Azure Disk Encryption – How to recover KEK from Azure Key Vault

If you have encrypted the VHD using Azure Disk Encryption with KEK, use the below steps to Unwrap the BEK Key. Pre-requisites: The user who is running the commands must have the ‘unwrap‘ permission on the Keys within Key Vault use the Set-AzureRmKeyVaultAccessPolicy Example: Replace below parameters with your KeyVault and UPN Name $keyVaultName = “KeyVaultName”…

0

Azure Disk Encryption – How to Encrypt Azure Resource Manager IaaS VM using KEK

In this blog post, we will cover how to encrypt an Azure Resource Manager IaaS VM using a KEK so that you can use Azure Backup to backup Azure Resource Manager VMs which are encrypted using Azure Disk Encryption. Steps: Pre-requisites: Install Azure Power Shell from https://docs.microsoft.com/en-us/azure/powershell-install-configure Connect to Azure Subscription using the below Azure Power Shell…

0

Azure Disk Encryption – How to recover BEK file from Azure Key Vault

In today’s blog, we will demonstrate behavior of Azure Disk Encryption Extension and how it integrates with Key Vault and the Azure Platform to create and read the (BEK) secrets. It will also describe how you can recover the BEK file from the Key Vault in a scenario where you need to recover the data…

2

Microsoft Azure: How to execute a synchronous Azure PowerShell cmdlet multiple times at once, using a single PowerShell session

  Overview Often times, Microsoft Azure customers have requirements to create multiple resources of the same type, and they wish to have these resources created as quickly as possible in a scripted solution. Many of the Azure PowerShell cmdlets are synchronous in nature, where the cmdlet will not return until provisioning is complete. Synchronous operations…


Cross-subscription circuit links that cross the ARM/classic boundary

While enabling an ARM circuit for use with classic deployments is fairly straightforward on its own, it can be confusing to do so as part of creating cross-subscription circuit links with classic deployments. To do the circuit links, you have to switch between ARM and classic mode while simultaneously switching subscriptions. This can lead to…

0

VM stuck in “Updating” when NSG rule restricts outbound internet connectivity

An Azure VM may experience the following symptoms if you have a network security group (NSG) rule configured to deny outbound internet connectivity: When you create a new VM the status remains on Updating. When you update a VM agent extension on an existing VM, the VM status remains on Updating. When you update a…

0

Sending E-mail from Azure Compute Resource to External Domains

Sending outbound e-mail to external domains (such as outlook.com, gmail.com, etc) directly from an e-mail server hosted in Azure compute services is not supported due to the elastic nature of public cloud service IPs and the potential for abuse.  As such, the Azure compute IP address blocks are added to public block lists (such as…


Impact of Cisco March 2016 Vulnerabilities on Azure

Microsoft evaluates the security of its infrastructure on an ongoing basis and part of this evaluation includes working with our vendors, the open source community and internal test labs to identify and mitigate critical security issues. On March 2nd, Cisco released its bi-annual security bulletin which included advisories affecting equipment used by many Cloud Service…

0

Azure networking – Public IP addresses in Classic vs ARM

This post was contributed by Stefano Gagliardi, Pedro Perez, Telma Oliveira, and Leonid Gagarin As you know, we recently introduced the Azure Resource Manager deployment model as an enhancement of the previous Classic deployment model. Read here for more details on them https://azure.microsoft.com/en-us/documentation/articles/resource-manager-deployment-model/ There are important differences between the two models on several aspects spanning…

2

Endpoint Load Balancing Heath Probe Configuration Details

Azure load balanced endpoints enable a port to be configured on multiple role instances or virtual machines in the same hosted service.  The Azure platform has the ability to add and remove role instances based upon the instance health to achieve high availability of the load balanced endpoint (VIP and port combination). Customers can configure…