Could you explain how to configure the following virtual machine settings?

Question

To address the tasks you've outlined, here's a structured approach:

1. For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs.
2. To create a shared folder on demoVM2:
   • Name the folder "Testcase".
   • Create three subfolders within it: "sub1", "sub2", and "sub3".
   • Set permissions for demoVM1:
     • Read-only access to the "Testcase" folder.
     • Write and delete permissions to the "sub1" folder.
3. To allow all URLs except YouTube and Facebook on demoVM2, configure a blacklist policy on the network device or firewall to block these specific URLs.
4. For RDP configuration:
   • Allow demoVM2 RDP access to demoVM1 by configuring the appropriate inbound rules.
   • Prevent demoVM1 from accessing demoVM2 by not setting up corresponding inbound rules on demoVM2.

Tags: #NetworkSecurity, #AccessControl, #SharedFolders, #RDPConfiguration, #URLFiltering

Answer 1

Hello @Kishore ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Could you please provide more clarity on your setup and requirement?

From the above steps, I understand that you have a requirement of 2 VMs but are those 2 VMs in the same Vnet or different Vnets?

For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs.

This can be achieved using Azure Firewall in the Vnet and creating application rules to allow selected URLs and deny rest.

Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy#configure-an-application-rule

https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets

https://learn.microsoft.com/en-us/azure/firewall/rule-processing

To create a shared folder on demoVM2

I'm not sure about the exact requirement but you can follow the below thread and documents for setting up a file server in an Azure VM:

https://learn.microsoft.com/en-us/answers/questions/1343562/setting-up-a-file-server-in-azure-and-mapping-the

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows

https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

To allow all URLs except YouTube and Facebook on demoVM2, configure a blacklist policy on the network device or firewall to block these specific URLs.

The same solution as VM1. You can use Azure Firewall to filter the required traffic.

For RDP configuration, allow demoVM2 RDP access to demoVM1 by configuring the appropriate inbound rules.

This can also be achieved through the Azure Firewall. You can configure network rules to allow the RDP traffic. Additionally, you need to make sure that NSG and the VM2's OS firewall allows this traffic.

Refer: https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy#configure-network-rules

https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#create-security-rules

https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure#create-an-inbound-port-rule

Prevent demoVM1 from accessing demoVM2 by not setting up corresponding inbound rules on demoVM2.

To prevent traffic, you can use NSG inbound rule to deny the traffic to VM2.

Regards,

Gita