Awesome! Thank you Wes. Your videos on A+ and Network+ helped me earn those certifications. I look forward to what's next!

@Ronnie-Wong

Thank you for this.

I've been in IT since 2001, but no formal certifications, only an applied science degree (AAS). In January of 2020 I get help in overcoming the performance anxiety of test taking and go after these formal certifications. With IT Pro TV's help I earned ITF+, A+, Network+ Server+, Project+ and most recently Security+. Feel free to use this as a testimonial.

I'm still hungry for more but I need to balance that hunger against return on investment and am always looking for guidance on what to learn and what certifications to work towards to make me a competitive candidate.

Wow - I went down a rabbit hole researching this one. It seems this is a major ongoing complaint - there is no built-in functionality for this with Azure AD yet.

What I discovered is that the admins that REALLY must have this functionality are employing it using PowerShell scripts or ADSelfService Plus.

Here is more information:

https://www.manageengine.com/products/self-service-password/powershell/powershell-script-for-password-expiry-email-notification.html

Note these tools were targeted at the traditional Windows AD and admins are porting them over for use in Azure AD.

I see it now. Thank you, Angie.

@Dwayne-Coleman Azure is cloud related and doesn't have anything to do with Repairing PC's and Troubleshooting software. For that you should be doing the CompTIA A+ courses. and possibly CompTIA Network+

If you want a basic understanding of Azure, then you can look at the AZ-900 course.

@Marco-Antonio-D-Imperio , I hope all is well. There are several things that it could be...

a graphics driver issue

an AV policy issue

a permissions issue for localhost\users to the C drive (if removed)

The easiest way to figure it out will be to go methodically through the issues one at a time and "fix" them/check them out to see which one corrects the problem.

Check this groups of postings out for discussion & walkthroughs of how to address the issues...

https://serverfault.com/questions/1090540/windows-server-2022-rdp-connection-fails-with-error-0x3-extended-error-0x11

Good Luck !!!

Cheers,

Adam

@Adam-Gordon Thank you for your response. I guess I phrased the question wrong. The organization's current users, groups etc. are all assigned access (not under PIM) permanently under several roles. They currently leverage only RBAC but no PIM.
My question is how best to approach this to move them to PIM (in other words, "PIM cleanup").

I hope it's clearer now.
Thanks Adam.

@Donald-Muncy , I hope all is well. Let's take your questions in order...

Setting up a lab environment and a budget - You can certainly do so if you would like, and there are several options available to you.. Take a look at this article to see how a budget can be setup and used to control spending:

https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-create-budgets

A word of caution however, penetration testing is a very elastic term, and can be interpreted and implemented in a variety of ways... Microsoft has language in their terms of service that specifically prohibits certain activities on their platforms... you just need to make sure that you understand what you are doing & how you are doing it...

Azure Forced tunneling IS NOT covered in the AZ-500 course, as it is not part of the outline.

It is covered in the AZ-700 course however, which is where it makes more sense to address it.

Link to the outline is below:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4PaHw

The section you want is the following:

Design and implement routing (25–30%)

Design, implement, and manage VNet routing

• Design and implement user-defined routes (UDRs)
• Associate a route table with a subnet
• Configure forced tunneling
• Diagnose and resolve routing issues
• Design and implement Azure Route Server

We currently DO NOT have a course for the AZ-700 exam...

Cheers,

Adam

@Bedrock1977 , I hope all is well.

Creating a disk with a specific size that is not cached is pretty straightforward; you would want to use the New-AzVMDataDisk cmdlet and the -caching parameter, which can be set to one of three values: None, ReadOnly, ReadWrite

Read about it here:

https://docs.microsoft.com/en-us/powershell/module/az.compute/new-azvmdatadisk?view=azps-8.2.0

There is no great way to prevent the VM from starting up once it is being created via PowerShell or the Azure CLI in Azure to be honest.

What you could do is to add the Stop-AzVM cmdlet to the end of the PowerShell script to turn off the VM after it is deployed.

You can read more about it here:

https://docs.microsoft.com/en-us/powershell/module/az.compute/stop-azvm?view=azps-8.2.0

You could use Azure Automation & several other approaches including Auto Shutdown to achieve something similar, but it can be much more involved. Again, you can read about the different approaches here if interested:

https://techcommunity.microsoft.com/t5/educator-developer-blog/azure-virtual-machine-auto-shutdown/ba-p/379342

I hope that helps... Keep up the great questions !!!

Good Luck !!!

Cheers,

Adam

@Md-Mijanur-Rahman-Sahed great question! When it comes to connection to VMs as you have stated, there are options.

SSH - is used commonly for non-Windows environments, and widely supported. There is support for OpenSSH in Windows today. This type of connection allows for two authentication methods:

Passwords - not recommended, as these are vulnerable to password-based attacks Key-based - the preferred authentication method, using asymmetric encryption. This method strengthens the resiliency of the VM to authentication-based attacks.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux-vm-connect?tabs=Linux
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-ssh?tabs=azurecli

Remote Desktop Protocol(RDP)/Remote Desktop Connection - This is the traditional native connection method for connecting to, and configuring Windows operating systems (Windows 10/11 and Windows Server). In Azure you generate an RDP file that can be generated, downloaded and used to create an encrypted connection.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-rdp

Bastion - the biggest benefit to this service is that you are utilizing a serverless solution to connect to ANY VM within a given vNET, without having to generate an RDP file for each individual machine you would like to connect to. You select the Bastion service when creating the vNET. Another benefit is that all the VMs in this vNET will not require any additional agents, clients, additional software, or exposing open ports to the Internet.
https://docs.microsoft.com/en-us/azure/bastion/bastion-connect-vm-rdp-windows
https://docs.microsoft.com/en-us/azure/bastion/bastion-connect-vm-ssh-linux

I have posted the supporting documentation links if you would like to take a greater deep dive.

After reading the links Adam posted above, I will try extending the on-prem domain into azure by promoting a Windows Server VM to a DC of the existing on-prem environment. I am currently using a DNS Private Resolver. I should be able to use the DNS on the VM server and quit using the Private DNS resolver.
I have joined Win10 VMs to the on-prem domain, and I do not see any difference between the domain joined VM and the on-prem pcs (there is a VPN, of course).

Does anyone have any comments on that plan?

For Security, you can look at SC 200,300,400 and the MS/AZ-500. The SC series are not offered by ITPro.TV sadly.

For Mobility you can look at the MS-100/101 courses.

@Donald-Muncy , You ca read all about the services, which is still being developed PRIOR to official roll out, and it's current status in public preview, as well as ALL current requirements and caveats here:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/overview/windows-autopatch-faq

Cheers,

Adam

I changed the name and did not notice any difference. I questioned whether it was a good idea to change the OS name after I started configuring a backup policy. Everything looked like it was working correctly. It is almost as if the VM object in Azure is a container for the VM image itself.

Thank you

@Donald-Muncy , I hope all is well. I am glad that the episode provided another option for you to consider. In the demo/walkthrough, I use any / any just as an example so that it makes sense and everyone can follow along, especially if they are trying to reproduce as part of studying. In the real world you would want to be more granular and specify source and destination as an exact value.

Remember that for exam purposes it is the details in the question that provide the path to the correct answer.

Good luck with Firewalls !!!

If you have any other questions, or if I can be of any assistance as you continue working through the course, please be in touch as needed.

My direct e-mail is adam@itpro.tv

Cheers,

Adam

@jim-mccarthy,

This is on our schedule to be updated this year. We're just trying to find time for it, it will probably be Q3 or Q4 at this point. When it time to be updated, ITProTV will use the latest exam objectives published my Microsoft certification.

@Todd-Marino , I hope all is well. While there are a few different ways to go, everything depends on the needs and resources of the organization(s) and the amount of complexity, time and energy you are able to tolerate/exert to address a solution.

Start here, and consider the Azure B2B solution, although it can be complex, it is the best path forward in most cases.

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/multi-tenant-user-management-introduction

If you have additional questions, please be in touch as needed.

Good Luck !!!

Cheers,

Adam

@Donald-Muncy , I hope all is well. Great question !!! The short answer is not exactly... what you can do is use wat is referred to as a Native Client connection. This allows you to connect to your target VMs via Bastion using Azure CLI, and expands your sign-in options to include local SSH key pair and Azure Active Directory (Azure AD). Additionally with this feature, you can now also upload or download files, depending on the connection type and client.

You can read all about it here:

https://docs.microsoft.com/en-us/azure/bastion/connect-native-client-windows

Good Luck !!!

Cheers,

Adam