Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians.
00:01
Welcome to this demonstration on as your hopes of its security.
00:05
This demonstration is part of the fifth month do off the Is that 500 Microsoft has your security technologist costs
00:12
quick information on the activities that will be completing in this demonstration.
00:17
We'll start by configuring a custom domain for an up or stayed on as Ahab service. Well, then, configure SSL binding for the custom domain
00:27
Well, for seats to the civil insecure protocols on finally will configure authentication for application. Let's get into this.
00:36
So in the first task of this demonstration, our configure a custom domain fun up or stayed on azure hop service
00:45
And here is a visual representation off What are between?
00:48
I have a web up instead on the Windows Up service plan in Asia.
00:54
It has a domain name of very cloudy half, not as your websites. That net.
00:59
What I want to do is to use my custom domain name and to do that are created. Seen them record in my public Deanna zone or step with my DNS registrar. Go Daddy,
01:11
the same member recalled. We points the name that I want to use.
01:15
So the current name off the APP in APP service.
01:18
This record would then be verified by AB service and once it's verified, the name will be configured as a name off my hap service. So yeah, I am in the agile Pato Feig. I'd and click on APP services on under haps overseas. I can see my web up here, so I've not deployed anything
01:34
on this up. So it's just a vandal, a page that you get when you create any web.
01:40
So if I go ahead and click on the application
01:42
and right have the you ever off my application?
01:46
So what I want to do is I want to configure a custom DNs name.
01:49
So if I scroll down and click on custom domains, I can see that no custom domain is currently configured. But I can see the defaults name here, which is the very cloudy hap that as your website that nets are just quiet and copy that are go ahead and click on the option tohave custom domain
02:07
and he hacks meter had the custom domain that I want had the custom committed I want to use is up.
02:13
Don't very cloudy,
02:16
not X y z
02:19
So let's just make that right
02:23
on because I'm yet to configure the name that I need. I'll just leave that there.
02:28
So what are these? I'll go to my DNS provider, which is God ity on our great and click on Hard on our hard, a new seen him record.
02:36
I seen them record for points in them, but they want two years
02:39
to the name off the half service. So if I go ahead on points to that
02:44
and I'll leave that as one heart and I'll go ahead and click, Save on that.
02:50
So once I have that configured, I can go back to the azure Pato
02:53
and I'll go ahead and click Validates.
02:57
Now you can see it's asking me here for the records type that I want tohave. So have already. How did the cinema record? There's also another options used the Eric or by in this case, I'll be using the seenem record.
03:08
Andi already had it to my dear nous ready struck.
03:13
So the next thing to do is to validate and verify that if I go, I didn't weaken validates
03:19
on. You can see that it's already done. The verification
03:23
on my go ahead and click on the open toe hard custom domain
03:27
that successfully added, And now I have my custom domain for perhaps service. So let's go to verify that.
03:35
So what I'll do is I'll go back to overview,
03:38
and I can copy this. You are well on our open, a private browser on Outpaced that you have Ellen day on. You can see that I can access these fear. Http.
03:47
However, there's a message that says connection is not secure. If I try to change that's toe https,
03:57
I get on ever message to say the certificates does not match the name that I'm entering here
04:02
so I can go ahead and click on Advanced On. I can guide and accept the risk and continue so it will still take me to the page. However, I have this connection or secure messages, so let's go fix that in the next activity.
04:15
So in the nest, ask our configure SSL Bindon for the custom demand that I just added,
04:21
and here is a visual representation off what are between?
04:25
I have a tailor certificate for my custom domain on. What I'll do is I'll upload that certificates to my haps service.
04:32
So here I am, back in the azure Pato now toe applaud my tier list certificates. If I scroll down on, I click on TLS as a self settings,
04:43
and I have the option to hard. TLS has a cell binding. If I great and click on that option, I'll select the custom demanded. I confident earlier
04:50
on our violently Condi option toe upload P effects certificates,
04:56
and I have that in the falsify Griet and select the foul.
04:59
And that is my certificate foul days. If I guide and selects that and I'll need the password for access Fickett forgotten paste the certificate password in there on my guide and click on a plot
05:12
on the certificates uploaded successfully.
05:14
So it's a buying. Did I just quiet and select? Specific is I just uploaded and I'll be using the S and I as a cell binding.
05:21
If I go ahead and click on hard finding
05:25
Now that's configured, so let's go ahead and verify that. So if I go back to my browser that I have open
05:31
on, if I right click and I paste
05:34
and I'm going to the https connection and now I'm not getting any other message. And that's because it's using the TLS certificates that I just uploaded.
05:44
So in the nest ask out the several insecure protocols for my application
05:49
and there is a visual representation off what are between. I'll start by and foreseen https only.
05:56
How then enforce in minimum CLS vision off fish in 1.2
06:00
on. Finally out. Enforce FTP s only
06:05
so with the configuration set,
06:08
it is a P s request to my half will be allowed
06:12
http request should be redirected to https. So let's go to do that.
06:17
So I'm back in the agile Pato. If I scroll down on the left hand side and I click on TLS SSL settings,
06:26
I have the option to enforce https only so great and sets. That's too, hon.
06:30
The minimum TLS vision is already said to a minimum off version 1.2. So that's good. So I won't be changing anything day.
06:39
The final thing that I want to do is to ensure that ftp itself to allow only ftp secure. So if I go ahead and click on configuration
06:48
and by graphically con general settings, I have the hefty P states. Yes, are greater says that after PS only on our guidance safe, that likely can continue now that saved
07:00
to verify what I just did. If I go back to the browser that I had open
07:05
on this time around, I'll goto http, and I expect that to be redirected to https. So let's go ahead and try the house,
07:15
and you can see that that for directors toe https, so that's good.
07:18
So in the final task off this demonstration,
07:21
our configure authentication for my application
07:26
and here is a visual representation off. What are between? How enable authentication for the application to use azure Haiti so that client requested be redirected to a joy 80 for authentication before access is granted to the hap, and this will be understood by the easy art model.
07:43
So here I am, back in the as a Potter.
07:46
If I go, I'd and click on authentication slash authorization on the left and site
07:51
on. I grabbed and enable up service authentication.
07:55
The 1st 1 now do is our click on as your active directory,
07:59
and I'll be using the express configuration,
08:01
and that's going to create a new application registration in Najai, 80 and that's fine,
08:07
so quiet and let it create that, and we're going to use the express setting. So if I go ahead and click OK to that, the next thing that I would do is our ensure that on only must request are not allowed, so I'll go ahead and specify the option to request. Log in with Azure Active Directory
08:22
and I wide and click Save on that.
08:26
So this will mean that any requests to this application, first of all, be redirected by the easy out Modou towards your active directory for authentication before that passed on to the hap.
08:37
So let's quiet and verify that
08:39
if I go back to my browser how the test that I've been doing previously have been able to access the application without having to authenticate.
08:46
If I cried and refreshed ease
08:50
Now you can see that I'm being acts toward indicates to as your Haiti
08:54
on. If I quiet on, enter my user Heidi
08:58
on our hands out the password.
09:01
Notley, consigning, not been asked to consent to the permission to read my profile information. So I go ahead and accept that
09:09
Now that's all gone true. I'm authenticated on I can access my application.
09:16
So here's a somebody off the activities that were completed in this demonstration
09:20
who started by configuring a custom demand front up or stayed on as your have service.
09:26
Whatever comfort got as a cell binding for the custom domain
09:30
before, See, that's the disabled, insecure protocols. And finally we configured authentication for Hap.
09:37
Thanks very much for watching, and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor