Tag: Microsoft Azure

Last updated by at .

Microsoft Azure Certifications

New Microsoft Azure Certifications announced

This week Microsoft Inspire takes place in Las Vegas, unfortunately I couldn’t make it this year. However, some of my colleagues from itnetX Switzerland and itnetX are there, don’t miss them and visit our booth! During the first day keynote at Microsoft Inspire, Microsoft quickly announced 3 new Azure Certifications for Administrators, Developers and Architects. You can already take the beta exams for the Azure Certified Administrator with more information on the Microsoft Learning Blog.

New Microsoft Azure Certifications

The three new Microsoft Azure Certifications are:

  • Microsoft Certified Azure Developer
  • Microsoft Certified Azure Administrator
  • Microsoft Certified Azure Architect

Beta Exam for Microsoft Certified Azure Administrator

The beta exams to become a Microsoft Certified Azure Administrator are already online. You will have to options depending if you already have Exam 70-533 Implementing Microsoft Azure Infrastructure Solutions or not.

If you don’t have exam 70-533 already, you will need to take the following to exams:

If you already have exam 70-533 you can take the following transition exam:

Remember they are all beta right now, and you will need to wait a couple of months to get the exam results. I just took the exam AZ-102 to transition from Exam 70-533 Implementing Microsoft Azure Infrastructure Solutions to the new Microsoft Certified Azure Administrator. I recommend that you go through the preparation guides for the exam an verify your skills for the thing you don’t have daily experience with. Especially with some pretty new services and features. I think the new exams questions are pretty close and important to the daily tasks of an Azure Administrator and should reflect the skills.

If you want to take the beta exam, you should register fast. Microsoft announced that they only will take a couple of beta exams and then close it until the public exam is available.

Discount Codes for Azure Exams

You can also find some discount codes on the Microsoft Learning Blog, which will give you up to 80% of discount for the 3 new beta exams.

I hope this gives you a quick overview and directs you to the right sites. If you also want to know a little bit more about it, I also recommend that you read the Build Azure blog.

(Image Credit: Maarten Goet)



Inked Azure Security Center Just in time VM access_LI

Azure – Just in Time VM access

If you run virtual machines with public IP address connected to the internet, attackers immediately try to run attacks against it. Brute force attacks commonly target management ports, like RDP or SSH, to gain access to a VM. If the attacker is successful, he can take control over the VM and access other resources in the environment. To address that issue it is highly recommended to reduce the ports open, especially for the management ports. However, sometimes you will need to open to ports for some of the virtual machines for management tasks. Microsoft Azure has a simple way to address this issue, called Just in time virtual machine (VM) access. Just in time VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

How does Azure Just in Time VM Access work

In the Azure Security Center you can enable just in time VM access, this will create a Network Security Rule (NSG) to lock down inbound traffic to the Azure VM. During the initial JIT VM access configuration, you will be configuring the ports specified, which will be managed by Azure Security Center, these ports will be locked down by the Azure Security Center using an NSGs.

Configure Azure just in time VM access

Inked Configure Just in time VM access_LI

Azure JIT VM access is configured in the Azure Security Center. To configure and enable JIT on a virtual machine open up the Azure Security Center and click on Just in time VM access.

Here you will find three states, Configured, Recommended and No recommendation.

  • Configured – VMs that have been configured to support just in time VM access. The data presented is for the last week and includes for each VM the number of approved requests, last access date and time, and last user.
  • Recommended – VMs that can support just in time VM access but have not been configured to. We recommend that you enable just in time VM access control for these VMs. See Configuring a just in time access policy.
  • No recommendation – Reasons that can cause a VM not to be recommended are:
    • Missing NSG – The just in time solution requires an NSG to be in place.
    • Classic VM – Security Center just in time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just in time solution.
    • Other – A VM is in this category if the just in time solution is turned off in the security policy of the subscription or the resource group, or that the VM is missing a public IP and doesn’t have an NSG in place.

To configure you click on Recommended and select the Virtual Machine, for which you want to enable JIT.

Click on Enable JIT on VMs and configure the ports which should be managed by Just in time VM Access. Just in time VM access will recommend some default ports like RDP, SSH and PowerShell Remoting. You can also add other ports to the virtual machine if you want or need to.

Requesting Just in time VM Access for Azure Virtual Machine

Request Just in time VM access

On the Configured section, you can select the VM you want to request access to and click on Request access. You can now select the ports you want to be open for a specific time and a specific IP address. This will open up the ports and after 2-3 minutes you will be able to access the virtual machine.

To send such a request, the user which requests access to the Virtual Machine needs to have write access to the virtual machines in the Azure Role-Based Access Control (RBAC).

Auditing Azure just in time VM access activity

Of course all the request get logged and can be reviewed in the Activity Log.

Licensing of Azure just in time VM access

Azure just in time VM access is licensed over Azure Security Center and needs the Standard Tier to be enabled for the specific virtual machine.

I hope this gives you an idea how you can leverage Just in time VM access in Azure for your workloads.



Microsoft MVP 2017-2018

Microsoft MVP 2018-2019 Cloud and Datacenter Management and Microsoft Azure

I am proud to announce that I was awarded today by Microsoft, with the Microsoft Most Valuable Professional (MVP) Award for 2018-2019 in two major categories Cloud and Datacenter Management and Microsoft Azure. This is my 7th Microsoft MVP award since 2012, and I couldn’t be more excited about this one.

Dear

Thomas Maurer,

We’re once again pleased to present you with the 2018-2019 Microsoft Most Valuable Professional (MVP) award in recognition of your exceptional technical community leadership. We appreciate your outstanding contributions in the following technical communities during the past year:

 

·   Cloud and Datacenter Management

·   Microsoft Azure

The Microsoft MVP award title is a huge honor and it stand for the contributions I have been doing in the IT community as an Microsoft expert for the past years. The Microsoft MVP award also comes with some benefits, like a NDA and access to the Microsoft Product Groups, as well as the yearly Microsoft MVP Global Summit on the Microsoft Campus in Redmond. But one of the biggest benefit overall is that it gives you the opportunity to speak at different conferences all over the world. This and having the chance to speak with people from all over the world, which share the same passion is priceless.

Who are MVPs?

Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that’s what sets them apart.

 

Source https://mvp.microsoft.com/en-us/Overview

I need to thank many people which are helping me to achieve this and making the most out of it. I would like to thank my employer itnetX which is supporting me in the best possible way all these years, my current and former colleagues from which I can learn a lot, the Microsoft MVP community and of course Microsoft employees in Redmond and all over the world, to work with us and collect feedback. Last but definitely not least, I have to thank my girlfriend, which not only helps me out with many things, but also needs to be patient, with my extra work so many times. She is also one of my biggest and also most critical supporters. She helps me to understand things better, promote my activities better, fixing my blog post 😉 and makes all the traveling more joyful.

If you want to know more about the Microsoft MVP Program, check out the Microsoft Most Valuable Professional website.



Azure Kubernetes Service

Azure Kubernetes Service (AKS) – The best place to host your containers

Microsoft today at Build 2018 announced that they will rename Azure Container Service (AKS) to Azure Kubernetes Service (AKS).

Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications without container orchestration expertise. It also eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand, without taking your applications offline.

  • Drastically simplifies how you build and run container-based solutions without deep Kubernetes expertise
  • Auto Update, auto scale
  • New capabilities integrated with dev tools and workspaces, CI/CD networking, monitoring tools, etc.
  • All included in the Azure Portal

Create Azure Kubernetes Service AKS

This will be a great services to run containerized workloads in a very simple manor and reduce management overhead.

Azure Kubernetes Service (AKS) will also be available on Azure Stack, as announced in the Azure Stack Roadmap update a couple of months ago.

Azure Kubernetes Service (AKS) on Azure Stack
Managed Kubernetes with Azure Kubernetes Service (AKS) on Azure Stack will make it even easier for Azure Stack users to manage and operate Kubernetes environments in the same ways as they do in Azure, without sacrificing portability. This new service features an Azure-hosted control plane, automated upgrades, self-healing, easy scaling, and a simple user experience for both developers and cluster operators. With Container Service, customers get the benefit of open source Kubernetes without complexity and operational overhead. This update applies primarily to Azure Stack users.

With AKS on Azure and Azure Stack. and other services like the Azure Container Registry, Docker for Windows, Windows Server and Hyper-V Containers, Visual Studio Team Services Integration for Azure and Containers, the Microsoft container story becomes very strong. It allows you to run your container workloads in a very simple CI/CD pipeline (VSTS), deployment on Managed Kubernetes (AKS) and deploy it where ever you need it, in the public cloud (Azure) or on-premise (Azure Stack).

Yes Microsoft still has ACS (Azure Container Service), which allows you to deploy different pre-configured container environments and orchestrators, like Docker Swarm, Kubernetes, DC/OS, for scalable deployments and management of containerized workloads.



Azure Storage Explorer

Microsoft quietly released Azure Storage Explorer 1.0.0

Microsoft quietly released Azure Storage Explorer 1.0.0 back in April. There was not a lot of noise about it, but it is great that this tool finally reached version 1.0. Azure Storage Explorer is a standalone app that enables you to easily work with Azure Storage data on Windows, macOS, and Linux. This works with Azure as well as Microsoft Azure Stack.

Azure Storage Explorer is an easy to use tool to manage Azure Storage types:

  • Access multiple accounts and subscriptions across Azure, Azure Stack, and the sovereign Cloud
  • Create, delete, view, and edit storage resources
  • View and edit Blob, Queue, Table, File, Cosmos DB storage and Data Lake Storage
  • Obtain shared access signature (SAS) keys
  • Available for Windows, Mac, and Linux

Version 1.0.0 brings some new features which were highly requested. Especially the shared account store with Visual Studio 2017 and the improved Azure Stack  integration are very welcome.

  • Enhanced authentication that allows Storage Explorer to use the same account store as Visual Studio 2017. To use this feature, you will need to re-login to your accounts and re-set your filtered subscriptions.
  • For Azure Stack accounts backed by AAD, Storage Explorer will now retrieve Azure Stack subscriptions when ‘Target Azure Stack’ is enabled. You no longer need to create a custom login environment.
  • Several shortcuts were added to enable faster navigation. These include toggling various panels and moving between editors. See the View menu for more details.
  • Storage Explorer feedback now lives on GitHub. You can reach our issues page by clicking the Feedback button in the bottom left or by going to https://github.com/Microsoft/AzureStorageExplorer/issues. Feel free to make suggestions, report issues, ask questions, or leave any other form of feedback.
  • If you are running into SSL Certificate issues and are unable to find the offending certificate, you can now launch Storage Explorer from the command line with the –ignore-certificate-errors flag. When launched with this flag, Storage Explorer will ignore SSL certificate errors.
  • There is now a ‘Download’ option in the context menu for blob and file items.
  • Improved accessibility and screen reader support. If you rely on accessibility features, see our accessibility documentation for more information.
  • Storage Explorer now uses Electron 1.8.3


Azure Stack

Video: HIAG Data and itnetX enable hybrid IT with HPE and Microsoft Azure Stack

When I had the chance to speak about our Azure Stack project together with HIAG Data at HPE Discover 2017 in Madrid last year, I also had the chance to record a short video. In that video I am speaking about how HIAG Data and itnetX enable Hybrid Cloud with HPE and Microsoft Azure Stack.

Enjoy the quick customer case marketing video 😉

HIAG Data partnered with itnetX which helps its customers with cloud transformations by utilizing HPE & Microsoft Azure Stack . You can find out more about how your business can implement a hybrid IT strategy based on HPE at https://hpe.com/cloud/azurestack

 



Azure Cloud Shell

Azure Cloud Shell – shell.azure.com and in Visual Studio Code

Back in May Microsoft made the Azure Cloud Shell available in the Microsoft Azure Portal. Now you can use it even quicker by just go to shell.azure.com. First you login with your Microsoft account or Work and School account, and if your account is in multiple Azure Active Directory tenants, you select the right tenant and you will be automatically logged in. So even if you are on a PC where you can not install the Azure CLI or the Azure PowerShell module, you can still easily fire up a shell where you can run the Azure CLI, Azure PowerShell and other CLI tools like Docker, Kubectl, emacs, vim, nano, git and more.

In addition you can also open up Azure Cloud Shell directly from Visual Studio Code

Azure Cloud Shell Visual Studio Code

With that, enjoy your holidays and I wish you a good start in the new year!