Robert Smit MVP Blog

Registration for The Microsoft Ability Summit is open! #Ability #Summit #AI #Office #Windows #Xbox Leave a comment

The Microsoft Ability Summit is a two-day, free digital event experience that brings together people with disabilities, allies, and accessibility professionals to Imagine, Build, Include, and Empower the future of disability inclusion and accessibility. We encourage all to join on May 5-6, 2021 and spread the word throughout your internal and external communities.

Registration is now open for Ability Summit on May 5-6th

Registration for Ability Summit is open!

Wednesday, May 5 from 9:00 AM – 12:30 PM, PT
Thursday, May 6 from 9:00 AM – 12:30 PM, PT

Microsoft Ability Summit 2021 will feature:

Keynotes from Microsoft executives and notable members of the disability community
Expert panels featuring exciting projects and innovations
Demos of the latest accessibility features in Office, Windows, Xbox, and more
All sessions will be recorded and available post-event so no matter what time zone you are in, you can access the content at a time that works for you!

Registration is now open for Ability Summit on May 5-6th

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted April 15, 2021 by Robert Smit [MVP] in Event

Tagged with Microsoft Ability Summit

Effective March 31, 2021, the Azure portal will no longer support Internet Explorer 11. Start using the new Microsoft Edge for speed, security and privacy Leave a comment

Well on every server or Windows device there is the Internet explorer and prepairing some server workloads you may need some browser and may need to connect to Azure. using an old browser is always an bad idea.

When setting up a new server what ever version it is I always remove the IE icon and install Msedge this works fine and gives me a more secure feeling.

Opening the Azure portal with IE you will see a warning about non supported browser.

With the option to download the Edge directly

The portal still opens in IE but using some functions are not working sample as anything that will use HTML5

Official Download links for Microsoft Edge Stable Enterprise

I’m not 100% sure it’s final but anyone who wishes/wants can test it.

Microsoft Edge Stable Enterprise

X64.msi
http://go.microsoft.com/fwlink/?LinkID=2093437

X86.msi
http://go.microsoft.com/fwlink/?LinkID=2093505

MicrosoftEdgePolicyTemplates.cab
http://go.microsoft.com/fwlink/?LinkID=2099616

MicrosoftEdgeIntunePolicyTemplate.cab
http://go.microsoft.com/fwlink/?LinkID=2099617

macOS.pkg
http://go.microsoft.com/fwlink/?LinkID=2093438

Blocker Toolkit to disable automatic delivery of Microsoft Edge
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-blocker-toolkit

So when you want to auto mate this the following lines could be used to install quickly Microsoft Edge

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge
Invoke-WebRequest -Uri "http://go.microsoft.com/fwlink/?LinkID=2093437" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

This will install Microsoft Edge and you can set this in a powershell script and in the GPO that way all new servers will get Microsoft Edge.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted April 14, 2021 by Robert Smit [MVP] in Windows 10, Windows Server 2016, Windows Server 2019, Windows Server 2022

Tagged with Edge

World Backup Day :This World Backup Day, WIN with Altaro! #Altaro #Backup #Win #O365 #vmware Leave a comment

This World Backup Day, WIN with Altaro!

As World Backup Day approaches, we’re reminded of all the mishaps, backup scares, and near-catastrophes that we’ve experienced over the years – and how grateful we were to have backup during those times!

If you use Microsoft 365/Office 365, Hyper-V or VMware, celebrate with us. All you have to do is sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup – it’s your choice!

What can you win?

Receive a guaranteed €20 Amazon voucher when you sign up for and use the trial of Altaro Office 365 Backup or Altaro VM Backup
Get a chance to WIN one of our Grand Prizes when you tell us about your funniest IT catastrophe!

What are you waiting for? Sign up now!

Posted March 26, 2021 by Robert Smit [MVP] in Altaro

Tagged with Altaro

Step by Step Create a User P2S VPN using Azure Secured Virtual Hub and Azure Active Directory #SDWAN #Azure #Secure Leave a comment

There are multiple ways on how to use a VPN and how to connect and use this. In this blog I use an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager.

When connecting to your Virtual Hub over the IKEv2 protocol, you can use certificate-based authentication or RADIUS authentication. However, when you use the OpenVPN protocol, you can also use Azure Active Directory authentication.

I will use the open VPN with Azure Active Directory authentication. Remember this is only supported on Windows 10 as you will need the Azure VPN client from the microsoft store.

For giving the vpn application the proper permissions, you need to register the application to your Azure AD first.

below is the default URL that can be used to trigger the registration, use the proper rights to create an enterprise App in you Azure AD

https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

Using the wrong account will end up in

AADSTS50020: User account from identity provider ‘live.com’ does not exist in tenant ‘Microsoft’ and cannot access the application ‘4b4′(Azure VPN) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

When Accepted the you will be redirected to the Azure portal.

In the Azure portal you can go to the Azure active directory and

Enterprise applications | All applications and search for Azure VPN

Now that the basics are in place, we can configure our Site to Site VPN profile the following information is needed.

Go to your Virtual Wan and select the user VPN configuration

Create User VPN ##### I noticed during the writing of this blog post the screens may differ as the portal changed the layout#######

Configuration name – Enter the name you want to call your User VPN Configuration.
Tunnel type – Select OpenVPN.
Authentication method – Select Azure Active Directory.
Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
Issuer – https://sts.windows.net/tenantID/
AAD Tenant – https://login.microsoftonline.com/TenantID

Select open VPN

go to the Azure Active Directory <> properties and grab the Tenant ID

Set the switch to yes and new fields will open.

Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
Issuer – https://sts.windows.net/3078684f/ ## remember the / this must be at the end
AAD Tenant – https://login.microsoftonline.com/3078684f

#the number is your tenant ID

Now that the VPN user profile is created we can configure the HUB

Now that the user vpn profile is created we can create the P2S VPN. Select your hub

Select the user VPN point to site VPN select create

Creating a VPN gateway you need to select the just created User profile.

Select a proper IP subnet and if needed a DNS server for the workload into that network

Updating a hub can take 30 minutes or more.

Download User VPN profile as we need this on the Windows 10 client later.

Use the VPN profile to configure your clients.

On the page for your Virtual WAN, click User VPN configurations.
At the top of the page, click Download user VPN config.
Once the file has finished creating, you can click the link to download it.
Use the profile file to configure the VPN clients.

To download the Azure VPN client on your windows 10 test device.

Use this link to download the Azure VPN Client.

Open the VPN Client you can add a new VPN or import a Connection

For Importing the Connection we need the just downloaded zip file and extract this in the AzureVPN folder there is a XML that holds the vpn configuration.

If any thing goes wron with the import it is 99% your pbk file,

go to the following folder and delete the files – this will probably also remove your other vpn connections it you had any.

%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

C:\Users\admin\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState

Now that the Import worked and you are ready to connect to the VPN in Azure.

Use your Azure AD credentials or your FIDO2 key

Now we are fully connected to the Secure Virtual WAN in Azure

It can take some time to see your connection in the portal

Showing the above it all is easy to setup this but I already see the questions yes but I need to do this on 5000 Windows 10 devices.

Microsoft Endpoint Management is your best friend.

Deploy VPN with Microsoft Endpoint Management

We create a Custom Template and do not select the VPN option as this is not for uploading the XML

In our Custom settings we add the Following settings

Name: Enter a name for the configuration.
Description: Optional description.
OMA-URI: ./User/Vendor/MSFT/VPNv2/demo01_hub-weu/azurevpnconfig.xml (this information can be found in the azurevpnconfig.xml file in the tag Name).
Data type: String (XML file).

Now that this is done we can create some assign ments and test this on the pilot group

As you can see there are a few steps involved and are linked together

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Posted March 24, 2021 by Robert Smit [MVP] in Azure

Tagged with VPN, Windows 10

Step by Step Manage Windows Server in Azure with Windows Admin Center #servermgmt #winserv #MSIgnite #WindowsAdminCenter #Azure #AzOps Leave a comment

During Microsoft Ignite there was a lot on news about Windows Admin Center the latest build 2103 is now GA http://aka.ms/wacdownload

I’m a big fan of #WAC already wrote a couple of blog items about the product. and testing for some time now WAC in Azure, and now it is in public preview to test for us all.

Running this in your own Datacenter or on a VM in the cloud but the best part is there is also an add on in Azure, How handy is that.

Using Windows Admin Center can be done on a Windows 10 system or use a Server(core or Gui) or build this on a cluster See also my blog post about that item Deploy Windows Admin Center High Availability running on a Windows Server 2019 Cluster #winserv #WAC #WindowsAdminCenter #AzureArc #Azure #Hybrid | Robert Smit MVP Blog (wordpress.com)

Windows Admin Center, your favorite server management tool, is now available in preview in Azure. This new capability enables seamless and granular management of your Windows Server Azure IaaS virtual machines (VMs) from within the Azure portal.

Here is a short video highlighting some of the capabilities included with Windows Admin Center in the Azure portal.

Windows Admin Center in the Azure portal is available to all Windows Server customers on Azure running Windows Server 2016 or higher virtual machines in the public cloud. Create a new virtual machine today or deploy Windows Admin Center on your existing infrastructure. You can begin managing your virtual machines in Azure using Windows Admin Center by navigating to the “Windows Admin Center (preview)” blade under “Settings” in the Virtual Machine Azure portal UI. In my demo I used a Windows Server 2022 (insider build)

How does it work in Azure, Well currently only in new created VM’s the Extension will be there. When creating a fresh new VM (next next create) method the Windows admin center will be there.

Some things are clear if the VM is turned off you can’t use the WAC blade.

But keep in mind all your VM’s need a public IP and need a minimum of 3 GB memory so It won’t work for all your SKU’s

The configuration is easy the VM must be running and have an external IP to route the traffic make sure there are no open ends on the Internet with that IP address.

As you can see an NSG is placed around the VM to keep things secure. and the WAC port is been Added as inbound IP on port 6516

Now that Azure WAC is configured we can login with the VM credentials.

and If you like Bastion but think it is to expensive for you, here is the free version Azure RDP in your browser.

no other extra ports needed to have a fully web browser web RDP.

All the Windows server options are there and easy to handle like Windows update in the Azure porter / wac blade I go to the Update section and select the Updates that I want to deploy and start it and move to the next one if needed. without logging on into the server with RDP.