Login to Windows virtual machine in Azure using Azure AD authentication (and the pitfalls)!
Dear Microsoft Azure Friends, This article is about the login to Windows virtual machine in Azure using Azure Active Directory authentication and what needs to be considered in the process. This article describes the procedure. So far, everything is actually in perfect order. https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows So I have worked through the steps and now I want to log on to the virtual machine with an Azure Active Directory account. Why does this error message appear now? Have I done something wrong? I am going through all the steps again. No fits. So I take another close look at the article and discover the following: But that's exactly not the case with me. I want to connect from my local system which is not registered or joined in Azure. Let's take it one step at a time. First of all, I create a group in Azure Active Directory. This will contain the account I will use later for the login. ATTENTION: Use the appropriate Windows OS => Windows Server 2019 Datacenter edition and later or Windows 10 1809 and later Next I create a new virtual machine with the default settings (including a public IP address and yes this is not good, but this demo absolutely OK). Except for Management I set the following settings. If you want to work with an existing virtual machine you need to install the extension. You can do this with the Azure Cloud Shell, in a Bash terminal. az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group YourResourceGroup \ --vm-name YourVM After the virtual machine is created we need to work with Role based Access Control RBAC. There are two roles that can be used. Virtual Machine Administrator Login or Virtual Machine User Login If you need local admin rights you need the first role. If you want to log in as a standard user, you can work with the second role. Now we connect to the virtual machine using RDP, but ATTENTION, I use the account I created when I created the virtual machine (not an Azure AD account). In the virtual machine I start the command prompt and use dsregcmd /status. The machine is Azure AD Joined. In the virtual machine, navigate to Start and invoke "run". Type sysdm.cpl and navigate to the Remote tab. Remove the "Allow connections..." option and click "Select Users". When you click on "Locations" you will immediately see that you cannot select an account from Azure AD. We need the command prompt for this. Start the command prompt with elevated privileges and enter the following (customized with your information, of course). net localgroup "remote desktop users" /add "AzureAD\Email address removed" Go back to the Azure Portal to your virtual machine. Download the RDP connection file. Open this RDP file with an editor and add the following lines. enablecredsspsupport:i:0 authentication level:i:2 Now double click on the RDP connection file and now use the Azure account for login. AND BINGO, we can now log in to our virtual machine using the Azure Active Directory account! Cool! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerUsing the PowerShell in Azure Active Directory to examine the accounts
Hi Azure friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #We need the cmdlets Install-Module -Name AzureAD -AllowClobber -Force -Verbose #Sometimes the module must be imported Import-Module AzureAD #Username and PW for Login $Credential = Get-Credential #Lets connect to the Azure Active Directory Connect-AzureAD -Credential $Credential #View all accounts Get-AzureADUser #View a specific account Get-AzureADUser -ObjectID jane.ford@tomwechsler.xyz #View additional property values for the cmdlet Get-AzureADUser | Get-Member #View additional property values for a specific account Get-AzureADUser | Select DisplayName,Department,UsageLocation #To see all the properties for a specific user account Get-AzureADUser -ObjectID jane.ford@tomwechsler.xyz | Select * #As another example, check the enabled status of a specific user account Get-AzureADUser -ObjectID jane.ford@tomwechsler.xyz | Select DisplayName,UserPrincipalName,AccountEnabled #View account synchronization status Get-AzureADUser | Where {$_.DirSyncEnabled -eq $true} #Find cloud-only accounts Get-AzureADUser | Where {$_.DirSyncEnabled -ne $false} #View accounts based on a common property Get-AzureADUser | Where {$_.UsageLocation -eq $Null} #List all accounts of users who live in London Get-AzureADUser | Where {$_.City -eq "London"} Now you have used the PowerShell to view Azure Active Directory Accounts! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerManage licenses with PowerShell in Azure Active Directory!
Hi Azure friends, In this article, I will describe how you can use PowerShell in Azure Active Directory to quickly get information about licenses. I have summarized a few experiences and would like to share them with you. I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #We need the cmdlets Install-Module -Name AzureAD -AllowClobber -Force -Verbose #Sometimes the module must be imported Import-Module AzureAD #Lets connect to the Azure Active Directory Connect-AzureAD #What licenses are available? Get-AzureADSubscribedSku #More info about the license package Get-AzureADSubscribedSku | Select-Object -Property ObjectId, SkuPartNumber, ConsumedUnits -ExpandProperty PrepaidUnits #What is included in the license package Get-AzureADSubscribedSku ` -ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans #To list all licensed users Get-AzureAdUser | ForEach { $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)` { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $true)` { Write-Host $_.UserPrincipalName} } #To list all of the unlicensed users Get-AzureAdUser | ForEach{ $licensed=$False ; For ($i=0; $i -le ($_.AssignedLicenses | Measure).Count ; $i++)` { If( [string]::IsNullOrEmpty( $_.AssignedLicenses[$i].SkuId ) -ne $True) { $licensed=$true } } ; If( $licensed -eq $false)` { Write-Host $_.UserPrincipalName} } #Do users have a usage location? Get-AzureADUser | Select DisplayName,Department,UsageLocation #We select a user $User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch #The user needs a location Set-AzureADUser -ObjectId $User.ObjectId -UsageLocation CH #We need the SKU ID Get-AzureADSubscribedSku | Select SkuPartNumber, SkuID #Create the AssignedLicense object $Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense #Set the SKU ID $Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900" #Create the AssignedLicenses Object $Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses #Add the SKU $Licenses.AddLicenses = $Sku #Setting a License to a User Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses #Creating a Custom License $User = Get-AzureADUser -ObjectId fred.prefect@tomscloud.ch.ch #Create the AssignedLicense object $Sku = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense #Add the SKU $Sku.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900" #Show the ServicePlans Get-AzureADSubscribedSku -ObjectId 95b14fab-6bbf-4756-94d4-99993dd27f55_05e9a617-0261-4cee-bb44-138d3ef5d965 | Select-Object -ExpandProperty ServicePlans #Get the LicenseSKU and create the Disabled ServicePlans object $Sku.DisabledPlans = @("a23b959c-7ce8-4e57-9140-b90eb88a9e97","aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1") #Create the AssignedLicenses Object $Licenses = New-Object –TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses #Add the SKU $Licenses.AddLicenses = $Sku #Assign the license to the user Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses Now you have successfully edited the licenses with PowerShell in Azure Active Directory! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAzure Essentials - Free Training
At Ignite 2017, we launched the new Microsoft Azure Essentials, the best place to get started with and learn more about Azure. Don`t know what is Azure, or want to learn more about Azure and Cloud? Just choose a topic and use the curated set of demo videos, hands-on labs, and product trials to learn about and try Azure at your own pace. Be sure to also check out the Azure learning paths, and Azure certification. You can access all this content for free at Azure.com/Essentials
Azure Key Vault RBAC (Role Based Access Control) versus Access Policies!
Dear Microsoft Azure Friends, With an Azure Key Vault, RBAC (Role Based Access Control) and Access Policies always leads to confusion. Let me take this opportunity to explain this with a small example. First of all, let me show you with which account I logged into the Azure Portal. You can see this in the graphic on the top right. Now let's examine the subscription named "MSDN Platforms" by navigating to (Access Control IAM). In "Check Access" we are looking for a specific person. It is the Jane Ford, we see that Jane has the Contributor right on this subscription. So she can do (almost) everything except change or assign permissions. This is in short the Contributor right. Now we search for the Azure Kay Vault in "All resources", for this it is good to work with a filter. As you can see, Azure Key Vault (twkv77) is part of the "MSDN Platforms" subscription. We check again that Jane Ford has the Contributor Role (Inherited) by navigating to "Access Control IAM) in the Azure Kay Vault and clicking on "Role assignment". Now we navigate to "Access Policies" in the Azure Key Vault. As you can see there is a policy for the user "Tom" but none for Jane Ford. With an Access Policy you determine who has access to the key, passwords and certificates. This means that if there is no access policy for Jane, she will not have access to keys, passwords, etc. That's exactly what we're about to check. As you can see in the upper right corner I registered as "Jane Ford" (she gave me the authorization ;-)). If I now navigate to the keys we see immediately that the Jane has no right to look at the keys. There is no access policy for Jane where for example the right "List" is included, so she can't access the keys. With RBAC you control the so-called Management Plane and with the Access Policies the Data Plane. Now you know the difference between RBAC and an Access Policy in an Azure Key Vault! Sure this wasn't super exciting, but I still wanted to share this information with you. I hope this article was helpful for you? Thank you for taking the time to read this article. Best regards, Tom Wechsler
ASR Replication is stuck at "Waiting for First Recovery Point"
Hi All, I am trying to add ASR for one of my setup[VM's] present in Azure environment. But, all the VM's are stuck in "Waiting for First Recovery Point". Please find more details below. Configuration: 1. All the VM's re located in "East US2" 2. All the VM's are installed with Linux[Cent OS] Status of ASR: Created a new Recovery Service Vault “SoakASR-Vault” Enabled Replication for 3 servers for 3 performance servers. You can find the replicated servers in “SoakASR-Vault | Replicated items” Issue: All the 3 servers are stuck at “Waiting for First Recovery Point" Observations: I have created Recovery Services Vault in “Central US”. But, I see Network Mapping as WEST US in "Site Recovery infrastructure | Network mapping" Extension update is failing at "Site Recovery infrastructure | Extension update settings" I see 'Installing Mobility Service and preparing target' with status as “Completed with Information” message. Error ID: 151083 Error Message: Site recovery mobility service update completed with warnings Please help if you have any idea where I am going wrong. Thanks in advance.Dynamic user membership rules, Azure Active Directory Administrative Units and password reset!
Dear Microsoft 365 and Azure Friends, A customer project involved the following issue. A department manager should be able to reset the passwords for his employees who are in his team. However, the department head does not want to bother with group membership. To meet this requirement, I worked with the following functions: - Azure Active Directory administrative units - Dynamic user membership rules - Password Administrator Role Important: Azure Active Directory administrative units are only available with Azure AD Premium P1 (or higher). In order to work with the Dynamic user membership rules feature, it is important that the profiles are maintained on the accounts. What exactly do I mean by that, for example that the attribute department is "Trading" or the city is "Bern". The more attributes are configured with a value, the more detailed you can work with the "Query Rule". Let me now explain this in detail. Let's take a look at an Azure AD account, more specifically the profile. Now it's time to create an Administrative Unit. Let's imagine that Jon Prime is the department manager and he gets the role "Password administrator". The Administrative Unit is created. Now it is a matter of automatically adding the members from his team (from Jon Prime) to this Administrative Unit. Now let's configure it. The first step is to navigate into the Administrative Unit. Now Jon Prime can go to the following URL and log in. For Jon Prime, the Administrative Unit is now visible with the members it contains. He can now reset the password for these members. Important: But only for these members in this Administrative Unit. Not for any other accounts in the Azure Active Directory. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerList user information with PowerShell and Microsoft Graph from Azure Active Directory!
Hi Azure / Microsoft365 friends, In this small example I am concerned with how information can be collected with the Microsoft Graph. Really nothing spectacular, but an interesting lesson for me. I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE. Set-Location C:\ Clear-Host #Install Microsoft Graph Module Install-Module Microsoft.Graph -AllowClobber -Force #Time range $date = (Get-Date).AddDays(-60) #A variable for later output $properties = 'AccountEnabled', 'UserPrincipalName','Id','CreatedDateTime','LastPasswordChangeDateTime' #Connect to the cloud (incl. necessary permissions) Connect-Graph -Scopes User.Read.All, Directory.AccessAsUser.All, User.ReadBasic.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All #We check the permissions (Get-MgContext).Scopes #List the users and store them in a variable $mgUsers = Get-MgUser -All -Select $properties #Let's look at the list $mgUsers #How many are there? $mgUsers.count #Get-Member to get the details Get-MgUser | Get-Member #Creation date and last password change $InfoUsers = $mgUsers | Where-Object { $_.CreatedDateTime -lt $date -and $_.LastPasswordChangeDateTime -lt $date } #How many have we found (No longer the same number)? $InfoUsers.count #We'll take a look at it $InfoUsers | Format-Table $properties #Remove the session Disconnect-Graph I know that wasn't super fancy at all. But I really wanted to share my experience with you. I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM, etc.) that I use can be found on github! https://github.com/tomwechslerMy learning path to the Microsoft Certified: Windows Server Hybrid Administrator Associate!
Dear Microsoft Azure Friends, When I read from Microsoft Learn that there was again a Windows Server exam along with Microsoft Azure, I was excited. The new certification is called: Microsoft Certified: Windows Server Hybrid Administrator Associate! This certification consists of two exams: AZ-800 and AZ-801. If you successfully pass both exams you will receive the certification. This article is all about the AZ-801 exam. I have described my learning path to the AZ-800 in this article! https://techcommunity.microsoft.com/t5/azure/my-preparations-for-the-exam-az-800-administering-windows-server/m-p/3262042 After I had passed the AZ-800, I quickly asked myself, will the AZ-801 be even more difficult? For me, it is always best to read the skills measured first. This gives me a first impression of the exam. Now let me show you how my preparation for the exam was: 1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics. https://docs.microsoft.com/en-us/learn/certifications/exams/az-801 Please take a close look at the skills assessed: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWKPgH 2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here. https://azure.microsoft.com/en-us/free/ I have also set up a small local test environment with a couple of Windows Server 2022. You can get the operating systems directly from Microsoft: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022 https://www.microsoft.com/en-us/evalcenter/evaluate-windows-11-enterprise https://www.microsoft.com/en-us/evalcenter/evaluate-windows-admin-center 3. Now it goes to the Microsoft Learning paths content. Work through the learning paths at your leisure. They are really super helpful to prepare for the exam. At this point, many thanks to Microsoft Learn ( SandraMarin ) for the great learning content: https://docs.microsoft.com/en-us/learn/paths/secure-windows-server-premises-hybrid-infrastructures/ https://docs.microsoft.com/en-us/learn/paths/implement-windows-server-high-availability/ https://docs.microsoft.com/en-us/learn/paths/implement-disaster-recovery-windows-server-premises/ https://docs.microsoft.com/en-us/learn/paths/migrate-servers-workloads-premises-hybrid-environments/ https://docs.microsoft.com/en-us/learn/paths/monitor-troubleshoot-windows-server-environments/ 4. Register for the exam early. This creates some pressure and you stay motivated. https://docs.microsoft.com/en-us/learn/certifications/exams/az-801 5. Please also have a look at thomasmaurer 's website this is also very helpful! https://www.thomasmaurer.ch/2022/03/az-801-exam-study-guide-configuring-windows-server-hybrid-advanced-services/ 6. I have created a repository on GitHub for the two exams AZ-800 and AZ-801. There are links, scripts and a lot of content in it, please have a look: https://github.com/tomwechsler/Microsoft_Certified_Windows_Server_Hybrid_Administrator_Associate 7. I started (in german) with a YouTube playlist (it's still early days) to become a Microsoft Certified: Windows Server Hybrid Administrator Associate https://www.youtube.com/playlist?list=PLi0MTIjZai_xLvMSMgOxnk-0QFSxjSEe5 8. More helpful information directly from Microsoft, divided into the functional groups (Skills measured)! Secure Windows Server On-premises and Hybrid Infrastructures: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection https://docs.microsoft.com/de-de/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-h--securing-local-administrator-accounts-and-groups https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-b--privileged-accounts-and-groups-in-active-directory https://docs.microsoft.com/en-us/defender-for-identity/what-is https://docs.microsoft.com/en-us/azure/sentinel/data-connectors-reference?tabs=LAA#windows-security-events-via-ama https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-servers-introduction https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-models https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview Implement and manage Windows Server high availability: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-shared https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets https://docs.microsoft.com/en-us/windows-server/failover-clustering/create-failover-cluster https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/stretch-cluster-replication-using-shared-storage https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/cluster-to-cluster-azure-cross-region https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/cluster-to-cluster-azure-cross-region https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements https://docs.microsoft.com/en-us/windows-server/failover-clustering/manage-cluster-quorum https://docs.microsoft.com/en-us/windows-server/failover-clustering/failover-clustering-overview https://docs.microsoft.com/en-us/azure-stack/hci/deploy/cluster-set https://docs.microsoft.com/en-us/windows-server/failover-clustering/sofs-overview https://docs.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness https://docs.microsoft.com/en-us/troubleshoot/windows-server/high-availability/cluster-information-ip-address-failover https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating https://docs.microsoft.com/en-us/azure-stack/hci/concepts/storage-spaces-direct-overview https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/deploy-storage-spaces-direct Implement disaster recovery: https://docs.microsoft.com/en-us/azure/backup/backup-windows-with-mars-agent https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server https://docs.microsoft.com/en-us/azure/backup/backup-mabs-whats-new-mabs https://docs.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup https://docs.microsoft.com/en-us/azure/backup/backup-instant-restore-capability https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-userestapi-createorupdatepolicy https://docs.microsoft.com/en-us/azure/backup/backup-client-automation https://docs.microsoft.com/en-us/azure/virtual-machines/backup-and-disaster-recovery-for-azure-iaas-disks https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-manage-network-interfaces-on-premises-to-azure https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-create-recovery-plans https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-about-networking https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-about-networking https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica Migrate servers and workloads: https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/cutover https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview https://docs.microsoft.com/en-us/azure/storage/files/storage-files-migration-overview https://docs.microsoft.com/en-us/azure/migrate/deploy-appliance-script https://docs.microsoft.com/en-us/azure/migrate/how-to-set-up-appliance-physical https://docs.microsoft.com/en-us/azure/migrate/how-to-migrate https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/migrate-a-web-site-from-iis-60-to-iis-7-or-above https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/building-sample-app https://docs.microsoft.com/en-us/windows-server/get-started/upgrade-migrate-roles-features Monitor and troubleshoot Windows Server environments: https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/performance-overview https://docs.microsoft.com/en-us/windows-server/manage/system-insights/overview https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor https://docs.microsoft.com/en-us/windows-server/manage/system-insights/overview https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/networking-overview https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/boot-error-troubleshoot https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/performance-diagnostics https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/support-agent-extensions https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/reset-directory-services-restore-mode-admin-pwd https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-pass-through-authentication https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment More helpful links: https://docs.microsoft.com/en-us/windows-server/failover-clustering/bitlocker-on-csv-in-ws-2022 https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm https://docs.microsoft.com/en-us/defender-for-identity/technical-faq https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview https://docs.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness https://docs.microsoft.com/en-us/windows-server/failover-clustering/sofs-overview https://docs.microsoft.com/en-us/azure/site-recovery/recovery-plan-overview https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/migrate-data https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections https://docs.microsoft.com/en-us/azure/migrate/tutorial-discover-physical https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/synchronize-iis I want to emphasize it again in this article, read the questions very carefully. The difference is very often in the details. If it says you have to back up the server and all data to Azure, then that is something different than if it would only say all data. This small difference has a big impact on the subsequent solution! One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube! I hope this information helps you and that you successfully pass the exam. I wish you success! Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
