Category: Work

All about my Work


AZ-500 Microsoft Certified Azure Security Engineer Associate

Passed Exam AZ-500 Microsoft Certified Azure Security Engineer Associate

The new Azure Security exam just came out of beta, and I took some time to learn and see if I would pass it. I am happy that I just passed exam AZ-500: Microsoft Azure Security Technologies, which focuses on Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access and protects data, applications, and networks. After passing this exam, you can call yourself a Microsoft Certified: Azure Security Engineer Associate. Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of the end-to-end infrastructure. That means this exam covers different topics across the Azure infrastructure and many various Azure services like Azure AD, Azure IaaS, Azure Networking, Azure Kubernetes Service (AKS), Databases, Azure Monitor, Azure Security Center and many more.

Exam AZ-500: Microsoft Azure Security Technologies

Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

You can find more detailed information on the Microsoft exam website. There you will find all the skills measured in this exam.

How to prepare for the AZ-500 exam

Microsoft Learn

Microsoft Learn

Exams always have a specific focus; this one covers a broad set of Azure security topics over different Azure services. This means you not only need to have particular security know-how, but also a good overview of the various Azure services. If you don’t have that right now, I recommend that you might start with other exams, such as AZ-900 and AZ-10X for the Microsoft Certified: Azure Administrator Associate. But if you want to go forward with the AZ-500 exam and become a Microsoft Certified: Azure Security Engineer Associate, first have a look at the more detailed information on the Microsoft exam website. Start reading through the Microsoft Docs about the different security topics mentioned in the skills measured, and also get some hands-on experience by trining out the various technologies. My favorite place to learn and understand some tutorial about different topics is Microsoft Learn! On Microsoft learn, you can use a lot of different learning modules, and some of them are focused on Azure Security. If you want to know more about Microsoft learn, check out my blog post: Microsoft Learn – A Great Place To Learn!

At Microsoft Ignite The Tour, our team also presented a session on securing your Azure environment, my session in Amsterdam was recorded, you can watch it here: Microsoft Ignite The Tour 2019 Azure Hybrid Session Recordings.

With that, I wish you happy learning and good luck with the AZ-500 Microsoft Azure Security Technologies exam!



Microsoft Hyper-V Server 2019

Download Hyper-V Server 2019 now

A lot of people have been waiting for this. After the release of Windows Server 2019 back in October 2018, you were able to download Windows Server 2019 Standard, Datacenter and Essentials. Today you can also download Microsoft Hyper-V Server 2019. This is the free version of the Hyper-V role which you can find in Windows Server 2019. It includes all the great Hyper-V virtualization features like the Datacenter Edition. This is especially interesting if you don’t need to license Windows Server VMs, and is ideal when you run Linux Virtual Machines or VDI VMs.

This version of Hyper-V also comes with a lower footprint, since it is only available as Server Core and doesn’t include any other roles and features, which are not related to virtualization. That said, it does not come with other Software Defined Datacenter features like Storage Spaces Direct (S2D). These features are only included in the Windows Server Datacenter edition.

Microsoft Hyper-V Server is a free product that delivers enterprise-class virtualization for your datacenter and hybrid cloud. Microsoft Hyper-V Server 2019 provides new and enhanced features that can help you deliver the scale and performance needs of your mission-critical workloads.

The Windows hypervisor technology is the same as what’s in the Hyper-V role on Windows Server 2019. It is a stand-alone product that contains only the Windows hypervisor, a Windows Server driver model, and virtualization components. It provides a simple and reliable virtualization solution to help you improve your server utilization and reduce costs.

You can download Microsoft Hyper-V Server 2019 ISO from the Microsoft Evaluation Center. You should also have a look at the Windows Admin Center, which is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs

If you want to learn more about the new Hyper-V and Windows Server 2019 features, check out my blog: Windows Server 2019 – What’s coming next



Microsoft Certified Trainer MCT

MCT Microsoft Certified Trainer 2019

After becoming a Microsoft Certified Trainer (MCT) back in 2017, I am happy to let you know that I requalified for the Microsoft Certified Trainer in 2019. Being an MCT again is a great honor and I am happy to be part of this community, even I am now working for Microsoft.

Microsoft Certified Trainers (MCTs) are the premier technical and instructional experts in Microsoft technologies. Join this exclusive group of worldwide Microsoft technical training professionals and reap the benefits of MCT training certification and membership. You will get exclusive benefits as an MCT including access to the complete library of official Microsoft training and certification products, substantial discounts on exams, books, and Microsoft products. In addition, you will be able to use Microsoft readiness resources to help you enhance your training career and engage with other MCT members in an online community forum. You will also receive invitations to exclusive Microsoft and local MCT community events.

Microsoft Certified Trainer 2019-2020

If you want to know more about becoming a Microsoft Certified Trainer or if you want to know more about Microsoft Certifications, please let me know in the comments. If you want to know more about the latest Azure exams like AZ-10X, AZ-30X or AZ-900, check out my blog posts.

You can find a general overview of the new Azure Certifications here.



Experts Live Netherlands 2019 - Tech panel

Speaking at Experts Live Netherlands 2019 Breakout and Tech Panel!

I am happy to let you know that I will be speaking again at Experts Live Netherlands 2019! Experts Live Netherlands 2019 will take place on 6 June 2019 in Den Bosch. I have excellent professional and personal memories from the latest Experts Live Netherlands conference, and it is always a tremendous honor to speak at a such a great event. This year again, I will be talking about Windows Server 2019 and how it is will enable your hybrid datacenter.

Besides my Windows Server 2019 breakout session, I am proud to also be part of the keynote tech panel with Mary-Jo Foley, Paul Thurrott, and Marc van Eijk.

Windows Server 2019 - The Next big thing for Hybrid Cloud

Join this session for the best of Windows Server 2019, about the innovation and improvements of Windows Server. Learn how Microsoft enhances the SDDC feature like Hyper-V, Storage, and Networking and get the most out of the new Azure Hybrid Integration and Container features. You’ll get an overview of the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations in Windows Server 2019 and the Semi-Annual Channel including • Windows Server Containers • Azure Integration • Hyper-V features • Storage • Networking • Security • Windows Server Containers • And more!

There are still a couple of tickets left, so make sure you reserve yours soon! Our Microsoft Azure Cloud Advocates team with Anthony Bartolo, Orin Thomas and I, are hoping to see you there!



How to Install AzCopy

How to Install AzCopy for Azure Storage

AzCopy is a command-line tool to manage and copy blobs or files to or from a storage account. It also allows you to sync storage accounts and move files from Amazon S3 to Azure storage. In this blog post, I will cover how to install AzCopy on Windows, Linux, macOS, or in update the version in the Azure Cloud Shell.

AzCopy v10 is now generally available to all of our customers and provides higher throughput and more efficient data movement compared to the earlier version of AzCopy (v8). Version 10 also adds additional functionality like sync of blob storage accounts and much more.

Install AzCopy

You can get the latest version of AzCopy from here: Get started with AzCopy

Install AzCopy on Windows

To install AzCopy on Windows, you can run the following PowerShell script, or you can download the zip file and run it from where ever you want. This script will add the AzCopy folder location to your system path so that you can run the AzCopy command from anywhere.

 
#Download AzCopy
Invoke-WebRequest -Uri "https://aka.ms/downloadazcopy-v10-windows" -OutFile AzCopy.zip -UseBasicParsing
 
#Curl.exe option (Windows 10 Spring 2018 Update (or later))
curl.exe -L -o AzCopy.zip https://aka.ms/downloadazcopy-v10-windows
 
#Expand Archive
Expand-Archive ./AzCopy.zip ./AzCopy -Force
 
#Move AzCopy to the destination you want to store it
Get-ChildItem ./AzCopy/*/azcopy.exe | Move-Item -Destination "C:\Users\thmaure\AzCopy\AzCopy.exe"
 
#Add your AzCopy path to the Windows environment PATH (C:\Users\thmaure\AzCopy in this example), e.g., using PowerShell:
$userenv = [System.Environment]::GetEnvironmentVariable("Path", "User")
[System.Environment]::SetEnvironmentVariable("PATH", $userenv + ";C:\Users\thmaure\AzCopy", "User")

Install AzCopy on Linux

To install AzCopy on Linux, you can run the following shell script, or you can download the tar file and run it from where ever you want. This script will put the AzCopy executable into the /usr/bin folder so that you can run it from anywhere.

 
#Download AzCopy
wget https://aka.ms/downloadazcopy-v10-linux
 
#Expand Archive
tar -xvf downloadazcopy-v10-linux
 
#(Optional) Remove existing AzCopy version
sudo rm /usr/bin/azcopy
 
#Move AzCopy to the destination you want to store it
sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/

Authorize with Azure Storage

When you start working with Azure Storage, you have two options to authorize against the Azure Storage. You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.

It also depends on which services you want to use.

Storage typeSupported method
Blob storageAzure AD and SAS
Blob storage (hierarchical namespace)Azure AD
File storageSAS only

Authenticate using Azure AD

To authenticate with AzCopy using Azure AD, you can use the following command

 
azcopy login

Authenticate using SAS token

To authenticate with AzCopy using a SAS token you can use this command as an example

 
azcopy cp "C:\local\path" "https://account.blob.core.windows.net/mycontainer1/?sv=2018-03-28&ss=bjqt&srt=sco&sp=rwddgcup&se=2019-05-01T05:01:17Z&st=2019-04-30T21:01:17Z&spr=https&sig=MGCXiyEzbtttkr3ewJIh2AR8KrghSy1DGM9ovN734bQF4%3D" --recursive=true

To make things easier you can use Azure PowerShell to generate the SAS token for you. I wrote a blog post on ITOPSTALK.com about how you can do that. You can get the SAS token using the following Azure PowerShell command. If you are running Linux or macOS, you can find on this blog post, how to install PowerShell 6.

 
Connect-AzAccount
Get-AzSubscription
 
$subscriptionId = "yourSubscriptionId"
$storageAccountRG = "demo-azcopy-rg"
$storageAccountName = "tomsaccount"
$storageContainerName = "images"
$localPath = "C:\temp\images"
 
Select-AzSubscription -SubscriptionId $SubscriptionId
 
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $storageAccountRG -AccountName $storageAccountName).Value[0]
 
$destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
 
$containerSASURI = New-AzStorageContainerSASToken -Context $destinationContext -ExpiryTime(get-date).AddSeconds(3600) -FullUri -Name $storageContainerName -Permission rw
 
azcopy copy $localPath $containerSASURI --recursive

To learn more about SAS tokens, check out Using shared access signatures (SAS).

I hope this helps you to install AzCopy and configure it. If you have any questions, feel free to leave a comment.



Experts Live Switzerland 2019

Speaking at Experts Live Switzerland 2019

I’m excited to be chosen again as a speaker at Experts Live Switzerland 2019. Experts Live Switzerland 2019 will take place on June 20 in the new Workspace Welle 7 in ​Bern Switzerland. Experts Live Switzerland is a one-day event with 17 sessions in three parallel tracks focusing on Microsoft Cloud, Datacenter and Workplace Management topics, with Microsoft MVPs, speakers from Microsoft and other industry experts.

I am happy to speak about Microsoft Azure Stack and how you can extend Azure to your locations. I will also give an overview of the newly announced Azure Stack HCI solutions.

Extend the Intelligent Cloud to the Edge with Azure Stack and Azure Stack HCI

Azure Stack allows you to extend Azure to your datacenter and run Azure Services under your terms. With Azure Stack HCI, the latest member in the Azure Stack family, we also offer a great hyper-converged infrastructure solution, with optional Azure connected services. Find out more about Azure Stack and Azure Stack HCI, how these solutions can help you to in your Hybrid Cloud strategy. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience.

Experts Live Switzerland 2019 is limited to only 200 attendees, so make sure you reserve your ticket right now! There will be a lot of other great sessions and a lot of experts from the Microsoft Cloud community. One of the main advantages of joining the Experts Live events is that you get this great networking opportunity to learn from each other.

Some more information about the conference:

  • 1-day event
  • In the heart of Switzerland (Bern)
  • Keynote about Azure Switzerland
  • 17 sessions
  • 3 parallel tracks
  • Top Community speakers
  • limited to 200 attendees
  • Partner booths in the expo hall
  • modern location
  • focusing on Microsoft Cloud Technology

I hope to see you all there!



Windows Sandbox

How to configure Windows Sandbox

With the latest release of Windows 10 (1903), Microsoft introduced a new feature called Windows Sandbox. Windows Sandbox is based on Hyper-V technology and allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. In this blog post, I will show you how you can set up and configure Windows Sandbox in Windows 10. I will also cover how you can do an advanced configuration of your Windows Sandbox using Windows Sandbox config files.

The sandbox is great for demos, troubleshooting or if you are dealing with malware. If you close the sandbox, all the software with all its files and state are permanently deleted. It is a Windows 10 virtual machines, with the advantage that it is built into Windows 10, so it leverages the existing OS, which gives you faster startup, less footprint, better efficiency, and easier handling, without losing security.

Dynamic Image

Source: Microsoft

Windows Sandbox is a lightweight virtual machine with an operating system. The significant advantage which makes it so small is the usage of existing files from the host, for data which cannot change. For the files which can change, it uses a dynamically generated image, which is only ~100MB in size.

There are much more exciting things happening with the Windows Sandbox like smart memory management, Integrated kernel scheduler, Snapshot and clone, Graphics virtualization and Battery pass-through. If you want to find out more about the Windows Sandbox, check out the official blog post.

Prerequisites

Windows Sandbox comes with a couple of requirements. How more powerful your machine is, the better the experience will be.

  • Windows 10 (1903) Pro or Enterprise build 18362 or later
  • 64-bit architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • 1GB of free disk space (SSD recommended)
  • 2 CPU cores (4 cores with hyperthreading recommended)