Entra Domain Services (Entra DS) is an Active Directory Domain Services (AD DS) compatible managed service hosted in Azure.  Windows AD-sourced users can replicate to Entra ID with Entra Connect Sync.  Legacy NTLM password hashes can also be replicated from Windows AD to Entra DS for the same sign-on experience between the on-premises and managed domains.  This video covers configuring Entra Connect Sync to enable legacy NTLM password hash synchronization. Code: # Source: # https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync ..read more

In this video, we review deploying Microsoft Entra Domain Services (Entra DS) and configuring replication with Entra ID. The video starts by outlining the requirements and features of the Entra DS service, including password hash synchronization. Then we create a virtual network (VNet) for the service and deploy Entra DS. Once deployed, we join a server to the Entra DS managed domain and add the remote administration RSAT tools to manage the directory. Links Zero to Hero with Azure Virtual Desktop https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCE ..read more

In this blog post, we’ll delve into the reasons why using Entra Domain Services (Entra DS) as a replacement for Windows AD might not be the best choice. We’ll break down each point discussed in a recent YouTube video, highlighting the limitations and considerations associated with Entra DS. Overview of Microsoft’s Directory Services Microsoft offers three directory services: Windows AD, Entra ID, and Entra DS. Let’s briefly examine each: Windows AD: Organizations have used this on-premises directory service for over two decades. It supports various authentication protocols and services, such ..read more

Grafana is a full-featured data visualization platform for Linux and Windows. With Azure Managed Grafana, we can host Grafana dashboards in Azure without the hassle of deploying and managing an Azure virtual machine.  This video reviews the different options for Azure Managed Grafana Essential, Standard, and Grafana Enterprise.  Then we walk through deploying Managed Grafana Standard in Azure. Links Zero to Hero with Azure Virtual Desktop https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4 Hybrid Identity with Windows AD and Azur ..read more

Many organizations rely on geo-replicated Azure storage as part of their disaster Recovery strategy.  However, not all storage in Azure supports geo-redundant storage (GRS) or geo-zone-redundant storage (GZRS).  This video reviews a new feature that supports geo-replicated storage for Azure standard file shares with large file support enabled, along with a demonstration of how to enable the new feature. Links Zero to Hero with Azure Virtual Desktop https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4 Hybrid Identity with Windows A ..read more

Azure Virtual Desktop offers feature-rich options for hosting desktops in the cloud.  Recently, a new preview feature was announced to control the direction of clipboard copy and paste actions.  We can now control the direction and data types that can be transferred via clipboard from the local client to the session host and/or from the remote session host to the local client.  This video reviews the requirements for clipboard transfer direction and outlines the steps to configure the feature. Links Zero to Hero with Azure Virtual Desktop https://www.udemy.com/course/zero-to-he ..read more

FSLogix is the go-to solution for managing profiles in AVD and many other VDI environments.  Configuring FSLogix is relatively simple, but there is one configuration setting that’s often overlooked and can cause performance problems that impact the end users.  This video goes over configuring antivirus exclusions for FSLogix with the goal of increasing stability and performance with FSLogix. Links Zero to Hero with Azure Virtual Desktop https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4 Hybrid Identity with Windows AD and Azure ..read more

Entra ID Conditional Access Policies are an excellent option for managing Multifactor Authentication, but there is more to it than MFA.  This video follows a previous video on using Conditional Access policies to require MFA when accessing AVD.  We expand on the concepts of the previous video by configuring the policy for different conditions, such as hybrid Entra ID joined devices and logging in from a known public IP.  After that, we create a policy to block access from specific devices and logins from outside the country. Links Zero to Hero with Azure Virtual Desktop https ..read more

Enabling multi-factor authentication is one of the first steps any organization should take to secure the environment.  But, not all applications are created equally.  You may need to provide different requirements based on who logs in and to a given application.  This video demonstrates how to configure a conditional access policy in Entra ID that applies to users logging into Azure Virtual Desktop (AVD).  This video shows how to use the what-if tool to determine how the policy is applied at a user’s login.  After that, we look at report-only mode to determine when th ..read more

We can view Entra ID log data from the portal, but that is only available for 30 days.  We may want to store important log data like sign in activity and risky user actions for more than 30 days.  Or we may need to send that data to other systems for future analysis and storage.  This video goes over how to send Entra ID logs to Log Analytics.  It starts with setting up a new Log Analytics workspace, then configuring logging to the workspace.  Finally, we run queries in Log Analytics to verify logging is enabled. Links Zero to Hero with Azure Virtual Desktop https://w ..read more