Could you explain how to configure the following virtual machine settings?

Kishore 60 Reputation points
2024-07-02T15:37:40.4866667+00:00

To address the tasks you've outlined, here's a structured approach:

  1. For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs.
  2. To create a shared folder on demoVM2:
    • Name the folder "Testcase".
    • Create three subfolders within it: "sub1", "sub2", and "sub3".
    • Set permissions for demoVM1:
      • Read-only access to the "Testcase" folder.
      • Write and delete permissions to the "sub1" folder.
  3. To allow all URLs except YouTube and Facebook on demoVM2, configure a blacklist policy on the network device or firewall to block these specific URLs.
  4. For RDP configuration:
    • Allow demoVM2 RDP access to demoVM1 by configuring the appropriate inbound rules.
    • Prevent demoVM1 from accessing demoVM2 by not setting up corresponding inbound rules on demoVM2.

Tags: #NetworkSecurity, #AccessControl, #SharedFolders, #RDPConfiguration, #URLFiltering

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,485 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
825 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,651 Reputation points Microsoft Employee
    2024-07-03T09:20:59.32+00:00

    Hello @Kishore ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Could you please provide more clarity on your setup and requirement?

    From the above steps, I understand that you have a requirement of 2 VMs but are those 2 VMs in the same Vnet or different Vnets?

    For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs.

    This can be achieved using Azure Firewall in the Vnet and creating application rules to allow selected URLs and deny rest.

    Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy#configure-an-application-rule

    https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets

    https://learn.microsoft.com/en-us/azure/firewall/rule-processing

    To create a shared folder on demoVM2

    I'm not sure about the exact requirement but you can follow the below thread and documents for setting up a file server in an Azure VM:

    https://learn.microsoft.com/en-us/answers/questions/1343562/setting-up-a-file-server-in-azure-and-mapping-the

    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows

    https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

    To allow all URLs except YouTube and Facebook on demoVM2, configure a blacklist policy on the network device or firewall to block these specific URLs.

    The same solution as VM1. You can use Azure Firewall to filter the required traffic.

    For RDP configuration, allow demoVM2 RDP access to demoVM1 by configuring the appropriate inbound rules.

    This can also be achieved through the Azure Firewall. You can configure network rules to allow the RDP traffic. Additionally, you need to make sure that NSG and the VM2's OS firewall allows this traffic.

    Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy#configure-network-rules

    https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#create-security-rules

    https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure#create-an-inbound-port-rule

    Prevent demoVM1 from accessing demoVM2 by not setting up corresponding inbound rules on demoVM2.

    To prevent traffic, you can use NSG inbound rule to deny the traffic to VM2.

    Regards,

    Gita

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.