Securing PaaS – setup


  1. Microsoft Azure subscription must be pay-as-you-go or MSDN
    • Trial subscriptions will not work
  2. A machine with the following software:
    • Visual Studio 2017 Community edition or greater
    • SQL Server Management Studio 2017
    • Power BI Desktop
    • Fiddler
  3. To ensure you can begin the course delivery on-time, you must take the following step at least 5-hours prior to the course start time:
    • Run the Azure resource template — The Application Service Environment can take more than 90-minutes to create.

Before the hands-on lab

Duration: 30 minutes

Synopsis: In this exercise, you will set up your environment for use in the rest of the hands-on lab. You should follow all the steps provided in the Before the Hands-on Lab section to prepare your environment before attending the workshop.

Task 1: Download GitHub resources (Jump machine)

In this task, you will download the Azure Resource Manager (ARM) template required to setup this lab from a GitHub repository.

  1. Open a browser window to the cloud workshop GitHub repository (
  2. Select Clone or download, then select Download Zip.In the GitHub repository window, the Clone or download button and Download Zip link are selected.
  3. Extract the zip file to your local machine, be sure to keep note of where you have extracted the files.

Task 2: Deploy resources (virtual machine, etc.) to Azure

In this task, you will run the ARM template downloaded in the previous task in the Azure portal to provision the resources you will be using throughout this hands-on lab.

  1. In a browser, open the Azure Portal.

    NOTE: If prompted, select Maybe Later.

  2. Select Resource groups from the left-hand navigation menu, then select +Add.In the Azure Portal Resource groups pane, the Add button is selected.
  3. Enter a resource group name, such as paassecurity-[your initials or first name].The Resource Group blade displays.
  4. Select Create.
  5. Select Refresh to see your new resource group displayed and select it.
  6. Select Automation Script.The Automation Script option displays.
  7. Select Deploy.The Deploy button displays.
  8. Select Build your own template in the editor.
  9. In the extracted folder, open the \AzureTemplate\azure-deploy.json.
  10. Copy and paste it into the window.
  11. Select Save, you will see the dialog with the input parameters. Fill out the form:a. Subscription: Select your subscription.

    b. Resource group: Use an existing Resource group or create a new one by entering a unique name, such as paassecurity-[your initials or first name].

    c. Location: Select a location for the Resource group. Recommend using East US, East US 2, West Central US, or West US 2.

    d. Modify the parameters to be something unique by replacing with your initials or something similar.

    e. Fill in the remaining parameters, but if you change anything be sure to note it for future reference throughout the lab.

    f. Be sure your resource group location matches the location you select in the settings window

    NOTE: This field and matching is due to a limitation of the resource templates not resolving the resource group location for some template types.

    A Dialog box displays with fields set to the previously mentioned settings. The Location, Passsecurity_sql_name and Location fields are all called out.

  12. Check the I agree to the terms and conditions stated above checkbox.
  13. Select Purchase.The Terms and conditions check box is selected, as is the Purchase button.
  14. The deployment will take about 90 minutes to complete. To view the progress, select the Deployments link.
  • As part of the deployment, you will see the following items created:
    • App Service Environment v2
    • Virtual Networks and Machines
    • Cosmos DB
    • Azure SQL Server and Databases
    • Application Gateway with Firewall
  1. See Appendix A for detailed steps on creating these components without using an ARM template.

Task 3: Download GitHub resources (Jump machine)

In this task, you will log into the lab VM that was created by the ARM template you executed in the previous task and download the GitHub resources needed to complete this hands-on lab.

  1. Login to the paassecurity-vm-jump virtual machine.a. Select Virtual machines.

    The Virtual machines option is selected.

    b. Select paassecurity-vm-jump.

    The passsecurity-vm-jump option is selected.

    c. Select Connect.

    In the Virtual machine blade, Connect is selected.

    d. Select to open the RDP connection.

    e. Enter the VM credentials (wsadmin — p@ssword1rocks).

    A message in the Remote Desktop Connection dialog box warns the user that the publisher of the remote connection cannot be verified, and asks if you want to continue.

    f. Select Connect.

  2. Once logged in, launch the Server Manager. This should start automatically, but you can access it via the Start menu if it does not start.
  3. Select Local Server, the select On next to IE Enhanced Security Configuration. Local Server is selected and highlighted on the left side of Server Manager, and at right, IE Enhanced Security Configuration On is highlighted under Properties For LabVM.
  4. In the Internet Explorer Enhanced Security Configuration dialog, select Off under Administrators, then select OK.
    Off is selected under Administrators in the Internet Explorer Enhanced Security Configuration dialog box.
  5. Close the Server Manager.
  6. Repeat the steps you completed in Task 1 to download or copy the GitHub folders to the virtual machine.

Task 4: Install SQL Server Management Studio

In this task, you will install SQL Server Management Studio (SSMS) on your Jump machine VM.

  1. On your jump machine VM, open a web browser and navigate to
  2. Select Download SQL Server Management Studio 17.x.
    On the SQL Server Management Studio download page, the Download SQL Server Management Studio 17.x link is highlighted.
  3. Run the downloaded installer.
  4. On the Welcome screen, select Install.
    The Microsoft SQL Server Management Studio installer welcome screen is displayed, and the Install button is highlighted.
  5. Close the SSMS installer once setup is completed and restart the VM to complete the installation of SSMS.

Task 5: Install Fiddler

In this task, you will download and install Fiddler, which will enable you to watch network traffic from your lab VM.

  1. In a web browser, navigate to
  2. Complete the form, accepting the license agreement, and select Download for Windows.
    Screenshot of the Download Fiddler form.
  3. Run the download installer, accepting all the default values.
  4. Close the installer when completed.

Task 6: Install Power BI Desktop

Below, you will install Power BI on the jump VM, which will be used in Exercise 8.

  1. In a web browser on you jump VM navigate to the Power BI Desktop download page (
  2. Select the Download Free link in the middle of the page.
    The Power BI Desktop download screen is displayed, and Download Free is selected.
  3. Run the installer.
  4. Select Next on the welcome screen.
    The Welcome screen of the Power BI installer is displayed, with the Next button highlighted and selected.
  5. Accept the license agreement, and select Next.
    Screenshot of the Power BI Desktop Software License Terms screen is displayed, with the "I accept the terms in the License Agreement" checkbox checked, and the Next button selected.
  6. Leave the default destination folder, and select Next.
    Screenshot of the Microsoft Power BI installer's Destination Folder screen, with the default path displayed, and the Next button highlighted.
  7. Make sure the Create a desktop shortcut box is checked, and select Install.
    Screenshot of the Microsoft Power BI installer's Ready to Install screen, with the "Create a desktop shortcut" checkbox checked, and the Install button highlighted.
  8. Uncheck Launch Microsoft Power BI Desktop, and select Finish.
    The Completed the Microsoft Power BI Desktop screen is displayed, with the "Launch Microsoft Power BI Desktop" checkbox unchecked, and the Finish button highlighted.

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

2 Comments on “Securing PaaS – setup”

  1. I’m missing something with this post. Your rationalizations are sound enough, but nevertheless it’s dangerous to depend on whatever others may think. Please write more about this, because I think you are a worthy blogger and I hope to learn more from you!

Leave a Reply

Your email address will not be published. Required fields are marked *