AZ-801: Configuring Windows Server Hybrid Advanced Services (Live Online)

Overview

This comprehensive course teaches IT Professionals to configure advanced Windows Server services across on-premises, hybrid, and cloud technologies. Participants will learn how to leverage Azure's hybrid capabilities, migrate both virtual and physical server workloads to Azure Infrastructure as a Service, and implement robust security measures for Azure VMs running Windows Server. The curriculum also addresses high availability requirements, troubleshooting methodologies, and disaster recovery strategies. Key administrative tools and technologies covered include Windows Admin Center, PowerShell, Azure Arc, Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate, and Azure Monitor.

Audience Profile:

This four-day course is designed for Windows Server Hybrid Administrators who have practical experience managing Windows Server and seek to extend their on-premises environments by integrating on-premises and hybrid technologies. Ideal candidates are those who currently implement and manage on-premises core technologies and who are focused on securing and protecting their environments, migrating virtual and physical workloads to Azure IaaS, establishing highly available and fully redundant environments, and performing comprehensive monitoring and troubleshooting activities.

Job Role:

Administrator

Certification Preparation:

AZ-801

Skills Gained:

Harden the security configuration of the Windows Server operating system environment.
Enhance hybrid security using Azure Security Center, Azure Sentinel, and Windows Update Management.
Apply security features to protect critical resources.

Prerequisites:

Before attending this course, students must have:

Experience managing Windows Server operating systems and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services
Experience with common Windows Server management tools (implied in the first prerequisite)
Basic knowledge of core Microsoft compute, storage, networking, and virtualization technologies

Course Outline:

Module 1: Windows Server Security

This module focuses on protecting an Active Directory environment by securing user accounts to the principle of least privilege and placing them in the Protected Users group. Content covers limiting authentication scope and remediating potentially insecure accounts. The module includes hardening the security configuration of Windows Server operating system environments and securing Windows Server DNS to protect the network name resolution infrastructure. Additionally, Windows Server Update Services for deploying operating system updates to network computers is discussed.

Lessons

Secure Windows Server user accounts
Hardening Windows Server
Windows Server Update Management
Secure Windows Server DNS

Lab: Configuring security in Windows Server

Configuring Windows Defender Credential Guard
Locating problematic accounts
Implementing LAPS

Module 2: Implementing Security Solutions in Hybrid Scenarios

This module covers securing both on-premises Windows Server resources and Azure IaaS workloads. Content focuses on improving network security for Windows Server IaaS VMs and diagnosing network security issues with those VMs. The module introduces Azure Security Center, explains how to onboard Windows Server computers to Security Center, and covers enabling Azure Update Management. Participants learn about Adaptive application controls and BitLocker disk encryption for protecting Windows Server IaaS VMs. The module also explains monitoring Windows Server Azure IaaS VMs for file and registry changes, as well as modifications made to application software.

Lessons

Implement Windows Server IaaS VM network security
Audit the security of Windows Server IaaS Virtual Machines
Manage Azure updates
Create and implement application allowlists with adaptive application control
Configure BitLocker disk encryption for Windows IaaS Virtual Machines
Implement change tracking and file integrity monitoring for Windows Server IaaS VMs

Lab: Using Azure Security Center in hybrid scenarios

Provisioning Azure VMs running Windows Server
Configuring Azure Security Center
Onboarding on-premises Windows Server into Azure Security Center
Verifying the hybrid capabilities of Azure Security Center
Configuring Windows Server security in Azure VMs

Module 3: Implementing High Availability

This module explores technologies and options for creating a highly available Windows Server environment. Content introduces Clustered Shared Volumes for shared storage access across multiple cluster nodes, and highlights failover clustering, stretch clusters, and cluster sets for implementing high availability of Windows Server workloads. The module discusses high availability options for Hyper-V and Windows Server VMs, including network load balancing, live migration, and storage migration. High availability options for file shares hosted on Windows Server file servers are covered, along with implementing scaling for virtual machine scale sets and load-balanced VMs, and implementing Azure Site Recovery.

Lessons

Introduction to Cluster Shared Volumes
Implement Windows Server failover clustering
Implement high availability of Windows Server VMs
Implement Windows Server File Server high availability
Implement scale and high availability with Windows Server VMs

Lab: Implementing failover clustering

Configuring iSCSI storage
Configuring a failover cluster
Deploying and configuring a highly available file server
Validating the deployment of the highly available file server

Module 4: Disaster Recovery in Windows Server

This module presents Hyper-V Replica as a business continuity and disaster recovery solution for virtual environments. Content addresses Hyper-V Replica scenarios, use cases, and prerequisites. The module also covers implementing Azure Site Recovery in on-premises scenarios to recover from disasters.

Lessons

Implement Hyper-V Replica
Protect your on-premises infrastructure from disasters with Azure Site Recovery

Lab: Implementing Hyper-V Replica and Windows Server Backup

Implementing Hyper-V Replica
Implementing backup and restore with Windows Server Backup

Module 5: Implementing Recovery Services in Hybrid Scenarios

This module covers tools and technologies for implementing disaster recovery in hybrid scenarios. Unlike the previous module which focuses on business continuity and disaster recovery solutions for on-premises scenarios, this module addresses cloud-based recovery. Azure Backup is presented as a service to protect files and folders; Recovery Vaults and Azure Backup Policies are explored. Content describes recovering Windows IaaS virtual machines, performing backup and restore of on-premises workloads, and managing Azure VM backups. The module also addresses providing disaster recovery for Azure infrastructure by managing and orchestrating replication, failover, and failback of Azure virtual machines with Azure Site Recovery.

Lessons

Implement hybrid backup and recovery with Windows Server IaaS
Protect your Azure infrastructure with Azure Site Recovery
Protect your virtual machines by using Azure Backup

Lab: Implementing Azure-based recovery services

Implementing the lab environment
Creating and configuring an Azure Site Recovery vault
Implementing Hyper-V VM protection by using the Azure Site Recovery vault
Implementing Azure Backup

Module 6: Upgrade and Migrate in Windows Server

This module examines approaches to migrating and updating Windows Server workloads running earlier versions. Content addresses strategies needed to move domain controllers to Windows Server 2022 and covers how the Active Directory Migration Tool can consolidate domains within a forest or migrate domains to a new AD DS forest. Storage Migration Service is discussed for migrating files and file shares from existing file servers to new servers running Windows Server 2022. The module also addresses installing and using the Windows Server Migration Tools cmdlets to migrate commonly used server roles from earlier versions of Windows Server.

Lessons

Active Directory Domain Services migration
Migrate file server workloads using Storage Migration Service
Migrate Windows Server roles

Lab: Migrating Windows Server workloads to IaaS VMs

Deploying AD DS domain controllers in Azure
Migrating file server shares by using Storage Migration Service

Module 7: Implementing Migration in Hybrid Scenarios

This module examines approaches to migrating workloads running in Windows Server to infrastructure as a service (IaaS) virtual machines. Azure Migrate is introduced for assessing and migrating on-premises Windows Server instances to Microsoft Azure. Content covers migrating workloads running in Windows Server to infrastructure as a service virtual machines and to Windows Server 2022 by using Windows Server migration tools or the Storage Migration Service. The module also describes using the Azure Migrate App Containerization tool to containerize and migrate ASP.NET applications to Azure App Service.

Lessons

Migrate on-premises Windows Server instances to Azure IaaS virtual machines
Upgrade and migrate Windows Server IaaS virtual machines
Containerize and migrate ASP.NET applications to Azure App Service

Lab: Migrating on-premises VM servers to IaaS VMs

Implementing assessment and discovery of Hyper-V VMs using Azure Migrate
Implementing migration of Hyper-V workloads using Azure Migrate

Module 8: Server and Performance Monitoring in Windows Server

This module presents a range of tools to monitor the operating system and applications on Windows Server computers, and describes how to configure systems to optimize efficiency and troubleshoot problems. Content covers how Event Viewer provides a convenient location for observing events that occur and interpreting event log data. The module addresses auditing and diagnosing Windows Server environments for regulatory compliance, user activity, and troubleshooting purposes. Additionally, the module explains troubleshooting AD DS service failures or degraded performance, including recovery of deleted objects and the AD DS database, and troubleshooting hybrid authentication issues.

Lessons

Monitor Windows Server performance
Manage and monitor Windows Server event logs
Implement Windows Server auditing and diagnostics
Troubleshoot Active Directory

Lab: Monitoring and troubleshooting Windows Server

Establishing a performance baseline
Identifying the source of a performance problem
Viewing and configuring centralized event logs

Module 9: Implementing Operational Monitoring in Hybrid Scenarios

This module addresses using monitoring and troubleshooting tools, processes, and best practices to streamline application performance and availability of Windows Server IaaS VMs and hybrid instances. Content describes implementing Azure Monitor for IaaS VMs in Azure, implementing Azure Monitor in on-premises environments, and using dependency maps. Participants learn how to enable diagnostics to gather VM data, view VM metrics in Azure Metrics Explorer, and create metric alerts to monitor VM performance. The module covers monitoring VM performance using Azure Monitor VM Insights. Various aspects of troubleshooting on-premises and hybrid network connectivity are examined, including diagnosing common issues with DHCP, name resolution, IP configuration, and routing. The module also addresses troubleshooting configuration issues that impact connectivity to Azure-hosted Windows Server virtual machines, as well as approaches to resolve issues with VM startup, extensions, performance, storage, and encryption.

Lessons

Monitor Windows Server IaaS Virtual Machines and hybrid instances
Monitor the health of your Azure virtual machines by using Azure Metrics Explorer and metric alerts
Monitor the performance of virtual machines by using Azure Monitor VM Insights
Troubleshoot on-premises and hybrid networking
Troubleshoot Windows Server Virtual Machines in Azure

Lab: Monitoring and troubleshooting of IaaS VMs running Windows Server