Manage" section, choose "Machines."
- Select your Azure Arc-enabled instance from the list.
Initiate Initial Assessment:
- Click "Check for Updates" followed by "Trigger assess now."
- Important: Do not wait for the assessment to complete. Proceed to the next step.
Configure Periodic Assessment:
- Navigate to "Update Settings."
- Enable "Periodic assessment" and save the changes.
Schedule Updates:
- Go to the "Updates" page and click "Schedule Updates."
- Select your subscription, resource group, and create a configuration name.
- Add a schedule specifying the start date, time, maintenance window, and recurrence.
- Review and create the update schedule.
Perform a One-Time Update:
- Return to the "Updates" page of your Azure Arc VM and select "One-Time Update."
- Check the box next to your instance and click "Next."

In the "Properties" tab, configure reboot options as needed (e.g., "Never Reboot").
Click "Next" and then "Install."

Key Capabilities of Azure Update Manager

Azure Update Manager offers several features to streamline update management:

Centralized Management: Manage updates for multiple Azure Arc-enabled servers from a single console.
Scheduled Updates: Automate update deployment during off-peak hours or maintenance windows.
Assessment and Compliance: Evaluate update status and compliance with organizational policies.

Conclusion:
By following these steps, you've successfully configured Azure Update Manager to manage updates for your Azure Arc-enabled Windows servers.

Next Steps:
In the next post, we'll explore configuring Azure Arc-enabled Windows servers using Azure VM Extensions.

Monitoring Azure Arc-Enabled Windows with VM Insights

Jimi — Thu, 15 Aug 2024 22:14:20 +0000

Introduction

Building on our previous guide on securing your cloud environment with Microsoft Defender for Cloud, we'll now focus on enhancing visibility into your Azure Arc-enabled Windows servers using Azure Monitor.

In this post, we'll set up VM Insights to collect and analyze performance data for your servers.

Prerequisites:

An Azure account with an active subscription.
A Windows VM enabled with Azure Arc.

Creating a Log Analytics Workspace

Navigate to the Azure portal and search for "Log Analytics Workspaces."
Click + Create to create a new workspace.
Provide a name, select your subscription and resource group, and then click Review + Create.

Enabling VM Insights

Search for "Azure Arc" in the Azure portal and navigate to Machines.
Select your target Windows server and go to the Monitoring section and click Insights.
Click on Enable.
Choose your subscription and click Create new for the data collection rule.
Give the data collection rule a name, enable process and dependencies mapping, select your Log Analytics workspace, and click Create.

Exploring Performance Data

While data collection takes a few minutes, you can navigate to the Arc Lab Insights page for your machine and select the Performance tab.

This page provides server properties and summarizes event types and their counts.

Conclusion:
Congratulations! You've successfully set up monitoring for your Azure Arc-enabled Windows server.

Next Steps:
In the next guide, we'll explore how to manage updates for your Azure Arc-enabled Windows servers using Azure Update Manager.

Enhancing Your Azure Arc Enabled Server Security with Microsoft Defender for Cloud

Jimi — Thu, 15 Aug 2024 22:13:19 +0000

Introduction

Now that your Arc Enabled Windows server has the Azure Monitoring Agent installed, let's bolster its security with Microsoft Defender for Cloud. This powerful tool provides comprehensive protection against various threats.

Prerequisites:

An Azure account with an active subscription.
A Windows VM enabled with Azure Arc.

Enabling Microsoft Defender for Cloud

Access Your Azure Portal: Log in to your Windows VM and then your Azure account. Search for and select "Microsoft Defender for Cloud."
Get Started: Navigate to the "General" section and click "Getting started."
Upgrade Your Subscription: Locate your subscription, check the box beside it, and select "upgrade." Ignore any prompts to install agents.
Configure Environment Settings: Go to "Management" on the left-hand side and click "Environment settings."
Select Your Environment: Choose the entry you're using for these guides that contains your Arc VM.
Review and Enable Plans: Explore the available plans and enable the desired ones. Save your selections.

Exploring Microsoft Defender for Cloud Capabilities

To understand how Microsoft Defender for Cloud protects your Arc Enabled Windows server:

Access Inventory: Return to the "General" section in Microsoft Defender for Cloud and click "Inventory."
Find Your Arc Instance: Locate and select your Azure Arc instance.
Review Recommendations: Click on a recommendation to view details.
Implement Fixes: Follow the instructions under "Remediate" or use the "Fix" option if available.

Conclusion:
Congratulations! You've successfully enabled Microsoft Defender for Cloud to safeguard your cloud environment. By proactively addressing recommendations, you're strengthening your server's security posture.

Next Steps:
In the next post, we'll delve into monitoring your Azure Arc-enabled Windows servers using Azure Monitor.

Managing Azure Arc Windows Servers with Azure Policy

Jimi — Thu, 15 Aug 2024 22:12:10 +0000

Introduction

In our previous guide, we explored how to connect your on-premises Windows servers to the Azure cloud using Azure Arc. This integration opens up a world of Azure services and capabilities for your hybrid environment.

This guide will focus on leveraging Azure Policy to manage compliance and configuration for your Azure Arc-enabled Windows servers. We'll demonstrate this by automatically installing the Azure Monitor Agent.

Prerequisites:

An Azure account with an active subscription.
A Windows VM enabled with Azure Arc.

Step-by-Step Guide

Log in to Azure and your Windows VM.
Create an Azure Policy:
- Navigate to Azure Policy in the Azure portal.
- Under Authoring, select Definitions.
- Search for "Configure Windows Arc-Enabled machines" and select "Configure Arc-enabled machines to run Azure Monitor Agent".
- Click Assign policy.
- Select your subscription and resource group as the scope.
- Navigate to the Remediation tab and enable "Create a remediation task".
- Review and create the policy assignment.
Monitor Policy Compliance and Remediation:
- Go back to Policy > Definitions and click Compliance.
- Locate the policy and verify its non-compliant status.
- The remediation task is automatically running. You can verify this in Policy > Remediation > Remediation tasks.
Verify Azure Monitor Agent Installation:
- Navigate to Azure Arc > Machines.
- Select your instance and go to Settings > Extensions.
- Verify that the AzureMonitorWindowsAgent extension is installed.

Conclusion:
Congratulations! You've successfully used Azure Policy to ensure your Azure Arc-enabled Windows VM has the Azure Monitor Agent installed.

Next Steps:
In the next guide, we'll delve deeper into enhancing the security of your Azure Arc-enabled Windows servers using Microsoft Defender for Cloud.

Unleash the Power of Hybrid Cloud with Azure Arc

Jimi — Thu, 15 Aug 2024 22:11:37 +0000

Introduction

Ready to unlock the full potential of your on-premises environment?

This guide will walk you through the process of seamlessly integrating your Windows server into the Azure ecosystem using Azure Arc. By extending Azure management and services to your on-premises infrastructure, you can gain the benefits of a unified management plane and hybrid cloud capabilities without the limitations of cloud-native environments.

While Azure VMs typically come pre-installed with the Azure Arc agent, this tutorial focuses on an AWS Windows VM to avoid the complexities of agent removal and reinstallation.

We'll cover the following steps:

Creating a Windows VM on AWS
Installing the Azure Arc agent on the Windows server
Managing your Azure Arc-enabled server within the Azure portal

Let's begin!

Pre-requisites

An active Azure subscription
An active AWS account

Note: If you already possess a pre-configured Windows VM, you can skip to Part 2: Installing Azure Arc on a Windows VM.

Part 1: Creating a Windows VM on AWS

Log in to your AWS account and navigate to the VPC service:
- In the search bar, type "VPC" and select it.
Create a VPC:
- Click on "Create VPC."
- Select "VPC and more" and choose a descriptive name for your VPC.
- Since we'll be connecting to the VM remotely, ensure you have at least one Availability Zone selected.
- Leave the number of private subnets at 0 for this basic setup.
- For simplicity, set NAT gateways and VPC endpoints to "None" for now.
- Click "Create VPC" to complete the process.
Launch an EC2 Instance:
- Go to the EC2 service by searching for it in the search bar.
- Click on "Launch Instance."
Configure Instance Details:
- Provide a recognizable name for your EC2 instance.
- Select a Windows Server Application Image that suits your needs.
- Choose an appropriate instance type, keeping in mind higher tiers incur higher charges.
Create a Key Pair:
- Click on "Create new key pair" and generate a Key Pair.
- Give your Key Pair a descriptive name and download it securely. Store it somewhere you can easily access it later.
Configure Network Settings:
- Leave "Create Security Group" selected.
- For demonstration purposes, we will allow RDP traffic from "Anywhere" temporarily. You can restrict this later to specific IP addresses for increased security.
Launch the Instance:
- Review all configurations and click "Launch Instances" to begin the creation process.
Connect to the Windows VM:
- Once launched, locate the EC2 instance you created and check the "Launch" state.
- Click on "Connect" to initiate the remote desktop connection.
Establish Remote Desktop Connection:
- Choose the RDP client you prefer.
- Click "Get Password" and select the option to "Upload private key file." Locate the downloaded Key Pair file and click "Decrypt Password."
- Copy the decrypted password and download the provided remote desktop file.
- Open the downloaded RDP file and paste the copied password when prompted. Connect to the VM.

Part 2: Installing Azure Arc on a Windows VM

Allow the VM to boot up and connect to Microsoft Edge.
Sign in to Azure Portal:
- Open Microsoft Edge and navigate to portal.azure.com.
- Log in to your Azure account.
Install Azure Arc Agent:
- Search for "Azure Arc" in the search bar and select it.
- Locate the "Manage resources across environments" section and click on "Add resources"
- Navigate to the "Machines" category and click "Add/Create" followed by "Add a Machine."
- In the "Add a Single Server" section, click "Generate Script."
- Choose a suitable region for your environment.
- Under "Resource Group," click "Create New" and give your resource group a descriptive name. Leave other settings as default and click "Download and Run Script."
- Save the downloaded script (usually in your Downloads folder).
Run the Onboarding Script:
- Open the Start Menu and search for "PowerShell." Right-click on PowerShell and select "Run as administrator."
- Use the following commands to navigate to your Downloads folder and run the script:
```
 cd downloads
 ./OnboardingScript.ps1
```
- Confirm any security warnings by typing "Y" and letting the script run.
- Choose your Azure account and allow the script to complete the installation.
Verify Azure Arc Connection:
- Go back to the Azure portal and search for "Azure Arc."
- Under "Azure Arc resources" on the left side, click on "Machines."
- You should now see your Windows VM listed. This confirms successful connection to your Azure environment.

Conclusion:
Congratulations, you have now installed an Azure Arc agent onto your Windows server.

Next Steps:
The next guide will explore managing Azure Arc-enabled Windows servers using Azure Policy for centralized configuration and control.

Simulating a Privelege Escalation attack to Test Your Sentinel and Defender Setup (Final)

Jimi — Sat, 03 Aug 2024 19:14:11 +0000

Introduction

This is the final post in our series on setting up Sentinel and Defender for threat detection. In previous posts, we established a sentinel and defender, populated it with units, connected it to a VM, and created an analytic rule to notify a user when an incident occurs. Now, let's test the entire system by simulating a privilege escalation attack.

Understanding the Attack:
A privilege escalation attack aims to grant unauthorized users higher-level privileges. In this simulation, we'll create a new user account and then elevate it to the administrators group.

Steps:

Locate the Target VM: Access the Windows VM you created in a previous step.
Execute PowerShell Script: Navigate to the "Operations" section and select "Run PowerShell Script."
Create a New User: Paste the following command into the PowerShell script, replacing "labusername" and "LabPassword1!" with your desired credentials:

   net user labusername /add
   net user labusername LabPassword1!
   net localgroup administrators labusername /add

This command creates a new user, sets a password, and adds the user to the administrators group.

Verify Attack Success: You should see three successful messages confirming the creation of the user, setting the password, and adding the user to the administrators group.
Monitor for Incident: Return to Microsoft Sentinel and navigate to the "Threat Management" section, then select "Incidents."
Identify the Incident: Look for an incident matching the name you configured in your analytic rule.
Review Incident Details: Select the incident and click "View full details" to examine the incident information. Verify that the owner assigned to the incident is the user specified in your automation rule.

Conclusion

By following these steps and carefully analyzing the results, you can validate the effectiveness of your Sentinel and Defender setup in detecting and responding to potential threats.

Configuring Data Collection and Analytics in Microsoft Sentinel (Part 3)

Jimi — Sat, 03 Aug 2024 19:13:31 +0000

Introduction

Building on our previous posts, we'll now delve into configuring data collection rules and setting up basic analytics in Microsoft Sentinel. Before we begin, create a Windows VM in the same Resource Group as the workbook.

Configuring Data Collection Rules

To effectively leverage Microsoft Sentinel, we need to ensure that relevant data is being collected. Let's configure a data collection rule for Windows Security Events:

Navigate to the Configuration section in Microsoft Sentinel and select Data Connectors.
Search for and select Windows Security Events via AMA.
Click Open connector page.
In the Configuration section, click +Create data collection rule.
Provide a name for the Data Collector, select your subscription, and choose the resource group.
Expand the subscription tab, locate the Windows virtual machine you created, and select it.
In the Collect section, leave All Security Events selected.
Click Review+Create and then Create.

Creating a Near Real-Time (NRT) Query Detector

To promptly identify potential threats, we'll set up a basic NRT query detector:

In Microsoft Sentinel, navigate to the Configuration section and select Analytics.
Click +Create and choose NRT query rule.
Provide a name for the query and select Privilege Escalation from the MITRE ATT&CK framework.

In the Rule Query section, input the following logic:

SecurityEvent
| where EventID == 4732
| where TargetAccount == "Builtin\\Administrators"

Configure the query scheduling and other parameters as needed.
Click Review+Create and then Create.

Configuring Automation

To streamline incident response, we'll create a basic automation rule:

Return to the Configuration section in Microsoft Sentinel and select Automation.
Click +Create and choose automation rule.
Provide a name for the automation rule and assign an owner.
Configure the automation logic and conditions.

Summary

By following these steps you've set up Windows Security Event data collection, created near real-time query detectors, and configured basic automation rules in Microsoft Sentinel.

In the next post, we'll simulate an attack to validate the analytic and automation rules.