In this video, I go over Azure AD Administrative Units. Azure AD Administrative units are a way to delegate admirative tasks to a subset of Azure AD users. We review how to create Admin Units and how to add users and groups to an Administrative Unit. We also delegate administrative rights to a user to on an Administrative Unit.
Continue reading “Azure AD Administrative Units”
The playlist below is a three-part video series that takes a user through the process of using Azure Image Builder to create a custom Windows 10 multi-user image. The first video starts with an overview and configuring a subscription for Azure Image Builder. The second video demonstrates creating and deploying a template and building an image based on that template. The third video walks through the steps to add software to the image in the build pipeline.
Continue reading “Azure Image Builder Trilogy”
Hello Everyone, I have some exciting news to share. I published a new course on Udemy called Zero to Hero with Windows Virtual Desktop. This course has over 5 hours of all new content to get anyone with little to no experience with Windows Virtual Desktop up and running quickly. To celebrate the new course, I’m offering it at a special promotional price.
https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/
Zero to Hero with Windows Virtual Desktop is an introductory course for Windows Virtual Desktop that starts with the basics. What exactly is Windows Virtual desktop and the components that make up the service? We then move onto the prerequisites, those items that need to be in place for a successful Windows Virtual desktop deployment.
Continue reading “Zero to Hero with Windows Virtual Desktop”
I am finally getting around to some hands-on with Azure Image Builder. More to come on that shortly. For now, I want to document my first issue for anyone who may experience the same problem. When creating the image builder template with the New-AzImageBuilderTemplate command, I got the following error message:
Az.ImageBuilder.internal\New-AzImageBuilderTemplate @PSBo …
The subscription is not registered to use namespace ‘Microsoft.VirtualMachineImages’. See https://aka.ms/rps-not-found for how to register subscriptions.
The error indicates that a required resource provider, Microsfot.VirtualMachineImages in this instance, is not registered. The provider can be registered with PowerShell or through the portal. Below are the steps for each.
From the portal, go to your Subscription, then find Resource Providers under Settings.
Search for the resource provider Microsoft.VirtualMachineImages. Notice the status is Not Registered. Click the Register button in the portal to register the resource provider.
To register a provider from PowerShell, log into Azure with rights to register a resource provider, such as subscription admin. Next, use the Register-AzResourceProvider command below to register the provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.VirtualMachineImages
The provider will go to a state of registering. It could take a few minutes for the service to register.
From PowerShell, use the command Get-AzResourceProvider to verify the status.
Get-AzResourceProvider -ProviderNamespace Microsoft.VirtualMachineImages
Once finished, the resource provider changes to the Registered status.
The New-AzImageBuilderTemplate should run now without an error.
In this video, we configure an Azure Network Address Translation (NAT) Gateway. A NAT Gateway provides a static source public IP or IP range for resources in an Azure VNet. It can be used for controlling the source IP for sites that may restrict access by a whitelist, or as an exclusion in MFA Conditional Access policies. The video walks through an example of using a NAT Gateway for a Windows Virtual Desktop (WVD) deployment so users bypass MFA when logging in from a WVD Session Host.
Continue reading “Static Public Source IP in Azure with Network Address Translation (NAT) Gateway”
In this video, we go over enabling Multi-factor Authentication, or MFA, for Windows Virtual Desktop (WVD) Spring Update, or ARM. We use an Azure AD Conditional Access Policy to enforce MFA on a group of users. We also set an MFA Trusted IP address to exclude a public IP source from the MFA Policy.
Continue reading “Enable MFA for WVD ARM”
Patching Windows computers is essential, but the inconsistent date of “Patch Tuesday,” the second Tuesday of the month, can make scheduling automation difficult. The PowerShell Script outlined in this video provides a function that will return the second Tuesday of the current month. Leverage this logic to generate automation that targets specific dates related to patch Tuesday.
Continue reading “Find Patch Tuesday with PowerShell”
In this video, we deploy an Azure Recovery Services Vault to back up an Azure File share. Protecting data is critical. Azure Storage accounts offer data resiliency, but replicating copies of the data inside a data center, region or across regions. Replication provides real-time protection, but there is no way to recover a previous version of the data. This capability is critical with Azure File Shares, especially when storing user data such FSLogix Profiles. Azure Backup provides the ability to restore previous versions using Azure Storage Snapshots to create and manage Azure File recovery points.
To learn more about Azure Storage Accounts:
https://www.ciraltos.com/azure-101-azure-storage-accounts/
To learn more about Azure SMB Shares with Azure Files:
https://www.ciraltos.com/azure-files-smb-access-with-windows-ad/