As a Windows Insider it’s great to have your machine in the Microsoft Azure Cloud to test new features of Windows 11 Preview. You don’t have to buy compatible hardware for Windows 11 Preview, and you only pay for the machine when you use it in the Cloud. Here you find the Windows 11 Preview minimal requirements.
In the following steps I deploy Windows 11 Preview Enterprise in Azure Cloud.
Create your Windows 11 Preview Machine in Azure Cloud.
For this you need a Microsoft Azure Subscription to create a Windows 11 Preview Virtual Machine in the Cloud. In the Azure template for deployment you can select the right size Virtual Machine, Storage, networks, and Management extensions like security and Azure Monitor.
Before you Connect your Windows 11 Preview VM, make sure the security for RDP is set in the Network Security Group (NSG)
Set security for your RDP session in the NSG.
Go to Settings => Windows Update => Windows Insider Program.
Click on Get Started.
First step link an account to join the program.
(This must be your Windows Insiders account)
Sign in selection and continue.
IMPORTANT
Here you select your Windows Insider Channel, read the information and choose your
Windows Insider Build Channel. As a Windows Insider MVP I choose for the Dev Channel to give feedback to the product Team and get the first new features of Windows 11 Preview.
Read the recommendations and click on Continue.
Review the Agreements for your Device.
Click on Continue if you agree.
Restart the Virtual Machine into the Dev Channel for
the latest updates.
Set your Windows Update Advanced options.
Here we have Windows 11 Preview Insider Build 22000.160 on Azure Cloud 😉
After this I went to the Windows Insider Feedback Hub to do my settings :
At Settings of the Feedback Hub you can update the software.
and of course your personal settings.
I Like the Windows Insider Feedback Hub in Dark mode.
IMPORTANT
When you are ready with testing and sending feedback to Microsoft don’t forget to Stop the Virtual Machine! This save you money.
Conclusion
Microsoft Azure Cloud Services and Windows 11 Preview Insider Builds working together gives you flexibility and as a Windows Insider you can test every Windows 11 Preview Build from any place with a Internet connection. I like to give Microsoft feedback to make Windows Awesome for everyone on the planet 🙂
Azure Monitor Insights for Monitoring your Containers.
In the last blogpost I wrote about Microsoft Azure Arc Services and how to connect a Docker for Desktop Kubernetes Cluster for testing your DevOps solution like Container Apps, Functions, App Services in a test environment. Here you find the Link to the Installation.
One of the Microsoft Azure Arc features is Azure Monitor Insights for monitoring your Kubernetes Cluster and the Containers.
Azure Arc Insights for Kubernetes Cluster anywhere
In the following step-by-step guide we will configure Azure Monitor Insights for your Kubernetes Cluster.
I Connected my Analytics Workspace CloudMVPLab.
Click on Configure.
Onboarding your Kubernetes Cluster will take some minutes.
After a while your Kubernetes Cluster Analytics data will show in Insights.
Here you see a navigation bar with the following topics
What’s New
Cluster
Reports
Nodes
Controllers
Containers.
Insights reports of the Kubernetes Cluster
Here you can Click on default reports of your Kubernetes Cluster.
Storage Capacity and Health Status report of your Kubernetes Cluster.
Storage Capacity more in Details.
Deployments Report of your Kubernetes Cluster.
Workload details Report of your Kubernetes Cluster.
Kubelet report of your Kubernetes Cluster
Data Usage of your Kubernetes Cluster
Data Usage
Insights the Nodes of the Kubernetes Cluster
Insights of the Nodes and on the right you can view Analytics.
Here you can work with Log Analytics on your Cluster.
Insights in Controllers of your Kubernetes Cluster
Insights of your Controllers
Insights Containers of your Kubernetes Cluster
Container Insights of your Kubernetes Cluster
Container Insights with Azure Log Analytics.
So with Azure Arc Enabled Kubernetes Clusters you can monitoring your Cluster and running Containers to keep you in Control on what is happening on the Cluster but also with your Container Apps and microservices. After this you can set Alerts and notifications when something is going wrong or offline. With this running you can start running your own App services, Containers or Azure functions on your Kubernetes Cluster.
This configuration with Docker for Desktop Kubernetes Cluster is for testing purpose only and can be used for your own DevOps solutions before you deploy on Production Ready Clusters. With Azure Arc Enabled Kubernetes Clusters you get the powerful Microsoft Azure Features and solutions in a secure way on your Kubernetes Cluster. I wish you lot of success with Azure Arc Enabled Kubernetes Clusters to make Awesome Apps and IT solutions for the Business 😉
Security by Design is increasingly becoming the mainstream development approach to ensure security of software systems. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. In the following steps we will make a security baseline for Windows Servers with different tools.
1.Microsoft Security Compliance Toolkit
The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A lot of hacks are based on registry settings, so that’s why Windows Server Security Baseline is important.
You can download the Microsoft Security Compliance Toolkit here
2. Windows Defender Firewall with Advanced Security
Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy. So set only the firewall ports you need end to end.
Windows Security Setting Firewall & Network Protection
Select Advanced settings
Windows Defender Firewall Advanced settings Set only active what you need!
3. Windows Defender Security Virus & Threat Protection
Schedule a Full Scan in the Night for Threats
and Set the Windows Security options.
Keep your Defender and Virus definition files up-to-date.
4. Windows Updates
When your Windows Server is ready for production, you have to keep it Up-to-Date with Windows Updates. It’s not only the Windows Security patches, but all the software that’s running on your Server. One software leak is enough for a hacker to compromise your Server.
Lot of Companies are using Microsoft WSUS Services or Microsoft Endpoint Configuration Manager to deploy the software Life cycle Management Security updates to Servers to keep them secure as possible. These are not only Microsoft Security Updates but also from third party Software vendors, like adobe, Google, etc.
5. Security Monitoring and Remediation
This Cycle is important for Security!
IT departments have multiple teams with different disciplines, so when the Windows Server is ready
for the Administrator it goes to the Application Admin in a different IT Team. They will install the Application software and maybe
some software connections with other Servers by a third IT Team. To get in control of those security steps is important, because when a IT Consultant of a third party vendor is installing old legacy software you will have hacker leaks again and that’s making your Server vulnerable. Here is where Azure Security Center and Azure Defender will support you in monitoring and remediation of security issues.
It doesn’t matter where your Windows Server is installed, in Azure Cloud or On-premises in your datacenter, it can connect securely via internet for monitoring the Server. When it’s on-premises you can install the Microsoft Arc agent
Microsoft Azure Arc Connected Machine Agent.
Azure Arc enabled Server from On-premises
When the Microsoft Azure Arc Agent is installed on the Server, you can use these Azure Services for example :
Azure Update Management
Azure Monitoring
Azure Security Center with Azure Defender
Azure Policies for Compliance
Change Tracking and Inventory
Insights
Automation of Tasks
These Microsoft Azure features are supporting you to keep your Server as safe as possible and your security Up-to-Date.
From here you can add the Windows Server to Microsoft Azure Security Center with the right log analytics workspace.
Microsoft Azure Security Center Recommendations
Remediate Security Configurations on the Arc enabled Server
Remediation of Vulnerabilities on your Windows Server (Arc Enabled)
Azure Defender is a built-in tool that provides threat protection for workloads running in Azure, on premises, and in other clouds. Integrated with Azure Security Center, Azure Defender protects your hybrid data, cloud-native services, and servers and integrates with your existing security workflows, such as SIEM solutions and vast Microsoft threat intelligence, to streamline threat mitigation.
Workflow of Azure Defender for Vulnerability Scanning.
When Azure Security Center and Azure Defender are installed, you can do a Vulnerability Assessment on your Azure Arc enabled Server which is on-premises datacenter before your Windows Server is going in Production.
Vulnerabilities after Assessment on Windows Server with Arc enabled with remediation
This happens a lot when there is third party software installed on the Server.
To get a list of your high security vulnerabilities, you can use the Azure Resource Graph explorer.
Azure Resource Graph Explorer
Here you can download your high risks into a CSV or Pin to a Dashboard.
6. Compliance and Security Policies
Learn how Microsoft products and services help your organization meet regulatory compliance standards.
When you have to manage a lot of Windows Servers or Linux Servers, you want them compliant with the right security policies.
With Azure Security Policy you can configure your Compliance.
in the following steps you will see an Sample alert :
Sample Alerts with Mitre ATT&CK Tactics
Take Action on the Security Alert.
Related entities
Mitigate the Threat
Prevent future attacks
Trigger automated response
or
Suppress similar Alerts.
Security by Design Conclusion
Before you begin with deploying Windows Servers in your datacenter or in the Azure Cloud, it’s good to make a High Level design with your security set for the right compliance of your new Windows Server. You can use all the security On-Premises for Windows Server but with Azure Security Center, Azure Monitor, Azure Arc Services, Azure Defender you get all the security Insights and remediation options when a vulnerability is discovered. Windows Server and Azure Security Center is better together for Security Management.
Microsoft Security
If you want to keep your Windows Servers secure as possible, you need to keep doing these steps above. Continuous Monitoring and remediate vulnerabilities is a on-going process for SecOps and Administrators. Make it hackers difficult to add ransomware on your Servers. One more important IT Service, is your Backup / Disaster Recovery solution. This should be secure from hackers and from ransomware encryption. I always say think of this rule :
With Windows Admin Center you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.
Set Proxy Server in Windows Admin Center Settings.
Open in a Separate Window
This is a Separate Window on my Second Screen, this works Awesome!
Windows Admin Center Virtual Tool improvements 🙂
Conclusion
Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center 🙂
The Windows Subsystem for Linux (WSL) gives you the most command-line tools, utilities, and applications directly on Windows. I’m using Microsoft Windows Admin Center and Windows Server Core 20H2 with Build version 19042.746 to deploy WSL 2 with Ubuntu 18.04 Linux Distro. Here you find the installation of the Windows Server Core 20H2 with Windows Admin Center
In the following steps we will install the Following :
Ubuntu 18.04 is Running in WSL2 on Windows Server Core 20H2 😉
Conclusion
First of All Microsoft Windows Admin Center is supporting me in the Installation of Windows Subsystem for Linux. We have WSL 2 Running with Ubuntu 18.04 with a lot of possibilities!
What I really like is integration, like in Windows 10 and Docker for desktop with the WSL 2 Engine. Here my Blogpost
Together with VSCode Remote WSL is Cool.
Would be awesome to run Docker Windows and Linux Containers in combination with WSL 2 integration on Windows Server Core edition. Maybe in the Future, who knows?
Upload, download, and manage Azure blobs, files, queues, and tables, as well as Azure Cosmos DB and Azure Data Lake Storage entities. Easily access virtual machine disks, and work with either Azure Resource Manager or classic storage accounts. Manage and configure cross-origin resource sharing rules.
Here you see how easy it is to create a snapshot before you begin with a Installation on the Azure Virtual Machine.
Create a Snapshot
Give the Snapshot a Name and select the Resource Group.
Snapshot Created Successfully 😉
When you open the Azure Portal and search for snapshots :
Phantom OS Disk with a Full Snapshot.
Azure Storage Explorer Emulator for Developers
Azurite open source Azure Storage API compatible server (emulator)
Azurite is an open source Azure Storage API compatible server (emulator). Based on Node.js, Azurite provides cross platform experiences for customers wanting to try Azure Storage easily in a local environment. Azurite simulates most of the commands supported by Azure Storage with minimal dependencies.
Azurite V2 is manually created with pure JavaScript, popular and active as an open source project. However, Azure Storage APIs are growing and keeping updating, manually keeping Azurite up to date is not efficient and prone to bugs. JavaScript also lacks strong type validation which prevents easy collaboration.
Compared to V2, Azurite V3 implements a new architecture leveraging code generated by a TypeScript Server Code Generator we created. The generator uses the same swagger (modified) used by the new Azure Storage SDKs. This reduces manual effort and facilitates better code alignment with storage APIs.
3.0.0-preview is the first release version using Azurite’s new architecture.
Features & Key Changes in Azurite V3
Blob storage features align with Azure Storage API version 2020-04-08 (Refer to support matrix section below)
Queue storage features align with Azure Storage API version 2020-04-08 (Refer to support matrix section below)
SharedKey/Account SAS/Service SAS
Get/Set Queue Service Properties
Preflight Request
Create/List/Delete Queues
Put/Get/Peek/Updata/Deleta/Clear Messages
Features NEW on V3
Built with TypeScript and ECMA native promise and async features
New architecture based on TypeScript server generator. Leverage auto generated protocol layer, models, serializer, deserializer and handler interfaces from REST API swagger
Microsoft Azure Storage Explorer tool can make your life easier to do your Azure Storage Management. Copy – Paste data is a Great and handy feature for Administrators.
Hope this is useful and go try it yourself.
It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍
Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.
Operate hybrid seamlessly
Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:
Backup and disaster recovery
Additional capacity for compute, file servers and storage
Centralized management for monitoring, threat protection and update management
In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.
Click in the Left toolbar on Virtual Machines
and then on Add New
Deployment settings for the New Virtual Machine.
Here we set the following settings :
Virtual Machine Name
Generation VM ( gen 2 is recommended )
The path of the VM settings and Disk
Virtual Processors
a mark for nested virtualization ( for the Hyper-V feature )
Memory
Network / Virtual Switch
Storage
When you Add Storage you can select also the new ISO file for Installation.
I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.
Windows Admin Center will create the Virtual Machine really fast.
Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.
Before you Start running the VM, have a look at the settings
If you want you can set more Security features here.
You can set Encryption and Security Policy.
Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )
Installation of Windows Server Core 20H2 version Build 10.0.19042
The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.
Click on Connect
Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect
Here we see the Console for the Windows Server Installation.
Install Now.
The Windows Server Core 20H2 is Installed.
Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.
Via Windows Admin Center ( Manage) you can add the Machine to the domain.
Add the Server to the domain with your account and Click on Join
Server will Restart, Click on Yes
Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully
Adding the Windows Server Core 20H2 to Windows Admin Center
Add Dark20H2.mvplab.cloud to Windows Admin Center.
Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.
Windows Server Core 20H2 in Windows Admin Center.
First thing what I do in my MVPLAB is Windows Updates.
December Updates for Windows Server Core 20H2
Updates Installed Successfully 🙂
Azure Hybrid Services
Azure Hybrid Services
You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :
Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center
I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉
