I changed the name and did not notice any difference. I questioned whether it was a good idea to change the OS name after I started configuring a backup policy. Everything looked like it was working correctly. It is almost as if the VM object in Azure is a container for the VM image itself.

Thank you

@Donald-Muncy , I hope all is well. I am glad that the episode provided another option for you to consider. In the demo/walkthrough, I use any / any just as an example so that it makes sense and everyone can follow along, especially if they are trying to reproduce as part of studying. In the real world you would want to be more granular and specify source and destination as an exact value.

Remember that for exam purposes it is the details in the question that provide the path to the correct answer.

Good luck with Firewalls !!!

If you have any other questions, or if I can be of any assistance as you continue working through the course, please be in touch as needed.

My direct e-mail is adam@itpro.tv

Cheers,

Adam

@jim-mccarthy,

This is on our schedule to be updated this year. We're just trying to find time for it, it will probably be Q3 or Q4 at this point. When it time to be updated, ITProTV will use the latest exam objectives published my Microsoft certification.

@Todd-Marino , I hope all is well. While there are a few different ways to go, everything depends on the needs and resources of the organization(s) and the amount of complexity, time and energy you are able to tolerate/exert to address a solution.

Start here, and consider the Azure B2B solution, although it can be complex, it is the best path forward in most cases.

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/multi-tenant-user-management-introduction

If you have additional questions, please be in touch as needed.

Good Luck !!!

Cheers,

Adam

@Donald-Muncy , I hope all is well. Great question !!! The short answer is not exactly... what you can do is use wat is referred to as a Native Client connection. This allows you to connect to your target VMs via Bastion using Azure CLI, and expands your sign-in options to include local SSH key pair and Azure Active Directory (Azure AD). Additionally with this feature, you can now also upload or download files, depending on the connection type and client.

You can read all about it here:

https://docs.microsoft.com/en-us/azure/bastion/connect-native-client-windows

Good Luck !!!

Cheers,

Adam

When I said the VM itself, i was referring to the OS disk.

@graham-lane,

Most of our certification courses are laid out the way they're also presented by the vendor. This normally leads to less confusion for people trying to use the skills measured on the vendor website as a guide to their studies. I'm not sure about your questions 100% but I would in AZ900 show and see that subscriptions are discussed in the final section of the course breakdown.

@Donald-Muncy , I hope all is well. Lets start with some basics about both Route based & Policy based VPNs...

ROUTE-based VPN (Sometimes called Dynamic Routing):

Allows for multiple VPNs via a single vNet Gateway. This is critical if you want to set up a VPN-based mesh topology in Azure or to/from multiple on-premise sites.

Requires supported edge device.

Built-in Active-Active redundant VPN possible. This is critical for redundancy.

Can perform VPN Diagnostics in Azure.

POLICY-based VPN (Sometimes called Static Routing):

Only allows a single S2S VPN connection, either with an on-premise firewall or with another vNet in Azure. No S2S mesh-type topologies possible. (Although vNet peering is an option, but only within Azure. Your vNet Gateway can still only connect to a single on-premise endpoint.)

Just about every firewall supports policy-based VPNs.

Active-Active VPN not possible. No redundancy.

Cannot perform VPN Diagnostics in Azure.

In terms of which one is better, it depends on what the need(s) that you are addressing is/are, and what the architecture calls for as a result, taking into account the potential for growth across the solution over time, and therefore flexibility from the beginning if at all possible.

Take a look at the following, as it provides a good overview of both soloutions:

Connect Azure VPN gateways to multiple on-premises policy-based VPN devices using PowerShell:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps

This will also provide some context and good basic information fr you:

About cryptographic requirements and Azure VPN gateways:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto

There are defrinately limitations depending on which direction you choose to go, but traditionally, while route based VPNs are a bit harder to setup, they are a better choice if you are able to use them and you have edge devices that will support them.

Good Luck !!!

Cheers,

Adam

@Donald-Muncy , That is a good approach and provides maximum flexibility. Good Choice !!

Cheers,

Adam

Thank you, Adam!

Hi Jake,
I would recommend exploring AZ 900 labs as a next step to find a variety of Azure skills and topics covered.

If you do not find what you are looking for, a wish list from you as a member would be informative.

We review lab roadmap items quarterly and would value your input. Please share lab suggestions or recommendations through the member services chat. Thank you!

716ed324-434c-4591-80d1-991541eded50-image.png

Hey @David-Vassiliades ,

I will have to check on that. The practice exams are provided by a third party. I will try to find out when it was last updated.

Hi Ashley,

Thank you for the message, yes, I will look forward to your roadmap for 2022 the Azure content will be great. I am currently going through the course MS-500, great content from Adam and Mike.

Kind regards

Noel

Hello @Casey-Gorman ,

You are right, I should have added the Azure DNS server as a forwarder on the DNS server, not the client configuration.

In the diagram on the link you shared, 10.2.0.4 would be a VM that you created and installed DNS on. The VMs on vnet2 would be configured to use 10.2.0.4 for DNS.

Since vnet2 doesn't have a link to the on-premises network, it is configured to forward DNS requests for the domain and external names to 10.1.0.4. vnet1 has a site to site connection to the on-premises network, and 10.1.0.4 forwards the queries to the on-premises DNS server.

The on-premises DNS server is configured to use root hints to resolve external names. So this allows VMs to resolve domain names (because it's authoritative for that namespace) and external names.

If you need to connect to other VMs on the vnet that aren't part of the domain, or other Azure services, you will still need to use Azure DNS. For example, a VM on vnet2 that wasn't part of the domain would have a name like vm01.reddog.microsoft.com. To resolve that name, you need to connect to the Azure provided DNS 168.63.129.16. This is why we still need to forward some queries to that address. Some Azure service endpoints (like the ones you mentioned) are not resolvable publicly, and rely on the internal Azure DNS. Your private DNS server would not be authoritative for these, and not able to resolve those names.

I will add a note to that episode, until I can correct the demo.

@mazhar-khan , I hope all is well. My apologies for the delayed response to your request.

I am glad that you feel the AZ-104 & AZ-500 courses are helpful... :)

Both of them will be reshot and updated over the next few months based on extensive updates that Microsoft has published recently to the exam outlines...

We DO NOT currently have any plans to create full certification aligned courses for Azure DevOps, BUT... I will be doing some small hands-on tech skill courses that cover topics related to Azure DevOps towards the middle of the year...

Stay tuned... lots of exciting stuff happening...

Cheers,

Adam

@Lubomir-Hildebrand , I hope all is well. So there are some questions that will need answering before we can talk about what is or is not working and why...

First of all, what exactly are you looking to do through the template deployment? and I am assuming that it is to deploy some form of a custom Windows Classic App that has to be converted via the Microsoft-Win32-Content-Prep-Tool?

If so, you need to make sure that you are using the tool correctly and following all of the specified guidelines and requirements, including file size output (smaller than 8GB), as well as using Windows 10 version 1607 or later (Enterprise, Pro, and Education versions) & devices must be registered or joined to Azure Active Directory (Azure AD) and auto-enrolled.

The Intune management extension supports devices that are Azure AD registered, Azure AD joined, hybrid domain joined, and group policy enrolled.

Take a look at the documentation at the following links and make sure you read through all of the various sub documents to ensure you understand the process end to end and are accounting for all of the things that need to be done correctly.

https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-prepare

https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-add

Good Luck !!

Cheers,

Adam

Thank you!

@sam,

I'm not 100% as the titles have changed on a few things. You might be able to just assign User admin and not the SharePoint admin