@SIMON-TAPLIN is right as to what you'll want to put on your roadmap to Project management in the Azure world. If you don't have the experience necessary for PMP, start with CompTIA's Project+ and PMI's CAPM. The PRINCE2 is updating and that might be something you'd want to hold off on until they get that all sorted.
@Azam-Azizahamad thank you for your question. My suggestion is to use the 2022 version of AZ-900, as it is the most current version of this course. If you have any follow-up questions, please to not hesitate to ask!
I've been in IT since 2001, but no formal certifications, only an applied science degree (AAS). In January of 2020 I get help in overcoming the performance anxiety of test taking and go after these formal certifications. With IT Pro TV's help I earned ITF+, A+, Network+ Server+, Project+ and most recently Security+. Feel free to use this as a testimonial.
I'm still hungry for more but I need to balance that hunger against return on investment and am always looking for guidance on what to learn and what certifications to work towards to make me a competitive candidate.
@Dwayne-Coleman Azure is cloud related and doesn't have anything to do with Repairing PC's and Troubleshooting software. For that you should be doing the CompTIA A+ courses. and possibly CompTIA Network+
If you want a basic understanding of Azure, then you can look at the AZ-900 course.
@Adam-Gordon Thank you for your response. I guess I phrased the question wrong. The organization's current users, groups etc. are all assigned access (not under PIM) permanently under several roles. They currently leverage only RBAC but no PIM.
My question is how best to approach this to move them to PIM (in other words, "PIM cleanup").
@Donald-Muncy , I hope all is well. Let's take your questions in order...
Setting up a lab environment and a budget - You can certainly do so if you would like, and there are several options available to you.. Take a look at this article to see how a budget can be setup and used to control spending:
A word of caution however, penetration testing is a very elastic term, and can be interpreted and implemented in a variety of ways... Microsoft has language in their terms of service that specifically prohibits certain activities on their platforms... you just need to make sure that you understand what you are doing & how you are doing it...
Azure Forced tunneling IS NOT covered in the AZ-500 course, as it is not part of the outline.
It is covered in the AZ-700 course however, which is where it makes more sense to address it.
Creating a disk with a specific size that is not cached is pretty straightforward; you would want to use the New-AzVMDataDisk cmdlet and the -caching parameter, which can be set to one of three values: None, ReadOnly, ReadWrite
You could use Azure Automation & several other approaches including Auto Shutdown to achieve something similar, but it can be much more involved. Again, you can read about the different approaches here if interested:
SSH - is used commonly for non-Windows environments, and widely supported. There is support for OpenSSH in Windows today. This type of connection allows for two authentication methods:
Passwords - not recommended, as these are vulnerable to password-based attacks
Key-based - the preferred authentication method, using asymmetric encryption. This method strengthens the resiliency of the VM to authentication-based attacks.
Remote Desktop Protocol(RDP)/Remote Desktop Connection - This is the traditional native connection method for connecting to, and configuring Windows operating systems (Windows 10/11 and Windows Server). In Azure you generate an RDP file that can be generated, downloaded and used to create an encrypted connection. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-rdp
After reading the links Adam posted above, I will try extending the on-prem domain into azure by promoting a Windows Server VM to a DC of the existing on-prem environment. I am currently using a DNS Private Resolver. I should be able to use the DNS on the VM server and quit using the Private DNS resolver.
I have joined Win10 VMs to the on-prem domain, and I do not see any difference between the domain joined VM and the on-prem pcs (there is a VPN, of course).
@Donald-Muncy , You ca read all about the services, which is still being developed PRIOR to official roll out, and it's current status in public preview, as well as ALL current requirements and caveats here:
I changed the name and did not notice any difference. I questioned whether it was a good idea to change the OS name after I started configuring a backup policy. Everything looked like it was working correctly. It is almost as if the VM object in Azure is a container for the VM image itself.