cloudfil.ch Cloud - First in Line

AlwaysOnVPN – Change Hostfile via Intune Script Deployment

What is AlwaysOnVPN with Azure

Azure Always On VPN is a feature of Microsoft Azure that allows organizations to securely connect their on-premises networks to Azure and access Azure resources from anywhere. It provides a secure, persistent connection between the on-premises network and Azure, allowing users to access resources on both sides of the connection as if they were on the same network.

Some of the key functions of Azure Always On VPN include:

  1. Secure connectivity: Azure Always On VPN uses industry-standard protocols, such as IKEv2 and SSL/TLS, to provide secure and encrypted connectivity between the on-premises network and Azure.
  2. Persistent connectivity: With Azure Always On VPN, the connection between the on-premises network and Azure is always on and persistent, allowing users to access resources on both sides of the connection without interruption.
  3. Load balancing and failover: Azure Always On VPN supports load balancing and failover, allowing organizations to distribute traffic across multiple VPN connections and ensure that the connection remains available even if one of the connections fails.
  4. Cross-premises connectivity: Azure Always On VPN allows organizations to connect their on-premises networks to Azure and access resources in both environments as if they were on the same network. This can be particularly useful for organizations that need to access resources in Azure from multiple locations, or that need to connect multiple on-premises networks to Azure.

Overall, Azure Always On VPN is a useful tool for organizations that need to securely connect their on-premises networks to Azure and access Azure resources from anywhere. It provides a secure, persistent connection and supports load balancing and failover to ensure reliable and uninterrupted access to resources.

Connect to a Storage Account (Blob) only via AlwaysOnVPN

To connect to an Azure storage account only via an Always On VPN tunnel, you’ll need to set up an Always On VPN connection between your on-premises network and Azure, and then configure your storage account to only accept connections from the VPN. Here are the general steps you’ll need to follow:

  1. Set up an Always On VPN connection: Follow the instructions provided by Microsoft to set up an Always On VPN connection between your on-premises network and Azure. This will require you to configure VPN gateway and client settings in Azure, as well as install and configure VPN client software on your on-premises devices.
  2. Create a storage account: Use the Azure portal or Azure PowerShell to create a storage account in Azure.
  3. Configure the storage account to accept connections from the VPN: In the Azure portal, navigate to the storage account and select the “Firewalls and virtual networks” tab. Click on the “Add client network” button and select the Always On VPN connection from the list. This will allow the storage account to accept connections from the VPN.
  4. Connect to the storage account from your on-premises devices: From your on-premises devices, use the VPN client software to connect to the VPN. Once connected, you should be able to access the storage account as if you were on the same network as the storage account.

By following these steps, you can set up an Always On VPN connection and configure your storage account to only accept connections from the VPN. This will allow you to securely access the storage account from your on-premises devices via the VPN tunnel.

Change the Hostfile on all Intune managed Clients

The Windows hosts file is a simple text file that maps hostnames to IP addresses. It is used by the operating system to resolve hostnames to IP addresses, allowing you to access network resources using human-readable names instead of numerical IP addresses.

The hosts file is located at C:\Windows\System32\drivers\etc\hosts on Windows systems, and consists of a series of lines that specify the hostname and corresponding IP address of a network resource.

Intune Powershell Script

The script was written in 2018 by Jesse Harris and still works perfectly today. Thanks for the great script at the following website you can find the source:

http://zigford.org/manage-a-hosts-file.html

<!-- wp:code {"fontSize":"small"} -->
<pre class="wp-block-code has-small-font-size"><code>function Get-HostsFile {
    &lt;#
    .SYNOPSIS
        Get the path to the local hostfile
    .DESCRIPTION
        Check the PSVersionTable to see our platform and then return the path to the hosts file accordingly.
    .EXAMPLE
        Get-HostsFile

        /etc/hosts
    .NOTES
        Author: Jesse Harris
        License: MIT
    .LINK
        http://zigford.org/manage-a-hosts-file.html
    #&gt;

    Switch ($PSVersionTable) {
        {
            ($_.PSEdition -eq 'Desktop') -or
            ($_.PSEdition -eq 'Core' -and $_.Platform -eq 'Win32NT')
        } 
            {return 'C:\Windows\System32\drivers\etc\hosts' }
        {
            $_.PSEdition -eq 'Core' -and $_.Platform -eq 'Unix'
        } 
            {return '/etc/hosts'}
    }
    Write-Error "Could not determin platform"
}

function Set-HostsRecord {
    &lt;#
    .SYNOPSIS
        Edit your hosts file using powershell
    .DESCRIPTION
        Update or add a record to your local hosts files
    .PARAMETER HostName
        Specify the hostname you want to add or edit
    .PARAMETER IPAddress
        Specify the ip address you want to set or update the host to
    .EXAMPLE
        Set single hostname to a specific ip.

        Set-HostsRecord -HostName google.com -IPAddress 127.0.0.1
    .EXAMPLE
        Set multiple hostnames to the same ip.
        
        Set-HostsRecord -HostName "www.google.com google.com youtube.com" -IPAddress 127.0.0.1
    .NOTES
        Author: Jesse Harris
        License: MIT
    .LINK
        http://zigford.org/manage-a-hosts-file.html
    #&gt;
    &#91;CmdLetBinding()]
    Param(
        &#91;Parameter(Mandatory=$True)]$HostName,
        &#91;Parameter(Mandatory=$True)]&#91;ValidateScript(
            {
                $_ -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
            }
            )]$IPAddress
    )

    $HostFile = Get-HostsFile
    $HostNames = $HostName -split ' '
    $i = 0
    $CurrRecord = $null
    While ($CurrRecord -eq $null -and $i -lt $HostNames.Count) {
        $CurrRecord = Get-HostsRecord -HostName $HostNames&#91;$i]
        $i++
    }
    If ($CurrRecord) {
        $NewRecordFile = Get-Content $HostFile | ForEach-Object {
            If ($_ -imatch $HostNames&#91;$i-1]) {
                Write-Output "$IPAddress $HostName"
            } else {
                $_
            }
        }
        $NewRecordFile | Out-File $HostFile -Encoding ascii
    } else {
        Write-Output "`n$IPAddress $HostName" | Out-File $HostFile -Append -Encoding ascii
    }

}

function Remove-HostsRecord {
    &lt;#
    .SYNOPSIS
        Remove a host record enty
    .DESCRIPTION
        Remove an entire host file entry if a single host is matched from the local hosts file
    .PARAMETER HostName
        Specify the hostname to remove from the hosts file
    .EXAMPLE
        Remove all hosts pointing to the same ip ad google.com. If you want to just remove a single host, see Set-HostsRecord

        Remove-HostRecord -HostName google.com
    .NOTES
        Author: Jesse Harris
        License MIT
    .LINK
        http://zigford.org/manage-a-hosts-file.html
    #&gt;
    &#91;CmdLetBinding()]
    Param(
        &#91;Parameter(Mandatory=$True)]$HostName,
        &#91;switch]$Confirm=&#91;switch]$False
    )

    $CurrHost = Get-HostsRecord -HostName $HostName
    If (-Not $CurrHost) {
        Write-Error "No record for $HostName found"
    } else {
        $HostFile = Get-HostsFile
        $NewRecordFile = Get-Content $HostFile | Where-Object {
            $_ -inotmatch $HostName
        }
        $NewRecordFile | Out-File $HostFile -Encoding ascii
    }
}

function Get-HostsRecord {
    &lt;#
    .SYNOPSIS
        See the ipaddress set for a host in the hosts file
    .DESCRIPTION
        Parse the hosts file into a hashtable, return the value of any keys matching the Hostname Name
    .PARAMETER HostName
        Specify a host to show only
    .EXAMPLE
        Get-HostsRecord -HostName google.com

        127.0.0.1
    .EXMAPLE
        Get-HostsRecord

        Name                           Value
        ----                           -----
        localhost                      127.0.0.1
        hp                             192.168.11.165
        pi                             192.168.11.102

    .NOTES
        Author: Jesse Harris
        License: MIT
    .LINK
        http://zigford.org/manage-a-hosts-file.html
    #&gt;
    &#91;CmdLetBinding()]
    Param($HostName)

    $HostFile = Get-HostsFile
    $Hosts = @{}
    Get-Content $HostFile | ForEach-Object {
        If ($_ -match '^(\s|)\d+.*') {
            $Split = $_.Trim() -split '\s+',2
            $HostSplit = $Split&#91;1] -split '\s+'
            $HostSplit | ForEach-Object {
                $Hosts.Add($_,$Split&#91;0]) 
            }
        }
    }
    If ($HostName) {
        return $Hosts&#91;$HostName]
    } else {
        return $Hosts
    }
}

<strong>Set-HostsRecord -HostName myblobname.file.core.windows.net -IPAddress 10.10.4.17</strong>
</code></pre>
<!-- /wp:code -->

Conclusion

Using Intune to change the hosts file entries on managed devices can be a useful way to manage and configure the hostname-to-IP address mappings on your devices. Some potential benefits of using Intune to manage the hosts file include:

  1. Centralized management: With Intune, you can manage the hosts file entries on all of your managed devices from a central location, rather than having to log in to each device individually to make changes. This can save time and make it easier to ensure that the same settings are applied across all of your devices.
  2. Consistency: Using Intune to manage the hosts file entries can help ensure that all of your devices have the same hostname-to-IP address mappings, which can be important for ensuring consistent behavior and access to resources.
  3. Automation: Intune allows you to automate the process of updating the hosts file entries on your devices, using tools such as PowerShell scripts or policy configurations. This can help save time and reduce the risk of errors when making changes to the hosts file.

Overall, using Intune to manage the hosts file entries on your managed devices can be a useful way to centralize and automate the process of configuring hostname-to-IP address mappings on your devices. It can help ensure consistent behavior and access to resources, and can save time and effort when making changes to the hosts file.

Nico Wyss

Writer & Blogger

Be the First in Line!

Sign up for a Newsletter.

You have been successfully Subscribed! Ops! Something went wrong, please try again.

© 2023 Copyright