New Azure KMS IP and domain Addresses for activation

For Windows virtual machines deployed into Azure using marketplace images you may have created rules in your NSG or firewalls to allow the server to communicate the Azure KMS activation service. This used to be kms.core.windows.net and had an IP address of 23.102.135.246. As of March 2023 Microsoft has moved to a new address azkms.core.windows.net and has two IP addresses "20.118.99.224" and "40.83.235.53". The existing address kms.core.windows.net is pointed to the new IP of 40.83.235.53.

So if your servers are having issues with activation please check your rules to ensure they have the new IP addresses and you can resolve the old and new domain names (azkms.core.windows.net, kms.core.windows.net)

Comments

Going further back for Azure Consumption in PowerBi

When you connect PowerBi via Microsoft Azure Consumption Insights (Beta) connector you will get the last month of consumption data and you may want to report further back. There is a way to do it where you can report back up to a maximum of 36 months. If you follow my article https://blog.myvmx.com/2020/12/using-azure-tags-in-your-powerbi.html up to step "On the menu bar select "Transform data > Transform data" first. On the menu bar select "Transform data > Transform data" Under the "Home" ribbon locate and select "Advanced Editor" You should see the query that has been applied which is currently based on this format let Source = MicrosoftAzureConsumptionInsights.Tables(EnrollmentNumber, []), usagedetails = Source{[Key="usagedetails"]}[Data] in usagedetails We would need to change it to let enrollmentNumber = "EnrollmentNumber", optionalParameters = [ numberOfMonth = 3, dataType = "De

On board Azure Resources to use Azure AD Privileged Identity Management (PIM)

If you have Azure AD Premium P2 licences one of the reasons would of been to use Privileged Identity Management (PIM) as its a great tool to help provide "just-in-time" privileged access for resources where you don't need permanent access to. In this article I will be going through how to onboard Azure resources into PIM so that you can control privileged access for your Azure resources as well. This means you can create conditional access policies for certain resources, resource groups, subscriptions or even management groups to ensure users only have the required permissions at the right time. An example would be, by default you assign reader role for IT operations staff so that they can see all the resources. If they decided they need to make a change they would need to use PIM to activate a particular role you have assigned them which gives them permissions to make the change. As part of activating the role you might want to add some conditions. You might add that u

Visual Studio and Azure Services access behind a firewall

There is an article by Microsoft that lists all the URLs that Visual Studio requires to install or interaction with Azure services if you was behind a firewall or proxy. Obviously you don't have to allow everything through but you can see what you need to allow through if there was something specifically needed. I know after the pandemic most people are working from home and have a direct access to the internet but there are environments where access are still very control behind firewalls. This document provides the URLs, the ports it uses and a brief explanation about why it is needed which is always useful when you are speaking to your security team on why you need to punch another hole through the firewall. https://docs.microsoft.com/en-us/visualstudio/install/install-and-use-visual-studio-behind-a-firewall-or-proxy-server?view=vs-2022 Snippet of web page which list why each of the URLs are required and for what service

myVMX - Virtualisation, Cloud

Search This Blog