close

Azure App Service

Microsoft Azure App Service

Azure App Service

Microsoft Debuts Azure Government Top Secret Regions

Azure-Government-Top-Secret-696×392

Microsoft has launched a cloud service geared towards governments and organizations that handle extremely sensitive data. Called Azure Government Top Secret, this is a solution for those classified files you want to stay that way.

In its announcement, Microsoft says Azure Government Top Secret is gaining accreditation with help from the U.S. government. The release build of the service was sent out on Monday (Dec. 7). Microsoft says quick development and preparation for accreditation is possible because of the synergy across Azure services:

“The broad range of services will meet the demand for greater agility in the classified space, including the need to gain deeper insights from data sourced from any location as well as the need to enable the rapid expansion of remote work.

“Additionally, mission owners will benefit from greater choice in modernizing legacy systems, with a secure cloud platform that works on open standards and open frameworks with tools that work across a wide range of skill levels, from business analysts to developers to data scientists.”

These new Azure regions bring the same abilities as standard Azure regions, albeit with protection for top secret data.

Azure Government Secret Features

At the same time, Microsoft is bringing new features to its existing Azure Government Secret service. Customers of this cloud tier includes law enforcement and the Department of Defense. In terms of the DoD, the service has Impact Level 6 and Intelligent Community Directive 503 compliance.

Microsoft says its Windows Virtual Desktop tool is now available to organizations using Azure Government Secret. Availability Zones are also coming to the Azure Government platform. These zones allow customers to manage datacenter failures by isolating their own system.

Source Winbuzzer

read more
Azure App Service

VMware Vulnerabilities Come from Russia-Backed Threat Actors Says NSA

Security-Threat-Microsoft-630×420

During the COVID-19 pandemic, there has been a massive increase in the number of people working from home. Because of lockdown measures, remote work and schooling has become the norm for hundreds of millions around the world. That said, the revolution was already underway before 2020 and many apps and services focus on providing distance work features.

Like any other tech realm that achieves mainstream success, there are bad actors who want to exploit people using apps. Some of those threat actors are state sponsored. According to an advisory by the National Security Agency in the U.S., Russian-backed hacking groups are targeting remote workers.

Specifically, the NSA says these groups are targeting vulnerabilities found in many enterprise-grade remote work solutions from VMware. In response, VMware issued its own bulletin last week that provides information on patches to prevent the flaw being further exploited.

“VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.”

Patches Available

All the vulnerable services are cloud infrastructure solutions and related to identity management. Among them are VMware Identity Manager, it’s successor VMware Workspace One Access, and others. According to the company the vulnerabilities are “Important” but not “Critical”:

“VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator.”

That rating comes because any attack must come from having prior access to a web-based password-protected management interface.

“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system. This account is internal to the impacted products and a password is set at the time of deployment. A malicious actor must possess this password to attempt to exploit CVE-2020-4006. Examples of how this password could be obtained by a malicious actor are documented in T1586 of the MITRE ATT&CK database.”

VMware advises customers to install the patches to mitigate the attack vulnerability.

Source Winbuzzer

read more
Azure App Service

Microsoft, Code.org partner to teach AI + ethics from elementary to high school

1_gberl71YLHgbezJkV9l8qg

At a time when AI and machine learning are changing the very fabric of society and transforming entire industries, it is more important than ever to give every student the opportunity to not only learn how these technologies work, but also to think critically about the ethical and societal impacts of AI.

AI is used everywhere, from voice assistants to self-driving cars, and it’s rapidly becoming the most important technological innovation of current times. AI has the potential to play a major role in addressing global problems, such as detecting and curing diseases, cleaning oceans, eliminating poverty, or harnessing clean energy.

At the same time, with great power comes great responsibility, and budding computer scientists must learn to consider technology’s ethical impacts. How does algorithmic bias impact social justice or deep fakes impact democracy? How does society cope with rapid job automation? By learning how to consider the ethical issues that AI raises, these future computer scientists will be better able to envision the appropriate safeguards that help to maximize the benefits of AI technologies and reduce their risks.

A comprehensive approach from elementary to high school

Made possible by Microsoft’s latest donation of $7.5 million, Code.org plans a comprehensive and age-appropriate approach to teaching how AI works along with the social and ethical considerations, from elementary school through high school.

Available on December 1:

  • A new video series on AI, featuring Microsoft CEO Satya Nadella along with leading technologists across industry and academia
See the playlist with all videos here.
  • A global launch of Code.org’s hit AI tutorial, AI for Oceans, which is available in 25+ languages and optimized for mobile devices
  • A classroom lesson plan to help students explore and discuss the societal and ethical implications of AI
  • A lesson in the CS Principles curriculum about machine learning and bias
  • See our new AI resource page for a complete overview!
Image for post

Image for post

AI for Oceans is available in 25+ languages and is optimized for mobile devices.

Within the coming year, AI and machine learning lessons will be integrated into Code.org’s CS Discoveries curriculum, which is one of the most widely-used computer science courses for students in grades 6–10, and in App Lab, Code.org’s popular app-creation platform used throughout middle school and high school.

In CS Discoveries, students will learn to work with datasets to create machine learning models that they can incorporate into their apps, and explore how advances in new technologies such as computer vision and neural networks require new ethical computer scientists to avoid bias and harm. Curated datasets will help students better understand the real-world impact that these technologies have.

Code.org will also help students and teachers find additional educational resources from a variety of partners and the broader community behind AI education.

Microsoft and AI education

Image for post

Image for post

A look at a new lesson in Minecraft: Education Edition. In these new lessons, students use AI in a range of exciting real-world scenarios: to preserve wildlife and ecosystems, help people in remote areas, and research climate change.

Additionally, last month the Microsoft AI for Earth team partnered with Minecraft: Education Edition to release five lessons challenging students to use the power of AI in a range of exciting real-world scenarios: to preserve wildlife and ecosystems, help people in remote areas, and research climate change.

What’s more, Microsoft’s Imagine Cup Junior 2021 challenge provides students aged 13 to 18 the opportunity to learn about technology and how it can be used to positively change the world.

The global challenge is focused on Artificial Intelligence (AI), introducing students to AI and Microsoft’s AI for Good initiatives so they can come up with ideas to solve social, cultural and environmental issues.

Image for post

Image for post

Microsoft’s Imagine Cup Junior challenge is geared towards students ages 13 to 18. Learn more and join the competition here.

Impacting student lives, especially the underserved

On Code.org, 45% of students are young women, and in the US, 50% are students from underrepresented racial and ethnic groups and 45% are in high needs schools. Reaching the tens of millions of students in Code.org’s courses and on its platform, the partnership between Microsoft and Code.org works to democratize access to learning AI because all students deserve the opportunity to shape the world they live in — and because creating an equitable and socially just future will take all of us.

-Code.org CEO Hadi Partovi and Microsoft President Brad Smith

Source Microsoft

read more
Azure App Service

Microsoft Azure Cognitive Services AI System Can Describe Images as Accurately as Humans

Microsoft-Cognitive-Toolkit-Screenshot-YouTube-600×338

This week, Microsoft has announced a new artificial intelligence tool that delivers image captioning within Azure Cognitive Services. According to the company, the AI-based technology represents a breakthrough in image captioning accuracy.

In fact, Microsoft says the Azure Cognitive Services system can describe images as accurately as humans can.

Image captioning allows developers to include automated descriptions of visual content. However, the AI that underpins the tech is unable to patch human descriptions in terms of accuracy. Microsoft’s new system claims to break through this barrier.

If true, developers can leverage the system to deliver more accuracy to users through improved descriptions of images. For example, images that could be displayed by search results.

It is worth noting that Microsoft has an important caveat. The company says that while the system can deliver human-like accuracy, it does not do it every time. Instead, the Azure Cognitive Services team says it is not perfect.

Usefulness

Saqib Shaikh, a software engineering manager with Microsoft’s AI team, says the system is still an important milestone. One example he points to is its ability to generate descriptions from photos from people with visual impairments.

These image descriptions are known as ALT text and are found on websites and documents. However, some pages don’t manually ascribe ALT text. Microsoft’s AI system would automate the process.

“Ideally, everyone would include alt text for all images in documents, on the web, in social media – as this enables people who are blind to access the content and participate in the conversation. But, alas, people don’t. So, there are several apps that use image captioning as way to fill in alt text when it’s missing.”

Microsoft says the new AI is twice as accurate than the tool the company has been using previously. The company plans to integrate the new system into Microsoft Word and Outlook on Windows and Mac later this year.

Source Winbuzzer

read more
Azure App Service

Microsoft Expands Azure Cloud Reach with Major Investment in Greece

Microsoft-Cloud-Greece-Azure-Microsoft-630×420 (1)

Microsoft is continuing to expand its reach in terms of delivering native cloud data for Azure customers. Specifically, the company is moving into Greece. Microsoft says it will build data centers in the country, allowing customers to access cloud services directly without moving data beyond borders.

Not only will the decision help Microsoft expand its cloud reach through another Azure region, it will also help Greece. The Greek economy has been hit hard over the last decade. While the country was emerging from its debt crisis, the COVID-19 pandemic has put Greece under increasing economic pressure.

By investing in cloud infrastructure, Microsoft is helping to boost the economy. In fact, Microsoft president Brad Smith says the investment is the largest Microsoft has made during 30 years of operations in Greece.

When presenting the expansion in Athens, Smith said it shows “confidence in the Greek economy, the Greek people, and the government.”

“By a substantial margin, this is the largest investment Microsoft has made in Greece in the 28 years we have been operating here. In part, this reflects confidence that our world-leading datacenter technology can help enable innovation and growth across Greece’s economy. In addition, this large investment reflects our optimism about Greece’s future, its forward-leaning government, and the country’s ongoing economic recovery,” said Smith.

Benefit for Greece

The size of Microsoft’s investment is not known, but Greek Prime Minister Kyriakos Mitsotakis says it will boost the country’s economy by $1 billion.

“Today’s commitment to the people and businesses of Greece will position the country among the digital leaders of Europe. A Microsoft datacenter region provides a competitive advantage to our digital economy. At the same time, it is a long-term investment and a vote of confidence in our country’s potential. The cloud is transforming every industry and sector. The investment in skilling 100,000 citizens will empower today and tomorrow’s Greek workforce,” said the Prime Minister.

Smith says Microsoft will also help to create 100,000 jobs in Greece by developing a digital-skills training program.

Source Winbuzzer

 

read more
Azure App Service

Microsoft Expands Azure Cloud Reach with Major Investment in Greece

Microsoft-Cloud-Greece-Azure-Microsoft-630×420

Microsoft is continuing to expand its reach in terms of delivering native cloud data for Azure customers. Specifically, the company is moving into Greece. Microsoft says it will build data centers in the country, allowing customers to access cloud services directly without moving data beyond borders.

Not only will the decision help Microsoft expand its cloud reach through another Azure region, it will also help Greece. The Greek economy has been hit hard over the last decade. While the country was emerging from its debt crisis, the COVID-19 pandemic has put Greece under increasing economic pressure.

By investing in cloud infrastructure, Microsoft is helping to boost the economy. In fact, Microsoft president Brad Smith says the investment is the largest Microsoft has made during 30 years of operations in Greece.

When presenting the expansion in Athens, Smith said it shows “confidence in the Greek economy, the Greek people, and the government.”

“By a substantial margin, this is the largest investment Microsoft has made in Greece in the 28 years we have been operating here. In part, this reflects confidence that our world-leading datacenter technology can help enable innovation and growth across Greece’s economy. In addition, this large investment reflects our optimism about Greece’s future, its forward-leaning government, and the country’s ongoing economic recovery,” said Smith.

Benefit for Greece

The size of Microsoft’s investment is not known, but Greek Prime Minister Kyriakos Mitsotakis says it will boost the country’s economy by $1 billion.

“Today’s commitment to the people and businesses of Greece will position the country among the digital leaders of Europe. A Microsoft datacenter region provides a competitive advantage to our digital economy. At the same time, it is a long-term investment and a vote of confidence in our country’s potential. The cloud is transforming every industry and sector. The investment in skilling 100,000 citizens will empower today and tomorrow’s Greek workforce,” said the Prime Minister.

Smith says Microsoft will also help to create 100,000 jobs in Greece by developing a digital-skills training program.

Source Winbuzzer

read more
Azure App Service

Microsoft Once Again Wins JEDI Contract Following DoD Investigation

Pentagon-Wiki-Commons-696×398

Microsoft’s position as winner of the Pentagon’s JEDI cloud defense contract has been given a seal of approval this week. Following an investigation, the US Department of Defense (DoD) once again said Microsoft has won the $10 billion contract. It seems the reaffirmation has ended Amazon Web Service’s protests over the process.

However, Amazon is doubling down on its position that Microsoft won the JEDI contract unfairly. In response to once again missing out, AWS hit out at the investigation and President Donald Trump.

Still, it will be Microsoft celebrating winning the JEDI deal for a second time. The company’s Azure cloud services were upheld as the best choice for the project, according to the DoD:

“The Department has completed its comprehensive re-evaluation of the JEDI Cloud proposals and determined that Microsoft’s proposal continues to represent the best value to the Government,” the DoD points out in a statement. “The JEDI Cloud contract is a firm-fixed-price, indefinite-delivery/indefinite-quantity contract that will make a full range of cloud computing services available to the DoD.”

If you’re unfamiliar with JEDI, it is the Joint Enterprise Defense Infrastructure project. Microsoft’s cloud services will underpin an overhaul of the DoD’s computing infrastructure. Microsoft was originally awarded the contract a year ago.

Amazon did not take the situation lying down and immediately started legal proceedings to stop Microsoft. Amazon’s argument was always resting on the idea the process was unfair. While Amazon did not seek the multi-cloud approach some rivals did, AWS thought it was not given a fair chance.

Not Backing Down

Much of Amazon’s issue rests on a belief Donald Trump influenced the outcome of the project because of bias against the company. In fact, AWS wanted Trump to testify during the investigation.

The company previously highlighted Trump’s words on the campaign trail, where he vowed that Amazon would have problems under his presidency. He also referred to Jeff Bezos as “Jeff Bozo”, and has taken issue with his newspaper, the Washington Post.

Following the confirmation yesterday Microsoft will go ahead as the JEDI contract winner, Amazon is doubling down on its position. The company once against attacked the process and called out Trump.

Amazon describes the process as “flawed, biased, and politically corrupted’ and goes on to say that the award ‘creates a dangerous precedent that threatens the integrity of the federal procurement system”.

“There is a recurring pattern to the way President Trump behaves when he’s called out for doing something egregious: first he denies doing it, then he looks for ways to push it off to the side, to distract attention from it and delay efforts to investigate it (so people get bored and forget about it). And then he ends up doubling down on the egregious act anyway.”

Amazon’s court proceedings included an injunction that prevents Microsoft beginning work on the project. However, the DoD says work will start when the injunction is lifted.

“While contract performance will not begin immediately due to the Preliminary Injunction Order issued by the Court of Federal Claims on February 13, 2020, DoD is eager to begin delivering this capability to our men and women in uniform.”

Source Winbuzzer

read more
Azure App Service

Microsoft Sunsets Visual Studio Codespaces

visual-studio-logo-Microsof-1-696×360

Earlier this year, Microsoft sent out the debut preview of Visual Studio Codespaces, which was essentially a rebranding of Visual Studio Online. VS Online was introduced for the first time at Ignite 2019, bringing components of Visual Studio to web browsers. However, Microsoft has already decided to send Visual Studio Codespaces into the sunset.

According to the company, it is killing off the online version of Visual Studio before it has even left preview.

With Visual Studio Online (Codespaces), users have a web-based companion to the full VS experience. They can access code and edit it from any device, including smartphones. With Codespaces, Microsoft added the ability to work with extensions, access a command line, edit, run, and debug apps, and see Git repos.

So, why is Microsoft killing off what is for all intents and purposes a useful addition to the Visual Studio family? Well, it’s not as bad as it first seems because Microsoft says it is folding all Visual Studio Codespaces features into GitHub Codespaces.

If you’re unfamiliar with GitHub Codespaces, it too was launched earlier this year. Users can tap into GitHub Codespaces through a browser-like variant of the Visual Studio Code editor. In this editor, users can work with terminal access, extensions, and other tools. Furthermore, dev’s can use the Codespaces feature directly from their IDE.

Transition

Microsoft clearly does not want two separate services with the Codespaces name. To remedy this, the company is simply combining the two. All VS Codespaces features will be transitioning to GitHub Codespaces, so there should be no gap in functionality. It is worth noting GitHub Codespaces is also in public beta preview.

“After the GitHub-native experience was released, we started hearing that the two distinct experiences were causing confusion amongst our users… We believe that by consolidating the current Codespaces experiences into one, we can eliminate confusion, simplify the experience for everyone, and make more rapid progress to address customer feedback.”

Microsoft has the following timeline in place to end the VS Codespaces preview and move to GitHub Codespaces:

  • September 4, 2020 – Current users can begin transitioning to the GitHub private beta.
  • November 20, 2020 – Creation of new plans and codespaces will be disabled, although existing codespaces may continue to be used. New users will only be able to sign up for Codespaces on GitHub.
  • February 17, 2021 – The Visual Studio Codespaces portal will be retired. All plans and codespaces remaining in the service will be deleted.

From February 17, the VS Codespaces services will be shuttered permanently and all related portals deleted.

Source Winbuzzer

read more
Azure App Service

Microsoft Edge August Updates Include New Tools for Immersive Reader and Collections

Microsoft-Edge-Logo-Official-696×393

Microsoft this week debuted a new blog post series that will focus on providing information on new updates for its various web tools. In this first post, the company detailed what has been delivered to the Microsoft Edge browser in August.

It was solid month for the new browser, which is running on Google’s Chromium base these days. First up is a new feature for the Collections section of the browser.

Collections was brought to the Microsoft Edge preview last year before reaching all users in April. Collections can help users organize and share to help keep track easier. Microsoft says the feature leverages “Cloud featured intelligence and an intuitive interface to help you collect, organize and share content” as you browse content on the web.

This month, the Edge Stable channel allows users to send Collections straight to OneNote on mobile and desktop. This “Send to OneNote” expands upon the similar feature already available for Excel, Pinterest, and Word.

More Updates

Microsoft also made some changes to the Immersive Reader in Microsoft Edge. This is a tool available across several Microsoft services, including the old Edge, OneNote, and even Minecraft. Developers can also access the feature to embed comprehension and text reading tools into their applications.

In August, Immersive Reader receive a picture dictionary. Users can now select a word on a website and the bower will provide an image representative of the word. Microsoft says it is “ideal for those learning another language or for students learning on their own.”

Incidentally, this week, Microsoft confirmed Immersive Reader is now generally available for all Azure Cognitive Services customers.

Last up for Microsoft Edge August updates was the built-in PDF reader gaining screen reader support alongside a new highlighter tool.

Source Winbuzzer

 

read more
Azure App Service

How to manage on-premises infrastructure using Azure Automation Hybrid Worker

08-06-2020-594-p365-Tenant-to-Tenant-Migration-01-LOW-1

We’ve seen a proliferation in cloud adoption as many organizations are hastily moving their workloads and resources to the cloud as users become more mobile and remote. IT admins are facing challenges with the migration of their data and apps, and also managing their hybrid environments. Consequently, IT teams are having to upskill in order to complete their daily administrative tasks.

In this article, we’ll explore the options for managing hybrid environments and automating tasks that involve both on-premises and cloud resources. It’s important for IT and Security Operations teams to have access to a centralized management tool accessing and managing both environments to cope with the shift to remote working.

Azure Automation

We’ve seen a proliferation in cloud adoption as many organizations are hastily moving their workloads and resources to the cloud as users become more mobile and remote. IT admins are facing challenges with the migration of their data and apps, and also managing their hybrid environments. Consequently, IT teams are having to upskill in order to complete their daily administrative tasks.

In this article, we’ll explore the options for managing hybrid environments and automating tasks that involve both on-premises and cloud resources. It’s important for IT and Security Operations teams to have access to a centralized management tool accessing and managing both environments to cope with the shift to remote working.

Read more: Office 365 Global Admin Best Practices by Joshua Bines

Due to it’s modern capabilities we’ll be using Azure Automation, a cloud-based management service, for automating your processes securely and efficiently. This Azure function allows administrators to manage cloud services such as Office 365, Azure, SharePoint Online, Azure Web Apps and more. However, if you run Azure Automation Runbook against your on-premises environment, you’ll get Access Denied. Currently, the only workaround is if you expose your internal network out to the internet via APIs. In this article, we’ll also be focusing on overcoming this obstruction when managing on-premises servers using Azure Automation.

To securely run Azure Automation Runbook (PowerShell or Python2 script) against the on-premises environment, we’ll have to configure the Hybrid Runbook Worker server. This is a secure delivery mechanism of the cloud-hosted script to the local on-premises environment.

The Hybrid Worker server will be going out via port 443 on the firewall to connect to Azure Automation to run Runbooks against on-premises servers such as Active Directory, Exchange, SQL Server, etc.

Azure Automation diagram

To achieve our goal, these are steps we’ll be taking:

  • Configuring Log Analytics workspace
  • Link Azure Automation account with Log Analytics workspace
  • Configuring Azure Hybrid Worker Server and Hybrid Worker Group

Configuring an Azure Log Analytics workspace

As a prerequisite, we need to set up Azure Log Analytics Workspace for the Hybrid Runbook Worker to function. A Log Analytics workspace is a unique environment for Azure Monitor Log Data, each Workspace consists of a repository, data source, and a solution that stores data there.

To set up your Log Analytics Workspace, follow the steps below:

  1. Login to the Azure tenant

2. In All Services search for Log Analytics workspace and click Add to create one

3. Complete all required fields and click Create

4. Make sure to note the Resource Group where you added the Log Analytics workspace

5. I named the Log Analytics workspace “Practical365Workspace

Log Anlaytics Workspace for Azure Automation

After the Log Analytics workspace is created, let’s add the Azure Automation account.

Setting up your Azure Automation account

You can create an Azure Automation account from multiple in the Azure Tenant. In this case, we’ll create the account right from the Log Analytics workspace.

  1. To get started, click on the newly created workspace

2. Then, navigate to Workspace Summary and click Add

3. From the Marketplace screen, select Azure Automation

Select Azure Automation

4. In the Automation screen, click Create

5. Complete all the necessary fields and click Create

Azure Automation account

Make sure you select the same Resource Group where your Log Analytics workspace is created and that the location is selected based on the mapping table. For example, If Log Analytics workspace is in East US, then Azure Automation should be in East US 2 according to the mapping table provided by Microsoft.

Link Azure Automation account with Log Analytics workspace

To link your Azure Automation account with the Log Analytics workspace, we will need to enable Inventory and Change Tracking within Azure Automation.

  • Click Automation Account (in our case “Practical365Automation”)
  • Configuration Management -> Inventory, from Log Analytics workspace, select the workspace which we created earlier Practical365Workspace.
  • Click Enable

To check if your Azure Automation is linked to a Log Analytics workspace correctly follow steps below:

  • Click on Azure Automation, in our case Practical365Automation
  • Under Related Resources, click the Linked workspace

You should see your Log Analytics workspace linked. In our case, as pictured above, we can see that  Practical365Workspace is linked.

Configuring Azure Hybrid Worker Server and Hybrid Worker Group

The Hybrid Runbook Worker runs the script passed from the Azure Automation Account, this plays a centric role in the delivery mechanism for your management tasks. Every Hybrid Runbook Worker server must be a part of the Hybrid Runbook Worker Group, this can contain one or more servers for redundancy.

Learn more: Office 365 Tenant Migration: How to Migrate Exchange Mailbox Permissions

In the lab environment, I have a Windows Server 2016 virtual machine (Name: Server01), which is part of the on-premises domain. I will use Server01 to install Hybrid Worker.

In next few steps, we’ll cover:

  • How to configure Hybrid Worker server
  • Create a Hybrid worker group
  • Add server to the group

Make sure your spelling matches identically to the name of the workspace you created earlier for the following steps.

On Server01 open PowerShell window (as an Administrator) andrun the cmdlet below, ensure your server has  outbound access to the internet:

Next, run PowerShell cmdlet below specifying Workspace Name:

PowerShell will prompt to provide additional information such as:

  • Resource Group Name : practical365resourcegroup
  • subscriptionID: XXXXXXX (Your tenant’s subscription ID)
  • Automation Account Name: Practical365Automation
  • HybridGroupName : Practical365HybridGroup (type appropriate name for the Group.)

During the installation process, you’ll need to authenticate against your Azure tenant.

To check if the installation is successful, navigate to Azure tenant, open the Azure Automation Account that we created earlier, and under the Hybrid workers groups, you should see a new group called Practical365HybridGroup.

Hybrid Worker Groups for Azure Automation

Now you’ve completed the configuration of the Hybrid worker server.

Remember that the PowerShell scripts that you’re running on Server01 from Azure Automation Account will run under your System Local Account; which means you can run management tasks directly on this server. For example, you can create a runbook to stop or start a service.

In practice, you’ll use this Hybrid Worker Server (Server01) to manage other servers. For example, you can enable or disable AD accounts on Domain controllers, provision mailboxes on Exchange server, etc. You’ll also need to set up a Run As account (domain account) in Azure Automation so that your Hybrid Worker server can manage other servers in the local network.

It’s important to note here, when you configure Run As account, it will be applied to the entire Hybrid Worker Group. Currently, there is no way to link Run As account for each Runbook in Azure Automation.

How to set up a Run As account

  1. Open Azure Automation account

2. Navigate to shared resources

3. Click the Credentials link on the left navigation

4. Add a credential and populate any required information. Here, I’m using my domain admin account (Domain/Account), which is not recommended for production. Using the principal of least-privilege, you can create an account that strictly has access to ONLY what you need to accomplish.

Azure Automation Hybrid Worker Group

5. Go back to the Azure Automation and select the Hybrid Worker Group that we created earlier in this article.

6. Select the one associated with your on-premises environment

7. Select Hybrid Worker Group settings in the left property menu and switch Run As field to Customs. From the drop-down, select the credentials that we created earlier.

Hybrid Worker Group Settings

You have now finished configuring your environment and it’s ready to test. The test use case I’m using will run the PowerShell script in the cloud to disable the on-premises AD account.

You must ensure here that your Hybrid Worker server has an appropriate PowerShell module installed. In this example, I made sure that the Active Directory PowerShell module is installed on Server01.

I logged in to the Domain Controller and opened Active Directory users and computers. As you can see, I have Adam Smith’s account enabled.

Account enabled

Next, I’ll create a Runbook in my Azure Automation account to disable this on-premises user:

  1. Navigate to Azure tenant and open Azure Automation account that we created earlier

2. Click on Runbooks on the left navigation menu

3. Click Create a Runbook

4. Complete the required information, make sure you select PowerShell for the type of the Runbook

Create a runbook

5. In the editor window, type PowerShell cmdlet then Save and Publish.

Disable Account

We’re now ready to run the PowerShell cmdlet. Click on Start, under Run on, switch to Hybrid Worker, and select the one we created earlier. The PowerShell script will be queued and executed, wait until the Job-status is set to complete.

Let’s go back to the on-premises domain controller and check the Active Directory Users and Computers.

Check active users and computers

Your domain account is now disabled. As you can see, we were able successfully run a cloud-hosted PowerShell command against on-premises server without exposing it to the internet.

This use case demonstrates how we can manage an on-premises workload using scripts stored and initiated in the cloud. It opens endless opportunities to manage both on-premises and cloud from a centralized location.

Source Practical365

read more
1 2 3 4 5 6
Page 3 of 6