In my previous post I explained what PIM for Groups is, what it takes to get started with PIM for Groups and how the configuration works. In this post, we are going to look at the different settings that are possible for activating PIM for Groups.
Sign in to the Azure portal and navigate to Azure Active Directory and select Groups. Find the right group, in this example the previously created group ‘PIM-for-Groups-example-group’. Select Privileged Access (Preview), then Settings.
Continue reading “Part 2 – Azure Privileged Identity Management (PIM) for Groups”
Microsoft has released a new Education Theme for students. Using this theme, you can more personalize your desktop with some great wallpaper.
By default, this theme is hidden, but you can enable this option on your Windows 11 device. Important note: you need to have Windows 11 22H2!
1.) Open ‘regedit’
Continue reading “How to enable hidden Education Themes for Windows 11”
2.) Navigate to:
3.) Create a new ‘Key’ with the value ‘Education’
4.) Create a new ‘DWORD (32-bit) Value’ with the value ‘EnableEduThemes’
5.) Set the value to ‘1’ (Hexadecimal)
6.) Restart your device
7.) After restarting your device, make sure you’re connected to the Internet
A question I often get is ‘why should I use Windows Server Core edition’? This is difficult to manage and I do not like a server without a graphical interface.
The first thing I always tell you is, you DON’T HAVE to do anything, but my advice is to do it. Especially for a number of crucial server roles.
Some advantages of Windows Server Core edition at a glance:
Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)”
Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.
I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.
Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)”
In Azure, you have the option to bring in your own licenses (Azure Hybrid Benefit). If you deploy a virtual machine using Azure Resource Manager (ARM) templates, this option is not enabled by default. Certainly for test environments, demos, but in many cases also production environments, you want to enable this option.
By adding the line below to your ARM template, the Azure Hybrid Benefit is enabled.
As most of you know, it’s possible to provide a virtual machine in Azure with a public IP address. This IP address can then be used to build a connection to, for example, RDP or SSH.
This way of connecting takes place over the Internet, which entails a great security risk. In many environments we see jumpbox or stepping stone servers, which are placed in the DMZ. These servers can be accessed from the Internet, and from these servers a connection can be made to a server or multiple servers on the internal network.
Such an arrangement is not safe, unmanageable and vulnerable. Azure Bastion is a great addition to facilitate a secure connection to a virtual machine in Azure. Azure Bastion integrates into the Azure portal, requiring multi-factor authentication. The virtual machines do not need to have a public IP address, so they are not accessible directly from the Internet.
Azure Bastion is a fully managed, autoscaling and hardened PaaS service, to provide you secure RDP and SSH connectivity. It is easy to configure in just a few steps. By using virtual network peering, it’s possible to easily add Azure Bastion to an existing configuration in Azure.
- Configure a new virtual network for Azure Bastion
- Create a new subnet named ‘AzureBastionSubnet’ required for Azure Bastion
- Configure virtual network peering to your other networks
- Create an Azure Bastion host
- Login in the VM through the Azure portal using Azure Bastion
- See the list of active sessions in the Azure Bastion Host properties
Now you can securely connect through Azure Bastion to a virtual machine running RDP or SSH. As you can see, the virtual machine I’m connecting to has no public IP address, only a internal IP address.
Just like every Microsoft Ignite, the book of news is announced! It is your digital guide to all the new announcements Microsoft is making, including all the details. It presents news about Microsoft Azure, Security, Microsoft 365, Power Platform and more.