User Profile
TravisRoberts
MCT
Joined 9 years ago
User Widgets
Recent Discussions
Re: Custom Windows Server Standard VM on Azure: It Works, But Is It Licensing Compliant?
An easier path is to do the entire process in Azure. You can create an Azure VM, modify it, sysprep, and capture the image. From there, you can use that image to deploy new custom Azure VMs. This process maintains the Azure agent and other requirements needed to run Windows in Azure. The cost of running Windows Server in Azure includes OS licensing. There is an option for virtual hardware only cost if using hybrid benefits.99Views2likes0CommentsSend message to Teams from Azure Function or Azure Automation
I put together two videos that show how to send a message to Microsoft Teams whenever a specified resource is created in an Azure Subscription. One using Azure Functions, the other Azure Automation. Short blog post and link to the videos below. https://www.ciraltos.com/azure-automation-azure-functions-teams-and-event-grid/18KViews1like0CommentsRe: Key Vault + Azure Automation
I can't answer your questions about private endpoints, but I store credentials used by the runbooks in a credential shared resource in the automation account. The runbooks have access to the automation account credentials and removes the need to access the Key Vault.2.1KViews0likes1CommentRe: access Azure File share on Azure AD joined Devices with Azure AD Credentials
It sounds like you need to access an SMB share from a computer that is Azure AD Joined. IT is possible, this setup is supported for FSLogix profiles with Azure AD joined session hosts. The link below provides more information on the setup. The one catch is that this configuration requires the users to be hybrid, meaning they are sourced from Windows AD and replicated to Azure AD with Azure AD Connect. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?WT.mc_id=AZ-MVP-5004159 Good luck! Travis6.8KViews1like0CommentsLog Analytics Data Collector API PowerShell Function
I created a function that takes the input of time, log type and a hashtable and writes it to Log Analytics. This was intended to be a “universal” log writer for Log Analytics. I use it in an Azure Automation Module so I can pass log data from any runbook to Log Analytics but it could be used in any PowerShell Script. Function is on GitHub. https://github.com/tsrob50/LogAnalyticsAPIFunction Links to Resources and overview video here: http://www.ciraltos.com/azure-oms-log-analytics-step-by-step-data-collector-api/3.1KViews0likes0CommentsRe: MFA without a Cellphone
This is an interesting topic. Previously, I didn't think twice about using a cell phone for MFA but it makes sense that asking employees to use personal devices for work is not always acceptable. I created a couple videos, one on MFA with an OATH token. This is an alternative to the Microsoft Authenticator app. https://youtu.be/vG_NqiffqcI I did another on FIDO2 keys for passwordless authentication. https://youtu.be/XJwGvqUYEkg I hope this is helpful, -Travis37KViews1like7CommentsRe: How to connect multiple VMs of multiple regions to an OMS workspace.
matrixman The host pool maps to one workspace. You can't connect to multiple. For Azure VM's it's best to remove the agent and re-add it for the correct log analytics workspace. I suspect there is a way to do that programmatically with PowerShell if here are a lot of them. Thanks2.7KViews0likes0CommentsRe: Merge Local AD with Azure AD - Best practise for the case below
Azure AD Connect sync will match local and Azure AD users based on primary SMTP and soft match based on UPN. If the local and remote identity have the same SMTP or UPN, they will be merged. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-syncservice-features?WT.mc_id=AZ-MVP-5004159#userprincipalname-soft-match7KViews0likes0CommentsRe: Azure AD Connect Issues
Nouria065 Hello, You state the environment is set up for pass through authentication with password has synchronization. Those are two, mutually exclusive authentication methods. Verify the option configured in Azure AD connect sync. If using pass through authentication, be sure the agent is installed in the internal network and can access the required web endpoints as outlined in the documentation. Good luck, Travis1KViews0likes0CommentsRe: WVD Gen 1 "couldn't connect because there are currently no available resources"
Have you tried to reinstall the agent? I’m not sure about WVD Classic, but in the new version of WVD the registration key expires after 90 days. If the session hosts have been powered off for a while, it could be an expired registration key. https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/create-host-pools-powershell-2019?WT.mc_id=AZ-MVP-5004159#register-the-virtual-machines-to-the-windows-virtual-desktop-host-pool https://docs.microsoft.com/en-us/azure/virtual-desktop/faq?WT.mc_id=AZ-MVP-5004159#how-often-should-i-turn-my-vms-on-to-prevent-registration-issues1.1KViews0likes3CommentsRe: Azure ADDS extension of my onpremises domain
The client has to have access to the Azure AD DS domain and Azure AD DS DNS servers to find the domain. You would likely need a VPN solution for the clients as it’s not recommended to expose AD DS, Windows or Azure, to the internet. You can configure the on-premises Windows AD DS to sync user’s legacy NTLM password hash from Windows AD to Azure AD. The legacy password hash is different from the password hash sync used to sync passwords with AD Connect. This way, the passwords will be the same for the on-premises domain and the Azure AD DS domain. Based on your description, I sounds like you are looking for behavior similar to a multi-domain forest or trust relationship between a Windows AD Domain and an Azure AD DS domain. Identities can replicate from Windows AD to Azure AD DS (not the other way), but they are two serrate domains. Also, Azure AD DS will not support trust relationships. So a computer added to one domain will not be trusted by the other. Other than sharing user names and passwords, they are two distinct domains. From my experience, Azure AD DS is really meant for standing up a hosted, isolated AD DS environment to support a cloud service that requires AD DS. Extending it to remote users will have all the complexities of extending on-premises AD DS to remote users with the limitations of Azure AD DS (no trust relationships, only available in one site, can’t extend the schema) If you are looking to manage remote desktops, Azure AD join and Intune may be a better option. -Travis1.6KViews0likes1CommentRe: WVD without a DC
Hello, Thanks for taking the course! Active Directory Domain Services is a requirement for WVD, either Windows AD or Azure AD DS. You can use Azure AD DS instead of deploying a DC. I used a single DC in the course primarily as a cost saving measure for the lab. The DC can be shut down when not in use, Azure AD DS is charged as long as it's provisioned. If you go with Azure AD DS, there is a different set of instructions for configuring the SMB File shares. You can find more details here https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal Thanks, Travis1.5KViews0likes3CommentsRe: Get-AzWvdSessionHost returns Status of "Shutdown" instead of "Unavailable" when VM's are powered off
VenkataKrishnamurti Can you verify you are using the WVDARM_ScaleHostPoolVMs.ps1 script with the newer, Spring update of WVD? Based on that error, you may be using the older version for the WVD Clasic. Thanks4.9KViews0likes0Comments
Groups
Developer User Group Leaders Hub
The place where user group leaders who want to be in the know -- on the latest & greatest from Microsoft Dev Tools, Azure, and AI topics -- come together to discuss, learn, share best practices, and get weekly updates.Recent Blog Articles
No content to show