AZ-104 – Azure Administrator Study Guides

Thomas Maurer – Study Guide AZ-104 Azure Administrator

https://www.thomasmaurer.ch/2020/03/az-104-study-guide-azure-administrator/

Richard HooperPixel Robots – Study resources for the AZ-104 Microsoft Certified Azure Administrator

https://pixelrobots.co.uk/2020/02/study-resources-for-the-az-104-microsoft-certified-azure-administrator/

WVD – Windows Virtual Desktop – Admin Tasks, Tips and Useful Blogs

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems

Office 365 – Security (Part 1)

Have you setup MS Office 365? Did you start with security in mind?

Have you reviewed your Security and privacy settings? Nothing is configured out of the box. When implementing o365, start treating the platform as if you were securing your On-Prem infrastructure.

Start with the basics:

  • Password Policies
  • Privacy Statements

Can you add additional security to users?

Have you enabled and enrolled users to use MFA? Is it Enfored MFA?

Has access been restricted?

https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location

Mobile Device Management, are you applying any controls to apps accessing OneDrive?

Has logging been enabled for the Office 365 Security and Compliance reports and stats

Azure Administrator – Tasks and Guides

Your one stop shop for the Azure Administrator resource pool of tasks.

Task
Set the tenant, subscription, and environment for cmdlets to use in the current session.
Plan virtual networks
Configure Azure Multi-Factor Authentication settings
Create DNS records in a custom domain for a web app
Add your custom domain name using the Azure Active Directory portal
Create a route-based VPN gateway using the Azure portal
Connect virtual networks with virtual network peering using the Azure portal
Troubleshoot password hash synchronization with Azure AD Connect sync
Manage device identities using the Azure portal
How to manage the local administrators group on Azure AD joined devices
Azure Load Balancer For RDP
Create a virtual network (classic) with multiple subnets
Point-to-Site VPN routing
Back-end health and diagnostic logs for Application Gateway
All things Azure and Sysadmin stuff
Set up Disaster Recovery for Azure IaaS VMs
Migrate AWS S3 buckets to Azure blob storage
Azure Security Center: Learning the ropes (resources)
Copy Files to Azure VM using PowerShell Remoting
How to manage Azure VMs with Windows Admin Center
Conditional Access rules for Admin MFA
Tag @stephenhackers on Twitter with your Azure blog pages

OMS – Azure Automation

What is OMS? .
Is it.. System Center Online rebranded?
OMS is used to gather logs centrally and make decisions upon this information.

What can you do with Operations Management Suite (OMS)?
PaaS application which is running on Azure
Use it to manage on prem or azure based VMs

How do you create and OMS setup
Ideal concept, Log all the information to a storage account. OMS will trawl the logs to make use of the information. The default agent in a VM has the information to transfer to a storage account and passing it to OMS.

Grab solutions from a portal.

  • Check status of patches
  • Change management
  • Log queries
  • Identify weakness in the environment

How you access OMS
OMS workspace is accessed via a web browser to view the information.

OMS Pricing
OMS free version holds data for upto 7 days
OMS costs for per machine monitoring

Identify Weakness or Issues.
For example No End Point security on VMs might be flagged
A recommendation to install a 3rd party tool.
Example : Deep Security – Trend Micro. An Azure recommended product for end point protection appears on the list in the filtered market place

Azure and Containers

What is a container?
A container is a live and running copy of an image which may have been customised.
An image is a read only copy of an image before it was running as a container

How do you implement containers in Azure

Two options, containers we deploy ourselves and containers Microsoft manage
Container can be running on Windows 2016 or Linux OS
CPU and Ram assigned to each individual container

Containers Limited security risk?
Microsoft offers Hyper-V running containers for those concerned
Azure container covers this way.
Others offer shared application containers.

Notes around Docker?
A docker file is like a script to build the container which takes a source and makes an app on an image, which makes a container as its running.

Docker has other tools: Docker toolbox, Docker client and Kitematic (GUI client)

How to Install Docker for Windows

https://docs.docker.com/docker-for-windows/install/

Quick install guide :
1) Navigate to https://docs.docker.com/docker-for-windows/install/#download-docker-for-windows
2) 
On the Install Docker for Windows page, click Get Docker for Windows (Stable).
3) When prompted whether to run or save Docker for Windows Installer.exe, click Run.
4) Once the installation completed, click Close and log out.
<https://github.com/MicrosoftLearning/20533-ImplementingMicrosoftAzureInfrastructureSolutions/blob/master/Instructions/20533D_LAB_AK_07.md>

Note
When you make a mistake deploying a docker-machine .. Ie.. Forget to enter a region… But the machine builds and you enter an error state.
Start again by removing the docker-machine

Launch CMD as admin : docker-machine rm “machine name”

 

Kubernetes
Kubernetes a management tools to for Docker. An alternative Docker Swarm for large scale
Deploy Kubernetes cluster for Linux containers

From <https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-walkthrough>

https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes

DCOS getting started with Kubernetes

https://kubernetes.io/docs/getting-started-guides/dcos/

Set Up Your Microsoft Azure Environment With PowerShell

Step 1 : Install Command Line Tool For PowerShell

https://azure.microsoft.com/en-in/downloads/

Step 2: Launch PowerShell as Administrator

Type in the following

# get the Azure RM module installed first

Install-Module AzureRM

# import the module for use

Import-Module AzureRM

 

Step 3: Getting started with IaaS & PowerShell scripts

#Create a resource group

New-AzureRmResourceGroup -Name Project1ResourceGroup -Location “West Europe”

#Create a new subnet and store in a variable

$Project1Subnet1 = New-AzureRmVirtualNetworkSubnetConfig -Name Project1Subnet1 -AddressPrefix “10.0.1.0/24”

#Create new network and add the subnet stored in variable

$virtualNetwork = New-AzureRmVirtualNetwork -Name ProjectNetwork -ResourceGroupName Project1ResourceGroup -Location “West Europe” -AddressPrefix “10.0.0.0/16” -Subnet $Project1Subnet1

#add additional subnet to the network

Add-AzureRmVirtualNetworkSubnetConfig -Name Project2Subnet2 -VirtualNetwork $virtualNetwork -AddressPrefix “10.0.2.0/24”

$virtualNetwork | Set-AzureRmVirtualNetwork

 

GitHub

Sign up to GitHub.. Create your own repository https://github.com/

Git Hub Desktop to grab a bunch of files… Full Git hub desktop to sync https://desktop.github.com/

Microsoft Azure PaaS – Web Apps, Storage and Site Recovery

PaaS / App Service

Check out the Azure App Service gallery of applications

Most Web Apps would use Autoscaling

When deploying web apps, consider integration and deployment options.. GitHub, DropBox, Visual Studio etc

Additional features include Azure WebJobs or Functions (functions for background tasks)

How you connect to the web apps could be a hybrid connection or VPN

Azure virtual network is available for the web apps ( standard upwards)

Authentication and Authorization ( Azure AD is optional, but there are easy connections to Facebook, Amazon, Google etc )

 

Mobile Services to Mobile apps

Logic APP

Work flow is built in to Office 365

If you get twiter post… Send mail. Etc flow

 

Traffic Manager

Traffic Manager has a cost (multi region coverage)

Load-Balancing single sites (free)

 

Storage

Planning and Implementing storage, backup and recovery methods

Blob storage, Table storage, Queue storage, or File Storage

 

Content Delivery Network

Videos / Office 365 back end Skype Business runs on it to handle to mass meetings, converting the presenters meeting to MP4 video and distribute via CDNs

CDNs cached copies in multi regions

1st connection costs

2nd onwards uses the cached copy

 

Backups

Use your own method, Use Azure backup, backup on prem, backup in the Azure

All done via DPM

Backing up VMs in Azure is fast. Incremental is the option and then its one option to do a full restore of a VM

DPM will dedupe the OS section of the VM in Azure, Hyper-V and vSphere VMs

 

Azure Site Recovery

Orchestration, replication and failover.

Switched off replica server in IaaS

Replicate , VMware VMs, Physical, Hyper-V VMs, Hyper-V hosts

Documentation on the setup of VMware VMs to Azure using Azure Site Recovery

https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-setup-replication-settings-vmware

Site Recovery concept to migrate to Azure

https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-migrate-to-azure