Stefanos Cloud

Desktop As A Service (DaaS) is a broad term which covers remote computing services running in a cloud (private, public or hybrid). In the framework of DaaS services, end-users can utilize virtual apps and virtual desktops running on a cloud infrastructure. Virtual Desktop Infrastructure (VDI) is a very similar concept in which virtual desktop services are hosted in an on-premises infrastructure. There are three basic models of VDI services: - Hosted Shared Apps/Desktops - Pooled Desktop - Personal Desktop There are other variations of VDI service models as well, depending on the technologies used by each vendor. In the case of Citrix Virtual Apps and Desktops (CVAD), the following terminology is being used: https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/downloads/handbook-715-ltsr.pdf (see page 17 - VDI models) Citrix also provides an insightful article which clarifies the DaaS and VDI terminology: https://www.citrix.com/solutions/vdi-and-daas/cloud-desktops/what-is-ho...

The FsLogix 2201 Public Preview release is now available for download from Microsoft. The change log is as follows: - Fixed issue where the FSLogix Profile Service would crash if it was unable to communicate with the FSLogix Cloud Cache Service. - The OfficeFileCache folder located at %LOCALAPPDATA%MicrosoftOffice16.0OfficeFileCache is now machine specific and encrypted so we now exclude it from FSLogix containers. Office files located outside this folder are not impacted by this update. - Windows Server 2019 version 1809, and newer versions of Windows Server, natively support per-user search indexes and we recommend you leverage that native search index capability. FSLogix Search Indexing is no longer available on those versions of Windows Server. - Windows 10 Enterprise Multi-session and Windows 11 Enterprise Multi-session natively support per-user search indexes and FSLogix Search Indexing is no longer available on those operating systems. - FSLogix now correctly handles cases where...

Case CLI for Microsoft 365 is an open-source project driven by the Microsoft 365 Patterns and Practices initiative. With the CLI for Microsoft 365, you can configure your tenant no matter which operating system you use. The CLI for Microsoft 365 is an OS-agnostic alternative of the Microsoft 365 Powershell modules. Additionally, using CLI for Microsoft 365, you can manage your SharePoint Framework projects. This how-to articles shows how to install and manage CLI for Microsoft 365 latest version. Solution Firstly it is recommended to install a Node version manager like nvm , which will allow you to install Node.js and npm. nvm is a version manager for node.js , designed to be installed per-user, and invoked per-shell. nvm works on any POSIX-compliant shell (sh, dash, ksh, zsh, bash), in particular on these platforms: unix, macOS, and windows WSL . NVM-Windows is available for Windows installations from: https://github.com/coreybutler/nvm-windows . The procedure provided in this artic...

Case There are various cases in Azure resource configuration and in Microsoft 365 resource provisioning or configuration in which a configuration change made by an administrator cloud-side is not reflected immediately at user-side. Solution This behavior in most cases is by design but the end-users should be aware of ways to "reset" their local client state to reflect the cloud-side configuration changes. One possible reason why a new Azure or M365 resource provisioning or configuration action is not reflected immediately to the clients is because it normally takes some time for the configuration change to replicate in all underlying components which comprise the configuration in question. For example in an Azure VM scale set or in an Azure Web App with multiple instances running simultaneously, replicating the configuration changes to all underlying resources may take some time. This is especially true if the Azure resource is setup in a multi-region design, in which case c...

Case You try to boot your PC or server and you have operating system boot issues before or during POST (Power-On Self Test) . You either get a blank black screen or an error similar to the below example. Solution PC and server boot issues can be organized into two major categories: - BIOS/UEFI cannot be accessed - BIOS/UEFI can be accessed but operating system is not booting.BIOS/UEFI cannot be accessedBlack screen, no BIOS/UEFI without any beep/visual errors. - Black screen, no BIOS/UEFI with beep error. - Black screen, no BIOS/UEFI with visual error. - BIOS/UEFI can be accessed ok but operating system does not boot with error. BIOS/UEFI cannot be accessed If the only thing you get is a blank screen before or during POST and you do not have access to the BIOS/UEFI, then you need to check if you get any beep audio errors or visual errors. If yes, check the documentation for these errors first from the hardware vendor of the PC mainboard. A good reference of beep/audio codes by BIOS/UEF...

Case You have one or more on-premises computers which need to securely access Azure resources via an Azure VNET. If you dont have the necessary VPN gateway appliance to setup a site-to-site (S2S) VPN using IPSec and IKE, you can alternatively setup point-to-site (P2S) VPN. Bear in mind that supported devices for P2S VPN are all Windows 10, Linux and Mac latest version devices as well as any other device which can support the SSTP or IKE/OpenVPN protocol. Solution This tutorial assumes the following Azure resources are already in place : - You have a functional Azure subscription and you are global administrator in Azure AD. - You have created an Azure VNET which will be used for setting up the P2S VPN connectivity between your on-premises clients and the Azure VNET. - You have setup an Azure VNET gateway resource for route-based VPN access. This should have a gateway SKU which covers your needs. You can find a handy comparison matrix of Azure VNET gateway SKUs at: https://docs.microso...

Case You need to enable direct RDP management of an Azure Virtual Machine over the Internet by using a public IP address. You may need this for testing purposes or in cases where you do not want to invest in other more secure alternatives, such as the Azure Bastion PaaS service or a S2S or P2S VPN with Azure VPN Gateway. Solution This tutorial assumes that you have already provisioned your Azure VM with a single network interface in an Azure VNET. This network interface may or may not have an associated public IP address but it will definitely have at least one private IP address. Follow the procedure below to enable Internet access to your Azure VM via RDP and a public IP address. - Provision a public IP address, if you have not already done so. Create a new resource in the Azure portal by searching for "public IP address". - Click on "Create". - Provide values to all mandatory configuration parameters for the public IP address resource. The routing preference par...

Case The local network gateway is an Azure resource which represents an on-premises location (your site) for routing purposes. You give the site a name by which Azure can refer to it and also provide the public IP address of your on-premises VPN gateway (VPN peer), as well as the private IP space ranges in CIDR format of your local VPN gateway. In case your on-premises VPN gateway IP configuration changes, you can reflect these changes to the Azure local network gateway resource configuration. This quick tutorial provides a step-by-step procedure for provisioning a new Azure local network gateway. Solution Follow the procedure below in the Azure management portal, to create a new Azure local gateway. - In the search field of Azure portal, search for local network gateway. On the Basics tab, provide the public IP address and private IP address ranges in CIDR format from your on-premises (local) VPN gateway setup. Click Next: Advanced to continue. - Onthe Advanced tab, you can optionally...

Case You have issues when trying to launch Azure Management portal pages from https://portal.azure.com, either in full or partially on some pages or Azure portal features. Solution First ensure that your LAN and WAN network allow traffic to the following FQDNs from your networking proxy and/or firewall devices. Traffic to the below FQDNs should be allowed on target TCP ports 80 and 443. *.aadcdn.microsoftonline-p.com *.aka.ms *.applicationinsights.io *.azure.com *.azure.net *.azure-api.net *.azuredatalakestore.net *.azureedge.net *.loganalytics.io *.microsoft.com *.microsoftonline.com *.microsoftonline-p.com *.msauth.net *.msftauth.net *.trafficmanager.net *.visualstudio.com *.asazure.windows.net (Analysis Services) *.core.windows.net (Azure Storage) *.database.windows.net (SQL Server) *.graph.windows.net (Azure AD Graph) *.kusto.windows.net (Azure Data Explorer/Kusto) *.search.windows.net (search) *.servicebus.windows.net (Azure Service Bus) If you are running on Azure US government o...

What is the Azure Cloud Design Insiders group? The Microsoft Azure Cloud Design Insiders community is a community of Azure enthusiasts. In the capacity of an Azure Cloud Design Insider, you will be asked to provide feedback via surveys, forums and interviews on a voluntary basis. You will receive previews of early Azure designs and features and have the change to personally influences Microsoft Cloud features and products. Visit the Cloud Design Insiders website and take part in a 3-minute survey in order to apply for becoming an Insider. https://www.clouddesigninsiders.com After you complete the survey you must review and agree to the research participation agreement and privacy policy. These documents provide details about confidentiality requirements of each Insider's voluntary participation and how personal information may be used. When you complete the registration process you will be granted access to the Cloud Design Insiders web portal, where you will be invited to partici...

Case You need to generate a strong passphrase to use in securing an Internet facing service. A common example of this is when you need to generate an IKEv2 passphrase for your site-to-site VPN connection, as shown in the following example in which we are creating a new VPN connection inside an Azure VPN gateway resource. Solution Generating a strong passphrase is a highly recommended thing to do when creating VPN connections. A very handy free PSK key generator is available at: https://pskgen.com/ . As per the developer of the pskgen website, there is a handy procedure to use to securely generate and share the PSK passphrase. You and the person you will be sharing the PSK passphrase with will use two separate passwords to create a unique 64-byte shared secret with the help of a cryptographic hash generator. Regardless of the length of each password, the generated Shared Secret will always be 64 bytes. Follow the procedure below: - Create a list of at least 10 randomly generated passwo...

Case You need to enable Just In Time JIT access for an Azure VM. A just-in-time access enables you to lock down inbound traffic to your VM by allowing access for only a limited time. The just-in-time feature is available as part of the Microsoft Defender for Cloud standard tier. Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud . The goal of JIT is to ensure that even though your inbound traffic is locked down, Defender for Cloud still provides easy access to connect to VMs when needed. You can request access to a JIT-enabled VM from Defender for Cloud, Azure virtual machines, PowerShell, or the REST API. More details on how Azure VM JIT works can be found in the following article: https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview . Solution Follow the procedure below to enable Azure VM JIT. You may need to upgrade your Security Center subscription to enable a just-in-time access. A 30-day trial of Microsoft Defen...

Case You need to deploy a basic Azure Virtual Desktop infrastructure by using the Azure management portal. This tutorial assumes that you will be using a pre-created image. You also have the option to create your own image, as per these instructions: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image?WT.mc_id=Portal-Microsoft_Azure_WVD . This tutorial also assumes the pooled desktop model , as opposed to personal desktops. Also remember that for Azure Virtual Desktop cost estimations you should refer to the Azure pricing calculator: https://azure.microsoft.com/en-us/pricing/calculator/?service=virtual-desktop . Solution You need to follow the procedure below: - Login as Azure admin at https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/overview . Click on "Create a host pool". - Provide the pool basic configuration parameters as shown below. In this tutorial we show the pooled desktop scenario which can use fslogix for ach...