Author: rzomerman

Delegated Windows Virtual Desktop Deployment

When deploying Windows Virtual Desktop in Azure you can use all the administrative credentials you can find as per the guide. But what if you are in a more “regular” environment where you don’t have “Domain Admin” and “Global Admin” permissions? In that case, you follow this post where we will look at who needs […]

Read more

FIDO2 – the infinite loop broken

In my previous post I talked about FIDO2 keys from FEITIAN and how to register them. One of the points for registration was that you need to sign-in with MFA to register your FIDO2 key. But what if your users do not want that, or cannot do that? To the rescue comes ENSURITY. They have […]

Read more

Even strong passwords are… stupid – part 2 – FIDO2

Microsoft is on a quest to remove passwords. While this will be a long journey it is worth the effort. Passwords are weak as people tend to reuse their passwords on various sites and/or websites don’t do enough to protect them. And so, accounts are breached almost on weekly basis, and many passwords are “known” […]

Read more

Highly Available Firewalls and Proxies in Azure

New and old technology usually don’t work well together. Trying to connect your Betamax video player to an OLED screen may be a challenge. It will work, but how? The same principle applies to traditional firewall setups in the cloud. With the virtualization of the networking stack not all features available in physical networks are […]

Read more

Azure Availability Sets & Azure Capacity

How to move a large number of VM’s between AVsets This topic is to introduce a new script that helps with deployments in Azure Availability Sets, I actually had a few reasons for writing the script, Capacity Errors and Proximity Groups AV Set Capacity When you deploy a new VM to an Availability Set in, […]

Read more

Azure AD – Domain services preview features

There are 3 (relatively) new functions in Azure AD Domain Services. Both in preview at the time of writing but combining all can unlock new functionality. This post will go over the following items with regards to Azure AD – Domain Services What’s new in Azure AD – Domain Services Force trust creation with AAD-DS/ADDS […]

Read more

Windows Virtual Desktop – Group Sync script

In my previous post, you read about how to setup a full WVD environment. As you may have noticed, providing permissions to the applications or desktops can only be done using PowerShell (at the time of writing this article). This was a bit odd for me, as many enterprises use AD / AAD groups to […]

Read more

Windows Virtual Desktop

There are many tutorials already on WVD, but none that satisfied my needs for a full configuration with custom image. So why not create one myself….. This tutorial describes the implementation of a Windows Virtual Desktop from a custom image up to publishing applications / desktop. This post is the first in a series of […]

Read more

F5 – Allowing AAD Guests Kerberos Access

F5 – KCD – AAD – B2B In my last post I gave you a script that allows the automatic creation of B2B users in your local AD to enable you to publish (on-premises) Kerberos applications using Constraint Delegation. In this post, we will enable an F5 to use this setup to actually publish the […]

Read more

B2B Users & INternal apps

AAD B2B & AD KCD – AAD App Proxy In a previous post I talked about using Azure AD App Proxy in combination with B2B accounts. This is to allow B2B invited guest users to be able to connect to internal applications using Kerberos, without them knowing their sAMAccountName or password. In that post, I […]

Read more