Anish's Notebook

Application security groups Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses. The platform handles the complexity of explicit IP addresses and multiple rule sets, allowing you to focus on your business logic. To better understand application security groups, consider the following example: In the previous picture,  NIC1  and  NIC2  are members of the  AsgWeb  application security group.  NIC3  is a member of the  AsgLogic  application security group.  NIC4  is a member of the  AsgDb  application security group. Though each network interface in this example is a member of only one network security group, a network interface can be a member of multiple app...

  What is Azure Firewall? Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for logging and analytics. To learn about Azure Firewall features, see  Azure Firewall features . With NSG's or ASG we cannot write policies based on Domain names, but azure firewall supports restricting traffic based on domain names . This can be useful when we want to restrict users from accessing a particular website. If that particular website doesnt have a static IP address or...

ROLE BASED AUTHORIZATION Step1:   Setup  API. 1. Create an app registration and create an app role. Make sure that the app role is assigned to user and applications. We add it to both user groups and applications as this role can be then assigned to both users and applications. Scopes can only be assigned to apps. Now we can have only users with this role access our application. This app role behind the scenes adds an approles section to the manifest.json. We can directly add it to the manifest file also. Step 2:  Setup an app registration for the UI/ WEB App. . We will grant this app the read role created in the API app (shown above). Go to Azure AD and select the UI app registration. When we register an application 2 elements get created. 1. App registration  2. Enterprise Application -- service principal that get created for the app Adding roles to applications Go to the App registration => API Persmissions => Add a Permission => My API's The My Api's sec...

The intent is to create an appservice that is available inside a VNET. So we will create a vnet and put an appservice inside it. This Vnet will have 2 subnets. One that has the appservice and another one that will have a VM.. We need to make sure that this Appservice can be accessed only inside the VM (inside the same VNET)  1. Create a Vnet Total Address space is 256.. We split into 2 subnets 2. Create an Appservice in standard or above tier as the lower tiers dont support networking.  and select the Vnet and select the sub2 subnet 3. Create a Virtual Machine inside sub1. 4. Go to Appservices and onto the networking tab and select Access Restrictions Create a rule and select VNET and subnet that we created earlier. We can also specify IP Address. Then this appservice can be accessed by the specified IP's only. So this appservice can only be accessed within subnet 1. Which is where we have deployed the VM.. From Internet Inside VM (Subnet 1)