What is AlwaysOnVPN with Azure
Azure Always On VPN is a feature of Microsoft Azure that allows organizations to securely connect their on-premises networks to Azure and access Azure resources from anywhere. It provides a secure, persistent connection between the on-premises network and Azure, allowing users to access resources on both sides of the connection as if they were on the same network. AlwaysOnVPN – Change Hostfile via Intune Script Deployment:
Table of Contents
Some of the key functions of Azure Always On VPN include:
- Secure connectivity: Azure Always On VPN uses industry-standard protocols, such as IKEv2 and SSL/TLS, to provide secure and encrypted connectivity between the on-premises network and Azure.
- Persistent connectivity: With Azure Always On VPN, the connection between the on-premises network and Azure is always on and persistent, allowing users to access resources on both sides of the connection without interruption.
- Load balancing and failover: Azure Always On VPN supports load balancing and failover, allowing organizations to distribute traffic across multiple VPN connections and ensure that the connection remains available even if one of the connections fails.
- Cross-premises connectivity: Azure Always On VPN allows organizations to connect their on-premises networks to Azure and access resources in both environments as if they were on the same network. This can be particularly useful for organizations that need to access resources in Azure from multiple locations, or that need to connect multiple on-premises networks to Azure.
Overall, Azure Always On VPN is a useful tool for organizations that need to securely connect their on-premises networks to Azure and access Azure resources from anywhere. It provides a secure, persistent connection and supports load balancing and failover to ensure reliable and uninterrupted access to resources.
Connect to a Storage Account (Blob) only via AlwaysOnVPN
To connect to an Azure storage account only via an Always On VPN tunnel, you’ll need to set up an Always On VPN connection between your on-premises network and Azure, and then configure your storage account to only accept connections from the VPN. Here are the general steps you’ll need to follow:
- Set up an Always On VPN connection: Follow the instructions provided by Microsoft to set up an Always On VPN connection between your on-premises network and Azure. This will require you to configure VPN gateway and client settings in Azure, as well as install and configure VPN client software on your on-premises devices.
- Create a storage account: Use the Azure portal or Azure PowerShell to create a storage account in Azure.
- Configure the storage account to accept connections from the VPN: In the Azure portal, navigate to the storage account and select the “Firewalls and virtual networks” tab. Click on the “Add client network” button and select the Always On VPN connection from the list. This will allow the storage account to accept connections from the VPN.
- Connect to the storage account from your on-premises devices: From your on-premises devices, use the VPN client software to connect to the VPN. Once connected, you should be able to access the storage account as if you were on the same network as the storage account.
By following these steps, you can set up an Always On VPN connection and configure your storage account to only accept connections from the VPN. This will allow you to securely access the storage account from your on-premises devices via the VPN tunnel.
AlwaysOnVPN – Change Hostfile via Intune Script Deployment on all Intune managed Clients
The Windows hosts file is a simple text file that maps hostnames to IP addresses. It is used by the operating system to resolve hostnames to IP addresses, allowing you to access network resources using human-readable names instead of numerical IP addresses.
The hosts file is located at C:\Windows\System32\drivers\etc\hosts
on Windows systems, and consists of a series of lines that specify the hostname and corresponding IP address of a network resource.
Intune Powershell Script
The script was written in 2018 by Jesse Harris and still works perfectly today. Thanks for the great script at the following website you can find the source:
http://zigford.org/manage-a-hosts-file.html
<!-- wp:code {"fontSize":"small"} -->
<pre class="wp-block-code has-small-font-size"><code>function Get-HostsFile {
<#
.SYNOPSIS
Get the path to the local hostfile
.DESCRIPTION
Check the PSVersionTable to see our platform and then return the path to the hosts file accordingly.
.EXAMPLE
Get-HostsFile
/etc/hosts
.NOTES
Author: Jesse Harris
License: MIT
.LINK
http://zigford.org/manage-a-hosts-file.html
#>
Switch ($PSVersionTable) {
{
($_.PSEdition -eq 'Desktop') -or
($_.PSEdition -eq 'Core' -and $_.Platform -eq 'Win32NT')
}
{return 'C:\Windows\System32\drivers\etc\hosts' }
{
$_.PSEdition -eq 'Core' -and $_.Platform -eq 'Unix'
}
{return '/etc/hosts'}
}
Write-Error "Could not determin platform"
}
function Set-HostsRecord {
<#
.SYNOPSIS
Edit your hosts file using powershell
.DESCRIPTION
Update or add a record to your local hosts files
.PARAMETER HostName
Specify the hostname you want to add or edit
.PARAMETER IPAddress
Specify the ip address you want to set or update the host to
.EXAMPLE
Set single hostname to a specific ip.
Set-HostsRecord -HostName google.com -IPAddress 127.0.0.1
.EXAMPLE
Set multiple hostnames to the same ip.
Set-HostsRecord -HostName "www.google.com google.com youtube.com" -IPAddress 127.0.0.1
.NOTES
Author: Jesse Harris
License: MIT
.LINK
http://zigford.org/manage-a-hosts-file.html
#>
[CmdLetBinding()]
Param(
[Parameter(Mandatory=$True)]$HostName,
[Parameter(Mandatory=$True)][ValidateScript(
{
$_ -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
}
)]$IPAddress
)
$HostFile = Get-HostsFile
$HostNames = $HostName -split ' '
$i = 0
$CurrRecord = $null
While ($CurrRecord -eq $null -and $i -lt $HostNames.Count) {
$CurrRecord = Get-HostsRecord -HostName $HostNames[$i]
$i++
}
If ($CurrRecord) {
$NewRecordFile = Get-Content $HostFile | ForEach-Object {
If ($_ -imatch $HostNames[$i-1]) {
Write-Output "$IPAddress $HostName"
} else {
$_
}
}
$NewRecordFile | Out-File $HostFile -Encoding ascii
} else {
Write-Output "`n$IPAddress $HostName" | Out-File $HostFile -Append -Encoding ascii
}
}
function Remove-HostsRecord {
<#
.SYNOPSIS
Remove a host record enty
.DESCRIPTION
Remove an entire host file entry if a single host is matched from the local hosts file
.PARAMETER HostName
Specify the hostname to remove from the hosts file
.EXAMPLE
Remove all hosts pointing to the same ip ad google.com. If you want to just remove a single host, see Set-HostsRecord
Remove-HostRecord -HostName google.com
.NOTES
Author: Jesse Harris
License MIT
.LINK
http://zigford.org/manage-a-hosts-file.html
#>
[CmdLetBinding()]
Param(
[Parameter(Mandatory=$True)]$HostName,
[switch]$Confirm=[switch]$False
)
$CurrHost = Get-HostsRecord -HostName $HostName
If (-Not $CurrHost) {
Write-Error "No record for $HostName found"
} else {
$HostFile = Get-HostsFile
$NewRecordFile = Get-Content $HostFile | Where-Object {
$_ -inotmatch $HostName
}
$NewRecordFile | Out-File $HostFile -Encoding ascii
}
}
function Get-HostsRecord {
<#
.SYNOPSIS
See the ipaddress set for a host in the hosts file
.DESCRIPTION
Parse the hosts file into a hashtable, return the value of any keys matching the Hostname Name
.PARAMETER HostName
Specify a host to show only
.EXAMPLE
Get-HostsRecord -HostName google.com
127.0.0.1
.EXMAPLE
Get-HostsRecord
Name Value
---- -----
localhost 127.0.0.1
hp 192.168.11.165
pi 192.168.11.102
.NOTES
Author: Jesse Harris
License: MIT
.LINK
http://zigford.org/manage-a-hosts-file.html
#>
[CmdLetBinding()]
Param($HostName)
$HostFile = Get-HostsFile
$Hosts = @{}
Get-Content $HostFile | ForEach-Object {
If ($_ -match '^(\s|)\d+.*') {
$Split = $_.Trim() -split '\s+',2
$HostSplit = $Split[1] -split '\s+'
$HostSplit | ForEach-Object {
$Hosts.Add($_,$Split[0])
}
}
}
If ($HostName) {
return $Hosts[$HostName]
} else {
return $Hosts
}
}
<strong>Set-HostsRecord -HostName myblobname.file.core.windows.net -IPAddress 10.10.4.17</strong>
</code></pre>
<!-- /wp:code -->
Conclusion
Using Intune to change the hosts file entries on managed devices can be a useful way to manage and configure the hostname-to-IP address mappings on your devices. Some potential benefits of using Intune to manage the hosts file include:
- Centralized management: With Intune, you can manage the hosts file entries on all of your managed devices from a central location, rather than having to log in to each device individually to make changes. This can save time and make it easier to ensure that the same settings are applied across all of your devices.
- Consistency: Using Intune to manage the hosts file entries can help ensure that all of your devices have the same hostname-to-IP address mappings, which can be important for ensuring consistent behavior and access to resources.
- Automation: Intune allows you to automate the process of updating the hosts file entries on your devices, using tools such as PowerShell scripts or policy configurations. This can help save time and reduce the risk of errors when making changes to the hosts file.
Overall, using Intune to manage the hosts file entries on your managed devices can be a useful way to centralize and automate the process of configuring hostname-to-IP address mappings on your devices. It can help ensure consistent behavior and access to resources, and can save time and effort when making changes to the hosts file.