Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VikingsFan
Contributor
Jump to solution

Best practice for Entra/Azure Services?

We currently have a few servers that are being used for Azure/Entra/Intune connector use: Entra Connect, Entra AD Connect, Intune Certificate Connector, etc.  While building them out there were so many URLs the server was trying to access we ended up allowing most traffic out without filtering it.

We noticed there are updatable objects for Azure/Entra and would like to use those but there are a ton.  Do most people go through each category and only select the US options (assuming you're in the US) and even then I'm not familiar with what categories would be needed for basic Entra/Intune connectivity.

For example... I was going to go through each category and pick out each one of these but then it got to be a bit cumbersome:

Public - Central US
Public - East US
Public - North Central US
Public - South Central US
Public - West Central US
Public - West US

Just looking to see what other places are doing to tackle this issue.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

I know, I know, lots of clicking in IT world generally haha. Anywho, you are right, you add them, click any, ctrl+a to select all, right click and then select to group them.

I agree with your point. I also wish there were objects that represent say specific region, rather than 10 or 15 of them, but hey, it is what it is...there are way worse things in life : - )

Best,

Andy

View solution in original post

0 Kudos
6 Replies
the_rock
Legend
Legend

Thats exactly what I did for one customer, based on location. Another client simply wanted cloud services allowed in general.

Best,

Andy

0 Kudos
VikingsFan
Contributor

Appreciate the response!  I was hoping there was an easier/better way than going through the 93 Azure Public Services and then checking off potentially 6 geo locations inside each one... that's a lot of clicking. 😄  It would be nice if CheckPoint had a higher level category like they have for Germany (Azure Germany Services).

Since this will most likely be many, many objects.. I'm guessing these can all go into a network group and then the group applied to the security rule?

the_rock
Legend
Legend

I know, I know, lots of clicking in IT world generally haha. Anywho, you are right, you add them, click any, ctrl+a to select all, right click and then select to group them.

I agree with your point. I also wish there were objects that represent say specific region, rather than 10 or 15 of them, but hey, it is what it is...there are way worse things in life : - )

Best,

Andy

0 Kudos
PhoneBoy
Admin
Admin

Updatable Objects use vendor-provided information to populate.
If the vendor doesn’t provide it at the desired level of granularity (I.e. Microsoft), we can’t.

0 Kudos
VikingsFan
Contributor

Think I understand.  What I was referring to is using exactly what is in the tree list but haven't them pre-grouped by the geolocation.  Similar to how China and Germany already have their own top level folder.  As it is now, if I wanted only US services, I'll have to go through 93 subfolders and choose up to 6 or 7 US locations under each one.  Not sure if you meant the tree structure is exactly how Microsoft sends it and it can't be adjusted.

Not a huge deal and was mainly looking for ideas if there was a better way.  Thanks!

2024-02-02_15-37-39.png

0 Kudos
the_rock
Legend
Legend

I dont believe there is better way sadly, but I could be mistaken : - )

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events