Anything covering Azure e.g. Azure AD, Virtual Machines, VPN
Katy Nicholson, 14 February, 2022
Log Analytics is part of Azure and is a great solution for analysing and interrogating logs across a huge assortment of Azure services. In this post I am going to demonstrate redirecting Azure AD logs to Log Analytics, and then build a dashboard showing various data from those logs. You will need to have Azure AD P1 or P2 licensing in order to redirect the Azure AD logs, and an Azure subscription to create the workspace.
Katy Nicholson, 27 January, 2022
Applications can be installed onto Azure Virtual Desktop Session Hosts in multiple ways. In this post I briefly look at the traditional methods, and have a detailed look at MSIX App Attach.
Katy Nicholson, 24 December, 2021
Azure Virtual Desktop (previously named Windows Virtual Desktop) is exactly as it sounds - a Virtual Desktop solution in Azure! While many of us are familiar with Windows Server Remote Desktop roles, and if we think back far enough - Terminal Services, AVD is an exciting cloud based take on this. So the first question I think we should tackle is "Why do I need this?" - Why can't we just use some Server 2022 VMs in Azure running the standard RDS roles - Session hosts, brokers, gateway etc? Well - you can do that if you want, but you're then paying compute costs for your session hosts, brokers and gateways, setting up a public IP address and opening ports. With AVD the broker and gateway are provided on Azure and they're free - all you pay is the cost of the Session Host VMs. Another point here is that with AVD you can use Windows 10 (or 11) Multi-session edition, designed for virtual desktops. No more trying to shoehorn Server with Desktop Experience into place.
Katy Nicholson, 10 October, 2021
A look at how a hybrid user logged into an Azure AD Joined device can SSO to on-premises resources, whether they logged on with a password or using Windows Hello for Business.
Katy Nicholson, 18 June, 2021
Azure Cloud Shell is a great feature which gives you a PowerShell (or Bash) window in the browser. Whilst you can't access on-premise resources from the shell you can manage anything cloud based. By default there's a huge selection of Azure modules loaded, plus things like Teams.
Katy Nicholson, 5 March, 2021
Multi-factor authentication is a must in this day and age, with phishing techniques becoming more and more sophisticated and more difficult to detect/block. Azure MFA can be used to secure your Office 365 workload (and, if you're using it as the authentication method for other services, they can be secured too).
Katy Nicholson, 19 February, 2021
Azure AD Password Protection is part of Azure Active Directory and helps prevent users from picking poor/easily guessable/compromised passwords. Microsoft maintain a "global banned passwords" list which stores passwords which are "deemed too common". Obviously this list is not published, but by using Azure AD Password Protection you can have password changes run against it for both cloud and on-premises users. You can also create a custom banned password list, of up to 1000 entries, containing easily guessable things about your organisation, e.g. product names.
Katy Nicholson, 13 February, 2021
A look at backing up Azure Storage Accounts, Azure Virtual Machines and Azure Databases to an Azure Recovery Services Vault
Katy Nicholson, 29 January, 2021
Azure AD Application Proxy is a really neat tool for publishing internal applications without exposing your servers to the Internet. If your applications require authentication for users to access them you can get Azure to handle all this for you, and it supports single sign on. Alternatively if you've got an old or obscure application that can't cope with Azure SSO you can configure it to use passthrough authentication, where the internal application remains responsible for this task.
Katy Nicholson, 22 January, 2021
If you've connected Windows Admin Centre to Azure you'll find a section called Azure Backup. This will allow you to back up your on-site workloads to Azure using the Microsoft Azure Recovery Services agent. It's ideal for backing up physical servers or individual virtual machines. In this post I'm going to look at configuring and backing up a server through Windows Admin Centre, and then at how to recover the data - both for a partial failure (such as some files being deleted but the server still boots) and a total failure.
Katy, 8 January, 2021
Hybrid Cloud Print is a solution to allow users to print to on-premise printers from their devices without needing to be on site or even have VPN connectivity - they just need Internet access. It is however fairly complicated to set up and requires multiple app registrations in Azure, and an Application Proxy server setting up. In this post I go through the steps on how to set it up and print from an Intune managed device. It has been replaced with Universal Print, however you can still set it up and use it if needed.
Katy Nicholson, 8 January, 2021
Universal Print is the new way to cloud print from your devices. It replaces Hybrid Cloud Print and is a lot easier to set up and manage. You'll need your devices to be connected to Azure AD (either domain joined or hybrid joined, or registered).
Katy Nicholson, 19 October, 2020
Azure Backup Server runs on a local server and can back up your workload to local storage as well as to Azure Recovery Services Vault.
Katy Nicholson, 26 August, 2020
If you are moving any of your local network services into Azure it's likely you don't want to have to access them over the Internet and would rather have a VPN, and "private" IP addresses assigned to each of your Azure Virtual Machines. Here I go through how to set this up using my home lab and Azure tenancy as an example.
Katy Nicholson, 24 August, 2020
In-place upgrade of Windows 2016 Azure VMs to Windows 2019 is not officially supported but still something we occasionally need to do. While I'd recommend you spin up a new 2019 VM and migrate your workload if at all possible, it's a bit long winded but you can do an in-place upgrade. If you're lucky it's as simple as copying the files off the ISO and running through the upgrade wizard, however if it brings up any prompts or messages you need to connect to the console to view you'd not get very far with a service like Azure where you cannot view the console, and this is one of the reasons why it is unsupported directly on Azure.