Extend your on-premises Windows Server deployments to the cloud with Azure
In Mastering Windows Server 2022 with Azure Cloud Services: IaaS, PaaS, and SaaS, 5-time Microsoft MVP Winner William Panek delivers a comprehensive and practical blueprint for planning, implementing, and managing environments that include Azure IaaS-hosted Windows Server-based workloads.
You’ll learn to use the expansive, hybrid capabilities of Azure, how to migrate virtual and physical server workloads to Azure IaaS, PaaS, and SaaS, and how to manage and secure Azure virtual machines running Windows Server 2022.
This book also offers:
- Foundational explanations of core Azure capabilities, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS)
- Explorations of the tools you’ll need to implement Azure solutions, including Windows Admin Center and PowerShell
- Examples of implementing identity in Hybrid scenarios, including Azure AD DS on Azure IaaS and managed AD DS
Perfect for IT professionals who manage on-premises Windows Server environments, seek to use Azure to manage server workloads, and want to secure virtual machines running on Windows Server 2022, Mastering Windows Server 2022 with Azure Cloud Services: IaaS, PaaS, and SaaS is also a must-read resource for anyone involved in administering or operating Microsoft Azure IaaS workloads.
Table of Contents
Introduction xxi
Chapter 1 Understanding Windows Server 2022 1
Features and Advantages of Windows Server 2022 1
Deciding Which Windows Server 2022 Version to Use 6
Deciding on the Type of Installation 13
Removed Features 17
The Bottom Line 20
Chapter 2 Understanding Virtualization 21
Introduction to Virtualization 21
Hyper-V Features 23
Hyper-V Architecture 28
Hyper-V Operating Systems 29
Linux and FreeBSD Image Deployments 29
Virtualization in Azure 30
The Bottom Line 30
Chapter 3 Installing and Configuring Hyper-V 31
Hyper-V Installation and Configuration 31
Hyper-V Requirements 31
Install the Hyper-V Role 32
Hyper-V in Server Manager 35
Using Hyper-V Manager 35
Configure Hyper-V Settings 36
Manage Virtual Switches 38
Managing Virtual Hard Disks 40
Configuring Virtual Machines 45
Creating and Managing Virtual Machines 45
Linux and FreeBSD Image Deployments 56
PowerShell Commands 59
The Bottom Line 62
Chapter 4 Installing Windows Server 2022 63
Installing the Windows Server 2022 OS 63
Installing with the Desktop Experience 63
Installing Windows Server 2022 Server Core 68
Activating and Servicing Windows 71
Key Management Service 71
Automatic Virtual Machine Activation 73
Active Directory-Based Activation 74
Servicing Windows Server 2022 74
Configuring Windows Server Updates 75
Windows Update 76
Using Windows Server Update Services 80
Understanding Features On Demand 93
The Bottom Line 94
Chapter 5 Understanding IP 97
Understanding TCP/IP 97
Details of the TCP/IP Model 97
How TCP/IP Layers Communicate 98
Understanding Port Numbers 98
Understanding IP Addressing 100
The Hierarchical IP Addressing Scheme 100
Understanding Network Classes 101
Subnetting a Network 104
Implementing Subnetting 105
An Easier Way to Apply Subnetting 110
Applying Subnetting the Traditional Way 114
Working with Classless Inter-Domain Routing 121
Supernetting 124
Understanding IPv6 124
IPv6 History and Need 124
New and Improved IPv6 Concepts 125
IPv6 Addressing Concepts 127
IPv6 Integration/Migration 132
The Bottom Line 136
Chapter 6 Implementing DNS 137
Introducing DNS 137
HOSTS File 138
Understanding Servers, Clients, and Resolvers 142
Understanding the DNS Process 142
Introducing DNS Database Zones 147
Understanding Primary Zones 148
Understanding Secondary Zones 149
Understanding Active Directory Integrated DNS 150
Understanding Stub Zones 152
GlobalName Zones 153
Zone Transfers and Replication 153
Advantages of DNS in Windows Server 2022 156
Background Zone Loading 157
Support for IPv6 Addresses 157
Support for Read-Only Domain Controllers 157
DNS Socket Pools 158
DNS Cache Locking 158
Response Rate Limiting 158
Unknown Record Support 159
IPv6 Root Hints 159
DNS Security Extensions 159
DNS Devolution 161
Record Weighting 161
Netmask Ordering 161
DnsUpdateProxy Group 161
DNS Policies 161
Introducing DNS Record Types 162
Start of Authority (SOA) Records 162
Name Server Records 164
Host Record 164
Alias Record 165
Pointer Record 165
Mail Exchanger Record 166
Service Record 166
Configuring DNS 167
Installing DNS 167
Load Balancing with Round Robin 168
Configuring a Caching-Only Server 168
Setting Zone Properties 168
Configuring Zones for Dynamic Updates 172
Delegating Zones for DNS 173
DNS Forwarding 174
Manually Creating DNS Records 175
DNS Aging and Scavenging 176
DNS PowerShell Commands 176
The Bottom Line 179
Chapter 7 Understanding Active Directory 181
Verifying the File System 181
Resilient File System (ReFS) 182
NTFS 183
Verifying Network Connectivity 185
Basic Connectivity Tests 185
Tools and Techniques for Testing Network Configuration 186
Understanding Active Directory 188
Domains 188
Trees 188
Forests 189
Understanding Domain and Forest Functionality 189
About the Domain Functional Level 190
About Forest Functionality 191
Planning the Domain Structure 193
Installing Active Directory 193
Improved Active Directory Features 194
Read-Only Domain Controllers 194
Active Directory Prerequisites 194
The Installation Process 194
Installing Additional Domain Controllers by Using Install from Media 201
Verifying Active Directory Installation 201
Using Event Viewer 201
Using Active Directory Administrative Tools 203
Testing from Clients 204
Creating and Configuring Application Data Partitions 206
Creating Application Data Partitions 206
Managing Replicas 207
Removing Replicas 208
Using ntdsutil to Manage Application Data Partitions 208
Configuring DNS Integration with Active Directory 210
The Bottom Line 211
Chapter 8 Administering Active Directory 213
Active Directory Overview 213
Understanding Active Directory Features 214
Understanding Security Principals 215
An Overview of OUs 216
The Purpose of OUs 217
Benefits of OUs 217
Planning the OU Structure 217
Logical Grouping of Resources 218
Understanding OU Inheritance 219
Delegating Administrative Control 220
Applying Group Policies 221
Creating OUs 221
Managing OUs 224
Moving, Deleting, and Renaming OUs 225
Administering Properties of OUs 225
Delegating Control of OUs 227
Creating and Managing Active Directory Objects 228
Overview of Active Directory Objects 229
Managing Object Properties 235
Understanding Groups 238
Filtering and Advanced Active Directory Features 240
Moving, Renaming, and Deleting Active Directory Objects 241
Resetting an Existing Computer Account 242
Understanding Dynamic Access Control 243
Managing Security and Permissions 244
Publishing Active Directory Objects 245
Making Active Directory Objects Available to Users 245
Publishing Printers 245
Publishing Shared Folders 246
PowerShell for Active Directory 247
The Bottom Line 248
Chapter 9 Configuring DHCP 249
Understanding DHCP 249
Introducing the DORA Process 250
Advantages and Disadvantages of DHCP 251
Ipconfig Lease Options 252
Understanding Scope Details 253
Installing and Authorizing DHCP 255
Installing DHCP 255
Introducing the DHCP Snap-In 256
Authorizing DHCP for Active Directory 257
Creating and Managing DHCP Scopes 259
Creating a New Scope in IPv4 259
Creating a New Scope in IPv6 267
Changing Scope Properties (IPv4 and IPv6) 269
Changing Server Properties 270
Managing Reservations and Exclusions 272
Setting Scope Options for IPv4 274
Activating and Deactivating Scopes 276
Creating a Superscope for IPv4 276
Creating IPv4 Multicast Scopes 277
Integrating Dynamic DNS and IPv4 DHCP 279
Using DHCP Failover Architecture 281
Working with the DHCP Database Files 281
Working with Advanced DHCP Configuration Options 283
Implement DHCPv6 283
Configure High Availability for DHCP, Including DHCP Failover and Split Scopes 284
Configure DHCP Name Protection 286
PowerShell Commands 287
The Bottom Line 289
Chapter 10 Building Group Policies 291
Introducing Group Policy 291
Understanding Group Policy Settings 292
The Security Settings Section of the GPO 295
Client-Side Extensions 296
Group Policy Objects 296
Group Policy Inheritance 297
Planning a Group Policy Strategy 298
Implementing Group Policy 298
Creating GPOs 299
Linking Existing GPOs to Active Directory 301
Forcing a GPO to Update 302
Managing Group Policy 303
Managing GPOs 303
Security Filtering of a Group Policy 304
Delegating Administrative Control of GPOs 306
Controlling Inheritance and Filtering Group Policy 307
Assigning Script Policies 308
Understanding the Loopback Policy 310
Managing Network Configuration 310
Configuring Network Settings 311
Automatically Enrolling User and Computer Certificates in Group Policy 311
Redirecting Folders 313
Managing GPOs with Windows PowerShell Group Policy Cmdlets 314
Item-Level Targeting 315
Back Up, Restore, Import, Copy, and Migration Tables 316
The Bottom Line 319
Chapter 11 Advanced Group Policy Options 321
Deploying Software Through a GPO 321
The Software Management Life Cycle 322
The Windows Installer 323
Deploying Applications 326
Implementing Software Deployment 328
Preparing for Software Deployment 328
Software Restriction Policies 329
Using AppLocker 329
Group Policy Slow Link Detection 329
Publishing and Assigning Applications 329
Applying Software Updates 331
Verifying Software Installation 332
Configuring Automatic Updates in Group Policy 332
Configuring Software Deployment Settings 333
The Software Installation Properties Dialog Box 333
Removing Programs 335
Microsoft Windows Installer Settings 337
Troubleshooting Group Policies 337
RSoP in Logging Mode 338
RSoP in Planning Mode 342
Using the gpresult.exe Command 342
Using the Group Policy Infrastructure Status Dashboard 343
The Bottom Line 343
Chapter 12 Understanding Cloud Concepts 345
Understand Cloud Concepts 345
Cloud Advantages 345
Understanding CapEx vs. OpEx 346
Understanding Different Cloud Concepts 348
Understanding the difference between IaaS, PaaS, and SaaS 349
Infrastructure as a Service 350
Platform as a Service 350
Software as a Service 351
Compare and Contrast the Service Types 352
The Bottom Line 353
Chapter 13 Configuring Azure 355
Understanding Azure Benefits 355
Azure Benefits 355
Understanding the Azure Dashboards 357
Using the Azure Dashboard 357
Configuring the Azure Portal Settings 366
The Bottom Line 372
Chapter 14 Understanding Azure Active Directory 373
Azure Active Directory 373
Understanding Azure AD 373
Self-Service Password Reset 392
The Bottom Line 394
Chapter 15 Creating a Hybrid Network 395
Creating a Hybrid Network 395
Password Hash Synchronization with Azure AD 396
Azure Active Directory Pass-Through Authentication 396
Federation with Azure AD 397
Common Identity Scenarios 399
Azure AD Connect 400
Implement Active Directory Federation Services 405
What Is a Claim? 406
AD FS in Windows Server 2022 409
Configuring a Web Application Proxy 411
Active Directory Federation Services Installation 413
AD FS and AD Connect 421
Planning Azure AD Authentication Options 423
Azure AD Multi-Factor Authentication 423
Azure AD Connect Sync - Understand and Customize Synchronization 426
Creating an Azure Recovery Policy 427
Model Apps 427
Automate Tasks in Recovery Plans 428
Run a Test Failover on Recovery Plans 429
Create a Recovery Plan 429
The Bottom Line 432
Chapter 16 Understanding Microsoft Endpoint 433
Using Microsoft Endpoint Manager 433
Understanding AutoPilot 440
Autopilot Benefits 441
Autopilot Prerequisites 441
Deployment Scenarios 443
Planning for Secure Applications Data on Devices 446
Configuring Managed Apps for Mobile Application Management (MAM) 446
Protecting Enterprise Data using Windows Information Protection (WIP) 449
The Bottom Line 458
Chapter 17 Configuring Security 459
Managing Windows Security 459
Windows Defender Security Center 460
Configuring Windows Firewall 463
Understanding Windows Firewall Basics 463
Windows Firewall with Advanced Security 464
Managing Security 469
Implementing Azure Windows Defender Advanced Threat Protection 469
Understanding Windows Defender Application Guard 471
Understanding Windows Defender Credential Guard 476
Implementing and Managing Windows Defender Exploit Guard 478
Using Windows Defender Application Control 481
The Bottom Line 482
Chapter 18 Creating Azure Policies 483
Azure Devices and Policies 483
Compliance Policies 484
Device Configuration Profiles 489
PowerShell Commands 492
The Bottom Line 494
Appendix The Bottom Line 495