top of page

Configuring Windows Server Hybrid Advanced Services

Duration

Course Code

4 days

AZ-801T00-AC

About the Course

Overview


About the course


This course teaches IT Professionals to configure advanced Windows Server services using on-premises, hybrid, and cloud technologies. The course teaches IT Professionals how to leverage the hybrid capabilities of Azure, how to migrate virtual and physical server workloads to Azure IaaS, and how to secure Azure VMs running Windows Server. The course also teaches IT Professionals how to perform tasks related to high availability, troubleshooting, and disaster recovery. The course highlights administrative tools and technologies including Windows Admin Center, PowerShell, Azure Arc, Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate, and Azure Monitor.


Audience Profile


This four-day course is intended for Windows Server Hybrid Administrators who have experience working with Windows Server and want to extend the capabilities of their on-premises environments by combining on-premises and hybrid technologies. Windows Server Hybrid Administrators who already implement and manage on-premises core technologies want to secure and protect their environments, migrate virtual and physical workloads to Azure Iaas, enable a highly available, fully redundant environment, and perform monitoring and troubleshooting.


Job role: Administrator

Preparation for exam: AZ-801


Before attending this course, students must have:


  • Experience with managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services

  • Experience with common Windows Server management tools (implied in the first prerequisite).

  • Basic knowledge of core Microsoft compute, storage, networking, and virtualization technologies (implied in the first prerequisite).

  • Experience and an understanding of core networking technologies such as IP addressing, name resolution, and Dynamic Host Configuration Protocol (DHCP)

  • Experience working with and an understanding of Microsoft Hyper-V and basic server virtualization concepts

  • An awareness of basic security best practices

  • Basic understanding of security-related technologies (firewalls, encryption, multi-factor authentication, SIEM/SOAR).

  • Basic knowledge of on-premises resiliency Windows Server-based compute and storage technologies (Failover Clustering, Storage Spaces).

  • Basic experience with implementing and managing IaaS services in Microsoft Azure

  • Basic knowledge of Azure Active Directory

  • Experience working hands-on with Windows client operating systems such as Windows 10 or Windows 11

  • Basic experience with Windows PowerShell


An understanding of the following concepts as related to Windows Server technologies:


  • High availability and disaster recovery

  • Automation

  • Monitoring

  • Troubleshooting


Course Outline


Module 1: Secure Windows Server user accounts


Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.


Learning objectives


After completing this module, you will be able to:Configure and manage user accounts to limit security threats across an organizationApply Protected Users settings, policies, and authentication silos to protect highly privileged user accountsDescribe and configure Windows Defender Credential GuardConfigure Group Policy to block the use of NTLM for authentication


Module 2: Hardening Windows Server


Learn how to harden the security configuration of your Windows Server operating system environment. Secure administrative access to Privileged Access Workstations (PAWs), apply security baselines, and secure domain controllers and SMB traffic.


Learning objectives


After completing this module, you will be able to:


  • Manage local administrator passwords using Local Administrator Password Solution

  • Limit administrative access to Privileged Access Workstations (PAWs)

  • Explain how to secure domain controllers from being compromised

  • Describe how to use the Microsoft Security Compliance Toolkit to harden servers

  • Secure SMB traffic using SMB encryption


Module 3: Windows Server update management


Learn how to use Windows Server Update Services to deploy operating system updates to computers on your network. Select the appropriate deployment option and combine WSUS with Microsoft Azure Update Management to manage server updates.


Learning objectives


After completing this module, you will be able to:


  • Describe the role of Windows Server Update Services (WSUS)

  • Describe the WSUS update management process

  • Deploy updates with WSUS


Module 4: Secure Windows Server DNS


Learn how to secure Windows Server DNS to help protect your network name resolution infrastructure and also learn how to implement DNS policies.


Learning objectives


  • Describe split-horizon DNS and explain how to implement it.

  • Create DNS policies.

  • Implement DNS policies.

  • Describe the options for protecting the DNS server role.

  • Implement DNS security.


Module 5: Implement Windows Server IaaS VM network security


In this module, you will focus on how to improve the network security for Windows Server infrastructure as a service (IaaS) virtual machines (VMs) and how to diagnose network security issues with those VMs.


Learning objectives


After completing this module, you will be able to:


  • Implement Network Security Groups (NSGs) with Windows Server IaaS VMs.

  • Implement adaptive network hardening.

  • Implement Azure Firewall.

  • Implement Windows Defender Firewall in Windows Server IaaS VMs.

  • Choose an appropriate filtering solution.

  • Capture network traffic with Network Watcher.


Module 6: Audit the security of Windows Server IaaS Virtual Machines


You'll learn about Azure Security Center and how to onboard Windows Server computers to Security Center. You'll also learn about Azure Sentinel, security information and event management (SIEM), and security orchestration, automation and response (SOAR).


Learning objectives


After completing this module, you will be able to:


  • Describe Azure Security Center.

  • Enable Azure Security Center in hybrid environments.

  • Onboard Windows Server computers to Azure Security Center.

  • Implement and assess security policies.

  • Describe Azure Sentinel.

  • Implement SIEM and SOAR.

  • Protect your resources with Azure Security Center.


Module 7: Manage Azure updates


You'll be able to enable Azure Update Management, deploy updates, review an update assessment, and manage updates for your Azure VMs.


Learning objectives


After completing this module, you will be able to:


  • Describe Azure updates.

  • Enable Update Management.

  • Deploy updates.

  • Review an update assessment.

  • Manage updates for your Azure VMs.


Module 8: Create and implement application allowlists with adaptive application control


You'll be able to implement Adaptive application controls within your organization to protect your Windows Server IaaS VMs.


Learning objectives


After completing this module, you'll be able to:


  • Enable Adaptive application controls.

  • Implement adaptive application control policies.


Module 9: Configure BitLocker disk encryption for Windows IaaS Virtual Machines


You'll be able to configure Azure Disk Encryption for Windows IaaS VMs and back up and recover encrypted data.


Learning objectives


After completing this module, you'll be able to:


  • Describe Azure Disk Encryption.

  • Configure Key Vault to support Azure Disk Encryption.

  • Explain how to encrypt Azure IaaS VM hard disks.

  • Back up and recover encrypted data from IaaS VM hard disks.


Module 10: Implement change tracking and file integrity monitoring for Windows IaaS VMs


In this module, you’ll learn how to monitor Windows Server Azure IaaS VMs for changes in files and the registry, as well as other monitor modifications made to application software.


Learning objectives


After completing this module, you will be able to:


  • Implement Change Tracking and Inventory

  • Manage Change Tracking and Inventory

  • Manage tracked files

  • Implement File Integrity Monitoring

  • Select and monitor entities

  • Use File Integrity Monitoring


Module 11: Introduction to Cluster Shared Volumes


Learn about the core functionality, benefits, use cases, and implementation of Cluster Shared Volumes (CSV) in Windows Server 2019.


Learning objectives


After completing this module, you'll be able to:


Describe the functionality of CSV.

Describe the architecture and components of CSV.

Implement CSV.


Module 12: Implement Windows Server failover clustering


Learn about the core functionality of Windows Server failover clustering, various configuration options for failover clustering, and the use of cluster sets.


Learning objectives


After completing this module, you'll be able to:


  • Describe Windows Server failover clustering.

  • Implement Windows Server failover clustering.

  • Manage Windows Server failover clustering.

  • Implement stretch clusters.

  • Describe cluster sets.


Module 13: Implement high availability of Windows Server VMs


Learn about the core functionality, benefits, use cases, and implementation of highly available Microsoft Hyper-V virtual machines (VMs) in Windows Server 2019.


Learning objectives

After completing this module, you'll be able to:


  • Describe the Hyper-V high availability options.

  • Describe Hyper-V VMs load balancing.

  • Implement Hyper-V VMs live migration.

  • Implement Hyper-V VMs storage migration.


Module 14: Implement Windows Server File Server high availability


Learn about the core functionality, benefits, use cases, and implementation of the highly available File Server role in Windows Server 2019.


Learning objectives


After completing this module, you'll be able to:


  • Provide a high-level overview of Windows Server File Server high-availability options.

  • Describe the characteristics of, and high-level implementation steps for Cluster Shared Volumes (CSV).

  • Describe the characteristics of, and high-level implementation steps for Scale-Out File Server (SOFS).

  • Describe the characteristics of, and high-level implementation steps for Storage Replica.


Module 15: Implement scale and high availability with Windows Server VM


You'll learn how to implement scaling for virtual machine scale sets and load-balanced VMs. You'll also learn how to implement Azure Site Recovery.


Learning objectives


After completing this module, you will be able to:


  • Describe virtual machine scale sets.

  • Implement scaling.

  • Implement load-balancing virtual machines.

  • Implement Azure Site Recovery.


Module 16: Implement Hyper-V Replica


Learn about Hyper-V Replica, scenarios for its use, and prerequisites to use it. Learn about Azure Site Recovery and the benefits of using it, focusing on implementing Site Recovery in on-premises scenarios.


Learning objectives


After completing this module, you'll be able to:


  • Describe Hyper-V Replica, pre-requisites for its use, and its high-level architecture and components.

  • Describe Hyper-V Replica usage scenarios, available replication settings, and security considerations.

  • Configure Hyper-V Replica settings, health monitoring, and failover options.

  • Implement Hyper-V Replica.

  • Describe extended replication.

  • Describe Site Recovery.

  • Implement Site Recovery.


Module 17: Protect your on-premises infrastructure from disasters with Azure Site Recovery


Learn how to provide disaster recovery for your on-premises infrastructure by using Azure Site Recovery to manage and orchestrate replication. Use Site Recovery to perform failover and failback of VMware virtual machines, Hyper-V virtual machines, and physical servers.


Learning objectives


In this module, you will:


  • Identify the features and protection capabilities Azure Site Recovery provides to on-premises infrastructure

  • Identify the requirements for enabling protection of on-premises infrastructure


Module 18: Protect your virtual machines by using Azure Backup


Use Azure Backup to help protect the data for on-premises servers, virtual machines, virtualized workloads such as SQL Server or SAP HANA running in Azure VMs, Azure file shares, and more.


Learning objectives


In this module, you'll:


  • Identify the scenarios for which Azure Backup provides backup and restore capabilities

  • Back up and restore an Azure virtual machine


Module 19: Active Directory Domain Services migration


Determine the best approach to moving domain controllers to Windows Server 2022. Learn how the Active Directory Migration Tool can consolidate domains within a forest or migrate domains to a new AD DS forest.


Learning objectives


After completing this module, you will be able to:


  • Compare upgrading an AD DS forest and migrating to a new AD DS forest

  • Describe how to upgrade an existing AD DS forest

  • Describe how to migrate to a new AD DS forest

  • Describe Active Directory Migration Tool (ADMT)


Module 20: Migrate file server workloads using Storage Migration Service


Learn to use Storage Migration Service to migrate files and files shares from existing file server to new servers running Windows Server 2022. Configure storage migration for optimum performance of data migration.


Learning objectives


After completing this module, you will be able to:


  • Describe Storage Migration Service and its usage scenarios

  • Identify the requirements for using Storage Migration Service

  • Describe how to migrate a server with storage migration

  • List the considerations for using Storage Migration Service


Module 21: Migrate Windows Server roles


Learn how to install and use the Windows Server Migration Tools cmdlets to migrate commonly used server roles from earlier versions of Windows Server.


Learning objectives


After completing this module, you will be able to:


  • Describe the Windows Server Migration Tools

  • Use the migration tools to migrate specific Windows Server roles


Module 22: Migrate on-premises Windows Server instances to Azure IaaS virtual machines


You'll be able to plan a migration and select appropriate server migration tools. You will also learn how to use Azure Migrate, how to assess physical servers, and how to migrate those servers.


Learning objectives


After completing this module, you will be able to:


  • Plan your migration.

  • Describe Azure Migrate.

  • Migrate server workloads using Windows Server Migration Tools.

  • Assess physical servers with Azure Migrate.

  • Migrate on-premises servers to Azure.


Module 23: Upgrade and migrate Windows Server IaaS virtual machines


Learn to migrate a workload running in Windows Server to an infrastructure as a service (IaaS) virtual machine (VM) and to Windows Server 2019 by using Windows Server migration tools or the Storage Migration Service.


Learning objectives


After completing this module, you will be able to:


  • Describe Windows Server IaaS migration.

  • Explain how to migrate workloads using Windows Server Migration tools.

  • Describe storage migration.

  • Migrate file servers by using the Storage Migration Service.


Module 24: Containerize and migrate ASP.NET applications to Azure App Service


In this module, you'll learn to use the Azure Migrate App Containerization tool to containerize and migrate ASP.NET applications to Azure App Service.


Learning objectives


By the end of this module, you will be able to:


  • Discover and containerize your ASP.NET app running on Windows machines using Azure Migrate: App Containerization.

  • Build a container image for your ASP.NET application.

  • Deploy your containerized application to Azure App Service using Azure Migrate: App Containerization.


Module 25: Monitor Windows Server performance


Learn to use a range of Windows Server tools to monitor the operating system and applications on a server computer. You'll also learn to configure your system to optimize efficiency and to troubleshoot problems.

Learning objectives


After completing this module, you will be able to:


  • Use built-in tools in Windows Server to monitor server performance

  • Understand the fundamentals of server performance tuning


Module 26: Manage and monitor Windows Server event logs


Learn how Event Viewer provides a convenient and accessible location for you to observe events that occur. Access event information quickly and conveniently. Learn how to interpret the data in the event log.


Learning objectives


After completing this module, you will be able to:


  • Describe event logs

  • Use Server Manager and Windows Admin Center to - Review event logs

  • Implement custom views

  • Configure an event subscription


Module 27: Implement Windows Server auditing and diagnostics


Learn to audit and diagnose your Windows Server environment for regulatory compliance, user activity, and troubleshooting. Implement security best practices through regular audits of your network environment to gain early warning of potential malicious activity.


Learning objectives


After completing this module, you will be able to:


  • Audit Windows Server events

  • Configure Windows Server to record diagnostic information


\Module 28: Troubleshoot Active Directory


Learn how to troubleshoot AD DS service failures or degraded performance. Learn how to recover deleted security objects and the AD DS database, and how to troubleshoot hybrid authentication issues.


Learning objectives


After completing this module, you will be able to:


  • Recover the AD DS database, objects in AD DS, and SYSVOL

  • Troubleshoot AD DS replication

  • Troubleshoot Hybrid authentication issues



Module 29: Monitor Windows Server IaaS Virtual Machines and hybrid instances


You'll be able to implement Azure Monitor for IaaS VMs in Azure, implement Azure Monitor in on-premises environments, and use dependency maps.


Learning objectives


After completing this module, you will be able to:


  • Enable Azure Monitor for VMs.

  • Monitor an Azure VM with Azure Monitor.

  • Enable Azure Monitor in hybrid scenarios.

  • Collect data from a Windows computer in a hybrid environment.

  • Integrate Azure Monitor with Microsoft Operations Manager.



Module 30: Monitor the health of your Azure virtual machine by using Azure Metrics Explorer and metric alerts


Evaluate monitoring options for an Azure virtual machine (VM). Enable diagnostics to get data about your VM. View VM metrics in Azure Metrics Explorer. Create a metric alert to monitor performance.


Learning objectives


In this module, you will:


  • Identify metrics and diagnostic data that you can collect for virtual machines

  • Configure monitoring for a virtual machine

  • Use monitoring data to diagnose problems


Module 31: Monitor performance of virtual machines by using Azure Monitor VM Insights


Deploy monitoring for workloads on virtual machines. Set up a log analytics workspace, onboard virtual machines to Azure Monitor VM Insights, and build log queries by using Kusto Query Language.


Learning objectives


Evaluate Azure Monitor Logs and Azure Monitor VM Insights.Configure a Log Analytics workspace.Build queries from the Heartbeat and InsightsMetrics tables.


Module 32: Troubleshoot on-premises and hybrid networking

Learn to troubleshoot on-premises connectivity and hybrid network connectivity. Diagnose common issues with DHCP, name resolution, IP configuration, and routing that can cause reliability and connectivity problems in an on-premises and a hybrid environment.


Learning objectives


After completing this module, you will be able to:


  • Diagnose DHCP and DNS problems in on-premises contexts

  • Diagnose IP configuration and routing problems

  • Implement Packet Monitor to help diagnose network problems

  • Use Azure Network Watcher to troubleshoot Microsoft Azure virtual networks


Module 33: Troubleshoot Windows Server Virtual Machines in Azure

Learn to troubleshoot configuration issues that impact connectivity to your Azure-hosted Windows Server virtual machines (VMs). Explore approaches to resolve issues with VM startup, extensions, performance, storage, and encryption.


Learning objectives


After completing this module, you will be able to:


  • Troubleshoot VM deployment and extension issues

  • Troubleshoot VM startup and performance issues

  • Troubleshoot VM storage and encryption issues

  • Troubleshoot connectivity to VMs




bottom of page