It sounds like you might be interested in Azure Role Based Access Control. Here is the documentation for this feature - https://learn.microsoft.com/en-us/azure/role-based-access-control/

Hey @Obi-Enyabine no need to apologize, that is what the forum is for! Here is an article/thread that discusses Azure Desktop Persistence: https://learn.microsoft.com/en-us/answers/questions/589473/azure-vdi-persistent

@Chavis-Cook you are most welcome, that is what I am here for. If you have any other questions or in your studies, questions come up, reach out to me!

Hey @Jose-Luis-Gutierrez !

@SIMON-TAPLIN is right as to what you'll want to put on your roadmap to Project management in the Azure world. If you don't have the experience necessary for PMP, start with CompTIA's Project+ and PMI's CAPM. The PRINCE2 is updating and that might be something you'd want to hold off on until they get that all sorted.

Best wishes and continued success!

Yes - the AZ-104 course in our library is what you need for this important Azure training. Enjoy!

@Azam-Azizahamad thank you for your question. My suggestion is to use the 2022 version of AZ-900, as it is the most current version of this course. If you have any follow-up questions, please to not hesitate to ask!

Please submit course request via the chat bubble on our site. This is the official way to make sure the request is logged and reviewed by our team.

Awesome! Thank you Wes. Your videos on A+ and Network+ helped me earn those certifications. I look forward to what's next!

@Ronnie-Wong

Thank you for this.

I've been in IT since 2001, but no formal certifications, only an applied science degree (AAS). In January of 2020 I get help in overcoming the performance anxiety of test taking and go after these formal certifications. With IT Pro TV's help I earned ITF+, A+, Network+ Server+, Project+ and most recently Security+. Feel free to use this as a testimonial.

I'm still hungry for more but I need to balance that hunger against return on investment and am always looking for guidance on what to learn and what certifications to work towards to make me a competitive candidate.

Wow - I went down a rabbit hole researching this one. It seems this is a major ongoing complaint - there is no built-in functionality for this with Azure AD yet.

What I discovered is that the admins that REALLY must have this functionality are employing it using PowerShell scripts or ADSelfService Plus.

Here is more information:

https://www.manageengine.com/products/self-service-password/powershell/powershell-script-for-password-expiry-email-notification.html

Note these tools were targeted at the traditional Windows AD and admins are porting them over for use in Azure AD.

I see it now. Thank you, Angie.

@Dwayne-Coleman Azure is cloud related and doesn't have anything to do with Repairing PC's and Troubleshooting software. For that you should be doing the CompTIA A+ courses. and possibly CompTIA Network+

If you want a basic understanding of Azure, then you can look at the AZ-900 course.

@Marco-Antonio-D-Imperio , I hope all is well. There are several things that it could be...

a graphics driver issue

an AV policy issue

a permissions issue for localhost\users to the C drive (if removed)

The easiest way to figure it out will be to go methodically through the issues one at a time and "fix" them/check them out to see which one corrects the problem.

Check this groups of postings out for discussion & walkthroughs of how to address the issues...

https://serverfault.com/questions/1090540/windows-server-2022-rdp-connection-fails-with-error-0x3-extended-error-0x11

Good Luck !!!

Cheers,

Adam

@Adam-Gordon Thank you for your response. I guess I phrased the question wrong. The organization's current users, groups etc. are all assigned access (not under PIM) permanently under several roles. They currently leverage only RBAC but no PIM.
My question is how best to approach this to move them to PIM (in other words, "PIM cleanup").

I hope it's clearer now.
Thanks Adam.

@Donald-Muncy , I hope all is well. Let's take your questions in order...

Setting up a lab environment and a budget - You can certainly do so if you would like, and there are several options available to you.. Take a look at this article to see how a budget can be setup and used to control spending:

https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-create-budgets

A word of caution however, penetration testing is a very elastic term, and can be interpreted and implemented in a variety of ways... Microsoft has language in their terms of service that specifically prohibits certain activities on their platforms... you just need to make sure that you understand what you are doing & how you are doing it...

Azure Forced tunneling IS NOT covered in the AZ-500 course, as it is not part of the outline.

It is covered in the AZ-700 course however, which is where it makes more sense to address it.

Link to the outline is below:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4PaHw

The section you want is the following:

Design and implement routing (25–30%)

Design, implement, and manage VNet routing

• Design and implement user-defined routes (UDRs)
• Associate a route table with a subnet
• Configure forced tunneling
• Diagnose and resolve routing issues
• Design and implement Azure Route Server

We currently DO NOT have a course for the AZ-700 exam...

Cheers,

Adam

@Bedrock1977 , I hope all is well.

Creating a disk with a specific size that is not cached is pretty straightforward; you would want to use the New-AzVMDataDisk cmdlet and the -caching parameter, which can be set to one of three values: None, ReadOnly, ReadWrite

Read about it here:

https://docs.microsoft.com/en-us/powershell/module/az.compute/new-azvmdatadisk?view=azps-8.2.0

There is no great way to prevent the VM from starting up once it is being created via PowerShell or the Azure CLI in Azure to be honest.

What you could do is to add the Stop-AzVM cmdlet to the end of the PowerShell script to turn off the VM after it is deployed.

You can read more about it here:

https://docs.microsoft.com/en-us/powershell/module/az.compute/stop-azvm?view=azps-8.2.0

You could use Azure Automation & several other approaches including Auto Shutdown to achieve something similar, but it can be much more involved. Again, you can read about the different approaches here if interested:

https://techcommunity.microsoft.com/t5/educator-developer-blog/azure-virtual-machine-auto-shutdown/ba-p/379342

I hope that helps... Keep up the great questions !!!

Good Luck !!!

Cheers,

Adam

@Md-Mijanur-Rahman-Sahed great question! When it comes to connection to VMs as you have stated, there are options.

SSH - is used commonly for non-Windows environments, and widely supported. There is support for OpenSSH in Windows today. This type of connection allows for two authentication methods:

Passwords - not recommended, as these are vulnerable to password-based attacks Key-based - the preferred authentication method, using asymmetric encryption. This method strengthens the resiliency of the VM to authentication-based attacks.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux-vm-connect?tabs=Linux
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-ssh?tabs=azurecli

Remote Desktop Protocol(RDP)/Remote Desktop Connection - This is the traditional native connection method for connecting to, and configuring Windows operating systems (Windows 10/11 and Windows Server). In Azure you generate an RDP file that can be generated, downloaded and used to create an encrypted connection.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-rdp

Bastion - the biggest benefit to this service is that you are utilizing a serverless solution to connect to ANY VM within a given vNET, without having to generate an RDP file for each individual machine you would like to connect to. You select the Bastion service when creating the vNET. Another benefit is that all the VMs in this vNET will not require any additional agents, clients, additional software, or exposing open ports to the Internet.
https://docs.microsoft.com/en-us/azure/bastion/bastion-connect-vm-rdp-windows
https://docs.microsoft.com/en-us/azure/bastion/bastion-connect-vm-ssh-linux

I have posted the supporting documentation links if you would like to take a greater deep dive.

After reading the links Adam posted above, I will try extending the on-prem domain into azure by promoting a Windows Server VM to a DC of the existing on-prem environment. I am currently using a DNS Private Resolver. I should be able to use the DNS on the VM server and quit using the Private DNS resolver.
I have joined Win10 VMs to the on-prem domain, and I do not see any difference between the domain joined VM and the on-prem pcs (there is a VPN, of course).

Does anyone have any comments on that plan?

For Security, you can look at SC 200,300,400 and the MS/AZ-500. The SC series are not offered by ITPro.TV sadly.

For Mobility you can look at the MS-100/101 courses.