Azure 800: Administering Windows Server Hybrid Core Infrastructure

Learning Path 1:  Deploy and manage identity infrastructure (Windows Server)

This module introduces identity services and describes Active Directory Domain Services (AD DS) in a Windows Server environment. The module describes how to deploy domain controllers in AD DS, as well as Microsoft Entra ID (Formerly Azure Active Directory (AD)) and the benefits of integrating Microsoft Entra ID (Formerly Azure AD) with AD DS. The module also covers Group Policy basics and how to configure group policy objects (GPOs) in a domain environment.

Modules

• Introduction to AD DS
• Manage AD DS domain controllers and FSMO roles
• Implement Group Policy Objects
• Manage advanced features of AD DS

Labs: Implementing identity services and Group Policy

• Deploying a new domain controller on Server Core
• Configuring Group Policy

After completing this module, students will be able to:

• Describe AD DS in a Windows Server environment.
• Deploy domain controllers in AD DS.
• Describe Microsoft Entra ID (Formerly Azure AD) and benefits of integrating Microsoft Entra ID (Formerly Azure AD) with AD DS.
• Explain Group Policy basics and configure GPOs in a domain environment.

Learning Path 1:  Deploy and manage identity infrastructure (Hybrid scenarios)

This module discusses how to configure an Azure environment so that Windows IaaS workloads requiring Active Directory are supported. The module also covers integration of on-premises Active Directory Domain Services (AD DS) environment into Azure. Finally, the module explains how to extend an existing Active Directory environment into Azure by placing IaaS VMs configured as domain controllers onto a specially configured Azure virtual network (VNet) subnet.

Modules

• Implement hybrid identity with Windows Server
• Deploy and manage Azure IaaS Active Directory domain controllers in Azure

Labs: Implementing integration between AD DS and Microsoft Entra ID (Formerly Azure AD)

• Preparing Microsoft Entra ID (Formerly Azure AD) for AD DS integration
• Preparing on-premises AD DS for Microsoft Entra ID (Formerly Azure AD) integration
• Downloading, installing, and configuring Microsoft Entra ID (Formerly Azure AD) Connect
• Verifying integration between AD DS and Microsoft Entra ID (Formerly Azure AD)
• Implementing Microsoft Entra ID (Formerly Azure AD) integration features in AD DS

After completing this module, students will be able to:

• Integrate on-premises Active Directory Domain Services (AD DS) environment into Azure.
• Install and configure directory synchronization using Microsoft Entra ID (Formerly Azure AD) Connect.
• Implement and configure Microsoft Entra ID (Formerly Azure AD) DS.
• Implement Seamless Single Sign-on (SSO).
• Implement and configure Microsoft Entra ID (Formerly Azure AD) DS.
• Install a new AD DS forest on an Azure VNet.

Learning Path 2:  Manage Windows Server and workloads in a hybrid environment (Windows Server administration)

This module describes how to implement the principle of least privilege through Privileged Access Workstation (PAW) and Just Enough Administration (JEA). The module also highlights several common Windows Server administration tools, such as Windows Admin Center, Server Manager, and PowerShell. This module also describes the post-installation configuration process and tools available to use for this process, such as sconfig and Desired State Configuration (DSC).

Modules

• Perform Windows Server secure administration
• Describe Windows Server administration tools
• Perform post-installation configuration of Windows Server
• Just Enough Administration in Windows Server

Lab: Managing Windows Server

• Implementing and using remote server administration

After completing this module, students will be able to:

• Explain least privilege administrative models.
• Decide when to use privileged access workstations.
• Select the most appropriate Windows Server administration tool for a given situation.
• Apply different methods to perform post-installation configuration of Windows Server.
• Constrain privileged administrative operations by using Just Enough Administration (JEA).

Learning Path 2:  Manage Windows Server and workloads in a hybrid environment (Facilitating hybrid management)

This module covers tools that facilitate managing Windows IaaS VMs remotely. The module also covers how to use Azure Arc with on-premises server instances, how to deploy Azure policies with Azure Arc, and how to use role-based access control (RBAC) to restrict access to Log Analytics data.

Modules

• Administer and manage Windows Server IaaS virtual machines remotely
• Manage hybrid workloads with Azure Arc

Labs: Using Windows Admin Center in hybrid scenarios

• Provisioning Azure VMs running Windows Server
• Implementing hybrid connectivity by using the Azure Network Adapter
• Deploying Windows Admin Center gateway in Azure
• Verifying functionality of the Windows Admin Center gateway in Azure

After completing this module, students will be able to:

• Select appropriate tools and techniques to manage Windows IaaS VMs remotely.
• Explain how to onboard on-premises Windows Server instances in Azure Arc.
• Connect hybrid machines to Azure from the Azure portal.
• Use Azure Arc to manage devices.
• Restrict access using RBAC.

Learning Path 3:  Manage virtualization and containers in a hybrid environment (Hyper-V virtualization in Windows Server)

This module describes how to implement and configure Hyper-V VMs and containers. The module covers key features of Hyper-V in Windows Server, describes VM settings, and how to configure VMs in Hyper-V. The module also covers security technologies used with virtualization, such as shielded VMs, Host Guardian Service, admin-trusted and TPM-trusted attestation, and Key Protection Service (KPS). Finally, this module covers how to run containers and container workloads, and how to orchestrate container workloads on Windows Server using Kubernetes.

Modules

• Configure and manage Hyper-V
• Configure and manage Hyper-V virtual machines
• Secure Hyper-V workloads
• Run containers on Windows Server
• Orchestrate containers on Windows Server using Kubernetes

Labs: Implementing and configuring virtualization in Windows Server

• Creating and configuring VMs
• Installing and configuring containers

After completing this module, students will be able to:

• Install and configure Hyper-V on Windows Server.
• Configure and manage Hyper-V virtual machines.
• Use Host Guardian Service to protect virtual machines.
• Create and deploy shielded virtual machines.
• Configure and manage container workloads.
• Orchestrate container workloads using a Kubernetes cluster.

Learning Path 3:  Manage virtualization and containers in a hybrid environment (Deploying and configuring Azure VMs)

This module describes Azure compute and storage in relation to Azure VMs, and how to deploy Azure VMs by using the Azure portal, Azure CLI, or templates. The module also explains how to create new VMs from generalized images and use Azure Image Builder templates to create and manage images in Azure. Finally, this module describes how to deploy Desired State Configuration (DSC) extensions, implement those extensions to remediate noncompliant servers, and use custom script extensions.

Modules

• Plan and deploy Windows Server IaaS virtual machines
• Customize Windows Server IaaS virtual machine images
• Automate the configuration of Windows Server IaaS virtual machines

Labs: Deploying and configuring Windows Server on Azure VMs

• Authoring Azure Resource Manager (ARM) templates for Azure VM deployment
• Modifying ARM templates to include VM extension-based configuration
• Deploying Azure VMs running Windows Server by using ARM templates
• Configuring administrative access to Azure VMs running Windows Server
• Configuring Windows Server security in Azure VMs

After completing this module, students will be able to:

• Create a VM from the Azure portal and from Azure Cloud Shell.
• Deploy Azure VMs by using templates.
• Automate the configuration of Windows Server IaaS VMs.
• Detect and remediate noncompliant servers.
• Create new VMs from generalized images.
• Use Azure Image Builder templates to create and manage images in Azure.

Learning Path 4: Implement and manage an on-premises and hybrid networking infrastructure (Network infrastructure services in Windows Server)

This module describes how to implement core network infrastructure services in Windows Server, such as DHCP and DNS. This module also covers how to implement IP address management and how to use Remote Access Services.

Modules

• Deploy and manage DHCP
• Implement Windows Server DNS
• Implement IP address management
• Implement remote access

Labs: Implementing and configuring network infrastructure services in Windows Server

• Deploying and configuring DHCP
• Deploying and configuring DNS

After completing this module, students will be able to:

• Implement automatic IP configuration with DHCP in Windows Server.
• Deploy and configure name resolution with Windows Server DNS.
• Implement IPAM to manage an organization’s DHCP and DNS servers, and IP address space.
• Select, use, and manage remote access components.
• Implement Web Application Proxy (WAP) as a reverse proxy for internal web applications.

Learning Path 4: Implement and manage an on-premises and hybrid networking infrastructure (Implementing hybrid networking infrastructure)

This module describes how to connect an on-premises environment to Azure and how to configure DNS for Windows Server IaaS virtual machines. The module covers how to choose the appropriate DNS solution for your organization’s needs, and run a DNS server in a Windows Server Azure IaaS VM. Finally, this module covers how to manage Microsoft Azure virtual networks (VNets) and IP address configuration for Windows Server infrastructure as a service (IaaS) virtual machines.

Modules

• Implement hybrid network infrastructure
• Implement DNS for Windows Server IaaS VMs
• Implement Windows Server IaaS VM IP addressing and routing

Labs: Implementing Windows Server IaaS VM networking

• Implementing virtual network routing in Azure
• Implementing DNS name resolution in Azure

After completing this module, students will be able to:

• Implement an Azure virtual private network (VPN).
• Configure DNS for Windows Server IaaS VMs.
• Run a DNS server in a Windows Server Azure IaaS VM.
• Create a route-based VPN gateway using the Azure portal.
• Implement Azure ExpressRoute.
• Implement an Azure wide area network (WAN).
• Manage Microsoft Azure virtual networks (VNets).
• Manage IP address configuration for Windows Server IaaS virtual machines (VMs).

Learning Path 5: Configure storage and file services (File servers and storage management in Windows Server)

This module covers the core functionality and use cases of file server and storage management technologies in Windows Server. The module discusses how to configure and manage the Windows File Server role, and how to use Storage Spaces and Storage Spaces Direct. This module also covers replication of volumes between servers or clusters using Storage Replica.

Modules

• Manage Windows Server file servers
• Implement Storage Spaces and Storage Spaces Direct
• Implement Windows Server Data Deduplication
• Implement Windows Server iSCSI
• Implement Windows Server Storage Replica

Labs: Implementing storage solutions in Windows Server

• Implementing Data Deduplication
• Configuring iSCSI storage
• Configuring redundant Storage Spaces
• Implementing Storage Spaces Direct

After completing this module, students will be able to:

• Configure and manage the Windows Server File Server role.
• Protect data from drive failures using Storage Spaces.
• Increase scalability and performance of storage management using Storage Spaces Direct.
• Optimize disk utilization using Data DeDuplication.
• Configure high availability for iSCSI.
• Enable replication of volumes between clusters using Storage Replica.
• Use Storage Replica to provide resiliency for data hosted on Windows Servers volumes.

Learning Path 5: Configure storage and file services (Implementing a hybrid file server infrastructure)

This module introduces Azure file services and how to configure connectivity to Azure Files. The module also covers how to deploy and implement Azure File Sync to cache Azure file shares on an on-premises Windows Server file server. This module also describes how to manage cloud tiering and how to migrate from DFSR to Azure File Sync.

Modules

• Overview of Azure file services
• Implementing Azure File Sync

Labs: Implementing Azure File Sync

• Implementing DFS Replication in your on-premises environment
• Creating and configuring a sync group
• Replacing DFS Replication with File Sync–based replication
• Verifying replication and enabling cloud tiering
• Troubleshooting replication issues

After completing this module, students will be able to:

• Configure Azure file services.
• Configure connectivity to Azure file services.
• Implement Azure File Sync.
• Deploy Azure File Sync
• Manage cloud tiering.
• Migrate from DFSR to Azure File Sync