2 Azure

October 8, 2019October 8, 2019

How to solve Failed to sync the ArchiveGuid in Office 365 (Manual)

Last few weeks I’ve been struggling with an very difficult Office 365 / Exchange Online case, that got escalated to multiple Microsoft departments to be fixed. I already found one part of the solution, but Microsoft found the second part. Today I would like to take you through all the steps to fix possible causes and resolutions. So the initial problem started with the following error in the Office 365 admin portal with the affected users:

Failed to sync the ArchiveGuid 00000000-0000-0000-0000-000000000000 of mailbox *MailboxGuid* because one cloud archive *CloudArchiveGuid* exists.

Another symptom is the mailbox provisioning gets stuck, and hangs on “We are preparing a mailbox for this user”

You will only see this error with AD connect sync enabled environments. The problem occurs when the on-premise value mismatches with the Online Archive Guid. With just a few easy steps we can fix this issue.

Resolution

We will need to fill multiple Active Directory user attributes to resolve this issue.

October 2, 2019October 2, 2019

Half year online…

I started this blog at the end of March this year to share my knowledge, share my passion about IT. And in just 6 months, I’ve published 65 posts in the past 26 weeks… which is over 2 posts a week, more than I anticipated to create… I found out that creating articles, writing up what I do is easier than I expected! And I have received great reactions from people around the world. So I would like to thank you all for your support and nice words!

Logo & stickers

In the last 2 months I have been working on creating my own logo. And with success! Recently I received that package at home with some nice 2azure.nl stickers. If your based in Europe, and you would like to have a few stickers, just use the contact form, and I will try to send them to you!

Statistics

After a half year, I wanted to look back, and see when and where visitors are checking my website. Every week I am noticing an increase on visitors, coming in from Search Engines, blog trackers, but other websites that mention my articles as well. Where I started with around 12-15 unique visitors a day in the first 2 months, the average has exceeded the 100 line in September.

October 1, 2019

Windows Virtual Desktop now general available!

Windows Virtual Desktop is the new Azure desktop and app virtualization service running in the cloud. With simplefied management, multisession Windows 10, optimizations for Office 365 using FSLogix in the background. With this cloud managed VDI environment, you can build, deploy and scale your virtual desktops and apps in minutes.

Afbeeldingsresultaat voor windows virtual desktop

If you’re still hosting RDS servers with virtual desktops and apps, and you want to migrate to the cloud, you definitely need to look in to Windows Virtual Desktop.

In the coming month I will be writing a manual how to set it up, and where to think about.

More information on the Microsoft website: https://azure.microsoft.com/en-us/services/virtual-desktop/

September 24, 2019September 24, 2019

New AMD EPYC virtual machine series in Azure!

Today I was browsing the Azure Management portal and discovered that Microsoft Azure released a new virtual machine series based on the AMD EPYC 7452V processors that can achieve a boosted 3.35Ghz. With these new AMD processers there are 4 new series available in Azure: Dasv3-series, Dav3-series, Easv3 and the Eav3-series

Same performance, lower price!

With almost the same performance as the DSv3 and Dv3 series Intel virtual machines, these machines might be an interesting choice, especially if we do a price comparison, just 2 examples:

CPU Brand	Machine	CPU	Memory	Price per month
Intel	D2 v3	2	8	€ 128
AMD	D2a v3	2	8	€ 54
Intel	D4s v3	4	16	€ 257
AMD	D4as v3	4	16	€ 109

If we look at the above pricing, there is a 234% price difference between AMD and Intel. I know, its not a perfect 1 on 1 comparison, but for the same price, you get the double amount of cores, and memory…

September 21, 2019September 21, 2019

Create new Outlook profile after Office 365 mail migration using GPO (Manual)

You want to move your mailboxes from Exchange on-premise to Office 365, and you want to give you users a smooth transition experience, then you will definitely need to implement the following to automatically create and configure a new Outlook profile on all Windows devices.

ZeroConfigExchange (ZCE)

Within Outlook Microsoft has created ZeroConfigExchange to setup new profiles with minimal user interaction. Depending on your exact configuration Outlook will be configured fully automatically, or the user is required to fill in his email address and/or password.

September 19, 2019September 19, 2019

Azure Private Link now available in Preview!

With an increased security and privacy in mind Microsoft has been working on private links to Azure resources. Azure Private Link is a secure way to consume Azure Services like Azure SQL and Azure Storage using a private connection in your own VNet. This will replace the need for IaaS hosted virtual machines with SQL Server or the file server role installed.

Afbeeldingsresultaat voor azure private link

Azure Private Link brings Azure services inside the customer’s private VNet. The service resources can be accessed using the private IP address just like any other resource in the VNet. It is basically an NIC inside one of your VNET’s. This will allow all traffic to flow over the internal network, and will not go over the internet. There is no need to put gateways or any other network devices in place to make this happen.

September 10, 2019

How to block non-modern authentication to Office 365 services. (Manual)

With Azure Conditional access you get more control over your data, get better security and visibility! To use this feature you will need to buy and assign Azure AD Premium or EM+S E3/E5 licenses to your users.

This manual can be used to enforce the use of the Outlook app on IOS and Android devices by blocking all apps that do not support Modern Authentication like iOS mail and Google mail client.

Step 1: In the Azure Portal go to Conditional Access. On the first page that you get create a New policy

September 9, 2019September 9, 2019

How to configure Outlook on IOS & Android using Intune (Manual)

If you deployed Intune to your mobile devices, you want to enforce the use of the Outlook app on the mobile device. We want to make the end user experience as smooth as possible and preconfigure Outlook for the. How can we prepare the Outlook app with your company email settings? With just a few steps, we can get this setup!

Step 1: From the Azure Portal go to Intune –> Clients Apps –> App configuration policies and click Add

Step 2: Give the configuration policy a name and description. Select Device Enrollment type, my preferred method is to use Managed apps, because this will deploy the policy to both enrolled and unenrolled devices. Select the Outlook apps on Associated app, and go to Configuration settings.

September 7, 2019September 7, 2019

Create a drive mapping using Intune on Azure AD joined devices (Manual)

With the transition to Azure AD, you might want to connect your AAD joined devices to the traditional file server as explained in this article: Go Azure AD Joined with on-prem DC and fileserver The next step is to map some network drives with Intune!

Step 1: The first step is to create a PowerShell script that will do the actual drive mappings. This script will be placed on a Azure Blob storage (or your internal domain) where you will be able to manage and maintain the script. This script will be run using a second script that we will deploy with Intune. For your convenience I’ve already prepared the script:

September 3, 2019September 3, 2019

New Azure region: Switzerland

Microsoft has announced the availability of the new Azure data-centers in Switzerland. With 2 data-centers in Switzerland, Zurich and Geneva, Azure has created a full region (West and North)

Microsoft worked together with several Swiss companies as early adopters to improve cloud adoption in Switzerland. As this region is fairly new it might take some time before all Azure and Office 365 services are available.

If you would like to start deploying resources in Azure, it might be that you don’t have access yet. During the initiation phase it is required to request access before you can start utilizing resources in Switzerland. Request access to Azure Switzerland

Tom Keane, Corporate Vice President, Microsoft Azure:
Today, we’re announcing the availability of Azure from our new cloud regions in Switzerland. These new regions and our ongoing global expansion are in response to customer demand as more industry leaders choose Microsoft’s cloud services to further their digital transformations. As we enter new markets, we work to address scenarios where data residency is of critical importance, especially for highly regulated industries seeking the compliance standards and extensive security offered by Azure.

August 31, 2019August 31, 2019

Bulk migrate to OneDrive from personal drive with SharePoint Migration Tool (Manual)

In this manual I will explain step by step how to migrate your users from their personal drive to OneDrive using bulk migration in SharePoint Migration tool. This includes preparing the users OneDrive, granting permissions, and setup SharePoint Migration tool.

Prerequisites

Before we begin, we will need a migration station, I would recommend to use a server designed for this purpose. On the migration server make sure you install the following:

Microsoft Services Online Sign-in assistant
https://www.microsoft.com/en-us/download/details.aspx?id=41950
PowerShell module SharePoint
(Install-Module -Name Microsoft.Online.SharePoint.PowerShell)
PowerShell module MSonline
(Install-Module MSOnline)

August 23, 2019August 23, 2019

How to use SharePoint Migration Tool

Last few weeks I’ve been busy with migrating file servers to SharePoint and OneDrive. For this I’ve used the SharePoint Migration tool from Microsoft. Download: Link
With just a few easy steps you are able to migrate your data to SharePoint or OneDrive.

In this manual we will focus on SharePoint only, I will create a OneDrive Manual later on including CSV instruction to perform bulk migrations.

August 21, 2019August 21, 2019

Azure Ultra Disk performance storage now available!

For very high demanding workloads, storage wise, Azure has released Ultra Disk performance tier for production use. I’ve already written about it in a previous post ( Slow IOPS in Azure VM’s? not anymore!) But now is the time to take a deeper look.

Which disk types do we have in Azure?

In the following table you can see what the difference is between all disk types in Azure. This table should help you to decide which disk to use for specific workloads.

	Standard HDD	Standard SSD	Premium SSD	Ultra SSD
Scenario	Backup, Fileserver, non-critical, infrequent access	Webservers, lightly used applications and dev/test systems	Production and performance workloads	IO intensive workloads. (SQL/Oracle/ SAP HANA)
Max disk size	32TB	32TB	32TB	64TB
Max Throughput	500MiB/s	750MiB/s	900MiB/s	2.000MiB/s
Latency	8 > ms	< 9 ms	1 – 4 ms	<1 ms
Max IOPS	2.000	6.000	20.000	160.000

August 15, 2019August 15, 2019

Azure SQL configure Azure AD user authentication (Manual)

When moving your applications to the cloud, it makes sense to start using Azure Services to get the best service, highest availability (SLA) and worry free maintenance provided by Azure. The next step is to use Azure AD identities with Azure SQL Database.

Schematic overview of Azure SQL with AAD integration, and optionally synced from on-premise AD.

Within a few steps you will have Azure AD user authentication setup.

August 14, 2019August 14, 2019

Azure SQL, create users and assign permissions (Manual)

This simple manual has been created to create an user in Azure SQL and assign appropriate permissions. First connect to your SQL server. Either use and AAD admin account or the SQL Admin account.

Once connected, open a New Query window and run the following command on the Master database to create the user on the server in the Master database:

 CREATE LOGIN '<Username>' WITH password='<strong-password>';

Now open again a New Query window, and select the database where you want to provision permissions to the just created user. Make sure to match the Username from the command above.

CREATE USER "<Username>";

The last step is to assign the desired role to the user. Change the value of the role, and match again the Username.

EXEC sp_addrolemember 'db_datawriter', '<Username';

This should do the trick. Let me know if you have any problems or need help.

August 13, 2019August 13, 2019

Deploy Azure Application Gateway with http to https redirect

Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that it can do much more, like SSL offloading, autoscaling, redirection, multiple site hosting and the most import of all, it can include a web application firewall (WAF)

Afbeeldingsresultaat voor azure application gateway

With all the features that the Azure application gateway provides, we should be able to setup multiple websites listening on different ports and url’s behind one Azure Application Gateway with just one external IP address.

With this guide you should be able to setup an application gateway with multiple site hostname match and http to https redirect. In this manual we will be using Atlassian Jira and Confluence as an example.

So what are we going to setup:

Deploy Azure application gateway
Configure 2 external URL’s (jira.2azure.nl and confluence.2azure.nl)
We will redirect port 80 to 443 for both websites
Jira will be listening on port 8080 internally (Default port)
Confluence will be listening on port 8090 internally (Default port)

For this guide the VNET, subnets and the virtual machine hosting both websites have already been deployed. During this guide we will not deploy a Web Application Firewall, I will tell more about that in upcoming blog article.

August 12, 2019August 13, 2019

Azure heatmap highlights

Last week I came across another post about Azure Heatmap. Every time when I need to find out what’s new on a specific feature in Azure, I will use Azure Heatmap. Awesome tool, I would recommend it to everybody!

Also, check out the new region lookup function to find out what is changing in your Azure Region

https://azureheatmap.azurewebsites.net/highlights

August 8, 2019August 7, 2019

Azure Security Center now supports cross-tenant management as part of Azure Lighthouse

With Azure Lighthouse it is possible to manage your customers portals from one portal. Microsoft has added cross-tenant management for Security Center making it easy to overview customer security status and settings.

This way Service providers can leverage security from their own tenant.

If you want to learn more about Security Center and Lighthouse go to Microsoft Docs

August 6, 2019August 6, 2019

Masterclass: Azure Basics

Tonight I was honored to give a masterclass in Azure Basics. By going over the Azure Basics using lab exercises everybody learned how to:

Manage Azure subscriptions and resources
Configure and manage virtual networks
Manage identities
Deploy and manage virtual machines (VMs)
Implement and manage storage

Special thanks to Proxsys for hosting the Masterclass!

August 6, 2019August 6, 2019

How to get the license key for SQL Server Reporting Services in Azure

Last week I received the question from a customer where to get the SQL license key… By default you will see the key during SQL installation, but with an Azure deployed SQL virtual machine you will never get to see the key, as its deployed from the Azure Portal.

Afbeeldingsresultaat voor sql installation wizard license key

Retreive the key from DefaultSetup.ini

So within a few clicks you will be able to retreive the key.