Azure Hub and Spoke Virtual Network (VNet) with a VPN Gateway

In this video, we create a hub and spoke network in Azure by peering our spoke VNet’s to a centralized, Hub Virtual Network.  Then we use a VPN Virtual Network Gateway to enable gateway transit connectivity between the spokes.  Next, we configure routing with Azure Route Tables and User Defined Routes (UDR) to send traffic going to other spokes to the hub.  Then we log into a virtual machine and verify connectivity.

Continue reading “Azure Hub and Spoke Virtual Network (VNet) with a VPN Gateway”

Link Azure Automation to Log Analytics

Azure Automation Log Analytics

Log Analytics is a great tool for storing and searching log data.  We can link an Azure Automation account to a Log Analytics workspace, but the process may not be as obvious as one would think.  In this video, we create a Log Analytics workspace then link it to Azure Automation account. Next, we configure the Automation account to send diagnostic data to a Log Analytics workspace and verify data goes to the workspace.

Continue reading “Link Azure Automation to Log Analytics”

Azure Automation Subscription Null or Empty

What do you do if you are setting up a new Runbook in Azure Automation and get a message similar to:

“Cannot validate argument on parameter ‘Subscription.’ The argument is null or empty.”

No Subscription Error
No Subscription Error

And this is a new managed identity, or maybe the first time using the identity?

Looking at the roles assigned to a new System Assigned Managed Identity, we can see that all the RBAC roles are from Azure AD.  Remember, the subscription and Azure AD are different scopes for RBAC roles.  By default, a new System or User Managed Identity does not have rights to the subscription. 

Default Azure AD Roles

The default settings have no Subscription level rights.  Because of that, no subscription value returns when the Connect-AzAccount -Identity command runs to authenticate the runbook with the managed identity.  We can verify that with the output from the $AzureContext variable used to authenticate the runbook.

No Subscription

The fix is easy, assign the managed identity a role in the subscription.  Odds are, you intend to do that anyway.  After all, why log in with the managed identity if it’s not going to interact with the subscription?

Once we assign a role in the subscription, the login context will have a subscription to add.

With Subscription

Scheduled Agent Updates in Azure Virtual Desktop

Scheduled Agents Updates AVD

Until now, there has been no options available to schedule when Azure Virtual Desktop Agent updates take place.  Now in preview is an option to set a weekly schedule that defines when agent updates can take place.  This video goes over what components make up the AVD agent and how updates take place.  We then review how to set a schedule for both validation and non-validation host pool environments.

Continue reading “Scheduled Agent Updates in Azure Virtual Desktop”

AZ-900 Core Azure Architectural Components Part 3

az-900 Azure Fundamentals

This is the third video in a series on the Azure AZ900, Microsoft Azure Fundamentals exam.  The AZ-900 is required for the Azure Fundamentals Microsoft Certification.  The video covers the skills measured “describe the core Azure architectural components” found under the section heading “Describe core Azure services”.  Topics include Management Groups, Subscriptions, Resource Groups, Regions, Paired Regions, Availability Zones, and ARM.  Keep an eye on the playlist for more videos to come.

Continue reading “AZ-900 Core Azure Architectural Components Part 3”

AZ-900 Describe Cloud Concepts, Microsoft Azure Fundamentals Part 2

az-900 Azure Fundamentals

This is the second video in a series on the Azure AZ900, Microsoft Azure Fundamentals exam.  The AZ-900 is required for the Azure Fundamentals Microsoft Certification.  The video covers the skills measured “describe the differences between categories of cloud services” found under the section heading “Describe Cloud Concepts”.  Topics include IaaS, PaaS, and SaaS computing and the shared responsibility model.  Keep an eye on the playlist for more videos to come.

Continue reading “AZ-900 Describe Cloud Concepts, Microsoft Azure Fundamentals Part 2”

Private Endpoints and DNS Part Deux: Azure Private DNS Zones

This is a second video on Azure Private Endpoints and DNS.  Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the privatelink.file.windows.core.net zone. However, that option required manually adding hosts to the DNS zone.  This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS.  Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.

Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”

SMB Multichannel with Azure File Shares

Azure File Shares Premium support SMB multichannel, a way to improve throughput for applications and services.  This video goes over what it is and how it works.  It also goes over performance, network, and Azure VM considerations to help make the best of Azure Files premium.

Continue reading “SMB Multichannel with Azure File Shares”