When you create an Azure Bastion instance Microsoft creates in the backend an optimized Azure VM that runs all the processes they are needed for Azure Bastion. This Azure VM is called a Instance and had some limitations. In general when you deploy the Azure Bastion Basic SKU Microsoft deploys two instances which supports 20-24 concurrent sessions which means each instance support 10-12 sessions.
The Standard SKU allows you to specify the number of instances called as host scalling.
Please note that when using an Azure Bastion Standard SKU, the AzureBastionSubnet size should be increased to a subnet size of approximately /26 or larger.
up to 50
Max. supported concurrent sessions
up to 500
Azure Portal, Powershell, CLI
Only Azure Portal
Deploy an Azure Bastion Standard SKU
Only the Azure Portal allows to deploy an Azure Bastion Standard SKU with the host scalling feature, because the feature is in public preview.
The Cloud usage grows in the last years rapidly, but in many customer environments we had servers and applications they can´t migrate to the cloud about different reasons. There are many reasons why applications can not migrated to the cloud e.g. data regulations, connections and latency challenges and more. On the other hand customers whish to use different cloud providers. In summary the hybrid cloud is one of the most use cases in many customer environments. Microsoft released Azure Arc as a solution for hybrid cloud environments. Azure Arc was announced as public preview at Ignite 2019 and going GA on Ignite 2020.
In this article I will cover how connect Windows VMs to Azure Arc.
Azure Arc in General
Azure Arc is a solution to extend the Azure management capabilitites to services outside of Azure. This gives the possibilites to manage different services, in different environments from one central place with same capabilities across different services layers.
Microsoft release the first version for Server management and has since expanded the range of functions over Dataservices, Kubernetes and new since some days Azure applications.
The corona situation brings new opportunities and one of them is that Microsoft Ignite going to a virtual conference twice a year. It used to be an in-person event only once a year. Last week the Microsoft Ignite 2021 spring conference started and in this article I will cover most of the highlights from my perspective. I would really appreciate your feedback on how valuable the article is.
With Windows Server 2022 there coming the next Major release for as Windows Server OS. This release coming as the next LTSC release with lots of new features, such as new hybrid and security capabilities. Take a look at the MS Ignite Session about latest Azure innovation for SQL and Windows Servers
To prevent phishing attacks Microsoft is part of the FIDO2 alliance. Azure AD supports long time ago the login with FIDO2 keys, but the service are in public preview. With this Ignite Microsoft move the service from Public Preview state into GA state and add some new capabilities, like the Temporary access pass. To unterstand how FIDO2 and TAP works, take a look at the short video. Passwordless authentication with FIDO2 keys, brings Identity Security to a new level. This prevents custom user passwords, enable higher security and preventing phishing attacks.
Over the past few months, I have conducted many customer workshops, designed and implemented Landing Zones, and migrated or placed VMs into Azure. One of the most common customer questions has been about best practices for Azure VMs to maximize performance and efficiency, minimize costs, increase security, and reduce management overhead. This article is based on my real-world experience and recommendations based on several Azure projects.
In the last couple of days I get a lot of question how to move Azure VMs between regions. So I decided to write a blog post about this question. First of all it is really important to understand which topics this article covers and which not.
To understand the article right, keep the follow settings in mind:
This article will cover how to move Azure VMs between global regions with ASR
Global regions mean all the standard available regions
This article doesn´t cover the movement between Azure Global and Azure Germany, Azure Governance or China
For moving Azure VMs from Azure Germany to Azure Global there there is planned to write an additional article
For a general movement of Azure resources (SQL databases, Web Apps and more) a futher post will follow
This article focuses on how to move Azure VMs between Azure global regions using Azure Site Recovery (ASR). Another article will focus on how to move other Azure resources between regions.
To move Azure VMs between different global regions with ASR there are some requirements needed:
Azure subscriptions are allowed to create Azure VMs in the target regions
User rights to create the Azure ressources (Azure VMs, VNETs, NICs, etc.)
Install latest updates on Windows/Linux OS
Check that the VM has Internet access without Proxy or Firewall between VM and Internet
Configure the VNET and Subnet in the target destination before move the VM to a different region
The process to move Azure VMs between different Global regions is straight forward. But don´t forget, all related management tasks to the VM, like Backup, Log analytics Workspace, Start Stop Runbooks will be lost after the migration.
I reveived a cool mail some days ago with an information, that I had passed successful the new Azure Administrator Exam Az-104 and get the renewal of the Microsoft Certified: Azure Administrator Associate.
Two years ago Microsoft released the first new Rolebased exams with the Az-100/Az-101. I´ve passed both exams, but the exams are only valid for two years after passing. With the new Az-104 I got a renewal of the title for the next two years.
The Az-104 certification is a further development of the Az-103, as it will be discontinued at the end of July. To see the necessary skills and the differences to the Az-103, please have a look at the document “Az-104 Skills measured“.
Preparation and study guides
In preparation, all I can say is practice, practice, practice. Create different Azure Services, manage and administer them and interact with them. This helps a lot to understand the individual service and the different functions.
In the past I had a lot of talks about Azure File Sync, a lightwight solutions to sync servers from different locations and branches via Azure Files. One often questions was, it is possible to use Azure Files directly with integrated on-premises Active Directory (AD DS) authentication – the great answer since a few days is Yes, this is possible.
Now you can use Azure Files with on-premises Active Directory authentication as a fully replacement for Fileservers. No need for Azure Active Directory Domain Services (Azure AD DS) or different settings on Azure Files. This gives great new ways to use Azure Files as an replacement for Windows based fileservers or for using as an profile store for Windows Virtual Desktop and come closer to a cloud native solution.
In this article I will explain how Azure files AD DS authentication works, how to configure it, some basic steps and more. Please feel free to use the comment section or Twitter to get in touch with me and give me feedback or ask questions.
In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.
In the past I do a lot of Azure Governance workshops. One part of this workshops are the high availabilty options in Azure. This article descripe the different SLAs for VM workloads in Azure. Often I get an ask about the SLA level and the requirements. In this discussion many people are confused about the difference of Availability Set and Availability Zone and how this compares to the SLA. The new feature about the Proximitiy Placement Groups comes into play to make the confusing complete. This article descripes the differences between these features.