Azure – Technology News and Information by SeniorDBA

Cloud Security Best Practice

There are several things you can do to improve the security of your online cloud environment. Protect your business assets by enabling specific controls when available.

Access Control – Enable Multi-Factor Authentication (MFA) and Conditional Access when possible. This means requiring not just usernames and passwords to access your critical cloud-based systems, but also requiring multi-factor authentication. Instead of allowing user access with just something you know (password), also require a user to prove their identity with something they have (cellphone) or something they are (fingerprint). You may also be able to enable conditional access, which allows an administrator to add additional requirements to your login process, like only allowing you to log into the cloud environment using an authorized laptop, from a specific location, etc.
Improve Security Posture – Use the tools available from your cloud provider to improve your overall security posture. Microsoft Azure offers a secure score rating, showing you recommended actions and comparing your security profile to other tenants. This can drive security changes that you may not even know are possible and provide instructions specific to your environment.
Secure Your Applications – Train your developers in security best practices such as Security Development Lifecycle (SDL) and test for common development issues using OWASP as a guide. Encrypt everything possible, including all internal and external connections. All data that is stored or processed should also be encrypted. Your backups should be encrypted and stored in a secure location away from the production data. Review your relationships with all vendors to make sure it is crystal clear who is responsible for all aspects of your security. You are responsible for everything unless it is specifically stated otherwise in your vendor contract.
Understand and Mitigate Risks – Use best practice guidelines to identify threats and build processes to protect all your systems from known threats, detect any attacks that malicious groups may use in an attack in your environment, and respond to threats and attacks before your systems can be compromised. You should utilize a security information and event management (SIEM) system to collect the logs from all systems. Once the logs are in a central location you can build alerts when specific events occur, as well as identify risky behavior before the systems can be compromised.
Maintain Network Security – Even through the cloud moves systems outside of your on-premise environment, the proper configuration of your firewall is still very important. Controls still need to be in place to protect the perimeter, detect hostile activity, and respond to all possible threats. A web application firewall (WAF) protects web apps from common exploits like SQL injection and cross-site scripting. Using concepts like virtual networking and subnet provisioning, you can micro-segment your network to provide additional security as you work toward zero trust networking. Enable your endpoint firewall, like Windows firewall, to properly protect the endpoints as they move outside your protected on-premise network.

While protecting your company assets from a constantly evolving threat landscape can seem an impossible (and expensive) task, some basic security processes can start you down the path towards a best-practice security environment. Don’t try to do everything at once. Start simple with the goal of constant improvement.

Cloud Comparison: AWS vs. Azure vs. GCP

Three vendors, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), dominate the public cloud computing market. When it comes to infrastructure as a service (IaaS) and platform as a service (PaaS), these three huge vendors have a significant lead on other contenders in the field. Lets talk about the services provided and compare the major features offered by each vendor.

Many IT experts recommend that enterprise teams evaluate their public cloud needs to match specific applications and workloads with the vendor that offers the best fit for their needs. Each vendor has particular strengths and weaknesses that make them a good choice for certain projects.

Compute

Compute is described as the processing power that the cloud service offers to support your business workloads. In general, the more compute power offered the better is can be for your business. Since more compute can cost more money, the price also plays a significant role in understanding the offered compute power.

Startups can find the cloud-based compute model most beneficial because this approach allows them to order extra compute power anytime they want without worrying about long-term installation, maintenance, and hardware costs. You can start small and move to more compute power as required to keep compute costs as small as possible.

AWS – Elastic Compute Cloud: Amazon’s flagship compute service is Elastic Compute Cloud, or EC2. Amazon describes EC2 as “a web service that provides secure, resizable compute capacity in the cloud.” EC2 offers a wide variety of options, including a huge assortment of instances, support for both Windows and Linux, bare metal instances (currently a preview), GPU instances, high-performance computing, auto scaling and more. AWS offers a free tier for EC2 that includes 750 hours per month of t2.micro instances for up to twelve months.

Azure – Virtual Machines: Microsoft’s primary compute service is simply known as Virtual Machines. Azure supports Linux, Windows Server, SQL Server, Oracle, IBM, and SAP. Like AWS, Azure has an extremely large catalog of available instances, including GPU and high-performance computing options. Azure has also added instances optimized for artificial intelligence and machine learning. Azure has a free tier with 750 hours per month of Windows or Linux B1S virtual machines for a year.

GCP –Compute Engine: Google’s catalog of compute services is somewhat shorter than AWS or Azure. Their primary service is called Compute Engine, which includes both custom and predefined machine types, per-second billing, Linux and Windows support, automatic discounts, and carbon-neutral infrastructure that uses half the energy of typical data centers. GCP offers a free tier that includes one f1-micro instance per month for up to 12 months.

Continue reading “Cloud Comparison: AWS vs. Azure vs. GCP”

Deciding on Microsoft Intune

Many companies are trying to figure out how to handle their mobile device management at their business. Many will buy a product that performs some or all of the functions they need, or at least they think they need. As their needs mature or as requirements change, they may need to change the solution to a different product. I think the full-featured product that many companies need is Microsoft Endpoint Management, also known as Microsoft Intune. Intune is Microsoft’s answer to mobile-device management for Windows centric companies, and it is so very simple to use.

Intune will allow you to enroll all your Windows 10, macOS, iPadOS, and Android devices. Once a device is enrolled, it can be configured, applications can be installed, and devices can be wiped when they no longer need to be managed.

As you can imagine, effective configuration and application management across all business devices, including advanced security settings on multiple operating systems, using one powerful and easy-to-use interface will make support and training much easier, and your business will save money and time.

It is a popular and cost effective cloud-based tool that gives all employees access to corporate applications on their assigned endpoint, along with conditional access to corporate data, and is simplifies the deployment of those settings, applications, and access to sensitive data to easily support hundreds or even thousands of employees with very little hands-on work by your technology team.

If you have your technology team buying and manually building laptops as you hire new employees you already know how difficult, time consuming, and manual that process can be, even if you have automated some of those steps. You need to deploy a new application to all employees? Simple, just send someone to all your users and they can install the software from a network share or flash drive. Maybe you have automated some of these steps and you deploy the new software via GPO? How long does it take for your remote workforce to finally make a VPN connection to the corporate network to get the new software? How easy is it to determine who is still missing the new software package or has installation errors?

How easy would it be to implement 10-20 new security settings to all your users laptops overnight?
How easy will it be to remove software they aren’t supposed to have installed, even if you can detect it exists on their laptop?
Do you have an accurate and up-to-date asset inventory of user laptops and what software is actually installed?
Are you able to detect missing patches to the OS and all the installed software for every user?
Can you make sure users are even trying to install patches on their laptops?

Remote workers that never connect to the corporate network make this management process even more difficult.

Do you have a solution to this issue? I think Microsoft Intune may be the solution to your problem, and it may already be included in your O365 licensing.

Let’s talk about some of the reasons I like Microsoft Intune.

Continue reading “Deciding on Microsoft Intune”

Using Microsoft Endpoint Manager (Intune) and Windows 10 templates to configure policy settings

Photo by Andrea Piacquadio on Pexels.com

Introduction

Successfully configuring a variety of Group Policy settings has been a thing for millions of domain-joined Windows devices for many years, and the future of configuration options has expanded with the addition of many of these settings in Microsoft’s cloud endpoint management tool called Endpoint Manager (aka Intune).

Many of the same settings that businesses are accustomed to configuring today, using the traditional Group Policy settings, are also available by using the cloud management tool various Configuration Policy settings. They work in much the same way, using the new cloud interface from you browser.

The beauty of the new cloud interface is the ease in which Microsoft can add, change, and remove settings overnight. The worst part of the cloud interface is Microsoft can add, change, and remove settings overnight. Gone are the days of writing a GPO and it is good for many years. Now you can easily create a new Configuration Policy that does exactly what you need it to do, and it may last many years or it may be obsolete in a few months. That means you life is potentially just as easy, but you have to monitor the news feed from Microsoft to keep apprised of changes before they impact you production systems.

10 Certification Exam Tips and Tricks

1. Know The Exam Before The Exam

Each entity will have an official exam page for your certification that details the audience, level of expertise required, and a summary of the material you will be required to demonstrate familiarity. Make sure you read the overview of the test, meet the required prerequisites, download any available study materials, and read all available details provided to make sure you know exactly what is expected for you to prepare for the exam.

Also make sure you understand the format of the exam, which can vary from multiple choice, essay, real-world scenarios, and extensive labs. If you are expecting multiple choice and are confronted with two hours of lab work, you might find that you have not studied the correct material to pass the certification exam.

2. Single Cram Sessions Don’t Work

No matter how smart you think you are, you will probably need to study the material included on the exam. Very few people can show up on exam day and pass with little or no preparation. The idea is to know what is on the test, and study to pass the exam. Knowing the material and knowing what you need to pass the exam could be two different things.

Without actual hands-on practice, it’s very difficult for anyone to pass a certification exam on your first attempt.

3. Instructor Training is Tops

Most people still see instructor-led training courses as the very best way to learn the material required to become certified. Formal training centers will provide experts to give you the training you require to pass the exam, but that training will also be the most structured and expensive. These experts can make sure they alter their training to meet your needs as tests evolve or the training material changes. It may also be the best format for asking technical questions or to get one-on-one help.

Printed study guides or a pre-recorded video may not be as updated or dynamic as a live instructor, but they can also be a good resource if you already know most of the material or just need a refresher on the material covered in the exam. If you have questions or concerns about the printed guide or a segment of the video, there also may be no way to get your questions answered.

Another study method might be a friend or co-worked you also wants to take the exam, or maybe has already passed the exam and is willing to study with you on this journey. The both of you together may be better prepared to work though any questions and help support each other to successfully pass the exam.

4. Certification Boot Camps

If you have never worked with the technology covered by the exam, or are new to technology in general, you may want to attend a Boot Camp. These are immersive week-long training sessions intended to take you through all the required material to move you from zero to hero in one short week. Most are instructor led full day classes that often guarantee you will pass the course at the end of the long week.

Th method can be a more expensive solution to certification training, but the reward is quickly moving through the material to pass the exam in just 5 long days of intensive studying.

5. Free Can Be Good

You should seek out free resources to help you study. If you search the internet, you will find free material on just about any topic, some of it will be really good.

Watching a few free videos online or checking out a book from your local library can be a great way to get a feel for the material on the exam to help you determine if you need formal training or just a refresher. Online practice tests or sample review questions can help you determine if you have the appropriate level of experience and knowledge to pass the exam.

You also have to accept that you may also get your moneys worth. Free isn’t always great. Validate the material to make sure you have discovered a quality resource and never assume you are getting great material for free without checking how accurate and appropriate the material is for your testing needs.

Articles, blogs, white papers, and videos can also help fill in missing information and complement your training.

6. Experience Is King

The very best way to pass a certification exam is to really know the material, and the very best way to really know the material is to have some real experience using the technology covered in the exam. Training can be a great way to learn about something, but to truly become an expert you need to use the technology.

Most platforms offer free trials that allow you several hours of free access to get your hands dirty and to really use the platform or tool that you have heard about in the classroom or read about in a training guide. Take a look to see if you qualify for a free account at AWS, GCP and Microsoft Azure. Other vendors also offer free access to their tools, so don’t be afraid to ask for a free account.

7. Certification Guides

A printed certification guide can provide everything you need to know about a certification, including exam requirements, course recommendations, details on how it might impact your career, next steps in your certification journey, and additional information around how other training or certifications fit into your chosen career path. These books can be considered complete guides and can be referenced throughout the entire certification process and even later as reference material months or years after you have passed the exam.

Always seek out the training material from the vendor before you assume you need to buy a third-party study guide. If you can read the vendor’s online material and learn everything you need to know, why pay for a book?

8. Know How to Take The Exam

Once you are confident you know the technical material, you must also study the exam. You need to understand how to take the exam before you take the exam. You need to understand who offers the exam, how long do they give you to complete the exam, what must you bring with you to the exam center, what items are prohibited at the testing center, how is the test structured, how is the test scored, etc.?

Don’t just schedule the exam and hope everything will be fine. Knowing everything having to do with how to take the exam is half the battle.

9. Exam Day Tips

After you have jammed all the new technical knowledge into your brain, you know exactly how to take the test, and you have the test schedule you need to prepare yourself on the day of testing to maximize your success. You need to remove all the distractions so you can focus on the exam. Clear your calendar of any meetings or other commitments a couple of hours before and a couple of hours after the scheduled exam. You don’t want to feel rushed because you have an important meeting just before or just after a very important test. Be prepared to take the full time allowed to complete the exam. You are not awarded any extra points for finishing early. Make sure you review the entire test, if possible, to make sure you doublecheck your work and to verify you have answered all the questions possible. Don’t change any answers unless you are absolutely positive your first answer is incorrect. Trust your initial instincts.

10. You Won’t Be Perfect

When taking the exam, you won’t know all the answers and you will get some answers wrong, but that is fine. As long as you know enough to pass, you are still certified. A certification is an indication to your boss, co-workers, friends, and future employers that you possess a certain valued skillset and that you were willing to put in the hours of work it takes to pass a certification exam.

Cloud Security Best Practice

There are several things you can do to improve the security of your online cloud environment. Protect your business assets by enabling specific controls when available.

Access Control – Enable Multi-Factor Autherntication (MFA) and Conditional Access when possible. This means requiring not just usernames and passwords to acccess you critical cloud-based systems, but also requiring multi-factor authentication. Instead of allowing user access with just something you know (password), also require a user to prove their identify with something they have (cellphone) or something they are (fingerprint). You may also be able to enable conditional access, which allows an administrator to add additional requirements to your login process, like only allowing you to log into the cloud envirnment using an authorized laptop, from a specific location, etc.
Improve Security Posture – Use the tools available from your cloud provider to improve your overall security posture. Microsoft Azure offers a secure score rating, showing you recommended actions and comparing your security profile to other tenants. This can drive security changes that you may not even know are possible and provide instructions specific to your environment.
Secure Your Applications – Train your developers in security best practices such as Security Development Lifecycle (SDL) and test for common development issues using OWASP as a guide. Encrypt everything possible, including all internal and external connections. All data that is stored or processed should also be encrypted. Your backups should be encrypted and stored in a secure location away from the production data. Review your relationships with all vendors to make sure it is crystal clear who is responsible for all aspects of your security. You are responsible for everything unless it is specifically stated otherwise in your vendor contract.
Understand and Mitigate Risks – Use best practice guidelines to identify threats and build processes to protect all your systems from known threats, detect any attacks that malicious groups may use in an attack in your envirnment, and respond to threats and attacks before your systems can be compromised. You should utilize a security information and event management (SIEM) system to collect the logs from all systems. Once the logs are in a central location you can build alerts when specific events occur, as well as identify risky behavior before the systems can be compromised.
Maintain Network Security – Even through the cloud moves systems outside of your on-premise environment, the proper configuration of your firewall is still very important. Controls still need to be in place to protect the perimeter, detect hostile activity, and respond to all possible threats. A web application firewall (WAF) protects web apps from common exploits like SQL injection and cross-site scripting. Using concepts like virtual networking and subnet provisioning, you can micro-segment your network to provide additional security as you work toward zero trust networking. Enable your endpoint firewall, like Windows firewall, to properly protect the endpoints as the move outside your protected on-premise network.

While protecting your company assets from a constantly envolving threat landscape can seem an impossible (and expensive) task, some basic security processes can start you down the path towards a best-practice security environment. Don’t try to do everything at once. Start simple with the goal of constant improvement.

SQL Server 2019 and Azure Data Studio

At its Ignite conference in Orlando last week, Microsoft released a new version of its core relational database, SQL Server 2019. The new version takes the important capabilities we have admired in previous releases and expanded them to leverage data virtualization with PolyBase and combine Kubernetes with its container compatibility.

While PolyBase can connect to Hadoop clusters and Azure storage, this new version can now also connect to other SQL Server instances. This also allows the BDC master node to communicate with the BDC compute, plus data and storage pools, to allow the nodes in the storage pool to connect to data in the co-located HDFS storage.

Microsoft provides a tool named Azure Data Studio (works with all supported versions of SQL Server 2014 – SQL Server 2019) to do some of this new work. This new cross-platform tool can be used for T-SQL querying, notebook development, running Spark jobs on BDC deployments, etc. It is essentially a cross-platform database tool for on-premises and cloud data platforms that can be used on Windows, MacOS, and Linux endpoints.

Continue reading “SQL Server 2019 and Azure Data Studio”

May PowerShell: Auditing Office 365 using PowerShell and Hawk

Note: For the month of May 2019, I’m focusing on PowerShell information that could help you better utilize this powerful scripting tool in your environment.

Hawk is a Powershell based tool for gathering information related to O365 intrusions and potential Breaches. You can simply use the Hawk Powershell Script that makes use of Exchange Online and Azure powershell scripts to generate the auditing reports you may need when investigating a suspected breach.

Reports Include:

CAS Mailbox Info
Azure Audit Logs (writes AzureActiveDirectoryAccountLogon: User login events with IP addresses)
Mailbox Audit Report (Mailbox login report with delegate and admin actions)
User Mailbox Forwarding Information
User Inbox Rules Information
Mailbox Info
Mailbox Statistics
Azure Authentication logs report (All authentication activity for the user in RAW + Readable form)

Azure AD reports rely on AAD P1 and P2 licenses, make sure you have the required licenses assigned.

GitHub Repository: https://github.com/Canthv0/hawk

A good starting place is the “Start-HawkTenantInvestigation”, this will run all the tenant based cmdlets and provide a collection of data to start with. Once this data has been reviewed if there are specific user(s) that more information should be gathered on “Start-HawkUserInvestigation”, which will gather all the User specific information for a specific user.

Update: Cloud Comparison AWS vs. Azure vs. GCP

Update: When discussing market growth and sales review, Microsoft is gaining on Amazon but Azure has a very long way to go before they match sales dollar-for-dollar with AWS. These charts from Seeking Alpha, revenue at top and market share at bottom, show Azure is growing but has a long way to go to beat AWS. Google is in a distant third.

Original Post (12/03/2018):

Compute

Continue reading “Update: Cloud Comparison AWS vs. Azure vs. GCP”

Cloud Comparison: AWS vs. Azure vs. GCP

Compute

Continue reading “Cloud Comparison: AWS vs. Azure vs. GCP”

CASB Explained

A Cloud Access Security Broker (CASB) acts as a gatekeeper between your company’s endpoints and the multiple cloud services they use, and is positioned on the network perimeter. CASB software allows your company to extend your security policies to SaaS applications such as O365, Salesforce, Dropbox, and IaaS platforms such as Azure or AWS. A CASB simply helps a business secure communications end-to-end from cloud to device and vice-versa, regardless if the device is managed or unmanaged, from any location or any user.

In addition, modern BYOD policies can leave businesses staring liabilities in the face as employees begin to use cloud services without the IT department’s knowledge. This so-called ‘Shadow IT’ leaves data in the dark. Businesses have a responsibility to keep track of sensitive data, and with GDPR around the corner there’s no room for complacency. CASB can help enterprises make a compliant move to the cloud.

Continue reading “CASB Explained”

Troubleshooting RDP connections to an Azure VMs

One of the most important aspects of placing your computers on Azure is the ability to connect to them using the Remote Desktop Protocol (RDP) to your manage your Windows-based virtual machines (VM). The issue with RDP can be with the Remote Desktop service on the VM, the network connection, or the Remote Desktop client on your host computer. We will attempt to guide you through some of the most common methods to troubleshoot and resolve common RDP connection issues.

The steps are displayed in the general order, but you should try reconnecting to the VM after each troubleshooting step.

Continue reading “Troubleshooting RDP connections to an Azure VMs”

10 Facts About Deploying Microsoft Office 365

Microsoft Office 365 is a popular choice for enterprises that want a cloud-based suite of productivity and collaboration applications. The latest version of Office 365 gives you access to online Microsoft Office solutions anytime and anywhere on multiple Operating System platforms.

Microsoft’s marketing description of Office 365:

Microsoft Office 365 now includes Office 2016 and gives you the full Office experience. With access to the latest Office applications as well as other cloud-based productivity services, whether you need Office for home, school, or business, there is an Office 365 plan to meet your needs.

Our Office 365 subscription plans include Office 365 Home, Office 365 Personal, Office 365 University, and Office 365 for Mac. With each plan, you can install the 2016 versions of Word, Excel, PowerPoint, Outlook, and OneNote (Access, and Publisher are also included only for PC users). When a new version of Microsoft Office is released, you’ll get instant access to it so your applications are always up-to-date – and because Office 365 is optimized across your devices it’s easy to get anywhere access to your stuff on your laptop, phone, tablet and more.

Continue reading “10 Facts About Deploying Microsoft Office 365”

Understanding StorSimple

Microsoft is selling an appliance named StorSimple, that can be used for archiving files, a network backup target, or even as a file server. Microsoft bought the company named Xyratex, a former subsidiary of Seagate, to acquire this solution. This appliance was originally not very useful, because:

It shared storage via iSCSI only so it didn’t fit well into a virtualization stack, especially Hyper-V which has moved more to SMB 3.0.
The file storage engine that decided which files stayed local vs. were moved to the Azure cloud was almost useless.
The physical appliance required space in your server rack, when virtualization is the focus for most solutions.
While the box was free, it did require a purchase of an enterprise agreement and paying for moving files out of Azure as some files were accessed.

Microsoft has improved StorSimple over the years and now the product is much more useful.

Continue reading “Understanding StorSimple”

Economics of the Cloud

For most companies, maintaining a large IT presence implies large capital expenditures and a non-trivial amount of accounting and record-keeping to track depreciation, tax considerations, and so forth. When you purchase the hardware and the software, they become yours (in every sense of the word) and your long-term responsibility. The traditional model of enterprise computing is a capital-intensive function that requires expensive data centers (electricity, air conditioning, servers, networks, storage, etc.) and operations staff (hardware swaps, networks, backups, OS updates, upgrades, etc.) to keep it all running effectively. With an on-premises data center, you must plan and provision for maximum utilization, which is financially inefficient.

The appeal of cloud computing includes the ability of enterprises to pay for only what they use. If demand decreases and you no longer need the assigned capacity, you can turn off systems and you are no longer charged for those systems. Since the cloud is a subscription-based model, it is an “operating expense” model. Computing becomes a service for which businesses are billed a monthly charge that is metered by actual usage. The more (compute, network, and storage resources) that you use the more expensive your monthly bill. The less you use, the less you will be charged.

Another way to save money is cloud operations frees your enterprises of the costly tasks of system backups, routine network maintenance, software patches, etc. because you cloud provider can handle these tasks.

Most IT organizations find wide variations in system utilization. Some applications are seasonal and other applications run for a short period of time before being shut down. You might have other applications that are simply unpredictable and you can’t apply a cost saving model.

Building your server infrastructure in a cloud environment can save your business money and allow for greater innovations for less money.

AzureAD PowerShell V2.0 is now GA

Microsoft has announced that PowerShell Azure AD v2.0 cmdlets are now generally available. They updated the names of all cmdlets to conform with the Azure PowerShell naming conventions. Since they’re publishing a new module for these cmdlets, the name of the module has changed as well: the existing module’s name was “MSOL”, the new module is now called “AzureAD”.

Azure Active Directory V2 PowerShell Cmdlets

Add-AzureADAdministrativeUnitMember – Add an administrativeUnit member
Add-AzureADApplicationOwner – Add an owner to an application
Add-AzureADDeviceRegisteredOwner – Add an owner to a device
Add-AzureADDeviceRegisteredUser – Add a user to a device.
Add-AzureADDirectoryRoleMember – Add a member to a directory role
Add-AzureADGroupMember – Add a member to a group
Add-AzureADGroupOwner – Add an owner to a group
Add-AzureADScopedRoleMembership – Add a scoped role
Add-AzureADServicePrincipalOwner – Add an owner to a service principal
Confirm-AzureADDomain – Validate the ownership of the domain.
Connect-AzureAD – Connect with an authenticated account to use Azure Active Directory cmdlet requests.
Disconnect-AzureAD – Disconnects the current session from an Azure AD tenant
Enable-AzureADDirectoryRole – Activates an existing directory role in Azure Active Directory
Get-AzureADAdministrativeUnit – Get an Administrative Unit by objectId
Get-AzureADAdministrativeUnitMember – Get administrativeUnit members.
Get-AzureADApplication – Get an application by objectId
Get-AzureADApplicationExtensionProperty – Get group extension properties
Get-AzureADApplicationKeyCredential – Get an application’s key credentials
Get-AzureADApplicationOwner – Get owners of an application.
Get-AzureADApplicationPasswordCredential – Get and application’s password credentials
Get-AzureADApplicationPolicy
Get-AzureADContact – Retrieves a specific contact from Azure Active Directory
Get-AzureADContactDirectReport – Get the contact’s direct reports.
Get-AzureADContactManager – Retrieves the manager of a contact from Azure Active Directory
Get-AzureADContactMembership – Get contact memberships.
Get-AzureADContract – Retrieves a specific contract from Azure Active Directory
Get-AzureADDevice – Retrieves a specific device from Azure Active Directory
Get-AzureADDeviceRegisteredOwner – Get users that are registered as owner on the device.
Get-AzureADDeviceRegisteredUser – Get users that are marked as users on the device.
Get-AzureADDirectoryRole – Retrieves a specific directory role from Azure Active Directory
Get-AzureADDirectoryRoleMember – Get the members of a directory role.
Get-AzureADDirectoryRoleTemplate – Retrieves a list of directory role templates in Azure Active Directory
Get-AzureADDirectorySetting – Retrieves a directory setting from Azure Active Directory.
Get-AzureADDirectorySettingTemplate – Retrieves directory setting template from Azure Active Directory.
Get-AzureADDomain – Get an domain by objectId
Get-AzureADExtensionProperty – A collection that contains the extension properties registered with the directory.
Get-AzureADGroup – Get a group by objectId
Get-AzureADExtensionProperty – Gets extension properties registered with Azure AD.
Get-AzureADGroupAppRoleAssignment – Get group application role assignments.
Get-AzureADGroupMember – Get members of a group.
Get-AzureADGroupOwner – Get owners of a group.
Get-AzureADMSGroup – Retrieves a group from the directory
Get-AzureADMSGroup – Gets information about groups in Azure AD.
Get-AzureADOAuth2PermissionGrant – Get a list of all oAuth2PermissionGrants granted by users within the directory.
Get-AzureADObjectSetting – Retrieves a object setting from Azure Active Directory.
Get-AzureADPolicy
Get-AzureADPolicyAppliedObject
Get-AzureADScopedRoleMembership
Get-AzureADServiceAppRoleAssignment – Get service principal application role assignments.
Get-AzureADServiceConfigurationRecord – Get serviceConfigurationRecords
Get-AzureADServicePrincipal – Get a service principal by objectId
Get-AzureADServicePrincipalCreatedObject – Get objects created by the service principal.
Get-AzureADServicePrincipalKeyCredential – Get a service principal’s key credentials
Get-AzureADServicePrincipalMembership – Get service principal memberships.
Get-AzureADServicePrincipalOAuth2PermissionGrant – Get the list of the oAuth2PermissionGrants that a user granted this service principal.
Get-AzureADServicePrincipalOwnedObject – Get objects owned by the service principal.
Get-AzureADServicePrincipalOwner – Get owners of a service principal.
Get-AzureADServicePrincipalPasswordCredential – Get a service principal’s password credentials
Get-AzureADServicePrincipalPolicy
Get-AzureADSubscribedSku – Retrieves a list of subscribed SKUs (subscriptions) to Microsoft services.
Get-AzureADTenantDetail – Retrieves the details of a tenant in Azure Active Directory
Get-AzureADTrustedCertificateAuthority
Get-AzureADUser – Retrieves a specific user from Azure Active Directory
Get-AzureADUserAppRoleAssignment – Get user application role assignments.
Get-AzureADUserCreatedObject – Get objects created by the user.
Get-AzureADUserDirectReport – Get the user’s direct reports.
Get-AzureADUserExtension
Get-AzureADUserManager – Retrieves the manager of a user from Azure Active Directory
Get-AzureADUserMembership – Get user memberships.
Get-AzureADUserOAuth2PermissionGrant – Get the list of the oAuth2PermissionGrants that the user granted applications.
Get-AzureADUserOwnedDevice – Get registered devices owned by the user.
Get-AzureADUserOwnedObject – Get objects owned by the user.
Get-AzureADUserRegisteredDevice – Get registered devices registered by the user.
Get-AzureADVerificationDnsRecord – Get verificationDnsRecords
New-AzureADAdministrativeUnit – Create a new administrativeUnit in Azure Active Directory
New-AzureADApplication – Create a new application in Azure Active Directory
New-AzureADApplicationExtensionProperty – Create application extension property
New-AzureADApplicationKeyCredential – Create a new key credential for an application
New-AzureADApplicationPasswordCredential – Create a new password credential for an application
New-AzureADDevice – Create a new device in Azure Active Directory
New-AzureADDirectorySetting – Creates a directory settings object in Azure Active Directory.
New-AzureADDomain – Create a new domain in Azure Active Directory
New-AzureADGroup – Create a new group in Azure Active Directory
New-AzureADGroupAppRoleAssignment – Assign a group of users to an application role.
New-AzureADMSGroup
New-AzureADMSInvitation
New-AzureADMSGroup – Creates an Azure AD group.
New-AzureADObjectSetting – Creates a settings object in Azure Active Directory.
New-AzureADPolicy
New-AzureADServiceAppRoleAssignment – Assign a service principal to an application role.
New-AzureADServicePrincipal – Create a new application in Azure Active Directory
New-AzureADServicePrincipalKeyCredential – Create a new key credential for a service principal
New-AzureADServicePrincipalPasswordCredential – Create a new password credential for a service principal
New-AzureADTrustedCertificateAuthority
New-AzureADUser – Create a new user in Azure Active Directory
New-AzureADUserAppRoleAssignment – Assign a user to an application role.
Remove-AzureADAdministrativeUnit – Delete an administrativeUnit by objectId.
Remove-AzureADAdministrativeUnitMember – Removes an administrativeUnit member.
Remove-AzureADApplication – Delete an application by objectId.
Remove-AzureADApplicationExtensionProperty – Delete an application extension property.
Remove-AzureADApplicationKeyCredential – Remove a key credential from an application
Remove-AzureADApplicationOwner – Removes an owner from an application.
Remove-AzureADApplicationPasswordCredential – Remove a password credential from an application
Remove-AzureADContact – Deletes a specific contact in Azure Active Directory
Remove-AzureADContactManager – Deletes the contact’s manager in Azure Active Directory
Remove-AzureADDevice – Deletes a specific device in Azure Active Directory
Remove-AzureADDeviceRegisteredOwner – Removes an owner from a device.
Remove-AzureADDeviceRegisteredUser – Removes a user from a device.
Remove-AzureADDirectoryRoleMember – Removes a specific member from a directory role.
Remove-AzureADDirectorySetting – Deletes a directory setting in Azure Active Directory.
Remove-AzureADDomain – Delete an domain by objectId.
Remove-AzureADGroup – Delete a group by objectId.
Remove-AzureADGroupAppRoleAssignment – Delete a group application role assignment.
Remove-AzureADGroupMember – Removes a member from a group.
Remove-AzureADGroupOwner – Removes an owner from a group.
Remove-AzureADMSGroup – This cmdlet removes a group from the directory
Remove-AzureADMSGroup – Removes an Azure AD group.
Remove-AzureADOAuth2PermissionGrant – Delete an oAuth2PermissionGrant.
Remove-AzureADObjectSetting – Deletes settings in Azure Active Directory.
Remove-AzureADPolicy
Remove-AzureADScopedRoleMembership
Remove-AzureADServiceAppRoleAssignment – Delete a service principal application role assignment.
Remove-AzureADServicePrincipal – Delete an application by objectId.
Remove-AzureADServicePrincipalKeyCredential – Remove a key credential from a service principal
Remove-AzureADServicePrincipalOwner – Removes an owner from a service principal.
Remove-AzureADServicePrincipalPasswordCredential – Remove a password from a service principal
Remove-AzureADTrustedCertificateAuthority
Remove-AzureADUser – Deletes a specific user in Azure Active Directory
Remove-AzureADUserAppRoleAssignment – Delete a user application role assignment.
Remove-AzureADUserExtension
Remove-AzureADUserManager – Deletes the user’s manager in Azure Active Directory
Revoke-AzureADSignedInUserAllRefreshToken – Invalidates all of the currently signed in user’s refresh tokens issued to applications (as well as session cookies in a user’s browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time.
Revoke-AzureADUserAllRefreshToken – Invalidates all of the user’s refresh tokens issued to applications (as well as session cookies in a user’s browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time.
Revoke-AzureADSignedInUserAllRefreshToken – Invalidates the refresh tokens issued to applications for the current user.
Revoke-AzureADUserAllRefreshToken – Invalidates the refresh tokens issued to applications for a user.
Select-AzureADGroupIdsContactIsMemberOf – From a list of groups Ids select those that the contact is a member of.
Select-AzureADGroupIdsGroupIsMemberOf – From a list of groups Ids select those that the group is a member of.
Select-AzureADGroupIdsServicePrincipalIsMemberOf – From a list of groups Ids select those that the service principal is a member of.
Select-AzureADGroupIdsUserIsMemberOf – From a list of groups Ids select those that the user is a member of.
Set-AzureADAdministrativeUnit – Updates a specific administrativeUnit in Azure Active Directory
Set-AzureADApplication – Updates a specific application in Azure Active Directory
Set-AzureADContact – Updates a specific contact in Azure Active Directory
Set-AzureADContactManager – Updates the contact’s manager in Azure Active Directory
Set-AzureADDevice – Updates a specific device in Azure Active Directory
Set-AzureADDirectorySetting – Updates a directory setting in Azure Active Directory.
Set-AzureADDomain – Updates a specific domain in Azure Active Directory
Set-AzureADGroup – Updates a specific group in Azure Active Directory
Set-AzureADMSGroup – Set a group’s attributes
Set-AzureADMSGroup – Changes attribute values on an Azure AD group.
Set-AzureADObjectSetting – Updates settings in Azure Active Directory.
Set-AzureADPolicy
Set-AzureADServicePrincipal – Updates a service principal in Azure Active Directory
Set-AzureADTrustedCertificateAuthority
Set-AzureADUser – Updates a specific user in Azure Active Directory
Set-AzureADUserExtension
Set-AzureADUserLicense – Add and remove one or more licenses for a Microsoft online service to the list of assigned licenses for the user.
Set-AzureADUserManager – Updates the user’s manager in Azure Active Directory
Set-AzureADUserPassword – Sets the password of a user in Azure AD
Update-AzureADSignedInUserPassword – Updates the password for the signed in user in Azure AD

Example

Update-AzureADSignedInUserPassword – Update a password

PS C:\>Update-AzureADSignedInUserPassword -CurrentPassword $CurrentPassword -NewPassword $NewPassword

This command updates the password for the signed-in user.

Best Practices Checklist for SQL Server on Azure Virtual Machines

Just some quick tips for building a SQL Server instance on Azure virtual servers.

Area	Optimizations
VM size	DS3 or higher for SQL Enterprise edition. DS2 or higher for SQL Standard and Web editions.
Storage	Use Premium Storage. Standard storage is only recommended for dev/test. Keep the storage account and SQL Server VM in the same region. Disable Azure geo-redundant storage (geo-replication) on the storage account.
Disks	Use a minimum of 2 P30 disks (1 for log files; 1 for data files and TempDB). Avoid using operating system or temporary disks for database storage or logging. Enable read caching on the disk(s) hosting the data files and TempDB. Do not enable caching on disk(s) hosting the log file. Important: Stop the SQL Server service when changing the cache settings for an Azure VM disk. Stripe multiple Azure data disks to get increased IO throughput. Format with documented allocation sizes.
I/O	Enable database page compression. Enable instant file initialization for data files. Limit or disable autogrow on the database. Disable autoshrink on the database. Move all databases to data disks, including system databases. Move SQL Server error log and trace file directories to data disks. Setup default backup and database file locations. Enable locked pages. Apply SQL Server performance fixes.
Feature specific	Back up directly to blob storage.

You can get more information about performing Azure database backups here.

Microsoft releases Visual Studio on the Mac?

As additional evidence that Microsoft is welcoming cross-platform development, a prematurely revealed Microsoft blog post revealed that Microsoft is working on a version of Visual Studio for Mac.

The idea isn’t that you will use your Mac to create Windows applications, but that you can include Mac users in your pool of developers as you write Android, iOS, and Mac apps with Xamarin and .NET Core. And Mac and Windows users can share projects, which could be very important to a dispersed team. This is seen as a way for Microsoft to emphasize cloud development on Azure without the focus on Windows development.

You should hear an official announcement and receive a preview download of Visual Studio for Mac sometime during Microsoft’s Connect() conference, which runs November 16th through 18th.

Microsoft Azure obtains ISO 27017

Security is probably one of the first things people ask about when looking at a cloud provider. How do you know the cloud provider is performing their required security functions correctly to keep your systems and data secure? Microsoft is continuously adding and improving security to it’s Azure offerings, and now they have achieved ISO certification. ISO is an international organization that establishes standards in a variety of areas, and has over 21,000 different standards. Customers look to a ISO standard to help them measure and compare competitors.

This certification provides guidance on 37 controls in ISO/IEC 27002 and features seven new controls not addressed in ISO/IEC 27002. Both cloud service providers and cloud service customers can leverage this guidance to effectively design and implement cloud computing information security controls. Customers can download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous commitment to providing a secure and compliant cloud environment for our customers.

Azure N-Series Preview Ready

There has been talk of Microsoft’s plans to announce their N-Series virtual servers and Microsoft has finally announced the preview of these new servers powered by Nvidia graphics. The new virtual machines provide users with GPU accelerated workloads and visualization, and come in two categories, NC and NV.

The NC series have compute-focused GPUs aimed at those who want to run intensive HPC workloads using CUDA or OpenCL. The servers are powered by Tesla K80 GPUs, which Microsoft claims is the fastest computational GPU in the public cloud.

	NC6	NC12	NC24
Cores	6 (E5-2690v3)	12 (E5-2690v3)	24 (E5-2690v3)
GPU	1 x K80 GPU (1/2 Physical Card)	2 x K80 GPU (1 Physical Card)	4 x K80 GPU (2 Physical Cards)
Memory	56 GB	112 GB	224 GB
Disk	380 GB SSD	680 GB SSD	1.44 TB SSD

The NV series use Tesla M60 GPUs and Nvidia GRID, for customers running single-precision workloads like encoding and rendering. The new virtual servers offer superior graphics capabilities, cutting down times with 4096 CUDA cores.

	NV6	NV12	NV24
Cores	6 (E5-2690v3)	12 (E5-2690v3)	24 (E5-2690v3)
GPU	1 x M60 GPU (1/2 Physical Card)	2 x M60 GPU (1 Physical Card)	4 x M60 GPU (2 Physical Cards)
Memory	56 GB	112 GB	224 GB
Disk	380 GB SSD	680 GB SSD	1.44 TB SSD

Configuring Windows 10 Virtual Machine in Azure

Windows 10 is the next version of the Windows desktop. You may love your Windows 7 or Windows 8.1 desktop, but you must understand the days of those Operating Systems being supported are limited. Now is a good time to start evaluating Windows 10, and an easy way to do that is using Azure virtual machines.

In this article by Prasanna Murali we get step-by-step instructions on how to crate a new Windows 10 virtual machine in Azure.

The following are the steps needed to create a Windows 10 virtual machine.

Step 1: Login into to Azure Management Portal by clicking here.

Step 2: Click New button from Azure Management Portal, as shown below:

Step 3: From the new blade, click the virtual machine, as shown below:

You should read the entire article for all the details.

Understanding Docker

What is Docker?

Docker is software that allows a developer to create a “container” that wraps their solution in a complete filesystem that contains everything the program needs to run. This includes any programming code, runtime and system libraries, any system tools, etc. that the developer would normally rely on the OS to provide. Since everything the program needs to operate correctly in included in the Docker container, the program is guaranteed to run for a long as the container exists.

Why use Docker?

Once a developer creates and tests the container, it is an easily deployed package that runs on a single machine, sharing the same operating system kernel. The container will start instantly and should use less RAM. No Windows patches or server upgrades will have any negative impact on the program. Since containers isolate applications from other programs installed on the same computer, including other containers, and container is protected from the underlying infrastructure. Containers include the application and all of its dependencies but share the kernel with other containers, running as isolated processes in user space on the host operating system.

You can get more information about Docker here. Using Docker with Azure.

Free eBook: Migrating SQL Server Databases to Azure

This new eBook from Microsoft is free right now. While it does explain a little about Azure and SQL Server, it also includes one or more walk-throughs for creating a trial Azure subscription, an how-to on creating a SQL Server instance with an Azure virtual machine and Azure SQL Database instance. It also talks about migrating an on-premises SQL Server database instance to each available Azure solution.

The free eBook is available here.

Stretch Database in SQL Server

Data is usually categorized into levels of importance and frequency of use based on age, and older data is usually less important than recent data. While today’s data, or this week’s data, is access more frequently than older data, you usually have to keep that older data for compliance or business-specific reasons. Storing historical data that isn’t accessed very often can be more expensive if you treat that data the same way as the more recent data, because you usually store frequently accessed data on the fastest drives that you can afford. The cloud can be a good solution for storing and managing historical data, because you can selected less expensive tiers of storage because while you need the data to be available, it doesn’t have to be on fast drives.

SQL Server Stretch Database utilizes the resources in Microsoft Azure to allow you to push archival data to the cloud. Once enabled at the table level, Stretch Database will automatically migrate your historical data to Azure. Stretch Database will also use the power of Azure to run queries against that older remote data.

You can learn more about Stretch Database from Microsoft.

Share this:

Like this:

Compute

Share this:

Like this:

Share this:

Like this:

Introduction

Share this:

Like this:

1. Know The Exam Before The Exam

2. Single Cram Sessions Don’t Work

3. Instructor Training is Tops

4. Certification Boot Camps

5. Free Can Be Good

6. Experience Is King

7. Certification Guides

8. Know How to Take The Exam

9. Exam Day Tips

10. You Won’t Be Perfect

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Compute

Share this:

Like this:

Compute

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Azure Active Directory V2 PowerShell Cmdlets

Example

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: