Microsoft Tech Summit 2018 Switzerland

Speaking about Azure Stack at the Microsoft Tech Summit Switzerland 2018

I am proud to announce that I am speaking at the Microsoft Tech Summit Switzerland 2018. The Microsoft Tech Summit is a new format of Microsoft conferences all around the world, and the successor of the Microsoft TechDays in Switzerland. The Microsoft Tech Summit is a free 2 day event covering the latest in cloud technologies  for IT professionals and developers from February 28 – March 1, 2018.

We are proud to offer you an impressive line-up of keynote speakers such as Mark Russinovich, CTO of Microsoft Azure and Patrick Chanezon, chief developer advocate at Docker, the world’s leading software container platform. We further decided to dedicate 50% of all break out session to OSS to show that we don’t just say that we love OSS, but actually live it.

Plus, you will have the chance to experience the unique Microsoft HoloLens and Mixed-Reality glasses on-site! Our diverse and disruptive exhibition is also featuring surprising showcases by our partners.

In my session on day two I will speak about Azure Stack and my experience deploying it for customers.

Azure Stack - Your Cloud, Your Datacenter

Microsoft released Azure Stack as an Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate an Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

Btw. itnetX will be there with a booth as a Gold Sponsor! I hope I will see you there!

System Center

Microsoft released System Center 1801 Semi-Annual Channel

Microsoft just release the first Semi-Annual Channel release for System Center, called System Center, version 1801. This is the first release which now comes out to support the Windows Server Semi-Annual Channel releases like 1709 and also brings some new features and performance improvements.

System Center, version 1801 is the first of our Semi-Annual Channel releases delivering new capabilities at a faster cadence. Semi-Annual Channel releases have an 18-month support policy. In addition, we will continue to release in the Long-Term Servicing Channel (LTSC) at a lower frequency. The LTSC will continue to provide 5 years of mainstream support followed by 5 more years of extended support.

What’s in System Center, version 1801?

System Center, version 1801 focuses on enhancements and features for System Center Operations Manager, Virtual Machine Manager, and Data Protection Manager. Additionally, security and bug fixes, as well as support for TLS 1.2, are available for all System Center components including Orchestrator, Service Management Automation, and Service Manager.

I am pleased to share the capabilities included in this release:


  • Support for additional Windows Server features in Virtual Machine Manager: Customers can now setup nested virtualization, software load balancer configuration, and storage QoS configuration and policy, as well as migrate VMware UEFI VM to Hyper-V VM. In addition to supporting Windows Server, version 1709, we have added support for host monitoring, host management, fall back HGS, configuration of encrypted SDN virtual network, Shielded Linux VMs on Hyper-V management, and backup capabilities.
  • Linux monitoring in Operations Manager: Linux monitoring has been significantly improved with the addition of a customizable FluentD-based Linux agent. Linux log file monitoring is now on par with that of Windows Server (Yes, we heard you! Kick the tires, it really works).
  • Improved web console experience in Operations Manager: The System Center Operations Manager web console is now built on HTML5 for a better experience and support across browsers.
    Updates and recommendations for third-party Management Packs: System Center Operations Manager has been extended to support the discovery and update of third-party MPs.
  • Faster, cost-effective VMware backup: Using our Modern Backup Storage technology in Data Protection Manager, customers can backup VMware VMs faster and cut storage costs by up to 50%.
  • And much more including Linux Kerberos support and improved UI responsiveness when dealing with many management packs in Operations Manager. In Virtual Machine Manager, we have enabled SLB guest cluster floating IP support, added Storage QoS at VMM cloud, added Storage QoS extended to SAN storage, enabled Remote to VMs in Enhanced Session mode, added seamless update of non-domain host agent, and made host Refresher up to 10X faster.

You can get System Center, version 1801 from the Evaluation Center or the Volume Licensing Service Center.


Announcing the itnetX PowerShell DSC Manager

Less than a year ago I worked with a couple of enterprise customers and had some interesting talks about configuration management in a modern Windows Server based datacenter where PowerShell DSC is the obvious. However the lack of graphic on premise management tools was a huge challenge for a lot of companies. While the concept of writing your configurations may not seem complicated, appropriately distributing them to machines and being able to report on the status is something that is very challenging to do on-prem. That’s where the idea was born to bring a graphical user experience for PowerShell DSC.


Within itnetX we have done a couple of projects for service providers and other customers to help them automate deployments but also do configuration management, which provides us with the technical knowledge and experience what customers truly need.

Today I am happy to announce the itnetX DSC Manager.

Our customers love DSC to manage the configuration of their servers. However, they complain that maintaining DSC and getting insights is very cumbersome due to the lack of a user interface.

With DSC Manager, we respond to our customers with an easy to use and fresh user experience for having DSC under total control.

Dieter Gasser, itnetX Head of Product Management

itnetX DSC Manager


The itnetX DSC Manager provides a single pane of glass for all your clients, configurations and modules, regardless of where they are in your datacenter. itnetX DSC Manager allows you to implement configuration management the way DSC was intended from the beginning. Allowing you to effectively mitigate configuration drift, reconfigure servers with a few clicks and report on the configuration of any one server or group of servers

Key Benefits

  • Easy to read reports & dashboards
  • Remote configuration of LCM
  • Graphically view and build configurations
  • Manage large estates of PullServers
  • Build into existing automation with REST
  • Audit changes for compliance


  • HTML reports and dashboards
  • Assign Named and Partial configurations
  • Configure LCM remotely to control for example reboot behavior
  • Visually view and build configurations
  • Manage agents from multiple PullServers
  • Manage Module repository
  • Automate via REST

Get Free Trial

DSC Manager is delivered as a prepackaged web application. The installation is simple and the clients can be installed and up and running within minutes. You can use DSC Manager for free to manage up to 5 clients. For managing more clients, you will require a license.

Big thanks goes to itnetX and the team behind the DSC Manager. itnetX also has a process in place which allows employees to build and work on their own ideas and bring them to market. Together with DSC experts like Ryan Bartram itnetX started that journey and we finally have something to celebrate.

Btw: If you need some help for a faster setup, check out: the Quick itnetX DSC Manager Installer script, which removes a couple of manual tasks.


Azure Stack Tools

Setup an Azure Stack Cloud Operator and Developer Workstation Environment

If you are responsable to manage and operate Azure Stack, you will need to enable a couple of tools to manage Azure Stack. This post should give you a summary of what you should do to setup your Azure Stack Operator and Developer workstation environment.

Operating System

Azure Stack Windows Admin Workstation

First of all you should setup a clean base system. I usually use the latest version of Windows 10, right now the latest Windows 10 version is the Fall Creators Update which give you some great features like the OpenSSH client or the Windows Subsystem for Linux build in, or I use Winodws Sevrer 2016 with Desktop Expierence. Make sure you install all the latest updates for Microsoft Update.

Install Visual Studio Code

PowerShell for Visual Studio Code

Visual Studio Code is a new, free, lightweight cross-platform code editor for building modern web and cloud applications on Mac OS X, Linux and Windows. It is perfect for editing JSON files and even writing some code. And it has a built-in Terminal so you don’t have to switch between different windows.

I recommend you install the following Extensions:

Install SSH Client or Windows Subsystem for Linux (WSL)

OpenSSH Windows 10

To manage Linux Virtual Machines running on Azure Stack or if you need to manage the hardware switches in Azure Stack or your border switches where Azure Stack is connected, SSH is the way to access it. Windows 10 now comes with several builtin options like the OpenSSH Client which you can install as addtional feature or for example the Windows Subsystem for Linux (WSL) which allows you to run several linux tools on Windows directly. If you are using another version of Winodws, the thrid party application PuTTY is your friend.

You can also using PowerShell to install it:

Install Azure Stack PowerShell

Install Azure Stack PowerShell

Azure Stack compatible Azure PowerShell modules are required to work with Azure Stack. PowerShell commands for Azure Stack are installed through the PowerShell gallery, you can run the following commands to install it: (Make sure there are no other Azure PowerShell Modules installed, if there are, the commands will remove them). If you also install Visual Studio, install Visual Studio first before you install the Azure Stack PowerShell.

If you need to install it on a machine which does not have access to the internet. check outthe offical Microsoft page: Install PowerShell for Azure Stack

Install Azure Stack tools

Azure Stack Tools

AzureStack-Tools is a GitHub repository that hosts PowerShell modules that you can use to manage and deploy resources to Azure Stack. This brings you several functionalities for Azure Stack management:

  • Deployment of Azure Stack – Helps prepare for Azure Stack deployment.
  • Resource Manager policy for Azure Stack – Constrains Azure subscription to the capabilities available in the Azure Stack.
  • Connecting to Azure Stack – Connect to an Azure Stack instance from your personal computer/laptop.
  • Setting up Identity for Azure Stack – Create and manage identity related objects and configurations for Azure Stack
  • Azure Stack Service Administration – Manage plans and subscriptions in Azure Stack.
  • Azure Stack Compute Administration – Manage compute (VM) service in Azure Stack.
  • AzureRM Template validator – Validate Azure ARM Template Capabilities
  • Azure Stack Infrastructure Administration – Manage Azure Stack Infrastructure

You can get the Azure Stack tools from GitHub:

You can directly open that folder in Visual Studio Code:

Configure Azure Stack PowerShell environment

As an Azure Stack user, you can configure your Azure Stack PowerShell environment. After you configure, you can use PowerShell to manage Azure Stack resources such as subscribe to offers, create virtual machines, deploy Azure Resource Manager templates, etc.

For an Azure Stack deployment which is using Azure Active Directory (AAD) as an Identity provider, you can use the following commands:

Install and configure CLI for use with Azure Stack

Azure CLI

You can also use the Azure CLI 2.0 to manage Azure Stack.

Install Azure CLI on Windows using MSI

To install the CLI on Windows and use it in the Windows command-line, download and run the Azure CLI Installer (MSI).

Install with apt-get for Bash on Ubuntu on Windows (WSL)

  1. Open the Bash shell.
  2. Modify your sources list.
  3. Run the following sudo commands:
  4. Run the CLI from the command prompt with the az command.

Connect to Azure Stack using the Azure CLI

If you are using Public Certificates for your Azure Stack, this is pretty staight forward, if you are using the Azure Stack Development Kit or an Internal CA, make sure your client trusts the Azure Stack CA root Certificate. You can find more here: Install and configure CLI for use with Azure Stack

Register your Azure Stack environment by running the az cloud register command.

Register as a cloud administrative environement:

  1. To register the cloud administrative environment, use:
  2. Set the active environment by using the following commands.
  3. Update your environment configuration to use the Azure Stack specific API version profile. To update the configuration, run the following command:
  4. Sign in to your Azure Stack environment by using the az login command. You can sign in to the Azure Stack environment either as a user or as a service principal.

Register the user environment, use:

  1. To register the user environment, use:
  2. Set the active environment by using the following commands.
  3. Update your environment configuration to use the Azure Stack specific API version profile. To update the configuration, run the following command:
  4. Sign in to your Azure Stack environment by using the az login command. You can sign in to the Azure Stack environment either as a user or as a service principal.

Install the Microsoft Azure Storage Explorer

Azure Stack Azure Storage Explorer

To access and manage Azure Stack Storage Accounts you can also use the Microsoft Azure Storage Explorer tool. Microsoft Azure Storage Explorer (Preview) is a standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, macOS and Linux.

If you are running the Azure Stack Development Kit, you should again have a look how you get the certificates implace, you can find that here: Connect Storage Explorer to an Azure Stack subscription

  1. Install the Microsoft Azure Storage Explorer
  2. After Storage Explorer  restarts, select the Edit menu, and then ensure that Target Azure Stack is selected. If it is not selected, select it, and then restart Storage Explorer for the change to take effect. This configuration is required for compatibility with your Azure Stack environment.
  3. To connect to the Azure Stack account, select Add an account.
  4. In the Connect to Azure Storage dialog box, under Azure environment, select Use Azure Stack Environment, and then click Next.
  5. To sign in with the Azure Stack account that’s associated with at least one active Azure Stack subscription, fill in the Sign in to Azure Stack Environment dialog box.
    The details for each field are as follows:Environment name: The field can be customized by user.
    ARM resource endpoint: The samples of Azure Resource Manager resource endpoints:For cloud operator:
    For tenant:
    Tenant Id: Optional. The value is given only when the directory must be specified.

This should help you quickly setup an Azure Stack Cloud Operator Workstation. What other tools do you need to manage and operator your Azure Stack? leave a comment.


Speaking at Experts Live Cafe January 2018 Edition in Bern

I am happy to announce and remind you that I will be speaking at the Experts Live Cafe in Bern this Friday. The Experts Live Cafe is a Swiss IT Pro Meetup run by the Microsoft MVPs Stefan Johner and Stefan Roth. Experts Live is a non-profit organization that has a mission to enable sharing of knowledge and experience about Microsoft technologies worldwide. The ExpertsLive Cafes are user group meetups which are designed to bring IT professionals closer together.

I will be covering one of two sessions about this months Experts Live Cafe and talk about Windows Server.

What is next for Windows Server

In Fall 2017 Microsoft has updated Windows Server to the next Semi-Annual Channel release with new features and improvements and Microsoft will now release new SAC and LTSC releases. Join this session for the best of Windows Server, learn how the new Servicing Model of Windows Server works and what does it mean to use SAC or LTSC releases, and what new improvement and features Microsoft offers in the latest releases such as 1709 and 1803. You’ll get an overview about the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job.

There should be still some free seats, so hopefully see you there!


Windows Server Insider Preview Build 17074

Sneak Peak of Windows Server 1803 (RS4) – Windows Server Insider Preview Build 17074

Yesterday, Microsoft announced a new Windows Server Insider Preview Build (17074) which will be released as the next Semi-Annual Channel release for Windows Server. This release will likely be called Windows Server 1803 (Codename: Restone 4), which is aligned to the Windows Client releases.

Microsoft talked about improvements in the next Windows Server releases and the investments in Containers and Storage Spaces Direct at Microsoft Ignite 2017, and we already got some early Windows Server Insider Preview builds to see what is coming next. The official list is not to big right now, but we can expect Microsoft to add and announce more features in the comment weeks and months.

What is new in Windows Server 1803 (RS4)

  • Storage Spaces Direct (S2D)
    • Microsoft adds Data Deduplication support Storage Spaces Direct and ReFS
    • Microsoft removed the requirement for SCSI Enclosure Service (SES) on the hardware, which enables more hardware to work with S2D
    • Storage Spaces Direct adds support for Persistent Memory (Storage Class Memory), which brings very fast and very low latency storage to S2D. The prices for this devices is still pretty high, but we can expect this to change in the future and we can also see them as a great use as caching devices.
    • Storage Spaces Direct now also supports Direct-connect SATA devices to AHCI controller, which also make more hardware work with S2D
    • CSV Cache is now enabled by default, which delivers an in-memory write-through cache that can dramatically boost VM performance, depending on your workload.
  • Failover Clustering
    • Azure enlightened Failover Cluster – This is a very exciting feature if you run Windows Server Failover Clusters in Microsoft Azure. This feature will let the Windows Server cluster know if there is Azure host maintenance going on and will exclude the specific cluster node from placing workloads on it.

      By making high availability software running inside of an Azure IaaS VM be aware of maintenance events of the host, it can help deliver the highest levels of availability for your applications.

  • Container
    • Microsoft promised to add more Container feature and provide updated Windows Server Container Images. One feature which made it already into this and early Preview builds is a long waited feature which caused some confusion before. Developers can now use localhost or loopback ( to access services running in containers on the host.
  • Other Improvements

As mentioned before we can expect Microsoft to add and announce new feature for the next Windows Server release in the next couple of weeks and months.

How to download the Windows Server Insider Preview

You can download the Windows Server Insider Previews from the Windows Server Insider Preview download page. If you are not yet an Insider, check out how to get one on the Windows Insider for Business portal.

Careful, this is pre-release software and it is not supported in production.

Test and Provide Feedback to Windows Server

For Microsoft it is very important that they get feedback about the latest releases. To send feedback use the Feedback Hub application in Windows 10, and choose the Server category with the right subcategory for your feedback.




Microsoft Edge Windows Defender Application Guard

Enable Windows Defender Application Guard on Windows 10 using PowerShell

A couple of days back I saw a tweet form Stefan Stranger (Consultant at Microsoft) which reminded me of a feature called Windows Defender Application Guard, which is included in Windows 10 Enterprise since the Fall Creators Update (1709). If you have never heard of Application Guard, you might want to check out this blog post: Introducing Windows Defender Application Guard for Microsoft Edge

Basically Windows Defender Application Guard starts Microsoft Edge in a Hyper-V Container and uses Hyper-V isolation. So if a user browses on a malicious site, the site is separate from the host operating system.

Application Guard Hardware Isolation

What is Windows Defender Application Guard and how does it work?
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.

Source: Windows Defender Application Guard overview

Usually Windows Defender Application Guard is configured using a Enterprise devices management tool like System Center Configuration Manager, Microsoft Intune or another third-party tool. But if you want to use this on your standalone Windows 10 PC you can also do this using PowerShell.

The only thing you need to run this is:

  • Windows 10 Enterprise 1709 (Fall Creators Update) or higher
  • A computer which supports Hyper-V
    • A 64-bit computer with minimum 4 cores is required for hypervisor and virtualization-based security (VBS)
    • Extended page tables, also called Second Level Address Translation (SLAT)
    • One of the following virtualization extensions for VBS:
      • Intel VT-x
      • AMD-V
    • Microsoft recommends 8GB RAM for optimal performance
    • 5 GB free space, solid state disk (SSD) recommended
    • Input/Output Memory Management Unit (IOMMU) support is strongly recommended
  •  Microsoft Edge and Internet Explorer

Enable Windows Defender Application Guard using PowerShell

You can simply install Application Guard using the following command:

New Application Guard Windows in Microsoft Edge

This will reboot your computer and after this you will be able to open a new Microsoft Edge windows in Application Guard.

Microsoft Edge Windows Defender Application Guard

This does added some extra security, however it does not really protect against like the Meltdown and Spectre attacks.

Application Guard Virtual Machine Worker Process

If you have a look at the processes running on your computer you can now see that there is a new Virtual Machine Worker Process which is used by the Application Guard.

This is a great example how the Hyper-V isolation can not only be used for Hyper-V Virtual Machines but also other features like Hyper-V Containers or for example on the Xbox One.