Hi. We are deploying and hosting SquaredUp (for Azure) in Azure, and it’s working. However, I’ve found Open Access is really open to the entire internet, with security being a unique url (security by obscurity). And no way to limit it to “authenticated users”.
With on-prem hosting access to the physical network is limited, so this issue isn’t really an issue.
I’m keen for advice and thoughts how to resolve this.
#1 – Host on-prem – Unfortunately we are moving everything to cloud.
#2 – Limit VNET to our office IP’s – That would work, although due to COVID our we are scatted across different towns working from home (and many have dynamic IP’s).
#3 – Limit access to a Jumphost in Azure. it’s a viable solution, but expensive and not a great experience to look at dashboards.
#4 – alter the IIS settings not to allow anonymous access. best idea so far, but no idea what to alter.
#5 – licence all users – we have a lot of users who just need to see a non-interactive board, then licensing each one can be an overkill.
I see this see thread Restricting Open Access to AD Groups. , but it doesn’t really offer a solution in this case.
Any thoughts or ideas appreciated 🙂
Bringing the VM inside a vnet (non-public) and then sharing SquaredUp using Azure Application Proxy is a viable solution. You’re then adding auth to OA via Azure AD. Costs next to nothing too.