Improved Azure Portal design

Today I noticed that the Azure Portal had a new appearance. By default the menu from the left is now hidden, giving you a cleaner view of all the blades, and as well on your dashboards.

But what I really like, is the Auto Refresh button on the dashboard. Although 30 minute interval might still be to long, this can help you get the cool dashboards that you want on a big screen.

Enforce (Azure) MFA with Conditional Access policies

Multi Factor Authentication (MFA) is an added security feature from Azure which I believe that should be enabled by default for everybody in Office 365 and Azure. There for this manual how to enforce (Azure) MFA for all users using Azure Multi Factor Authentication

MFA can prevent unauthorized access in case of the following events:

  • Leaked credentials
  • Sign-ins from anonymous IP addresses
  • Impossible travel to atypical locations
  • Sign-ins from unfamiliar locations
  • Sign-ins from infected devices
  • Sign-ins from IP addresses with suspicious activities

Using Conditional access we can ensure that your users and company data is safe. Important to know is that Office 365 MFA is free of charge, and if you have Azure AD applications an Azure AD Premium license is required.

Named location

If you want to mark your locations as trusted location, you can do that if you have a static public IP. So the first steps are there to define your office locations.

Continue reading “Enforce (Azure) MFA with Conditional Access policies”

Azure SQL update statistics (Manual)

I recently run into a case where I needed to update statistics of an Azure SQL Database because of poor performance and deadlocks. Preventing disruptions is key, so it is important to do something about it. With a simple script we can update the statistics easaly.

Why should I update statistics?

SQL Server statistics are essential for the query optimizer to prepare an optimized and cost-effective execution plan. These statistics provide distribution of column values to the query optimizer, and it helps SQL Server to estimate the number of rows. The query optimizer should be updated regularly. Improper statistics might mislead query optimizer to choose costly operators such as index scan over index seek and it might cause high CPU, memory and IO issues in SQL Server. We might also face blocking, deadlocks that eventually causes trouble to the underlying queries, resources.

The script

Just execute the following query on your database and you should be good to go! Keep in mind, depending on your database this might take a while. During this script your database will get slow, but will remain online.

SET NOCOUNT ON
 GO

 DECLARE updatestats CURSOR FOR
 SELECT table_schema, table_name  
 FROM information_schema.tables
        where TABLE_TYPE = 'BASE TABLE'
 OPEN updatestats

 DECLARE @tableSchema NVARCHAR(128)
 DECLARE @tableName NVARCHAR(128)
 DECLARE @Statement NVARCHAR(300)

 FETCH NEXT FROM updatestats INTO @tableSchema, @tableName

 WHILE (@@FETCH_STATUS = 0)
 BEGIN
    SET @Statement = 'UPDATE STATISTICS '  + '[' + @tableSchema + ']' + '.' + '[' + @tableName + ']' + '  WITH FULLSCAN'
    EXEC sp_executesql @Statement 
    FETCH NEXT FROM updatestats INTO @tableSchema, @tableName
 END

 CLOSE updatestats
 DEALLOCATE updatestats
 GO
 SET NOCOUNT OFF
 GO

Windows Virtual Desktop now general available!

Windows Virtual Desktop is the new Azure desktop and app virtualization service running in the cloud. With simplefied management, multisession Windows 10, optimizations for Office 365 using FSLogix in the background. With this cloud managed VDI environment, you can build, deploy and scale your virtual desktops and apps in minutes.

Afbeeldingsresultaat voor windows virtual desktop

If you’re still hosting RDS servers with virtual desktops and apps, and you want to migrate to the cloud, you definitely need to look in to Windows Virtual Desktop.

In the coming month I will be writing a manual how to set it up, and where to think about.

More information on the Microsoft website: https://azure.microsoft.com/en-us/services/virtual-desktop/

New AMD EPYC virtual machine series in Azure!

Today I was browsing the Azure Management portal and discovered that Microsoft Azure released a new virtual machine series based on the AMD EPYC 7452V processors that can achieve a boosted 3.35Ghz. With these new AMD processers there are 4 new series available in Azure: Dasv3-series, Dav3-series, Easv3 and the Eav3-series

Same performance, lower price!

With almost the same performance as the DSv3 and Dv3 series Intel virtual machines, these machines might be an interesting choice, especially if we do a price comparison, just 2 examples:

CPU BrandMachineCPUMemoryPrice per month
IntelD2 v328€ 128
AMDD2a v328 54
IntelD4s v3416€ 257
AMDD4as v3416€ 109

If we look at the above pricing, there is a 234% price difference between AMD and Intel. I know, its not a perfect 1 on 1 comparison, but for the same price, you get the double amount of cores, and memory…

Continue reading “New AMD EPYC virtual machine series in Azure!”

Azure Private Link now available in Preview!

With an increased security and privacy in mind Microsoft has been working on private links to Azure resources. Azure Private Link is a secure way to consume Azure Services like Azure SQL and Azure Storage using a private connection in your own VNet. This will replace the need for IaaS hosted virtual machines with SQL Server or the file server role installed.

Afbeeldingsresultaat voor azure private link

Azure Private Link brings Azure services inside the customer’s private VNet. The service resources can be accessed using the private IP address just like any other resource in the VNet. It is basically an NIC inside one of your VNET’s. This will allow all traffic to flow over the internal network, and will not go over the internet. There is no need to put gateways or any other network devices in place to make this happen.

Continue reading “Azure Private Link now available in Preview!”

How to block non-modern authentication to Office 365 services. (Manual)

With Azure Conditional access you get more control over your data, get better security and visibility! To use this feature you will need to buy and assign Azure AD Premium or EM+S E3/E5 licenses to your users.

This manual can be used to enforce the use of the Outlook app on IOS and Android devices by blocking all apps that do not support Modern Authentication like iOS mail and Google mail client.

Step 1: In the Azure Portal go to Conditional Access. On the first page that you get create a New policy

Continue reading “How to block non-modern authentication to Office 365 services. (Manual)”

How to configure Outlook on IOS & Android using Intune (Manual)

If you deployed Intune to your mobile devices, you want to enforce the use of the Outlook app on the mobile device. We want to make the end user experience as smooth as possible and preconfigure Outlook for the. How can we prepare the Outlook app with your company email settings? With just a few steps, we can get this setup!

Step 1: From the Azure Portal go to Intune –> Clients Apps –> App configuration policies and click Add

Step 2: Give the configuration policy a name and description. Select Device Enrollment type, my preferred method is to use Managed apps, because this will deploy the policy to both enrolled and unenrolled devices. Select the Outlook apps on Associated app, and go to Configuration settings.

Continue reading “How to configure Outlook on IOS & Android using Intune (Manual)”

New Azure region: Switzerland

Microsoft has announced the availability of the new Azure data-centers in Switzerland. With 2 data-centers in Switzerland, Zurich and Geneva, Azure has created a full region (West and North)

Microsoft worked together with several Swiss companies as early adopters to improve cloud adoption in Switzerland. As this region is fairly new it might take some time before all Azure and Office 365 services are available.

If you would like to start deploying resources in Azure, it might be that you don’t have access yet. During the initiation phase it is required to request access before you can start utilizing resources in Switzerland. Request access to Azure Switzerland

Tom Keane, Corporate Vice President, Microsoft Azure:

Today, we’re announcing the availability of Azure from our new cloud regions in Switzerland. These new regions and our ongoing global expansion are in response to customer demand as more industry leaders choose Microsoft’s cloud services to further their digital transformations. As we enter new markets, we work to address scenarios where data residency is of critical importance, especially for highly regulated industries seeking the compliance standards and extensive security offered by Azure.

Azure Ultra Disk performance storage now available!

For very high demanding workloads, storage wise, Azure has released Ultra Disk performance tier for production use. I’ve already written about it in a previous post ( Slow IOPS in Azure VM’s? not anymore!) But now is the time to take a deeper look.

Which disk types do we have in Azure?

In the following table you can see what the difference is between all disk types in Azure. This table should help you to decide which disk to use for specific workloads.

Standard HDDStandard SSDPremium SSDUltra SSD
ScenarioBackup, Fileserver,
non-critical,
infrequent access
Webservers,
lightly used
applications and
dev/test systems
Production and
performance
workloads
IO intensive
workloads.
(SQL/Oracle/
SAP HANA)
Max disk
size
32TB32TB32TB64TB
Max
Throughput
500MiB/s750MiB/s900MiB/s2.000MiB/s
Latency8 > ms< 9 ms1 – 4 ms<1 ms
Max
IOPS
2.0006.00020.000160.000
Continue reading “Azure Ultra Disk performance storage now available!”

Azure SQL, create users and assign permissions (Manual)

This simple manual has been created to create an user in Azure SQL and assign appropriate permissions. First connect to your SQL server. Either use and AAD admin account or the SQL Admin account.

Once connected, open a New Query window and run the following command on the Master database to create the user on the server in the Master database:

 CREATE LOGIN '<Username>' WITH password='<strong-password>';

Now open again a New Query window, and select the database where you want to provision permissions to the just created user. Make sure to match the Username from the command above.

CREATE USER "<Username>";

The last step is to assign the desired role to the user. Change the value of the role, and match again the Username.

EXEC sp_addrolemember 'db_datawriter', '<Username';

This should do the trick. Let me know if you have any problems or need help.

Deploy Azure Application Gateway with http to https redirect

Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that it can do much more, like SSL offloading, autoscaling, redirection, multiple site hosting and the most import of all, it can include a web application firewall (WAF)

Afbeeldingsresultaat voor azure application gateway

With all the features that the Azure application gateway provides, we should be able to setup multiple websites listening on different ports and url’s behind one Azure Application Gateway with just one external IP address.

With this guide you should be able to setup an application gateway with multiple site hostname match and http to https redirect. In this manual we will be using Atlassian Jira and Confluence as an example.

So what are we going to setup:

  • Deploy Azure application gateway
  • Configure 2 external URL’s (jira.2azure.nl and confluence.2azure.nl)
  • We will redirect port 80 to 443 for both websites
  • Jira will be listening on port 8080 internally (Default port)
  • Confluence will be listening on port 8090 internally (Default port)

For this guide the VNET, subnets and the virtual machine hosting both websites have already been deployed. During this guide we will not deploy a Web Application Firewall, I will tell more about that in upcoming blog article.

The setup in an overview.
Continue reading “Deploy Azure Application Gateway with http to https redirect”

Masterclass: Azure Basics

Tonight I was honored to give a masterclass in Azure Basics. By going over the Azure Basics using lab exercises everybody learned how to:

  • Manage Azure subscriptions and resources
  • Configure and manage virtual networks
  • Manage identities 
  • Deploy and manage virtual machines (VMs) 
  • Implement and manage storage

Special thanks to Proxsys for hosting the Masterclass!



How to get the license key for SQL Server Reporting Services in Azure

Last week I received the question from a customer where to get the SQL license key… By default you will see the key during SQL installation, but with an Azure deployed SQL virtual machine you will never get to see the key, as its deployed from the Azure Portal.

Afbeeldingsresultaat voor sql installation wizard license key

Retreive the key from DefaultSetup.ini

So within a few clicks you will be able to retreive the key.

Continue reading “How to get the license key for SQL Server Reporting Services in Azure”

Azure Dedicated Host (now in preview)

If you still have doubts about moving to Azure because of compliance and regulatory requirements, they will now be gone with Azure Dedicated hosts. Still in preview but ready for testing. Azure dedicated hosts are physical machines that are single-tenant configured where you can run your Linux and Windows virtual machines. This includes your own infrastructure, as well as your own maintenance policies for that host.

Visibility and control

Azure Dedicated Hosts provide visibility over the server infrastructure running your Azure Virtual Machines. You get more control over the following:

  • The underlying hardware infrastructure
  • Processor brand, capabilities, and more 
  • Number of cores
  • Type and size of the Azure Virtual Machines you want to deploy

You can mix and match different Azure Virtual Machine sizes within the same virtual machine series on a given host.

If you have any second thoughts, it is now open in preview for testing.

Completed Azure Solutions Architect certification

Last 2 months I’ve been working on renewing my Office 365 and Azure certifications. 4 years ago I already passed the “old” exams: 533, 534, 345, 346 and 347. This saved me a few exams. I was able to upgrade to Azure Administrator and Messaging administrator by passing the upgrade exams. For the Azure Solutions Architect I had to take the AZ-300 and AZ-301 exam as an upgrade exam was only valid for those who have passed the follow up exam of 534: 535.

So here is the final result, I will be looking into the Azure Security exam in the future (AZ-500) as well as the Microsoft 365 Certified Enterprise Administrator Expert (MS100 & MS101)

Disable Windows Firewall on a virtual machine from the Azure Portal

When you accidentally locked your self out from a Virtual Machine in Azure, there is no console access to login and help your self back in to the system.

Enabled Windows firewall

In the last year I’ve seen a few cases where somebody accidentally locked himself out of a VM by wrongly adjusting the Windows Firewall, making it impossible to manage their virtual machine in Azure. But with Custom script extension it is possible to disable the Windows Firewall to gain access again!

Continue reading “Disable Windows Firewall on a virtual machine from the Azure Portal”

How to setup Azure Lighthouse (Manual)

Microsoft released Lighthouse last weekend, and since this is a great feature, I wanted to implement it as soon as possible, but the Microsoft docs might be a bit confusing, so I wanted to simplify the manual, so here it is! We will be using PowerShell, as this makes life so much easier, and faster.

Requirements:

  • Your admin tenant needs to have a valid Azure subscription
  • You need to have a native user account with the new Owner role in the tenant that you want to manage (Customer tenant)
  • Azure PowerShell module: AZ (Install-Module -Name az)
Continue reading “How to setup Azure Lighthouse (Manual)”