Course AZ-801: Configuring Windows Server Hybrid Advanced Services

This course teaches IT Professionals to configure advanced Windows Server services using on-premises, hybrid, and cloud technologies. The course teaches IT Professionals how to leverage the hybrid capabilities of Azure, how to migrate virtual and physical server workloads to Azure IaaS, and how to secure Azure VMs running Windows Server. The course also teaches IT Professionals how to perform tasks related to high availability, troubleshooting, and disaster recovery. The course highlights administrative tools and technologies including Windows Admin Center, PowerShell, Azure Arc, Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate, and Azure Monitor. Course AZ-801: Configuring Windows Server Hybrid Advanced Services

Audience Profile

This four-day course is intended for Windows Server Hybrid Administrators who have experience working with Windows Server and want to extend the capabilities of their on-premises environments by combining on-premises and hybrid technologies. Windows Server Hybrid Administrators who already implement and manage on-premises core technologies want to secure and protect their environments, migrate virtual and physical workloads to Azure Iaas, enable a highly available, fully redundant environment, and perform monitoring and troubleshooting.

At Course Completion

After completing this course, students will be able to:

Harden the security configuration of the Windows Server operating system environment.

Enhance hybrid security using Azure Security Center, Azure Sentinel, and Windows Update Management.

Apply security features to protect critical resources.

Implement high availability and disaster recovery solutions.

Implement recovery services in hybrid scenarios.

Plan and implement hybrid and cloud-only migration, backup, and recovery scenarios.

Perform upgrades and migration related to AD DS, and storage.

Manage and monitor hybrid scenarios using WAC, Azure Arc, Azure Automation and Azure Monitor.

Implement service monitoring and performance monitoring, and apply troubleshooting.

Course Outline

Module 1: Windows Server security

This module discusses how to protect an Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. The module covers how to limit authentication scope and remediate potentially insecure accounts. The module also describes how to harden the security configuration of a Windows Server operating system environment. In addition, the module discusses the use of Windows Server Update Services to deploy operating system updates to computers on the network. Finally, the module covers how to secure Windows Server DNS to help protect the network name resolution infrastructure. DevSecOps y de la Red Docker

Lesson

Secure Windows Sever user accounts

Hardening Windows Server

Windows Server Update Management

Secure Windows Server DNS

Lab : Configuring security in Windows Server

Configuring Windows Defender Credential Guard

Locating problematic accounts

Implementing LAPS

After completing this module, students will be able to:

Diagnose and remediate potential security vulnerabilities in Windows Server resources.

Harden the security configuration of the Windows Server operating system environment.

Deploy operating system updates to computers on a network by using Windows Server Update Services.

Secure Windows Server DNS to help protect the network name resolution infrastructure.

Implement DNS policies.

Module 2: Implementing security solutions in hybrid scenarios

This module describes how to secure on-premises Windows Server resources and Azure IaaS workloads. The module covers how to improve the network security for Windows Server infrastructure as a service (IaaS) VMs and how to diagnose network security issues with those VMs. In addition, the module introduces Azure Security Center and explains how to onboard Windows Server computers to Security Center. The module also describes how to enable Azure Update Management, deploy updates, review an update assessment, and manage updates for Azure VMs. The module explains how Adaptive application controls and BitLocker disk encryption are used to protect Windows Server IaaS VMs. Finally, the module explains how to monitor Windows Server Azure IaaS VMs for changes in files and the registry, as well as monitoring modifications made to application software.

Lesson

Implement Windows Server IaaS VM network security.

Audit the security of Windows Server IaaS Virtual Machines

Manage Azure updates

Create and implement application allowlists with adaptive application control

Configure BitLocker disk encryption for Windows IaaS Virtual Machines

Implement change tracking and file integrity monitoring for Windows Server IaaS VMs

Lab : Using Azure Security Center in hybrid scenarios

Provisioning Azure VMs running Windows Server

Configuring Azure Security Center

Onboarding on-premises Windows Server into Azure Security Center

Verifying the hybrid capabilities of Azure Security Center

Configuring Windows Server security in Azure VMs

After completing this module, students will be able to:

Diagnose network security issues in Windows Server IaaS virtual machines.

Onboard Windows Server computers to Azure Security Center.

Deploy and manage updates for Azure VMs by enabling Azure Automation Update Management.

Implement Adaptive application controls to protect Windows Server IaaS VMs.

Configure Azure Disk Encryption for Windows IaaS VMs.

Back up and recover encrypted data.

Monitor Windows Server Azure IaaS VMs for changes in files and the registry.

Module 3: Implementing high availability

This module describes technologies and options to create a highly available Windows Server environment. The module introduces Clustered Shared Volumes for shared storage access across multiple cluster nodes. The module also highlights failover clustering, stretch clusters, and cluster sets for implementing high availability of Windows Server workloads. The module then discusses high availability provisions for Hyper-V and Windows Server VMs, such as network load balancing, live migration, and storage migration. The module also covers high availability options for shares hosted on Windows Server file servers. Finally, the module describes how to implement scaling for virtual machine scale sets and load balanced VMs, and how to implement Azure Site Recovery.

Lesson

Introduction to Cluster Shared Volumes.

Implement Windows Server failover clustering.

Implement high availability of Windows Server VMs.

Implement Windows Server File Server high availability.

Implement scale and high availability with Windows Server VMs.

Lab : Implementing failover clustering

Configuring iSCSI storage

Configuring a failover cluster

Deploying and configuring a highly available file server

Validating the deployment of the highly available file server

After completing this module, students will be able to:

Implement highly available storage volumes by using Clustered Share Volumes.

Implement highly available Windows Server workloads using failover clustering.

Describe Hyper-V VMs load balancing.

Implement Hyper-V VMs live migration and Hyper-V VMs storage migration.

Describe Windows Server File Server high availablity options.

Implement scaling for virtual machine scale sets and load-balanced VMs.

Implement Azure Site Recovery.

Module 4: Disaster recovery in Windows Server

This module introduces Hyper-V Replica as a business continuity and disaster recovery solution for a virtual environment. The module discusses Hyper-V Replica scenarios and use cases, and prerequisites to use it. The module also discusses how to implement Azure Site Recovery in on-premises scenarios to recover from disasters.

Lesson

Implement Hyper-V Replica

Protect your on-premises infrastructure from disasters with Azure Site Recovery

Lab : Implementing Hyper-V Replica and Windows Server Backup

Implementing Hyper-V Replica

Implementing backup and restore with Windows Server Backup

After completing this module, students will be able to:

Describe Hyper-V Replica, pre-requisites for its use, and its high-level architecture and components

Describe Hyper-V Replica use cases and security considerations.

Configure Hyper-V Replica settings, health monitoring, and failover options.

Describe extended replication.

Replicate, failover, and failback virtual machines and physical servers with Azure Site Recovery.

Module 5: Implementing recovery services in hybrid scenarios

This module covers tools and technologies for implementing disaster recovery in hybrid scenarios, whereas the previous module focuses on BCDR solutions for on-premises scenarios. The module begins with Azure Backup as a service to protect files and folders before highlighting how to implement Recovery Vaults and Azure Backup Policies. The module describes how to recover Windows IaaS virtual machines, perform backup and restore of on-premises workloads, and manage Azure VM backups. The module also covers how to provide disaster recovery for Azure infrastructure by managing and orchestrating replication, failover, and failback of Azure virtual machines with Azure Site Recovery.

Lesson

Implement hybrid backup and recovery with Windows Server IaaS

Protect your Azure infrastructure with Azure Site Recovery

Protect your virtual machines by using Azure Backup

Lab : Implementing Azure-based recovery services

Implementing the lab environment

Creating and configuring an Azure Site Recovery vault

Implementing Hyper-V VM protection by using Azure Site Recovery vault

Implementing Azure Backup

After completing this module, students will be able to:

Recover Windows Server IaaS virtual machines by using Azure Backup.

Use Azure Backup to help protect the data for on-premises servers and virtualized workloads.

Implement Recovery Vaults and Azure Backup policies.

Protect Azure VMs with Azure Site Recovery.

Run a disaster recovery drill to validate protection.

Failover and failback Azure virtual machines.

Comments are closed