Jul092018July 9, 2018July 9, 20180Commentby Thomas Maurer
Thomas Maurer Speaking at Experts Live

Speaking at Experts Live Europe 2018 in Prague

Posted in Cloud, Containers, Hyper-V, IT, Microsoft, Microsoft Azure, Microsoft Azure Stack, Microsoft MVP, Office365, Private Cloud, Speaking, Virtualization, Web, Windows Server, Windows Server 2019, Work

You must have heard about the awesome conference in the heart of Europe, called Experts Live Europe. Today, I am honored and proud to announce that I will be speaking at Experts Live Europe 2018 in Prague at October 24.-26. Since the first European edition back in 2013, I have presented several sessions at each event previously hosted in Bern, Basel and Berlin. I will speak about my favorite topic Azure Stack and will also present another session about Windows Server. The timing of Experts Live Europe is great this year (October), which allows me and other speakers to present the latest updates learned and shared at Microsoft Ignite (September).

I am also excited about the new location. After Bern and Basel in Switzerland, and two years in Berlin, Germany, Experts Live Europe comes to the beautiful city of Prague.

My Sessions at Experts Live Europe 2018

I am proud to present two sessions to cover topics like Azure, Azure Stack, Windows Server and Hyper-V.

Experts Live Europe 2018

Azure Stack - Your Cloud Your Datacenter

Microsoft released Azure Stack as an Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate a Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

Experts Live Europe 2018

Windows Server 2019 - The Next Generation of Software-Defined Datacenter

Join this session for the best of Windows Server 2019, about the new innovation and improvements of Windows Server. Learn how Microsoft enhances the SDDC feature like Hyper-V, Storage and Networking and get the most out of the new Azure Hybrid Integration and Container features. You’ll get an overview about the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job.   In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations in Windows Server 2019 and the Semi-Annual Channel including: ○ Windows Server Containers ○ Azure Integration ○ Hyper-V features ○ Storage ○ Networking ○ Security ○ Windows Server Containers And more!

Besides 2 days of break out sessions, you will also have one extra day with three great technical workshops about Cloud Security, Workplace and Automation.

About Experts Live Europe

Experts Live Europe is one of Europe’s largest community conferences with a focus on Microsoft cloud, datacenter and workplace management. Top experts from around the world present discussion panels, ask-the-experts sessions and breakout sessions and cover the latest products, technologies and solutions. It’s the time of the year to learn, network, share and make valuable connections.

 

Experts Live VIP Party in the Cloud

The famous Speakers & Sponsors VIP Party of Experts Live Europe will take place on Wednesday, October 24th. This is a great opportunity to network with our speakers and sponsors in a fun and easy-going setting. Tickets for the VIP Party are limited due to location capacity, so if you don’t want to miss out, make sure you register fast!
The VIP Party will take place in Cloud9 Sky Bar & Lounge, at the rooftop of the Hilton hotel in Prague. The Sky Bar is famous for its stunning panorama views of the city, the signature cocktails, the rooftop terrace and the vibrant atmosphere.

It still takes a couple of months until October, but I am already very excited for another Experts Live Conference. I really hope to see you there, so make sure you get a ticket as soon as possible!


Jul052018July 5, 2018July 5, 20180Commentby Thomas Maurer
Windows Users with PowerShell

Manage Local Windows User with PowerShell

Posted in Active Directory, Cloud, IT, Microsoft, Microsoft Azure, Office365, PowerShell, Windows, Windows 10, Windows Server, Work

Awhile ago Microsoft added a new PowerShell module to manage local Windows user accounts. This post should quickly show you how easily you can for example use PowerShell to create a new Windows User account, remove a Windows user account or modify windows users and groups with PowerShell.

List Windows User accounts with PowerShell

The most simple one is obviously to list Windows users or groups, using the PowerShell Get- commands.

List all local Windows Users:

List all local Windows Groups:

Create new Windows User account using PowerShell

There are three different account types you can add to Windows 10:

The following part describes how you can add them to your Windows system using PowerShell

To create a new Windows User account you can simply use the following command:

If you want to see that password you can also use this method, to create a new Windows User:

Create a new Windows User account connected to a Microsoft Account using PowerShell

With Windows 10 you have the opportunity to login using Microsoft Accounts, for example with outlook.com or hotmail.com email aliases. For that you can use the folloing command to create a new Windows User connected to a Microsoft Account. In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.

You can also add Azure Active Directory (Azure AD) accounts if your business is for example using Office 365. The following command adds an Azure AD account to the local Windows Users:

Remove Windows User account using PowerShell

You can also simply remove user accounts from Windows using PowerShell. The following command will delete the account:

Change password of a Windows User account using PowerShell

To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet. This also has some other options as well, but one of the most common ones is to reset the password.

Rename a Windows User account using PowerShell

To rename a Windows User account with PowerShell, you can use the following command:

Add Windows User account to group using PowerShell

This command for example adds users to the Windows Administrator group:

I hope this gives you a quick overview how you can manage local Windows User accounts using PowerShell.


Jul042018July 4, 2018July 4, 20180Commentby Thomas Maurer
Inked Azure Security Center Just in time VM access_LI

Azure – Just in Time VM access

Posted in Cloud, IT, Microsoft, Microsoft Azure, PowerShell, Virtualization, Windows Server, Work

If you run virtual machines with public IP address connected to the internet, attackers immediately try to run attacks against it. Brute force attacks commonly target management ports, like RDP or SSH, to gain access to a VM. If the attacker is successful, he can take control over the VM and access other resources in the environment. To address that issue it is highly recommended to reduce the ports open, especially for the management ports. However, sometimes you will need to open to ports for some of the virtual machines for management tasks. Microsoft Azure has a simple way to address this issue, called Just in time virtual machine (VM) access. Just in time VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

How does Azure Just in Time VM Access work

In the Azure Security Center you can enable just in time VM access, this will create a Network Security Rule (NSG) to lock down inbound traffic to the Azure VM. During the initial JIT VM access configuration, you will be configuring the ports specified, which will be managed by Azure Security Center, these ports will be locked down by the Azure Security Center using an NSGs.

Configure Azure just in time VM access

Inked Configure Just in time VM access_LI

Azure JIT VM access is configured in the Azure Security Center. To configure and enable JIT on a virtual machine open up the Azure Security Center and click on Just in time VM access.

Here you will find three states, Configured, Recommended and No recommendation.

  • Configured – VMs that have been configured to support just in time VM access. The data presented is for the last week and includes for each VM the number of approved requests, last access date and time, and last user.
  • Recommended – VMs that can support just in time VM access but have not been configured to. We recommend that you enable just in time VM access control for these VMs. See Configuring a just in time access policy.
  • No recommendation – Reasons that can cause a VM not to be recommended are:
    • Missing NSG – The just in time solution requires an NSG to be in place.
    • Classic VM – Security Center just in time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just in time solution.
    • Other – A VM is in this category if the just in time solution is turned off in the security policy of the subscription or the resource group, or that the VM is missing a public IP and doesn’t have an NSG in place.

To configure you click on Recommended and select the Virtual Machine, for which you want to enable JIT.

Click on Enable JIT on VMs and configure the ports which should be managed by Just in time VM Access. Just in time VM access will recommend some default ports like RDP, SSH and PowerShell Remoting. You can also add other ports to the virtual machine if you want or need to.

Requesting Just in time VM Access for Azure Virtual Machine

Request Just in time VM access

On the Configured section, you can select the VM you want to request access to and click on Request access. You can now select the ports you want to be open for a specific time and a specific IP address. This will open up the ports and after 2-3 minutes you will be able to access the virtual machine.

To send such a request, the user which requests access to the Virtual Machine needs to have write access to the virtual machines in the Azure Role-Based Access Control (RBAC).

Auditing Azure just in time VM access activity

Of course all the request get logged and can be reviewed in the Activity Log.

Licensing of Azure just in time VM access

Azure just in time VM access is licensed over Azure Security Center and needs the Standard Tier to be enabled for the specific virtual machine.

I hope this gives you an idea how you can leverage Just in time VM access in Azure for your workloads.


Jul012018July 1, 2018July 10, 20180Commentby Thomas Maurer
Microsoft MVP 2017-2018

Microsoft MVP 2018-2019 Cloud and Datacenter Management and Microsoft Azure

Posted in Award, Certification, Cloud, Hyper-V, IT, Microsoft, Microsoft Azure, Microsoft Azure Stack, Microsoft MVP, Private Cloud, System Center, Virtualization, Windows, Windows Server, Work

I am proud to announce that I was awarded today by Microsoft, with the Microsoft Most Valuable Professional (MVP) Award for 2018-2019 in two major categories Cloud and Datacenter Management and Microsoft Azure. This is my 7th Microsoft MVP award since 2012, and I couldn’t be more excited about this one.

Dear

Thomas Maurer,

We’re once again pleased to present you with the 2018-2019 Microsoft Most Valuable Professional (MVP) award in recognition of your exceptional technical community leadership. We appreciate your outstanding contributions in the following technical communities during the past year:

 

·   Cloud and Datacenter Management

·   Microsoft Azure

The Microsoft MVP award title is a huge honor and it stand for the contributions I have been doing in the IT community as an Microsoft expert for the past years. The Microsoft MVP award also comes with some benefits, like a NDA and access to the Microsoft Product Groups, as well as the yearly Microsoft MVP Global Summit on the Microsoft Campus in Redmond. But one of the biggest benefit overall is that it gives you the opportunity to speak at different conferences all over the world. This and having the chance to speak with people from all over the world, which share the same passion is priceless.

Who are MVPs?

Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that’s what sets them apart.

 

Source https://mvp.microsoft.com/en-us/Overview

I need to thank many people which are helping me to achieve this and making the most out of it. I would like to thank my employer itnetX which is supporting me in the best possible way all these years, my current and former colleagues from which I can learn a lot, the Microsoft MVP community and of course Microsoft employees in Redmond and all over the world, to work with us and collect feedback. Last but definitely not least, I have to thank my girlfriend, which not only helps me out with many things, but also needs to be patient, with my extra work so many times. She is also one of my biggest and also most critical supporters. She helps me to understand things better, promote my activities better, fixing my blog post 😉 and makes all the traveling more joyful.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.


Jun292018June 29, 2018June 29, 20180Commentby Thomas Maurer
Windows Container Images

The New Windows Container Image

Posted in Cloud, Containers, Docker, Hyper-V, IT, Kubernetes, Microsoft, PowerShell, Virtualization, Windows, Windows 10, Windows Server, Windows Server 2016, Windows Server 2019, Work

At Microsoft Build 2018, Microsoft announced a new Windows container image, next to the Windows Server Core container image and the Nano Server container image. This new Windows container image is for applications and workloads which need additional API dependencies beyond Nano Server and Windows Server Core.

With the release of the latest Windows 10 Insider Preview (Build 17704), you can now download a preview of that container image. Your container host will need to run at least on the Windows Insider build 17704.

Windows Container Image

The IT world is transforming and Microsoft can see a huge demand by customers for containers. However the container images available today, Nano Server and Windows Server Core are lightweight versions of Windows and not including some of the components of Windows. A huge scenario for containers is to put legacy applications into containers. With the new Windows container image, Microsoft is offering a new option for applications who need more components which are not included in Windows Server Core, like DirectX or proofing support.

Microsoft Windows Container Images

As of today, Microsoft offers 3 container images in preview:

ImageVersionSize
mcr.microsoft.com/nanoserver-insider10.0.17704.1000232 MB
mcr.microsoft.com/windowsservercore-insider10.0.17704.10003.38 GB
mcr.microsoft.com/windows-insider10.0.17704.10008.07 GB

Getting started with Windows Containers

First you need to have a host running Windows Insider Preview Build 17704 or higher. After that you can simply use docker to get the latest Insider container images from the Microsoft Container Registry:

You can read more about the new Windows Container image here on the Microsoft Virtualization Blog.

If you want to know more about the production Container Images for Windows, check out my blog post: Docker Container Images for Windows Server 1709 and new tagging


Jun282018June 28, 2018July 12, 20180Commentby Thomas Maurer
Surface Peripherals

What Microsoft Surface Peripherals do I use

Posted in Hardware, Hardware, Home, IT, Microsoft, Surface, Windows, Windows 10

As you may know, the Surface devices are my work devices of choice since the first release of the Surface Pro back in 2013. I had a couple of different generations, like the Surface Pro 2, Surface Pro 3, the Surface Book and my current daily driver, the Surface Pro (2017). The Microsoft Surface devices are quiet known now, but what a lot of people don’t know, is that Microsoft also creates some great Surface peripherals for your Surface or your PC. So I try to go through what devices and peripherals I am using with my Surface.

The Keyboard

Surface Pro Signature Type Cover

When I am on the go, I obviously using the Surface Pro Signature Type Cover for my Microsoft Surface Pro. I decided to go with the grey Alcantara version, because the grey matches the other Surface devices perfectly and the Alcantara has this high-quality premium touch. I always liked the Surface Type Covers and Microsoft improved them a lot over the past years.

Microsoft Modern Keyboard

If I am at home and I connect my Surface Pro to the Surface Docking Station, which connects it to two external monitors, I use the Microsoft Modern Keyboard with Fingerprint ID. This keyboard is the successor of the Surface Keyboard and bringt the great feeling and quality from the Surface Type Cover and the Surface Book keyboard, to the desktop keyboard world. I especially like that is can be not only be connected wirelessly using Bluetooth, but also wired using USB. The USB port also let’s it charge the keyboard when the battery after 4 months goes down or in offices spaces where you want to use a wired keyboard. The big thing about the Microsoft Modern Keyboard is the integrated Fingerprint sensor, which allows you to use Windows Hello to login to your PC.

The Mouse

Surface Arc Mouse

Read More

Jun202018June 20, 2018June 20, 20180Commentby Thomas Maurer
Create Ubuntu Hyper-V Generation 2 Virtual Machine

How to Install Ubuntu in a Hyper-V Generation 2 Virtual Machine

Posted in Hyper-V, IT, Microsoft, Virtualization, Windows, Windows 10, Windows Server, Work

If you want to install Ubuntu or any other Linux inside a Hyper-V Generation 2 Virtual Machine you need to do a simple change to the VM so you can install it from ISO.  If you just create a Hyper-V Generation 2 Virtual Machine and try to start the Virtual Machine, the Virtual Machine will not boot from ISO. This is because of the Secure Boot feature which is included in Hyper-V Generation 2 Virtual Machines, and applies to all Linux operating systems running on Hyper-V.

How to Install Linux in a Hyper-V Generation 2 VM

Create a new Virtual Machine in the Hyper-V Manager

Create Ubuntu Hyper-V Generation 2 Virtual Machine

On the Hyper-V Virtual Machine Generation selection screen, choose Generation 2

Create Ubuntu Hyper-V Generation 2 VM

Attach the Ubuntu ISO Image to the virtual machine

Attach Ubuntu ISO to Hyper-V VM

After you have created the Virtual Machine using the wizard, go into the settings of the virtual machine. Switch to the Security section and choose the Microsoft UEFI Certificate Authority Secure Boot Template.

Now the Virtual Machine will boot from the Ubuntu ISO and you can install Ubuntu.



  • Follow Me

  • About

    Thomas Maurer

    My Name is Thomas Maurer. Microsoft MVP. Work as a Solutions Architect and Technology Lead for itnetX, a consulting and engineering company located in Switzerland. I am focused on Microsoft Technologies, especially Microsoft Cloud & Datacenter solutions based Microsoft System Center, Microsoft Virtualization and Microsoft Azure.

    Microsoft MVP

  • Sponsor

  • Sponsor

    Advertise on ThomasMaurer.ch

  • Sponsor

    Vembu BDR Suite

  • Sponsor

    Altaro Hyper-V eBook