Category: Microsoft

Mar192020March 19, 2020March 17, 20202Commentsby Thomas Maurer
Connect Ubiquiti UniFi Dream Machine to Azure VPN

Connect Ubiquiti UniFi Dream Machine to Azure VPN

Posted in Cloud, Hardware, Microsoft, Microsoft Azure

A couple of days ago I got a Ubiquiti UniFi Dream Machine, which is an all-in-one device with an access point, 4-port switch, and a security gateway. After the basic setup, I wanted to connect my Ubiquiti UniFi Dream Machine USG to an Azure VPN Gateway (Azure Virtual Gateway), using Site-to-Site VPN. In this blog post, I am going to show you how you can create a site-to-Site (S2S) VPN connection from your Ubiquiti UniFi Dream Machine to Azure Virtual Network Gateway.

Azure Virtual Network Gateway and Connection

I already have a virtual network in Azure with the address space 10.166.0.0/16, and I also deployed the Azure Virtual Network Gateway connected to that vNet. The next thing I did was to add a connection to the gateway.

Azure VPN Connection

Azure VPN Connection

You need the following:

  • Name for the connection
  • Set Connection type to Site-to-site (IPSec)
  • Create a local network gateway (basically the configuration of your local VPN gateway.
  • Define a shared secret

Configure Ubiquiti UniFi Dream Machine VPN connection

Now you can switch to your UniFI Dream Machine, which has an UniFI USG integrated. Under settings go to Networks and click on Create new Network

UniFi Network Azure VPN

UniFi Network Azure VPN

Here you configure the following:

  • Name of your VPN connection
  • VPN Type Manuel IPSec
  • Remote Subnets which is the Azure vNet address space (in my case 10.166.0.0/16)
  • Peer IP which is the public IP address of the Azure virtual network gateway
  • Local WAN IP
  • the pre-shared key (shared secret)
  • IPSec Profile: Customized
  • Key Exchange Version: IKEv2
  • Encryption: AES-256
  • Hash: SHA1
  • DH Group: 2

After that, the VPN will connect and the status of your Azure virtual network gateway connection will change to connected.

Dream Machine Azure VPN Connection

Dream Machine Azure VPN Connection

You can now reach your Azure virtual machine using the private IP address range.

Connected Azure VPN

Connected Azure VPN

I hope this was helpful and show you how you can connect a Ubiquiti Unifi Dream Machine (USG) to an Azure Virtual Network using a site-to-site VPN connection. If you want to learn more about Azure Virtual Network Gateways check out the following documentation:

If you want to know more about point-to-site VPN connection to Azure check out my blog posts:

If you have any questions, feel free to leave a comment.


Mar162020March 16, 2020March 30, 202015Commentsby Thomas Maurer
AZ-303 Study Guide Azure Architect Technologies Exam Study Guide

AZ-303 Study Guide: Azure Architect Technologies

Posted in Certification, Cloud, Microsoft, Microsoft Azure

To get the Microsoft Certified: Azure Solutions Architect Expert certification, there are two new exams which you need to pass, the AZ-303: Microsoft Azure Architect Technologies and the AZ-304: Microsoft Azure Architect Design exam. In this blog post, I am going to share my AZ-303: Microsoft Azure Architect Technologies Certification Exam Study Guide with you. To learn and prepare for the exam, I usually use a couple of online resources, mainly Microsoft Docs and Microsoft Learn, which I am going to share with you. You can find more information about how I prepare for a Microsoft Certification exam on my blog post: How to prepare and pass Microsoft Certification Exam.

NOTE: This exam will be available on or around April 28, 2020.

Also, check out other Microsoft Azure Certification Exam Study Guides:

Here is my AZ-303 Microsoft Azure Architect Technologies Certification Exam Study Guide

It is essential to get familiar with the exam objectives and skills measured first. That is why I recommend reading the description of the exam and the skills measured.

Exam AZ-303: Microsoft Azure Architect Technologies

Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.

Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.

The high-level view of the skills measured in the exam:

  • Implement and Monitor an Azure Infrastructure (50-55%)
  • Implement Management and Security Solutions (25-30%)
  • Implement Solutions for Apps (10-15%)
  • Implement and Manage Data Platforms (10-15%)

You can find more information on the exam website.

Free Online Microsoft Learn AZ-303 Exam Study Guide resources

Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. They not just offer reading material, but also control questions and free online labs. Here are some relevant Microsoft Learn modules and learning paths for the AZ-303 Microsoft Azure Architect Technologies Certification Exam. Microsoft Learn is an important part of my AZ-303 exam study guide.

Microsoft Docs AZ-303 study guide resources

One thing I always used to prepare for my Microsoft exams is Microsoft Docs. Here are the relevant Microsoft Docs which I used to prepare and study for the AZ-303 exam.

Read More

Mar152020March 15, 2020March 15, 20200Commentby Thomas Maurer
Azure Friday - Manage and govern your hybrid servers using Azure Arc

Azure Friday: Manage hybrid servers using Azure Arc

Posted in Cloud, Cloud Advocate, Microsoft, Microsoft Azure, Speaking, Thomas Maurer, Webinar, Windows Admin Center, Windows Server, Work

Last Friday, I had the chance to join Donovan Brown on Azure Friday to talk about how you can manage and govern your hybrid servers using Azure Arc. I showed how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. You can watch the full episode here on Microsoft Channel 9.

Azure Friday - Manage and govern your hybrid servers using Azure Arc

Azure Friday – Manage and govern your hybrid servers using Azure Arc

If you want to know more about the Azure Arc and Azure Hybrid services, check out the following blog post and Microsoft Docs articles:

If you want to check out my other Azure Friday episode, in which I was joining Scott Hanselman to talk about how you can connect Windows Server to Azure Hybrid Cloud services using Windows Admin Center. And how you can use other Azure Hybrid services to improve your on-premises environment, check out my blog here.

I hope you liked this Azure Friday episode about how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, using Azure Arc for servers. If you have any questions, feel free to leave a comment. And yes, this is a Surface Pro X.


Mar122020March 12, 2020March 15, 20200Commentby Thomas Maurer
Azure Policy

Keep control of your Azure environment with Azure Policy

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, PowerShell

Keeping control of your Azure environment and your Azure tenant can be challenging. Azure Policy is a fundamental part of Azure Governance to maintain control of your environment. With Azure Policy, you can enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. For example, you can limit the deployment to specific virtual machines types and sizes, or block different Azure regions from being used. You can still give developers and IT Pros access to the Azure environment and subscriptions but always stay in control.

  • Real-time policy enforcement and evaluation
  • Cloud policy management and security at scale
  • Automated remediation of existing resources
  • Comprehensive compliance view of all your resources across your Azure subscriptions

You use Azure Policy not just to enforce rules, but also to only audit your environment. This enables you to see the resources which are not compliant with your company policies instead of just blocking the deployment.

Have a look at my other blog posts about:

Cloud-Native Governance

Cloud-Native Governance

Why not just use RBAC?

Azure Policy is complementary to role-based access control (RBAC), and are both part of the overall Azure Governance tools.

There are a few key differences between Azure Policy and role-based access control (RBAC). RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.

Read More

Mar102020March 10, 2020March 10, 20203Commentsby Thomas Maurer
Visual Studio Code Azure Virtual Machines Extension

Create and Manage Azure VMs from VS Code

Posted in Cloud, Microsoft, Microsoft Azure, Virtualization, Visual Studio Code

With the new Azure Virtual Machines (VMs) extension for Visual Studio Code (VS Code), you can now create and manage Azure VMs directly from VS Code. This is a great new extension if you are working with VS Code and Microsoft Azure. The extension is currently in preview and lets you view, create, delete, start and stop Azure Virtual machines, as well as adding SSH keys to existing Azure VMs.

Get started

To get started with the Azure Virtual Machine extension in Visual Studio Code, simply follow these steps:

  1. Download and install the Azure Virtual Machines extension for Visual Studio Code
  2. Once complete, you’ll see an Azure icon in the Activity Bar
  3. Sign in to your Azure account by clicking Sign in to Azure. If you don’t have an Azure account yet, you can create a free Azure account here.
Free Azure Account

Free Azure Account

If you don’t have an Azure account yet, you can sign up today for your free Azure account and receive 12 months of free popular services, $200 free credit, and 25+ always free services.

Create an Azure VM in VS Code

You can now create Azure VMs directly from Visual Studio Code. The wizard will ask you for a VM name, username, Azure region, and passphrase.

VS Code creating Azure Virtual Machines

VS Code creating Azure Virtual Machines

This will create an Azure VM Standard D2s V3 (2 CPU Cores & 8 GB of ram) with the image Ubuntu 18.04-LTS. An SSH key will be created, and your SSH Config file (~/.ssh/config) will be updated so you can immediately connect via SSH ($ ssh vm-name) or using the Remote-SSH extension. You can find more information about how you can connect to Azure VM using Visual Studio Code in my blog post.

Azure VM management in VS Code

Azure VM management in VS Code

Having the possibility to manage Azure VMs and connect with them directly within Visual Studio makes working with these tools and Azure much more convenient.

I hope you can go and try out the Azure VM extension for VS Code. If you have any questions, please feel free to leave a comment.


Mar082020March 8, 2020March 15, 20200Commentby Thomas Maurer
Home Office Setup 2020

My Home Office Setup 2020 – How does yours look like?

Posted in Fun, Hardware, Hardware, Microsoft, Office, OneNote, Surface, Thomas Maurer, Windows, Windows 10, Work

A couple of days ago, Microsoft and other companies recommended that people work from home (if they can) due to the Corona disease (COVID-19). Since I am part of a remote team, I work mostly from home when I am not traveling, and so let me share my home office setup 2020 with you. I did share my home office setup already in 2018 after we just moved. Since then, I have upgraded my home office with a couple of new things, which I believe make working from home even more productive and enjoyable.

This is it, this is my Home Office Setup in 2020

Here is a quick view at my desk setup:

Read More

Mar072020March 7, 2020March 7, 20200Commentby Thomas Maurer
Microsoft Virtual Training Day NL

Speaking at the Microsoft Virtual Training Day NL

Posted in Certification, Cloud, Cloud Advocate, Hyper-V, Microsoft, Microsoft Azure, PowerShell, Speaking, Thomas Maurer, Windows Admin Center, Windows Server, Windows Server 2019

I am happy to let you know that I will be speaking at the free Microsoft Virtual Training Day NL online event on Wednesday, March 11th. You might have heard that Microsoft Ignite The Tour Amsterdam was canceled due to COVID-19. Microsoft Virtual Training Day NL is an alternative to speed you up and support you in your technical skills. This day will be full of technical sessions based on our Microsoft Learning Paths from Microsoft Ignite The Tour.

Join us during this digital event to get inspired and to learn from our technical specialists. We have great (inter)national speakers that will bring exclusive content and demos to you. Microsoft Ignite The Tour Amsterdam got cancelled due to COVID-19. Microsoft Virtual Training Day | NL is an alternative to speed you up and support you in your technical skills.

Explore the tracks

We offer 7 tracks including 5 sessions per track, based on the Learning Paths of Azure Cloud Native, Azure Data, Azure Infra & Ops, Business Applications, Power Platform, Modern Workplace and Surface. On the day itself you can join sessions of different tracks. Please see below the summarized schedule with all sessions.

I will be presenting in the Azure Infra & Ops track, which you can register here. You can now watch some of the Microsoft Ignite The Tour sessions online!

Azure Infra & Ops

Understand key cloud concepts and core services, and learn how Microsoft Azure allows you to build applications with the full power and resilience of the cloud. Also, learn how to migrate existing VM workloads to Azure and define governance, security, and policies for your Azure environment.

Free Online Event

Migrating IaaS workloads to Azure

Now that the migration of their server hosts from Windows Server 2008 R2 to Windows Server 2019 is complete, Tailwind Traders wants to begin the process of “lift and shift”: migrating some of their on-premises VMs they’ve been running in their datacenter. In this session, learn about how Tailwind Traders began the process of migrating some of their existing VM workloads to Azure and how this allowed them to retire aging server hardware and close datacenter and server rooms that were costing the organization a substantial amount of money.

Free Online Event

Azure governance and management

Tailwind Traders’ deployments are occurring in an ad hoc manner, primarily driven by lack of protocol and unapproved decisions by various operators or employees. Some deployments even violate the organization’s compliance obligations, such as being deployed in an unencrypted manner without DR protection. After bringing their existing IaaS VM fleet under control, Tailwind Traders wants to ensure future deployments comply with policy and organizational requirements. In this session, walk through the processes and technologies that will keep Tailwind Traders’ deployments in good standing with the help of Azure Blueprints, Azure Policy, role-based access control (RBAC), and more.

Free Online Event

Hybrid management technologies

Tailwind Traders has now migrated the majority of their server hosts from Windows Server 2008 R2 to Windows Server 2019. Now, they are interested in the Azure hybrid technologies that are readily available to them. In this session, learn how Tailwind Traders began using Windows Admin Center and Azure Arc to manage its fleet of Windows Server computers and integrated hybrid technologies, such as Azure File Sync, Azure Site Recovery, and Azure Update Management, to improve deployment performance and manageability.

If you want to watch the Microsoft Ignite The Tour sessions online, join us online for the Microsoft Virtual Training Day NL event. I hope to see you there virtually!



  • Follow Me

  • About

    Thomas Maurer

    My name is Thomas Maurer. I am a Senior Cloud Advocate at Microsoft. I am part of the Azure engineering team (Cloud + AI) and engage with the community and customers around the world. I am located in Switzerland. I am focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server. Opinions are my own.

  • Get Updates

  • Sponsor

  • Sponsor

    Starwind

  • Sponsor

    SquaredUp Ad

  • Sponsor

    Altaro World Backup Day