Azure Beginners Guide for AWS Professionals

Azure AWS Beginners Guide for IT Professionals

AWS and Azure are most comprehensive cloud platform. Recently, I have gone through a video which explains fundamentals of Azure and AWS cloud platform. If you are AWS professional, then your knowledge of AWS platform makes it easier for you to start your journey with Azure. The learning curve is not very huge. In this post, we will see how you can transfer the fundamental knowledge of Amazon AWS platform to Microsoft Azure.

This post is based on the 5-minute comparison video by Matt McSpirit. He explains how your knowledge as an AWS Professional easily translates to Microsoft Azure. Get the critical differences between these two comprehensive cloud platforms in the 5 minutes video. This post is an Azure Beginners Guide for AWS Professionals.

Key Concepts of AWS and Azure

Fundamental differences of AWS and Azure are the concepts of subscriptions and accounts. In Azure account owner can delegate the task of managing subscription to application owners. This delegation is essential when the person is paying the bill not the person operating the technology. Also, imagine if you could run AWS services in your private Data Center? With Azure, you can deploy Azure services in your data center with Azure stack. Azure also supports first-party integration between your cloud and on-premises solutions.

Common Identity
Management and Security
Data Platform
Artificial Development

Like AWS, Azure Architecture gives you the flexibility to build solutions with Windows and Linux. AWS and Azure have vibrant market place of growing 3rd party echo system of apps and solutions.

Azure Beginners Guide for AWS Professionals

Three Pillars of Azure and AWS Cloud Platform 

Azure Beginners Guide for AWS Professionals is based on three main pillars of these cloud offering. There are three core services in AWS and Azure cloud platform. I will cover each component in this post as Matt explained in the above video.

Compute
Data Storage
Management

AWS Vs. Azure Compute Options

Virtual Machine Templates

Compute options are very similar to AWS and Azure. You can find the same range of on-demand virtual machines sizes in Azure and a similar variety of Amazon EC2 instances in AWS. There are some differences in Memory, CPU, and Storage options.

You can create AWS instances of virtual machines in AWS management console. You can create Azure VMs in Azure portal using APIs or Azure Command line inter-phase for Windows or Linux. Following are the variety of options I have captured for Azure Beginners Guide for AWS Professionals.

Azure Virtual Machine Offerings

Small Workloads (A, Av2, B, D, Dv2) 
General purpose (Dv3, N)
Storage workloads (L)
Database workload (Ev3)
Enterprise applications (M)
SAP HANA workloads (SAP)

AWS Virtual Machine Offerings

Accelerated Graphics (P2, G3)
Storage Optimized (I3, D2)
General purpose (T2, M4)
Compute Optimized (C4)
Memory Optimized (X1, R3 and R4)

Automatic Scalability Options

In both AWS and Azure, you can use Auto Scaling options to scale your application or service dynamically. This can be done without any downtime for most of the scenarios. In Azure, you can use virtual machine scale sets to add or remove VMs automatically based on the metrics and threshold you define. Where in AWS, AWS CloudFormation can be used to scale your application or services automatically.

Application Architecture

In Azure, you can use Azure Resource manager or ARM templates to define the architecture of your  application or service for the multi tiered workload. Again,  AWS CloudFormation templates can be used to architect your application or services.

Containers Options

Amazon has AWS Elastic (EC2) Container Service for containers. Azure has Azure Container Service (AKS) to provide you the container service options. Use a fully managed Kubernetes container orchestration service or choose other orchestrators. Azure supports both Linux and Windows containers. Azure also offers a range of orchestration options including Kubernetes, Mesosphere DC/OS, and Docker Swarm.

Serverless Options

AWS Lambda and AWS API Gateway (plus another services) are the solutions to build and deploy applications in AWS. In Azure, Azure Functions and another platform services are the solutions for Serverless platform. This also includes Azure Logic Apps to model and automate your process workflows visually. Other options for serverless in Azure are Azure Database as a Service and Azure Service Fabric Cluster.

Azure Beginners Guide for AWS Professionals

AWS Vs. Azure Data Storage Options

Persistent data storage is the heart of many applications. Azure and AWS offer a range of storage options. AWS Simple Storage Service (AWS S3) is the cloud storage solution in AWS. Where in Azure, you can use Azure Blob Storage as cloud storage solution for your application and services. Storage speed and performance are important to cover in Azure Beginners Guide for AWS Professionals.

In AWS, there is an option to have cold storage using AWS S3 Standard IA. And Amazon Glacier is archival cold storage in AWS. In Azure, this cold storage maps to Azure storage standard COLD (Access tier) and Azure Archival storage.

Database Options

Relational Database Options

Database options in AWS and Azure also similar. But there is the essential difference which IT Pros need to understand. Amazon offers a verity of AWS Relational Database (AWS RDS) options. In Azure, Azure Relational Database options are Azure SQL Databases, Azure DB for MySQL, and Azure DB for PostgreSQL.

Non Relational Database Options

Azure offers Cosmos DB (Azure Cosmos DB) to build non relational Database for your applications and services. Azure Cosmos DB provides additional features like SQL query, unstructured data, low latency, and Geo replication Where in AWS offers Amazon DynamoDB to have Fast and flexible non relational database service in the cloud.

Traditional Data Warehousing

Traditional Data Warehousing options are available for both AWS and Azure. Amazon AWS offers AWS Redshift database for traditional data warehousing requirements of your applications and services. Where in Azure offers you Azure SQL Data Warehouse solution to meet your application requirements. Similar to AWS Redshift, Azure SQL Date Warehouse is fast, fully managed, and petabyte scale data warehouse.

Big Data Offerings

Amazon and Azure offers Big data analysis offerings as part of their cloud services. AWS offers Amazon Elastic MapReduce (Amazon EMR) for big data analytics including Hadoop framework. Where in Azure offers Azure HDInsights as big data analytics options. HDInsight provides fully managed, full spectrum open-source analytics service for enterprises. There is an additional offer from Azure for Big Data, and that is Azure Data Lake Store. Azure Data Lake Store allows you to store massive unstructured or structured data sets which enables analysis of all your data from one place.

Azure Beginners Guide for AWS Professionals

AWS Vs Azure Management Options

Management is an important topic. Azure and AWS offer a variety of options to manage your cloud resources. In AWS, you can start with AWS management console. Azure provides management options through Azure management portal. Management options for both the platform are essential with Azure Beginners Guide for AWS Professionals.

Troubleshooting

Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources.You can also use Azure Cloud Shell for custom troubleshooting. Azure Cloud Shell supports Bash Shell for Linux and PowerShell for Windows workloads. There are other varieties of options available including CloudWatch, CloudTrail, and X-Ray. There are lot other 3rd party solutions for AWS cloud management.

Monitoring

AWS and Azure offer different monitoring options. In AWS, you can use 3rd party analytics engine like Splunk. Azure’s build in monitoring options is log analytics, Azure application insights, etc.

Proactive Resource Optimisation

Azure and AWS provide proactive resource optimisation tools to help you. AWS comes with AWS Trusted Advisor Dashboard. Trusted Advisor helps you to observe best practices for the use of AWS by inspecting your AWS environment and provide proactive resource optimisation. Whereas, Azure provides a complimentary tool called Azure Advisor to provide proactive resource optimisation for your Azure environment.

How to Start Troubleshooting Intune Issues 1

How to Start Troubleshooting Intune Issues

Intune troubleshooting made easy with Azure portal. It’s recommended to start with “Microsoft Intune – Help and support” page in Azure portal whenever you face issue with Intune. In this post, we will see “How to start Troubleshooting Intune Policy Deployment Issues from Intune portal”. More tips “Troubleshoot Intune Issues” in the Video experience here.

Related Posts

Update 20-Jan-2018 – When you have iOS device and you want to perform Intune side of troubleshooting then, Microsoft released an excellent document here “Troubleshooting iOS device enrollment problems in Microsoft Intune“.

Content:- 

How to Check the status of Intune service?
Video Tutorial – Troubleshoot Intune Issues
How to start troubleshooting Intune Policy Deployment?
How to raise a free Intune support case for Intune Issues?

How to Check the status of Intune service?

When you have a major issue with Intune managed devices then, the first place is to look at the current status of the Intune and other dependent services. You can check that from the Azure portal Intune blade – Microsoft Intune – Help and support tab.

Under Help and Support tab there is a link to check the status of your Intune and other services for your tenant. Intune service status – See the current status of the service is the place where you can get the status.

Start Troubleshooting Intune Policy Deployment Issues

When everything is OK from cloud service side then, the status will show as Microsoft Intune Service is healthy. Also, from help and support tab you can check whether your Intune subscription is still active or not.

Video Tutorial – Troubleshoot Intune Issues

How to start troubleshooting Intune Policy Deployment?

As explained above, when you have a major impact on all Intune managed devices/users then make sure that the tenant health is OK. Once you are sure that there is no issue from Intune service side for your tenant then, it’s time to proceed with your policy assignment and other detailed troubleshooting. When the issue is NOT impacting all devices or users then, it’s better to start with the second stage of Intune troubleshooting.

[Related PostsHow to Troubleshoot Windows 10 Intune MDM Issues]

Troubleshoot is the tab in Intune blade of the Azure portal. Select one of the users who is having issues with application or policy deployment. For example, when a user is not getting the application assigned to AAD Group. Another example is the user is not getting the compliance of configuration policies assigned.

Start Troubleshooting Intune Policy Deployment Issues

I selected Anoop Nair as the user. All the details of this user will be available in the troubleshooting tab. This will help Intune admin to confirm whether we have targeted all the applications and policies to correct AAD groups. You can check and confirm whether user :-

  • Does the user have a valid Intune license or not
  • Is the user part of correct AAD group or not
  • Is the Device compliant or not
  • Status of Company Data Removal/wipe from a device

Another set of details of the user you can check the troubleshoot tab of Intune blade is the Principal name of the selected user and Email ID. All the other details available in the Intune troubleshooting blade are :-

Intune license assigned to user or not
Whether Devices compliant status
Whether apps are in compliant state or not
Azure AD Group membership for the user
Mobile Apps Assignment to the user
Compliance policies deployed or assigned to users
App protection status for the devices
Configuration profile deployment status for the user
List of the devices for that user and status of devices

As you can see in the video tutorial here and in the screen shot below, there are some red icons. Those red icons could indicate potential issues with application or policy deployments. I could see problems with Android device of Anoop. App protection status is not looking good for Android device. The Intune troubleshoot blade provides a useful report that “31 apps noncompliant”.

Start Troubleshooting Intune Policy Deployment Issues

There are Six (6) Assignment categories in Intune Troubleshooting blade. Each category will give you the details of user assignment. If some assignments are missing then, we need to look at the targeting AAD groups of those policies.

Mobile Apps
Compliance Policies
Configuratio Profiles
App Protection Policies
Windows 10 Update Rings
Enrollment Restrictions

The above information is important to start Intune troubleshooting from Azure portal. We can directly go into details of each of the assigned policies for that user from troubleshooting tab. More detailed troubleshooting can be done via looking at the device properties and hardware information of the device.

For example, you have started a company data wipe action for a device but, the device or user can still access the corporate mail from the device. Intune admin can directly search the user from Intune troubleshooting session and get all the device details of that user. Once the device is identified then, you can check the following details of the device.

Device name, Managed by, Azure AD join type, Ownership, Intune compliant, Azure AD compliant, OS, OS version and Last check in.

Start Troubleshooting Intune Policy Deployment Issue

Last Check In details are important in this device retirement, or company data wipe troubleshooting scenario. The last check in details will tell you when is the last time the device was in touch with Intune service. You can check the status of Company Data Removal action, Factory reset details and status from the Intune troubleshooting blade.

[Related PostsHow to Troubleshoot Windows 10 Intune MDM Issues]

The Intune Troubleshooting blade is one stop shop for all the troubleshooting activities related to Intune device management, compliance policies, configuration profile deployments, etc..

How to raise a free Intune support case for Intune Issues?

Microsoft provides an option to raise a support case for Intune issues from Azure Portal – Intune blade – Help and Support tab itself. Create a support request link in that tab is for raising a free support case. In most of the scenarios, you won’t get charged for raising this type of Intune support case. The charges of these type support cases are directly linked to your Intune subscription contract.

There is an option to raise an Intune support case with Microsoft premier contract. I would recommend using premier contract support for Intune issues which are of high impact and if you need immediate help.

Start Troubleshooting Intune Policy Deployment Issues.jpg

Severity options are important while raising Intune support case. Severity options should be selected as per the impact of the issue. Also, depending on the severity of the issue the response time will vary. There are three categories as you can see below:-

  • C- Minimal Impact – The issue which is impacting only a couple of users or devices etc.
  • B – Moderate Impact – The issues which can become critical in a couple of days if it didn’t get resolved ASAP.
  • A – Critical Impact – High Priority issues which are impacting whole lot of users

[Related PostsHow to Troubleshoot Windows 10 Intune MDM Issues]

References:-

  • General troubleshooting tips for Microsoft Intune – here
  • How to get support for Microsoft Intune – here
  • How to Troubleshoot Windows 10 MDM Policy Deployments – here
  • Intune Support Case Severity Levels and Response time – here
How to Prevent Windows Devices from Enrolling to Intune 2

How to Prevent Windows Devices from Enrolling to Intune

I have seen a scenario where Intune is exclusively used for managing iOS and Android Devices. Windows devices are managed through SCCM. And there is a requirement to disable or prevent Windows devices from enrolling to Intune. We can achieve this with new Intune Enrollment restriction policies. I have a blog post to explain “How to Use Intune Enrollment Restriction Rules“.

Video Tutorial – Disable Windows Devices from Enrolling to Intune – here

I tested Windows 10 enrollment to Intune via “Add Work or School Account“. This was tested successfully before restricting Windows 10 devices from Intune console. Check out the following message after successful enrollment of Windows 10 device. More details in the above video.

We’ve added your account successfully and you now have access to your organization’s apps and Services. The last step is setting up your new PIN to unlock this device.

Prevent Windows Devices from Enrolling to Intune

Change the Intune Device Enrollment Policy to Restrict Windows Device

Navigate through New Azure portal – Microsoft Intune – Device Enrollment – Enrollment restrictions. You would be able to see two Intune enrollment restrictions policies called 1. Device Type Restrictions and 2. Device Limit Restrictions. Device Type restriction is where we can restrict Windows (8.1 +) devices from enrolling to Intune.

This policy will prevent Windows 8.1 and later devices from Intune management. This Include Windows 10 device ENROLLMENT restriction as well. Windows 10 mobile devices will also get blocked when we configure this policy.

Prevent Windows Devices from Enrolling to Intune

End User Experience of Windows 10 Device Restriction

I successfully added Work or School account to Windows 10 1703 device. The one change I noticed through enrollment process is that it didn’t prompt for MFA. The message I received after this enrollment was different from the one I got above. The message was :-

We’ve added your account successfully and you now have access to your organization’s apps and Services.

Moreover, the machine was NOT available in the company portal application under “My Devices” list. So, the device enrollment never failed as I expected. The device got enrolled without any error. But the main question is whether this device would be managed via Intune? Did the device receive Intune policies? And the Answer is there in the below paragraph.

Prevent Windows Devices from Enrolling to Intune

Experience on Azure – Intune Portal for Windows 10 Restriction

The Windows 10 enrolled device was NOT listed in Intune – All Devices (Microsoft AzureMicrosoft Intune – Devices – All Devices). But the device was listed in Azure AD as you can see in the video tutorial here.

The Windows 10 device was listed under Azure AD against users devices (Microsoft Azure – Users and groups – All users > Kaith Nair). But, as you can see in the below screen capture the Windows device is NOT MANAGED by INTUNE. Hence the device won’t get any Intune policies and won’t be managed through Intune. There for it won’t get corporate mail, SharePoint, OneDrive and Skype for Business access.

Prevent Windows Devices from Enrolling to Intune

References :-

  • Set Intune enrollment restrictions policies – here
  • How to configure device restriction settings in Microsoft Intune – here
Video Tutorial for AAD Connect Setup User and Password Sync 3

Video Tutorial for AAD Connect Setup User and Password Sync

SCCM admins have to go through AAD connect setup when they want  to build  Intune and SCCM hybrid lab. AAD Connect is the app used for syncing On Prem AD with Azure AD. AAD connect  app can  be installed on  any  of the  server class machine. AAD  Connect  sync  operation  is  very  critical for  organizations. If you  are  planning  to  sync hash of your passwords to the cloud then, the  configuration  of  AAD  connect setup is  fairly  straight  forward. If  you have specific and advanced AAD Connect setup requirements then, you need to spend loads of time in the initial setup.

AAD connect setup and configuration will install SQL Express DB and configure it. For big corporate organizations, we need to select the advanced settings. They  may  have custom attributes used in their sync process.  These kind of settings can be configured in advanced settings. Also, there  could  be  possibility  that  password  hash  is  not  synced and ADFS configuration has been used for authentication.

Video Tutorial for AAD Connect Setup User and Password Sync 4

But for my  lab I  have  selected “Express Settings”  so  that  installation is very straight forward. During the configuration you have to provide two credentials AZURE AD and On prem AD. To use on-premises credentials for Azure AD sign-in, UPN suffixes should match one of the verified custom domains in Azure AD. I have changed the UPN suffixes of 4 on Prem AD users so that those On Prem AD users will get synced with Azure AD. Following are the high level steps completed in the AAD Connect setup and configuration wizard.

  • Install and Configure SQL Express DB
  • Install the synchronization engine
  • Configure Azure AD Connector
  • Configure On Prem AD Connector
  • Enable Password Synchronization
  • Enable Auto Upgrade
  • Configure Azure AD Connect Health Agent for sync
  • Configure Synchronization services on the computer
  • End Results/Outcome of AAD Connect Sync

Video Tutorial for AAD Connect Setup User and Password Sync 5

AAD Connect sync process will start after the AAD Connect setup and configuration. As you can see in the above screen capture, the configuration has been completed successfully on my On prem AD server. To confirm whether the on prem users/groups got synced with Azure AD, you can login to portal.azure.com and confirm the user IDs.

[button color=”” size=”” type=”3d” target=”” link=””]Result of Successful AAD Sync[/button]

All the  users  whose  UPNs have  been changed to SCCZ.Onmicrosoft.com  have  been replicated to Azure AD. They can use their ON Prem AD user ID and password to login to AZURE AD, Office 365 services. You can check the user profile – Source attribute to confirm whether the user is synced via AAD Connect from on prem Active Directory

Video Tutorial for AAD Connect Setup User and Password Sync 6

[button color=”” size=”” type=”3d” target=”” link=””]Reference :-[/button]

Custom installation of Azure AD Connect here