Category Archives: Azure VM

Allgemein, Azure Security, Azure VM, Cloud, Defender for Cloud, Microsoft, Windows Server, Zero Trust

Enable granular pricing for Defender for Servers P1 or P2 on specific resources within your subscription via API/Powershell

Leave a comment

Microsoft model for a scalable Cloud Adtoption is based on the Enterprise Scale Architecture and I think this is a scalable and useful modell for every customer that uses Azure ressources. It´s based on the definition to granulary devide the workloads in different subscriptions and gives via Management Groups the possibility to group this differnent subscription into workload groups like Development, Core, etc. I know many customers struggle with this model and mistakenly think that Enterprise Scale is a reference to Enterprise customers, but this is not the case.

Based on the Enterprise Scale Architecture some services and security features can only be activated on subscription level to guarante that each resource inside the subscription is secured. This basis makes it even more important for customers to consider the Enterprise Scale Architecture or to orient themselves towards it.

The Microsoft Defender for Cloud and especially the Defender for Server P1 and P2 plans can only be activated on subscription level in the past. Microsoft has decided to change this and now allow plans to be activated at resource level (per server). It is important to understand that the principled approach activating on Subscription Level and the Enterprise Scale architecture are still valid and needed and this possibility is only a concession to cover certain requirements:

  • manage security configurations at a lower hierarchy level
  • flexibility for excluding specific resources (VMs) inside the subscription
  • enable different plans on subscription because for implementation of Enterprise Scale approach
Continue reading Enable granular pricing for Defender for Servers P1 or P2 on specific resources within your subscription via API/Powershell
Allgemein, Azure, Azure Arc, Azure Automanage, Azure Network, Azure Security, Azure VM, Cloud, Microsoft

My favorite Microsoft Ignite 2022 Fall Highlights

1 Comment

After the pandemic beguns Microsoft switched the both big conference Microsoft Build and Microsoft Ignite to virtual only events. The Ignite was two times a year in 2020 and 2021. For 2022 it was long time not clear will it go back to an in-person event or still stay as a virtual event.

The Microsoft Ignite 2022 has start 2 hours ago as an hybrid event delivered from Seattle with 6 Spotlight events around the globe and delivered as before virtually. I’m a little disappointed because a lot of the content is pre-recorded and even great speakers like Donovan Brown don’t hold their sessions live in Seattle but are only shown there virtually as well.

In this article I will share the important announcements from my perspective from the Microsoft Ignite 2022. Most of you know me as an Azure Governance, (Hybrid) Infrastructure and Security guy, so please forgive me for focusing on these things.

Continue reading My favorite Microsoft Ignite 2022 Fall Highlights
Allgemein, Azure, Azure VM, Cloud, Microsoft, Windows Server 2019, Windows Server 2022

Microsoft announced Azure Premium SSD v2 Disk Storage in preview – for me a big announcement this year

2 Comments

In the past, it was quite quiet about new features and announcements in the Azure IaaS space. Yes, sometimes there were new VM sizes with more cores or more RAM, but in general there were no surprising announcements last year. From my point of view, this has changed with MS Inspire, which is currently underway.

Microsoft announced, surprising from my point of view, a new Disk SKU for Azure VMs called Premium SSD v2 Disk. The last announcement in this area was 2019 with the introduction of Ultra Disks.

Continue reading Microsoft announced Azure Premium SSD v2 Disk Storage in preview – for me a big announcement this year
Allgemein, Azure, Azure Files, Azure Monitor, Azure Network, Azure Virtual Desktop, Azure VM, Cloud, Community, Events, Meetup, Microsoft, Windows Virtual Desktop

Azure AMA – Azure Virtual Desktop Best Practices #AVD with Marcel Meurer and Patrick Koehler

Leave a comment

German below

I know it’s been a little quiet on new blog articles the last few months, but that’s due to other community topics I’m working on. One of my new projects is the Azure Ask my Anything Live format that I will be hosting with my team at Azure Bonn Live on YouTube and Linkedin. I’m excited to announce that we’re kicking off this year with an Azure AMA on Azure Virtual Desktop Best Practices, and we have the pleasure of welcoming Marcel Meurer and Patrick Koehler to this session. Marcel and Patrick are two Azure MVPs and do a lot of work in the AVD community. Marcel is known as the brains behind the WVDAdmin and Project Hydra products, which are services to automate all things Azure Virtual Desktop. Patrick has also been active in the AVD community for many years with great sessions and insights about AVD and is the organizer of AVD TechFest together with Simon Binder.

Azure AMA – Azure Virtual Desktop Best Practices will take place live on Youtube on February 14, 2022. You can register for this event via our Azure Bonn page. Please note that this is a live AMA session and we would love for you to join us live and bring your questions to the session. If you don’t have time this time, please use our Microsoft forms to submit your questions before the session starts. The session will be held in German, but you can also ask your questions in English.

German

Continue reading Azure AMA – Azure Virtual Desktop Best Practices #AVD with Marcel Meurer and Patrick Koehler
Allgemein, Azure, Azure Backup, Azure VM, Cloud, Community, Microsoft

Reinstall Azure Backup Windows Workload to fix UserErrorSQL NoSysadminMembership for SQL Server in Azure VM

Leave a comment

In the last couple of days I try to optimize some Azure environments from security and cost perspective. One customer has a SQL Server Express installed inside an Azure VM. The backup was configured for the hole VM, but there is no need to backup the Datadisk which contains the SQL databases. In this article I will explain how you can reinstall the Azure Backup Windows Workload extension to fix the issue when the service account will not listed on the Azure SQL Server VM. This fix the issue only did you not find the service account in the SQL Server management studio. To add the account in the right way, please refer to the article from Wim Matthysen.

Continue reading Reinstall Azure Backup Windows Workload to fix UserErrorSQL NoSysadminMembership for SQL Server in Azure VM
Allgemein, Azure, Azure Bastion, Azure Network, Azure VM, Cloud, Microsoft, Remotedesktop

Azure Bastion supports SCALABILITY for SSH/RDP Connections with the new Standard SKU

2 Comments

Update 1 on 01/12/2021 :

Microsoft has changed the #AzureBastion minimum subnet size from /27 to /26. Installed #Azure Bastion are unaffected, but new deployments require the new subnet size. Please remember this. https://docs.microsoft.com/en-us/azure/bastion/bastion-faq#subnet

Azure Bastion is a fully managed PaaS service to secure access Azure VMs via SSH/RDP without the need for Internet connectivity on the selected VMs. Azure Bastion was released as part of the Microsoft Ignite 2019. As part of the ongoing Microsoft Inspire 2021, Microsoft has launched a new SKU for Azure Bastion called Standard.

Difference between Basic and Standard SKU

When you create an Azure Bastion instance Microsoft creates in the backend an optimized Azure VM that runs all the processes they are needed for Azure Bastion. This Azure VM is called a Instance and had some limitations. In general when you deploy the Azure Bastion Basic SKU Microsoft deploys two instances which supports 20-24 concurrent sessions which means each instance support 10-12 sessions.

The Standard SKU allows you to specify the number of instances called as host scalling.

Please note that when using an Azure Bastion Standard SKU, the AzureBastionSubnet size should be increased to a subnet size of approximately /26 or larger.

Azure BastionBasicStandard
Instances2 Defaultup to 50
Max. supported concurrent sessions20-24up to 500
Supported configurationAzure Portal, Powershell, CLIOnly Azure Portal

Deploy an Azure Bastion Standard SKU

Only the Azure Portal allows to deploy an Azure Bastion Standard SKU with the host scalling feature, because the feature is in public preview.

Continue reading Azure Bastion supports SCALABILITY for SSH/RDP Connections with the new Standard SKU
Allgemein, Azure, Azure Automanage, Azure Backup, Azure Bastion, Azure Governance, Azure Monitor, Azure Network, Azure Security, Azure VM, Cloud, Community, Microsoft, Windows Server

Azure VM Best Practices

6 Comments

Last year Gregor Suttie and Richard Hooper launched the Azure Advent Calendar and I got to support with a session on Azure Bastion. This year they improved on the idea with the Festive Tech Calendar. I’m happy to be back with an article on Azure VM best practices. I hope you find the article helpful and I would appreciate feedback.

Over the past few months, I have conducted many customer workshops, designed and implemented Landing Zones, and migrated or placed VMs into Azure. One of the most common customer questions has been about best practices for Azure VMs to maximize performance and efficiency, minimize costs, increase security, and reduce management overhead. This article is based on my real-world experience and recommendations based on several Azure projects.

Continue reading Azure VM Best Practices
Allgemein, Azure, Azure Backup, Azure Site Recovery, Azure VM, Cloud, Microsoft

Move Azure VMs between Azure Global Regions

Leave a comment

In the last couple of days I get a lot of question how to move Azure VMs between regions. So I decided to write a blog post about this question. First of all it is really important to understand which topics this article covers and which not.

To understand the article right, keep the follow settings in mind:

  • This article will cover how to move Azure VMs between global regions with ASR
  • Global regions mean all the standard available regions
  • This article doesn´t cover the movement between Azure Global and Azure Germany, Azure Governance or China
  • For moving Azure VMs from Azure Germany to Azure Global there there is planned to write an additional article
  • For a general movement of Azure resources (SQL databases, Web Apps and more) a futher post will follow

This article focuses on how to move Azure VMs between Azure global regions using Azure Site Recovery (ASR). Another article will focus on how to move other Azure resources between regions.

General

To move Azure VMs between different global regions with ASR there are some requirements needed:

  • Azure subscriptions are allowed to create Azure VMs in the target regions
  • User rights to create the Azure ressources (Azure VMs, VNETs, NICs, etc.)
  • Install latest updates on Windows/Linux OS
  • Check that the VM has Internet access without Proxy or Firewall between VM and Internet
  • When there is a firewall or proxy in place, check the needed requirements
  • Configure the VNET and Subnet in the target destination before move the VM to a different region

The process to move Azure VMs between different Global regions is straight forward. But don´t forget, all related management tasks to the VM, like Backup, Log analytics Workspace, Start Stop Runbooks will be lost after the migration.

Continue reading Move Azure VMs between Azure Global Regions
Allgemein, Azure, Azure VM, Cloud, Microsoft

Azure HA – VM SLA Level Compare to Availability Sets and Availability Zones – Latency is the key

Leave a comment

In the past I do a lot of Azure Governance workshops. One part of this workshops are the high availabilty options in Azure. This article descripe the different SLAs for VM workloads in Azure. Often I get an ask about the SLA level and the requirements. In this discussion many people are confused about the difference of Availability Set and Availability Zone and how this compares to the SLA. The new feature about the Proximitiy Placement Groups comes into play to make the confusing complete. This article descripes the differences between these features.

Continue reading Azure HA – VM SLA Level Compare to Availability Sets and Availability Zones – Latency is the key
Allgemein, Azure, Azure VM, Cloud, Microsoft

Ultra Azure VM Performance mit Ultra Disks

Leave a comment

Für Azure VM’s gibt es unterschiedliche Disk Typen mit unterschiedlichen Performancewerten. Dazu zählen Standard HDDs, Standard SSDs und Premium SSDs. Vor wenigen Tagen ganz neu hinzugekommen sind die Ultra SSDs.

In diesem Blog Beitrag gehe ich auf die neuen Ultra SSDs ein. Stelle die Leistungswerte der unterschiedlichen SSDs gegenüber und stelle die Besonderheiten der Ultra SSDs in ihrer jetzigen Form vor.

Continue reading Ultra Azure VM Performance mit Ultra Disks