Welcome to this demonstration on as your hopes of its security.
This demonstration is part of the fifth month do off the Is that 500 Microsoft has your security technologist costs
quick information on the activities that will be completing in this demonstration.
We'll start by configuring a custom domain for an up or stayed on as Ahab service. Well, then, configure SSL binding for the custom domain
Well, for seats to the civil insecure protocols on finally will configure authentication for application. Let's get into this.
So in the first task of this demonstration, our configure a custom domain fun up or stayed on azure hop service
And here is a visual representation off What are between?
I have a web up instead on the Windows Up service plan in Asia.
It has a domain name of very cloudy half, not as your websites. That net.
What I want to do is to use my custom domain name and to do that are created. Seen them record in my public Deanna zone or step with my DNS registrar. Go Daddy,
the same member recalled. We points the name that I want to use.
So the current name off the APP in APP service.
This record would then be verified by AB service and once it's verified, the name will be configured as a name off my hap service. So yeah, I am in the agile Pato Feig. I'd and click on APP services on under haps overseas. I can see my web up here, so I've not deployed anything
on this up. So it's just a vandal, a page that you get when you create any web.
So if I go ahead and click on the application
and right have the you ever off my application?
So what I want to do is I want to configure a custom DNs name.
So if I scroll down and click on custom domains, I can see that no custom domain is currently configured. But I can see the defaults name here, which is the very cloudy hap that as your website that nets are just quiet and copy that are go ahead and click on the option tohave custom domain
and he hacks meter had the custom domain that I want had the custom committed I want to use is up.
So let's just make that right
on because I'm yet to configure the name that I need. I'll just leave that there.
So what are these? I'll go to my DNS provider, which is God ity on our great and click on Hard on our hard, a new seen him record.
I seen them record for points in them, but they want two years
to the name off the half service. So if I go ahead on points to that
and I'll leave that as one heart and I'll go ahead and click, Save on that.
So once I have that configured, I can go back to the azure Pato
and I'll go ahead and click Validates.
Now you can see it's asking me here for the records type that I want tohave. So have already. How did the cinema record? There's also another options used the Eric or by in this case, I'll be using the seenem record.
Andi already had it to my dear nous ready struck.
So the next thing to do is to validate and verify that if I go, I didn't weaken validates
on. You can see that it's already done. The verification
on my go ahead and click on the open toe hard custom domain
that successfully added, And now I have my custom domain for perhaps service. So let's go to verify that.
So what I'll do is I'll go back to overview,
and I can copy this. You are well on our open, a private browser on Outpaced that you have Ellen day on. You can see that I can access these fear. Http.
However, there's a message that says connection is not secure. If I try to change that's toe https,
I get on ever message to say the certificates does not match the name that I'm entering here
so I can go ahead and click on Advanced On. I can guide and accept the risk and continue so it will still take me to the page. However, I have this connection or secure messages, so let's go fix that in the next activity.
So in the nest, ask our configure SSL Bindon for the custom demand that I just added,
and here is a visual representation off what are between?
I have a tailor certificate for my custom domain on. What I'll do is I'll upload that certificates to my haps service.
So here I am, back in the azure Pato now toe applaud my tier list certificates. If I scroll down on, I click on TLS as a self settings,
and I have the option to hard. TLS has a cell binding. If I great and click on that option, I'll select the custom demanded. I confident earlier
on our violently Condi option toe upload P effects certificates,
and I have that in the falsify Griet and select the foul.
And that is my certificate foul days. If I guide and selects that and I'll need the password for access Fickett forgotten paste the certificate password in there on my guide and click on a plot
on the certificates uploaded successfully.
So it's a buying. Did I just quiet and select? Specific is I just uploaded and I'll be using the S and I as a cell binding.
If I go ahead and click on hard finding
Now that's configured, so let's go ahead and verify that. So if I go back to my browser that I have open
on, if I right click and I paste
and I'm going to the https connection and now I'm not getting any other message. And that's because it's using the TLS certificates that I just uploaded.
So in the nest ask out the several insecure protocols for my application
and there is a visual representation off what are between. I'll start by and foreseen https only.
How then enforce in minimum CLS vision off fish in 1.2
on. Finally out. Enforce FTP s only
so with the configuration set,
it is a P s request to my half will be allowed
http request should be redirected to https. So let's go to do that.
So I'm back in the agile Pato. If I scroll down on the left hand side and I click on TLS SSL settings,
I have the option to enforce https only so great and sets. That's too, hon.
The minimum TLS vision is already said to a minimum off version 1.2. So that's good. So I won't be changing anything day.
The final thing that I want to do is to ensure that ftp itself to allow only ftp secure. So if I go ahead and click on configuration
and by graphically con general settings, I have the hefty P states. Yes, are greater says that after PS only on our guidance safe, that likely can continue now that saved
to verify what I just did. If I go back to the browser that I had open
on this time around, I'll goto http, and I expect that to be redirected to https. So let's go ahead and try the house,
and you can see that that for directors toe https, so that's good.
So in the final task off this demonstration,
our configure authentication for my application
and here is a visual representation off. What are between? How enable authentication for the application to use azure Haiti so that client requested be redirected to a joy 80 for authentication before access is granted to the hap, and this will be understood by the easy art model.
So here I am, back in the as a Potter.
If I go, I'd and click on authentication slash authorization on the left and site
on. I grabbed and enable up service authentication.
The 1st 1 now do is our click on as your active directory,
and I'll be using the express configuration,
and that's going to create a new application registration in Najai, 80 and that's fine,
so quiet and let it create that, and we're going to use the express setting. So if I go ahead and click OK to that, the next thing that I would do is our ensure that on only must request are not allowed, so I'll go ahead and specify the option to request. Log in with Azure Active Directory
and I wide and click Save on that.
So this will mean that any requests to this application, first of all, be redirected by the easy out Modou towards your active directory for authentication before that passed on to the hap.
So let's quiet and verify that
if I go back to my browser how the test that I've been doing previously have been able to access the application without having to authenticate.
If I cried and refreshed ease
Now you can see that I'm being acts toward indicates to as your Haiti
on. If I quiet on, enter my user Heidi
on our hands out the password.
Notley, consigning, not been asked to consent to the permission to read my profile information. So I go ahead and accept that
Now that's all gone true. I'm authenticated on I can access my application.
So here's a somebody off the activities that were completed in this demonstration
who started by configuring a custom demand front up or stayed on as your have service.
Whatever comfort got as a cell binding for the custom domain
before, See, that's the disabled, insecure protocols. And finally we configured authentication for Hap.
Thanks very much for watching, and I'll see you in the next lesson.