Kickstart Conditional Access in Microsoft Entra: Free Starter Pack with Policies & Automation
Introduction Conditional Access (CA) is the backbone of Zero Trust in Microsoft Entra ID. It helps you enforce security without compromising productivity. But rolling out CA can feel risky what if you lock out admins or break apps? To make this easier, I’ve created a free starter pack with: Ready-to-use policy templates (JSON) PowerShell scripts for deployment via Microsoft Graph GitHub Actions workflow for automation Safe rollout strategy using report-only mode Why This Matters Block legacy authentication to reduce attack surface. Require MFA for admins to protect privileged accounts. Handle high-risk sign-ins with compliant device + MFA. Validate impact before enforcing using report-only mode. What’s Inside the Starter Pack ✔ Policies Block legacy authentication Require MFA for admin roles High-risk sign-ins → compliant device + MFA Safety-net report-only baseline ✔ Scripts Deploy policies (deploy-conditional-access.ps1) Export existing policies Toggle report-only mode ✔ Automation GitHub Actions workflow for CI/CD deployment ✔ Docs Usage guide Safe rollout checklist How to Use It Download the repo: GitHub Repo: https://github.com/soaeb7007/entra-ca-starter-pack Install Microsoft Graph PowerShell SDK: Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess','Directory.Read.All' Select-MgProfile -Name beta Deploy policies in report-only mode: ./scripts/deploy-conditional-access.ps1 -PolicyPath ./policies -ReportOnly Validate impact in Sign-in logs before enforcing. Safe Rollout Checklist Exclude break-glass accounts, Start with report-only, Validate for 48–72 hours, Roll out to pilot group before org-wide Next Steps Enable report-only mode for new policies. Explore Conditional Access templates in Entra portal. Watch for my next post: “Optimizing Conditional Access for Performance and Security.” What’s your biggest challenge with Conditional Access? Drop it in the comments, I’ll cover the top 3 in my next post.Azure Entra Security Copilot: How It’s Changing Identity Protection
Overview Azure Entra Security Copilot is revolutionizing how organizations approach identity protection. By combining the power of generative AI with Microsoft’s deep security insights, it enables faster threat detection, smarter policy recommendations, and simplified incident response. Hands-On Experience After integrating Security Copilot into our Azure Entra environment, here’s what stood out: Natural Language Queries: You can ask things like “Show me risky sign-ins from last week” and get instant, actionable insights. Automated Investigations: It correlates signals across Entra ID, Defender, and Sentinel to surface threats. Policy Recommendations: Based on your environment, it suggests Conditional Access policies to reduce risk. Use Cases 1. Breach Detection Detects anomalies like impossible travel, unfamiliar sign-in patterns, and token theft. Automatically flags high-risk users and suggests remediation steps. 2. Policy Optimization Recommends Conditional Access policies tailored to your org’s risk profile. Helps reduce over-permissive access and enforce least privilege. 3. Incident Response Generates incident summaries and timelines. Suggests next steps and integrates with Microsoft Sentinel for deeper investigation. Comparison with Traditional SIEM Workflows Discussion Starter Have you tried Security Copilot in your environment yet? What use cases have you explored? How does it compare with your existing SIEM or XDR tools? Let’s share insights and build a stronger identity protection strategy together!
Scaling Smart with Azure: Architecture That Works
Hi Tech Community! I’m Zainab, currently based in Abu Dhabi and serving as Vice President of Finance & HR at Hoddz Trends LLC a global tech solutions company headquartered in Arkansas, USA. While I lead on strategy, people, and financials, I also roll up my sleeves when it comes to tech innovation. In this discussion, I want to explore the real-world challenges of scaling systems with Microsoft Azure. From choosing the right architecture to optimizing performance and cost, I’ll be sharing insights drawn from experience and I’d love to hear yours too. Whether you're building from scratch, migrating legacy systems, or refining deployments, let’s talk about what actually works.
Former Employer Abuse
My former employer, Albert Williams, president of American Security Force Inc., keeps adding my outlook accounts, computers and mobile devices to the company's azure cloud even though I left the company more than a year ago. What can I do to remove myself from his grip? Does Microsoft have a solution against abusive employers?
Creating Logic App to Identify Low Storage Devices from Intune
Hello everyone, I’m seeking some assistance with creating a Logic App. I need to identify devices in Intune that have 5GB or less of available space and receive an email with the details of these devices, including their names. Is this achievable?Search for users in Azure AD with PowerShell who have a directory role assigned!
Hi Azure friends, It was about a following customer scenario. The task was to search for users who have been assigned a directory role in Azure Active Directory. Of course this search can be done with the Azure Portal. However, I think we can agree that this might take a bit of time. Let's work together with PowerShell. I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE. Set-Location C:\ Clear-Host #We need the cmdlets Install-Module -Name AzureAD -AllowClobber -Force -Verbose #Sometimes the module must be imported Import-Module AzureAD #Let's connect Connect-AzureAD #To explore the available cmdlets in the Azure AD module Get-Command -Module AzureAD | Measure-Object #Fetch list of all directory roles with object ID Get-AzureADDirectoryRole #Fetch a specific directory role by ID $role = Get-AzureADDirectoryRole -ObjectId "6fd5c3ac-2e62-4fca-84fe-9e32ae5282f2" #Fetch role membership for a role (to get an idee) Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser #Lets create some variables $roleUsers = @() $roles=Get-AzureADDirectoryRole #We use a loop ForEach($role in $roles) { $users=Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId ForEach($user in $users) { write-host $role.DisplayName,$user.DisplayName,$user.UsageLocation $obj = New-Object PSCustomObject $obj | Add-Member -type NoteProperty -name RoleName -value "" $obj | Add-Member -type NoteProperty -name UserDisplayName -value "" $obj | Add-Member -type NoteProperty -name UsageLocation -value "" $obj.RoleName=$role.DisplayName $obj.UserDisplayName=$user.DisplayName $obj.UsageLocation=$user.UsageLocation $roleUsers+=$obj } } #We have a result $roleUsers #A bit more readable $roleUsers | Sort-Object Userdisplayname | select Userdisplayname, RoleName #Remove the session Disconnect-AzureAD Now we have a listing of users who have been given a directory role in Azure AD. I know that wasn't super fancy at all. But I really wanted to share my experience with you. I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM, etc.) that I use can be found on github! https://github.com/tomwechslerDynamic user membership rules, Azure Active Directory Administrative Units and password reset!
Dear Microsoft 365 and Azure Friends, A customer project involved the following issue. A department manager should be able to reset the passwords for his employees who are in his team. However, the department head does not want to bother with group membership. To meet this requirement, I worked with the following functions: - Azure Active Directory administrative units - Dynamic user membership rules - Password Administrator Role Important: Azure Active Directory administrative units are only available with Azure AD Premium P1 (or higher). In order to work with the Dynamic user membership rules feature, it is important that the profiles are maintained on the accounts. What exactly do I mean by that, for example that the attribute department is "Trading" or the city is "Bern". The more attributes are configured with a value, the more detailed you can work with the "Query Rule". Let me now explain this in detail. Let's take a look at an Azure AD account, more specifically the profile. Now it's time to create an Administrative Unit. Let's imagine that Jon Prime is the department manager and he gets the role "Password administrator". The Administrative Unit is created. Now it is a matter of automatically adding the members from his team (from Jon Prime) to this Administrative Unit. Now let's configure it. The first step is to navigate into the Administrative Unit. Now Jon Prime can go to the following URL and log in. For Jon Prime, the Administrative Unit is now visible with the members it contains. He can now reset the password for these members. Important: But only for these members in this Administrative Unit. Not for any other accounts in the Azure Active Directory. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerManage licenses with PowerShell in Azure Active Directory!
Hi Azure friends, In this article, I will describe how you can use PowerShell in Azure Active Directory to quickly get information about licenses. I have summarized a few experiences and would like to share them with you. I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #We need the cmdlets Install-Module -Name AzureAD -AllowClobber -Force -Verbose #Sometimes the module must be imported Import-Module AzureAD #Lets connect to the Azure Active Directory Connect-AzureAD #What licenses are available? Get-AzureADSubscribedSku #More info about the license package Get-AzureADSubscribedSku | Select-Object -Property ObjectId, SkuPartNumber, ConsumedUnits -ExpandProperty PrepaidUnits #What is included in the license package Get-AzureADSubscribedSku ` -ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans #To list all licensed users Get-AzureAdUser | ForEach { $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)` { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $true)` { Write-Host $_.UserPrincipalName} } #To list all of the unlicensed users Get-AzureAdUser | ForEach{ $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)` { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $false)` { Write-Host $_.UserPrincipalName} } #Do users have a usage location? Get-AzureADUser | Select DisplayName,Department,UsageLocation #We select a user $User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch #The user needs a location Set-AzureADUser -ObjectId $User.ObjectId -UsageLocation CH #We need the SKU ID Get-AzureADSubscribedSku | Select SkuPartNumber, SkuID #Create the AssignedLicense object $Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense #Set the SKU ID $Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900" #Create the AssignedLicenses Object $Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses #Add the SKU $Licenses.AddLicenses = $Sku #Setting a License to a User Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses #Creating a Custom License $User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch.ch #Create the AssignedLicense object $Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense #Add the SKU $Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900" #Show the ServicePlans Get-AzureADSubscribedSku -ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans #Get the LicenseSKU and create the Disabled ServicePlans object $Sku.DisabledPlans = @("a23b959c-7ce8-4e57-9140-b90eb88a9e97","aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1") #Create the AssignedLicenses Object $Licenses = New-Object –TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses #Add the SKU $Licenses.AddLicenses = $Sku #Assign the license to the user Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses Now you have successfully edited the licenses with PowerShell in Azure Active Directory! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerMy learning path to the Microsoft Certified: Windows Server Hybrid Administrator Associate!
Dear Microsoft Azure Friends, When I read from Microsoft Learn that there was again a Windows Server exam along with Microsoft Azure, I was excited. The new certification is called: Microsoft Certified: Windows Server Hybrid Administrator Associate! This certification consists of two exams: AZ-800 and AZ-801. If you successfully pass both exams you will receive the certification. This article is all about the AZ-801 exam. I have described my learning path to the AZ-800 in this article! https://techcommunity.microsoft.com/t5/azure/my-preparations-for-the-exam-az-800-administering-windows-server/m-p/3262042 After I had passed the AZ-800, I quickly asked myself, will the AZ-801 be even more difficult? For me, it is always best to read the skills measured first. This gives me a first impression of the exam. Now let me show you how my preparation for the exam was: 1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics. https://docs.microsoft.com/en-us/learn/certifications/exams/az-801 Please take a close look at the skills assessed: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWKPgH 2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here. https://azure.microsoft.com/en-us/free/ I have also set up a small local test environment with a couple of Windows Server 2022. You can get the operating systems directly from Microsoft: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022 https://www.microsoft.com/en-us/evalcenter/evaluate-windows-11-enterprise https://www.microsoft.com/en-us/evalcenter/evaluate-windows-admin-center 3. Now it goes to the Microsoft Learning paths content. Work through the learning paths at your leisure. They are really super helpful to prepare for the exam. At this point, many thanks to Microsoft Learn ( SandraMarin ) for the great learning content: https://docs.microsoft.com/en-us/learn/paths/secure-windows-server-premises-hybrid-infrastructures/ https://docs.microsoft.com/en-us/learn/paths/implement-windows-server-high-availability/ https://docs.microsoft.com/en-us/learn/paths/implement-disaster-recovery-windows-server-premises/ https://docs.microsoft.com/en-us/learn/paths/migrate-servers-workloads-premises-hybrid-environments/ https://docs.microsoft.com/en-us/learn/paths/monitor-troubleshoot-windows-server-environments/ 4. Register for the exam early. This creates some pressure and you stay motivated. https://docs.microsoft.com/en-us/learn/certifications/exams/az-801 5. Please also have a look at thomasmaurer 's website this is also very helpful! https://www.thomasmaurer.ch/2022/03/az-801-exam-study-guide-configuring-windows-server-hybrid-advanced-services/ 6. I have created a repository on GitHub for the two exams AZ-800 and AZ-801. There are links, scripts and a lot of content in it, please have a look: https://github.com/tomwechsler/Microsoft_Certified_Windows_Server_Hybrid_Administrator_Associate 7. I started (in german) with a YouTube playlist (it's still early days) to become a Microsoft Certified: Windows Server Hybrid Administrator Associate https://www.youtube.com/playlist?list=PLi0MTIjZai_xLvMSMgOxnk-0QFSxjSEe5 8. More helpful information directly from Microsoft, divided into the functional groups (Skills measured)! Secure Windows Server On-premises and Hybrid Infrastructures: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection https://docs.microsoft.com/de-de/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-h--securing-local-administrator-accounts-and-groups https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-b--privileged-accounts-and-groups-in-active-directory https://docs.microsoft.com/en-us/defender-for-identity/what-is https://docs.microsoft.com/en-us/azure/sentinel/data-connectors-reference?tabs=LAA#windows-security-events-via-ama https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-models https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview Implement and manage Windows Server high availability: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-shared https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets https://docs.microsoft.com/en-us/windows-server/failover-clustering/create-failover-cluster https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/stretch-cluster-replication-using-shared-storage https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/cluster-to-cluster-azure-cross-region https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/cluster-to-cluster-azure-cross-region https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements https://docs.microsoft.com/en-us/windows-server/failover-clustering/manage-cluster-quorum https://docs.microsoft.com/en-us/windows-server/failover-clustering/failover-clustering-overview https://docs.microsoft.com/en-us/azure-stack/hci/deploy/cluster-set https://docs.microsoft.com/en-us/windows-server/failover-clustering/sofs-overview https://docs.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness https://docs.microsoft.com/en-us/troubleshoot/windows-server/high-availability/cluster-information-ip-address-failover https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating https://docs.microsoft.com/en-us/azure-stack/hci/concepts/storage-spaces-direct-overview https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/deploy-storage-spaces-direct Implement disaster recovery: https://docs.microsoft.com/en-us/azure/backup/backup-windows-with-mars-agent https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server https://docs.microsoft.com/en-us/azure/backup/backup-mabs-whats-new-mabs https://docs.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup https://docs.microsoft.com/en-us/azure/backup/backup-instant-restore-capability https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-userestapi-createorupdatepolicy https://docs.microsoft.com/en-us/azure/backup/backup-client-automation https://docs.microsoft.com/en-us/azure/virtual-machines/backup-and-disaster-recovery-for-azure-iaas-disks https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-manage-network-interfaces-on-premises-to-azure https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-create-recovery-plans https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-about-networking https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-about-networking https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica Migrate servers and workloads: https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/cutover https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview https://docs.microsoft.com/en-us/azure/storage/files/storage-files-migration-overview https://docs.microsoft.com/en-us/azure/migrate/deploy-appliance-script https://docs.microsoft.com/en-us/azure/migrate/how-to-set-up-appliance-physical https://docs.microsoft.com/en-us/azure/migrate/how-to-migrate https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/migrate-a-web-site-from-iis-60-to-iis-7-or-above https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/building-sample-app https://docs.microsoft.com/en-us/windows-server/get-started/upgrade-migrate-roles-features Monitor and troubleshoot Windows Server environments: https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/performance-overview https://docs.microsoft.com/en-us/windows-server/manage/system-insights/overview https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor https://docs.microsoft.com/en-us/windows-server/manage/system-insights/overview https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/networking-overview https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/boot-error-troubleshoot https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/performance-diagnostics https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/support-agent-extensions https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/reset-directory-services-restore-mode-admin-pwd https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-pass-through-authentication https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment More helpful links: https://docs.microsoft.com/en-us/windows-server/failover-clustering/bitlocker-on-csv-in-ws-2022 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm https://docs.microsoft.com/en-us/defender-for-identity/technical-faq https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview https://docs.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness https://docs.microsoft.com/en-us/windows-server/failover-clustering/sofs-overview https://docs.microsoft.com/en-us/azure/site-recovery/recovery-plan-overview https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/migrate-data https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections https://docs.microsoft.com/en-us/azure/migrate/tutorial-discover-physical https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/synchronize-iis I want to emphasize it again in this article, read the questions very carefully. The difference is very often in the details. If it says you have to back up the server and all data to Azure, then that is something different than if it would only say all data. This small difference has a big impact on the subsequent solution! One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube! I hope this information helps you and that you successfully pass the exam. I wish you success! Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
