Microsoft Ignite 2023 Book of News

Every year during Ignite, Microsoft publishes the ‘Book of News’. Here, Microsoft introduces new services and developments in the field of AI. Cloud Services, Infrastructure, Security, Copilot, Defender for Cloud, Entra, Purview, and many more.

Download the Microsoft Ignite 2023 Book of News here.

How to: Deploy Microsoft LAPS and Windows LAPS

We’ve all heard of Microsoft LAPS. This stands for Local Administrator Password Solution and is already available from Windows Server 2008 R2. With Microsoft LAPS it is possible to periodically and fully automatically change the password of the local administrator account.

Microsoft recently launched Windows LAPS, as a successor to Microsoft LAPS. A number of new functionalities have been added and it is now also part of the Windows Server operating system (from Server 2019 April Update) and Windows 10 and 11.

Continue reading “How to: Deploy Microsoft LAPS and Windows LAPS”

Part 2 – Azure Privileged Identity Management (PIM) for Groups

In my previous post I explained what PIM for Groups is, what it takes to get started with PIM for Groups and how the configuration works. In this post, we are going to look at the different settings that are possible for activating PIM for Groups.

Sign in to the Azure portal and navigate to Azure Active Directory and select Groups. Find the right group, in this example the previously created group ‘PIM-for-Groups-example-group’. Select Privileged Access (Preview), then Settings.

Continue reading “Part 2 – Azure Privileged Identity Management (PIM) for Groups”

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)

A question I often get is ‘why should I use Windows Server Core edition’? This is difficult to manage and I do not like a server without a graphical interface.

The first thing I always tell you is, you DON’T HAVE to do anything, but my advice is to do it. Especially for a number of crucial server roles.

Some advantages of Windows Server Core edition at a glance:

Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)”

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)”

Remove DVD drive on Azure virtual machine

When you deploy a new virtual machine, for example Windows Server 2016/2019 or 2022, you’ll get the C: drive with the operating system, the D: drive for the TEMP storage (most of the VM types) and a DVD drive.

The DVD drive is not needed in some situations, for example on domain controllers. This type of servers you want to harden the security as much as possible. So, for domain controllers we’re deploying in our customer environments, we want to disable the DVD drive.

We run the following command when deploying new domain controllers in Azure.

## Disable DVD drive
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cdrom -Name Start -Value 4 -Type DWord

After this step, reboot the server and your DVD drive is gone!

2021-09-23_16h37_49

2021-09-23_16h38_20

2021-09-23_16h51_07

Restricting RDP access to Azure virtual machines

By default, every VM you’v e created within Azure has RDP (Remote Desktop Protocol) on port 3389 enabled. You can access you VM from anywhere in the world.

You can restrict RDP access on just that IP addresses you want, so you can limit the access. So for example, you can limit your company IP address and maybe you home address to access the specific VM in Azure.

To restrict access, I’ve created a NSG (Network Seciruty Group) with the following configuration:

1.) Create a new Inbound security rule with a priority of 4095 (every digit below the default of 65000 is fine!!)
2.) Configure the following rule:

Priority: 4096
Name: Deny-RDP-Access
Source: Service Tag
Source service tag: Internet
Source port ranges: *
Destination: VirtualNetwork
Destination port ranges: 3389
Protocol: TCP
Action: Deny

3.) Configure a second rule:

Priority: 4095
Name: Allow-RDP-Access
Source: IP Addressess
Source IP Addressess/CIDR ranges: YOUR IP ADDRESSESS
Source port ranges: *
Destination: Any
Destination port ranges: 3389
Protocol: TCP
Action: Allow

image

Now you can test your new configuration. RDP access is only allowed from your custom IP addressess!!

Experts Live NL 2018 Intro Movie

Last Tuesday, it was a great day again! Experts Live 2018 NL. The biggest community event in the Netherlands. Great sessions, great speakers, very high level of content, great demos and off course as always a great intro movie!! 🙂 Many thanks to the organization of Experts Live! See you next year!!

http://www.expertslive.nl