Learning #Azure would be a lot easier if the documentation was up to date and things on the portal didn’t just hang or stop working at random intervals. Ffffuu
Day 211. #Azure App Service per default exposes an IIS management port for Web Apps. You don't want your Web App to come with this open port? Easy, simply redeploy it until you land on an underlying server where that port has been deactivated.
Helping a colleague troubleshoot an #azure oddity - trying to get the details of a Key Vault using the #azurecli with az keyvault show --name X but it errors out saying that an unrelated resource group could not be found. (Apparently the resource group did exist at one point, but has been deleted)
az keyvault list is empty, as is list-deleted, but the vault definitely exists.
After Chinese(?) hackers infiltrated #Azure & most probably all connected systems for years without being noticed, the Russians do seem to have stolen important source code.
Takeaways: #Microsoft isn't able to protect their most important assets. They don't even notice hackers in their systems for a long period of time. When your threat model relies on secret source code, you're not coding good #software.
Year 2024. #LeapDay still causes issues to #Azure.
Noticed that #paloalto data sent to #Sentinel via #AMA during 29th was logged with TimeReceived as 1st of March. Issue doesn’t happen if you use old #MMA / #OMS agent.
So, related to my #Azure struggles yesterday with Front Door (remains unresolved btw). One of the things I ran into was somewhere in the portal it telling me a health probe was failing. It couldn't be bothered to tell me what probe was failing or in what way, just offered a button that goes to basically nothing useful.
So I decided to simply disable all health probes but I couldn't because while the interface SAID it had disabled the probe, it was very much still active.
Real question, any of my followers actually knowledgable about #Azure Front Door and can tell me why a high number of requests results in 400 response codes periodically.
@dustinrue
No, if you don't set up a WAF profile it won't apply one. Only thing I can think is some odd headers on the requests into blob storage, but again without any rules AFD shouldn't be imposing any, especially if it was working and then stopped :(
🛡️ Researchers uncover details of 3 vulnerabilities in #Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could have allowed attackers root access and system disruption.