Login to Windows virtual machine in Azure using Azure AD authentication (and the pitfalls)!
Dear Microsoft Azure Friends, This article is about the login to Windows virtual machine in Azure using Azure Active Directory authentication and what needs to be considered in the process. This article describes the procedure. So far, everything is actually in perfect order. https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows So I have worked through the steps and now I want to log on to the virtual machine with an Azure Active Directory account. Why does this error message appear now? Have I done something wrong? I am going through all the steps again. No fits. So I take another close look at the article and discover the following: But that's exactly not the case with me. I want to connect from my local system which is not registered or joined in Azure. Let's take it one step at a time. First of all, I create a group in Azure Active Directory. This will contain the account I will use later for the login. ATTENTION: Use the appropriate Windows OS => Windows Server 2019 Datacenter edition and later or Windows 10 1809 and later Next I create a new virtual machine with the default settings (including a public IP address and yes this is not good, but this demo absolutely OK). Except for Management I set the following settings. If you want to work with an existing virtual machine you need to install the extension. You can do this with the Azure Cloud Shell, in a Bash terminal. az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group YourResourceGroup \ --vm-name YourVM After the virtual machine is created we need to work with Role based Access Control RBAC. There are two roles that can be used. Virtual Machine Administrator Login or Virtual Machine User Login If you need local admin rights you need the first role. If you want to log in as a standard user, you can work with the second role. Now we connect to the virtual machine using RDP, but ATTENTION, I use the account I created when I created the virtual machine (not an Azure AD account). In the virtual machine I start the command prompt and use dsregcmd /status. The machine is Azure AD Joined. In the virtual machine, navigate to Start and invoke "run". Type sysdm.cpl and navigate to the Remote tab. Remove the "Allow connections..." option and click "Select Users". When you click on "Locations" you will immediately see that you cannot select an account from Azure AD. We need the command prompt for this. Start the command prompt with elevated privileges and enter the following (customized with your information, of course). net localgroup "remote desktop users" /add "AzureAD\Email address removed" Go back to the Azure Portal to your virtual machine. Download the RDP connection file. Open this RDP file with an editor and add the following lines. enablecredsspsupport:i:0 authentication level:i:2 Now double click on the RDP connection file and now use the Azure account for login. AND BINGO, we can now log in to our virtual machine using the Azure Active Directory account! Cool! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerNested Virtualization in Azure
We announced nested virtualization support coming to Azure with Dv3 or Ev3 series at //build session last month. We are excited to announce that you can now enable nested virtualization using the Dv3 and Ev3 VM sizes. We will continue to expand support to more VM sizes in the coming months. Read about it on the Azure blog.Avere vFXT for Azure for HPC workloads now generally available
We are very excited to share the general availability (GA) of Avere vFXT for Azure. This culminates months of effort beginning when Microsoft welcomed Avere to the Azure family earlier this year. Customers can now leverage the Avere vFXT to run their high-performance applications in Azure. The scope of Microsoft Azure’s solutions for high-performance computing (HPC) continues to broaden with Avere vFXT being the latest product to transition from testing to general availability. Avere joins a stellar portfolio of products like Azure Virtual Machines, Azure Batch, Azure CycleCloud, and networking technologies such as Azure ExpressRoute, that helps bring these demanding projects into the cloud without sacrifices. Read about it in the Azure blog.Using PowerShell in Azure to assign a new virtual machine to an existing virtual network!
Hi Azure friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Search for the resource groups Get-AzResourceGroup | Format-Table #Whats in a specific resource group Get-AzResource -ResourceGroupName tw-azuredemo-rg | Format-Table #Some variables $RGName = "tw-azuredemo-rg" $VnetName = "tw-vnet-workload" $Location = "westeurope" $VMName = "twsrv2021" $credential = Get-Credential #We need all infos about the virtual network $VirtualNetwork = (Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $RGName) #Let's have a look at the variable $VirtualNetwork #Create a network interface $nic = New-AzNetworkInterface ` -ResourceGroupName $RGName ` -Name "twsrv2021-nic" ` -Location $Location ` -SubnetId $VirtualNetwork.Subnets[0].Id #Define your VM $vmConfig = New-AzVMConfig -VMName $VMName -VMSize "Standard_D2s_v4" #Create the rest of your VM configuration $vmConfig = Set-AzVMOperatingSystem -VM $vmConfig ` -Windows ` -ComputerName $VMName ` -Credential $credential ` -ProvisionVMAgent ` -EnableAutoUpdate $vmConfig = Set-AzVMSourceImage -VM $vmConfig ` -PublisherName "MicrosoftWindowsServer" ` -Offer "WindowsServer" ` -Skus "2016-Datacenter" ` -Version "latest" #Attach the network interface that you previously created $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id #Create your VM New-AzVM -VM $vmConfig -ResourceGroupName $RGName -Location $Location Now you have used the PowerShell to create a new virtual machine and added to an existing virtual network! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
trying to deploy a custom GPU image
here is the cmd I am using C:\>az vm create -n mydgx --image https://AAAimagesXYZ.blob.core.windows.net/ubuntu/XYZ.vhd --use-unmanaged-disk --os-type linux --resource-group gpu --size standard_NC6 --location westus2 --admin-username user --generate-ssh-keys and here is the error The template deployment 'vm_deploy_B2EN56NJALD4P55xIpVIZtyMsxgMKxm7' is not valid according to the validation procedure. The tracking id is '109ffa4a-1fb4-4cb4-a466-8ce7b00824f2'. See inner errors for details. Please see https://aka.ms/arm-deploy for usage details. Operation results in exceeding quota limits of Core. Maximum allowed: 10, Current in use: 6, Additional requested: 6. Also, HOw do I deploy the same using UI?Price reductions on General Purpose Virtual Machines
Price reductions have been announced for the Dv2 Promo Virtual Machines to match the cost savings of the upcoming hyper-threaded Dv3 VMs prior to their launch. The reductions range from up to 7% for Linux VMs and by up to 5% for Windows VMs. The announcement has specific details with a table to check your region and platform: https://azure.microsoft.com/en-us/blog/price-reductions-on-general-purpose-virtual-machines/ Price reductions are always welcome though deciphering some of these announcements takes a bit of work sometimes.
