Fast Track: Microsoft Windows Server Hybrid Administrator Associate (AZ-80X-FT) – Outline

Detailed Course Outline

Hyper-V virtualization in Windows Server

This module describes how to implement and configure Hyper-V VMs and containers. The module covers the key features of Hyper-V in Windows Server, describes VM settings, and how to configure VMs in Hyper-V. The module also covers security technologies used in virtualization, such as shielded VMs, Host Guardian Service, admin and TPM trusted attestation, and Key Protection Service (KPS). Finally, this module covers running containers and container workloads, as well as orchestrating container workloads on Windows Server using Kubernetes.

Lessons

• Configure and manage Hyper-V server
• Configure and manage Hyper-V virtual machines
• Secure Hyper-V workloads
• Running containers on Windows Server
• Orchestrating Containers on Windows Server with Kubernetes

Lab: Implement and configure virtualization in Windows Server

• Create and configure VMs
• Install and configure containers

Upon completion of this module, students will be able to:

• Install and configure Hyper-V on Windows Server.
• Configure and manage Hyper-V virtual machines.
• Use the Host Guardian service to protect virtual machines.
• Create and deploy shielded virtual machines.
• Configure and manage container workloads.
• Orchestrate container workloads using a Kubernetes cluster.

Identity Services in Windows Server

This module introduces Identity Services and describes Active Directory Domain Services (AD DS) in a Windows Server environment. The module describes how to deploy domain controllers in AD DS, Azure Active Directory (AD), and the benefits of integrating Azure AD with AD DS. The module also covers the basics of Group Policy and how to configure Group Policy Objects (GPOs) in a domain environment.

Lessons

• Introduction to AD DS
• Managing AD DS domain controllers and FSMO roles
• Implementation of group policy objects
• Managing the advanced features of AD DS

Lab: Implementing Identity Services and Group Policy

• Deploying a new domain controller on Server Core
• Configure the group policy

Upon completion of this module, students will be able to:

• Describe AD DS in a Windows Server environment.
• Deploy domain controllers in AD DS.
• Describe Azure AD and the benefits of integrating Azure AD with AD DS.
• Explain the basics of Group Policy and configure GPOs in a domain environment.

Windows Server Administration

This module describes how the principle of least privilege is implemented through Privileged Access Workstation (PAW) and Just Enough Administration (JEA). The module also highlights several common Windows Server administration tools, such as Windows Admin Center, Server Manager, and PowerShell. This module also describes the post-installation configuration process and the tools available for this process, such as sconfig and Desired State Configuration (DSC).

Lessons

• Secure Windows Server Management
• Describe the Windows Server management tools
• Performing the configuration of Windows Server after installation
• Just enough management in Windows Server

Exercise: Windows Server Administration

• Implementation and use of remote management of servers

Upon completion of this module, students will be able to:

• Explain the management models with the least rights.
• Decide when to use workstations with privileged access.
• Choose the most appropriate Windows Server management tool for a given situation.
• Apply various methods to perform post-installation configuration of Windows Server.
• Restrict privileged administrative operations by using Just Enough Administration (JEA).

Network infrastructure services in Windows Server

This module describes how to implement the main network infrastructure services in Windows Server, such as DHCP and DNS. This module also covers how to implement IP address management and how to use Remote Access Services.

Lessons

• Set up and manage DHCP
• Windows Server DNS implementieren
• Introduce IP address management
• Implement remote access

Lab: Implementing and Configuring Network Infrastructure Services in Windows Server

• Set up and configure DHCP
• Set up and configure DNS

Upon completion of this module, students will be able to:

• Implementation of automatic IP configuration with DHCP in Windows Server.
• Deploy and configure name resolution with Windows Server DNS.
• Implement IPAM to manage an organization's DHCP and DNS servers and IP address space.
• Select, use, and manage remote access components.
• Implement Web Application Proxy (WAP) as a reverse proxy for internal web applications.

Windows Server Security

This module discusses how to protect an Active Directory environment by providing user accounts with the least privileges and including them in the Protected Users group. The module covers limiting the authentication scope and remediating potentially insecure accounts. The module also describes how to harden the security configuration of a Windows Server operating system environment. In addition, the module covers how to use Windows Server Update Services to deliver operating system updates to computers on the network. Finally, the module covers securing Windows Server DNS to protect the name resolution infrastructure on the network.

Lessons

• Secure Windows Sever User Accounts
• Windows Server hardening
• Windows Server Update Management
• Secure Windows Server DNS

Lab: Configuring Security in Windows Server

• Configuring Windows Defender Credential Guard
• Tracking problematic accounts
• Introduction of the LAPS

Upon completion of this module, students will be able to:

• Diagnose and remediate potential security vulnerabilities in Windows Server resources.
• Harden the security configuration of the Windows Server operating system environment.
• Distribute operating system updates to computers on a network using Windows Server Update Services.
• Secure Windows Server DNS to protect the network name resolution infrastructure.
• Implement DNS policies.

Disaster recovery under Windows Server

This module introduces Hyper-V Replica as a business continuity and disaster recovery solution for a virtual environment. The module covers Hyper-V Replica scenarios and use cases, as well as prerequisites for deployment. The module also covers how to implement Azure Site Recovery in on-premises scenarios for disaster recovery.

Lessons

• Implement Hyper-V Replica
• Protect your on-premises infrastructure from disasters with Azure Site Recovery

Lab: Implementing Hyper-V Replica and Windows Server Backup

• Hyper-V replica implementation
• Implementing backup and recovery with Windows Server Backup

Upon completion of this module, students will be able to:

• Describe Hyper-V Replica, the requirements for its use, and its high-level architecture and components.
• Describe Hyper-V Replica use cases and security considerations.
• Configure settings for Hyper-V replicas, health monitoring, and failover options.
• Describe advanced replication.
• Replicate, failover and failback virtual machines and physical servers with Azure Site Recovery.

File server and storage management in Windows Server

This module covers the core features and use cases of file server and storage management technologies in Windows Server. The module covers configuring and managing the Windows File Server role and using Storage Spaces and Storage Spaces Direct. This module also covers replication of volumes between servers or clusters using Storage Replica.

Lessons

• Manage Windows Server file servers
• Implementation of Storage Spaces and Storage Spaces Direct
• Implementation of Windows Server data deduplication
• Implementation of Windows Server iSCSI
• Implement Windows Server Storage Replica

Lab: Implementing storage solutions in Windows Server

• Implementation of data deduplication
• Configure iSCSI storage
• Configure Redundant Storage Spaces
• Implementation of Storage Spaces Direct

Upon completion of this module, students will be able to:

• Configure and manage the Windows Server File Server role.
• Protect your data from drive failures with Storage Spaces.
• Increase storage management scalability and performance with Storage Spaces Direct.
• Optimize disk usage with Data DeDuplication.
• Configure high availability for iSCSI.
• Enable replication of volumes between clusters with Storage Replica.
• Use Storage Replica to provide resiliency for data hosted on Windows Server volumes.

Implementation of high availability

This module describes technologies and options for creating a highly available Windows Server environment. The module introduces Clustered Shared Volumes for shared storage access across multiple cluster nodes. The module also highlights failover clustering, stretch clusters, and cluster sets for implementing high availability of Windows Server workloads. The module then covers high availability provisions for Hyper-V and Windows Server VMs, such as network load balancing, live migration and storage migration. The module also covers high availability options for shares hosted on Windows Server file servers. Finally, the module describes how to implement scaling for virtual machine scaling sets and load-balanced VMs, and how to implement Azure Site Recovery.

Lessons

• Introduction to Cluster Shared Volumes.
• Implementation of Windows Server Failover Clustering.
• Implementation of high availability of Windows Server VMs and Windows Server File Server
• Implementation of high availability of.
• Implement scaling and high availability with Windows Server VMs.

Exercise: Implement failover clustering

• Configure iSCSI storage
• Configuring a failover cluster

Upon completion of this module, students will be able to:

• Implement highly available storage volumes by using Clustered Share Volume in highly available Windows Server workloads with failover clustering.
• Describe the load balancing of Hyper-V VMs.
• Implement live migration of Hyper-V VMs and storage migration of Hyper-V VMs.
• Describe the high availability options of Windows Server File Server.
• Implement scaling for virtual machine and load-balanced VM scaling sets.
• Azure Site Recovery implementieren.

Server and performance monitoring in Windows Server

This module introduces a set of tools for monitoring the operating system and applications on a Windows Server computer and describes how to configure a system to optimize efficiency and troubleshoot problems. The module covers how the Event Viewer provides a convenient and accessible place to observe events as they occur and how to interpret the data in the event log. The module also covers how to audit and diagnose a Windows Server environment for regulatory compliance, user activity, and troubleshooting. Finally, the module explains how to troubleshoot AD DS service outages or performance degradation, including recovering deleted objects and the AD DS database, and how to troubleshoot hybrid authentication issues.

Lessons

• Windows Server performance monitoring
• Manage and monitor Windows Server event logs
• Implementation of Windows Server scanning and diagnostics
• Troubleshooting for Active Directory

Lab: Windows Server Monitoring and Troubleshooting

• Establishing a performance baseline
• Identifying the cause of a performance problem
• View and configure centralized event logs

Upon completion of this module, students will be able to:

• Explain the basics of server performance optimization.
• Use Windows Server's built-in tools to monitor server performance.
• Use Server Manager and Windows Admin Center to review event logs.
• Implement custom views.
• Configure an event subscription.
• Check Windows Server events.
• Configure Windows Server to record diagnostic information.
• Restore the AD DS database and objects in AD DS.
• AD DS replication troubleshooting.
• Resolve hybrid authentication issues.

Identity in hybrid scenarios

This module discusses how to configure an Azure environment to support Windows IaaS workloads that require Active Directory. The module also covers how to integrate the on-premises Active Directory Domain Services (AD DS) environment into Azure. Finally, the module explains how to extend an existing Active Directory environment in Azure by placing IaaS VMs configured as domain controllers into a specially configured Azure virtual subnet (VNet).

Lessons

• Implementation of a hybrid identity with Windows Server
• Deploying and Managing Azure IaaS Active Directory Domain Controllers in Azure

Lab: Implementing integration between AD DS and Azure AD

• Preparing Azure AD for AD DS integration
• Preparing AD DS on-premises for Azure AD integration
• Download, Install, and Configure Azure AD Connect
• Verify integration between AD DS and Azure AD
• Implementation of Azure AD integration features in AD DS

Upon completion of this module, students will be able to:

• Integrate the on-premises Active Directory Domain Services (AD DS) environment with Azure.
• Install and configure directory synchronization with Azure AD Connect.
• Implementation and configuration of Azure AD DS.
• Implement seamless single sign-on (SSO).
• Implementation and configuration of Azure AD DS.
• Install a new AD DS forest in an Azure VNet.

Deploy and configure Azure VMs

This module describes Azure Compute and Storage in relation to Azure VMs and how to deploy Azure VMs using Azure Portal, Azure CLI, or templates. The module also explains how to create new VMs from generalized images and use Azure Image Builder templates to create and manage images in Azure. Finally, this module describes how to deploy Desired State Configuration (DSC) extensions, how to implement these extensions to troubleshoot non-compliant servers, and how to use custom script extensions.

Lessons

• Virtual machine planning and deployment with Windows Server IaaS
• Customize Windows Server IaaS virtual machine images
• Automate the configuration of Windows Server IaaS virtual machines

Lab: Deploy and configure Windows Server on Azure VMs

• Create Azure Resource Manager (ARM) templates for deploying Azure VMs.
• Modify ARM templates to include VM extension-based configuration.
• Deploying Azure VMs with Windows Server using ARM templates
• Configuring administrative access to Azure VMs with Windows Server
• Configuring Windows Server Security in Azure VMs

Upon completion of this module, students will be able to:

• Create a VM via the Azure portal and via Azure Cloud Shell.
• Deploy Azure VMs using templates.
• Automate the configuration of Windows Server IaaS VMs.
• Identify and resolve issues with non-compliant servers.
• Create new VMs from generalized images.
• Use Azure Image Builder templates to create and manage images in Azure.

Upgrade and migration in Windows Server

This module covers approaches for migrating Windows Server workloads running in earlier versions of Windows Server to more current versions. The module covers the strategies necessary to move domain controllers to Windows Server 2022 and describes how the Active Directory Migration Tool can consolidate domains within a forest or migrate domains to a new AD DS forest. The module also covers how to use the Storage Migration Service to migrate files and file shares from existing file servers to new servers running Windows Server 2022. Finally, the module covers how to install and use the Windows Server Migration Tools cmdlets to migrate commonly used server roles from previous versions of Windows Server.

Lessons

• Active Directory Domain Services Migration
• Migrating file server workloads with the Storage Migration Service
• Migrate Windows Server Roles

Lab: Migrating Windows Server workloads to IaaS VMs

• Deploying AD DS Domain Controllers in Azure
• Migrating file server shares with the Storage Migration Service

Upon completion of this module, students will be able to:

• Compare upgrading an AD DS forest and migrating to a new AD DS forest.
• Describe the Active Directory Migration Tool (ADMT).
• Identify the requirements and considerations for using Storage Migration Service.
• Describe how to migrate a server with storage migration.
• Use Windows Server Migration Tools to migrate specific Windows Server roles.

Network infrastructure in hybrid scenarios

This module describes how to connect an on-premises environment to Azure and configure DNS for Windows Server IaaS virtual machines. The module describes how to select the appropriate DNS solution for your organization's needs and run a DNS server in a Windows Server Azure IaaS VM. Finally, this module covers Microsoft Azure virtual network (VNet) management and IP address configuration for Windows Server Infrastructure as a Service (IaaS) virtual machines.

Lessons

• Implementation of a hybrid network infrastructure
• Implement DNS for Windows Server IaaS VMs
• Windows Server IaaS VM IP Addressing and Routing Implementation

Lab: Implementing Windows Server IaaS VM Networks

• Implementing virtual network routing in Azure
• Implementation of DNS name resolution in Azure

Upon completion of this module, students will be able to:

• Implement an Azure virtual private network (VPN).
• Configure DNS for Windows Server IaaS VMs.
• Run a DNS server in a Windows Server Azure IaaS VM.
• Create a route-based VPN gateway from the Azure portal.
• Implement Azure ExpressRoute.
• Implement an Azure wide area network (WAN).
• Manage Microsoft Azure virtual networks (VNets).
• Manage the IP address configuration for Windows Server IaaS virtual machines (VMs).

Implementation of migration in hybrid scenarios

This module covers approaches to migrate workloads running in Windows Server to an Infrastructure as a Service (IaaS) virtual machine. The module introduces the use of Azure Migrate to assess and migrate on-premises Windows Server instances to Microsoft Azure. The module also covers migrating a workload running in Windows Server to an Infrastructure as a Service (IaaS) virtual machine (VM) and to Windows Server 2022 using Windows Server migration tools or the Storage Migration Service. Finally, this module describes how to use the Azure Migrate App Containerization tool to containerize and migrate ASP.NET applications to Azure App Service.

Lessons

• Migrate on-premises Windows Server instances to Azure IaaS virtual machines
• Upgrade and migration of Windows Server IaaS virtual machines
• Containerization and migration of ASP.NET applications to Azure App Service

Exercise: Migrating from on-premises VMs servers to IaaS VMs

• Implementing Hyper-V VM assessment and discovery with Azure Migrate
• Implementing the migration of Hyper-V workloads with Azure Migrate

Upon completion of this module, students will be able to:

• Plan a migration strategy and select the appropriate migration tools.
• Perform server assessment and discovery with Azure Migrate.
• Migrate Windows Server workloads to Azure VM workloads with Azure Migrate.
• Explain how to migrate workloads using Windows Server migration tools.
• Migrate file servers using the Storage Migration Service.
• Discover and containerize ASP.NET applications running on Windows.
• Migrate a containerized application to Azure App Service.

Implement a hybrid file server infrastructure

This module introduces Azure file services and explains how to configure connectivity to Azure Files. The module also covers the deployment and implementation of Azure File Sync to cache Azure file shares on an on-premises Windows Server file server. This module also describes how to manage cloud tiering and how to migrate from DFSR to Azure File Sync.

Lessons

• Azure file services overview
• Implementing Azure File Sync

Lab: Implementing Azure File Sync

• Implement DFS replication in your local environment
• Create and configure a synchronization group
• Replacing DFS replication with file synchronization-based replication
• Verification of replication and activation of cloud tiering
• Troubleshooting replication problems

Upon completion of this module, students will be able to:

• Configure the Azure file services.
• Configure connectivity to Azure File Services.
• Implement Azure File Sync.
• Deploy Azure File Sync
• Manage cloud tiering.
• Migrate from DFSR to Azure File Sync.

Recovery services in hybrid scenarios

This module covers tools and technologies for implementing disaster recovery in hybrid scenarios, while the previous module focused on BCDR solutions for on-premises scenarios. The module begins with Azure Backup as a Service for protecting files and folders before looking at implementing Recovery Vaults and Azure Backup Policies. The module describes how to recover Windows IaaS virtual machines, perform on-premises backups and restores of workloads, and manage Azure VM backups. The module also covers how to provide disaster recovery for Azure infrastructure by managing and orchestrating replication, failover, and failback of Azure virtual machines with Azure Site Recovery.

Lessons

• Implementing hybrid backup and recovery with Windows Server IaaS
• Protect your Azure infrastructure with Azure Site Recovery
• Protect your virtual machines with Azure Backup

Lab: Implementing Azure-based recovery services

• Setting up the laboratory environment
• Create and configure an Azure Site Recovery repository
• Implementing protection of Hyper-V VMs using Azure Site Recovery Vault
• Azure Backup Implementation

Upon completion of this module, students will be able to:

• Restore Windows Server IaaS virtual machines using Azure Backup.
• Use Azure Backup to protect data for on-premises servers and virtualized workloads.
• Implement recovery vaults and Azure backup policies.
• Protect Azure VMs with Azure Site Recovery.
• Perform a disaster recovery exercise to verify protection.
• Failover and failback of Azure virtual machines.

Operation monitoring in hybrid scenarios

This module covers the use of monitoring and troubleshooting tools, processes, and best practices to optimize app performance and availability of Windows Server IaaS VMs and hybrid instances. The module describes how to implement Azure Monitor for IaaS VMs in Azure, how to implement Azure Monitor in on-premises environments, and how to use dependency maps. The module then explains how to enable diagnostics to get data about a VM and how to view VM metrics in Azure Metrics Explorer and how to create a metrics alert to monitor VM performance. The module then covers how to monitor VM performance using Azure Monitor VM Insights. The module then describes various aspects of troubleshooting on-premises and hybrid network connectivity, including diagnosing common issues with DHCP, name resolution, IP configuration and routing. Finally, the module examines how to troubleshoot configuration issues that affect connectivity to Windows Server virtual machines (VMs) hosted in Azure, as well as approaches to resolving issues with VM startup, extensions, performance, storage, and encryption.

Lessons

• Monitor Windows Server IaaS virtual machines and hybrid instances
• Monitor the health of your Azure virtual machines with Azure Metrics Explorer and metrics alerts
• Monitor virtual machine performance with Azure Monitor VM Insights
• Troubleshooting in local and hybrid networks
• Troubleshooting Windows Server Virtual Machines in Azure

Lab: Monitoring and troubleshooting IaaS VMs with Windows Server

• Enabling Azure Monitor for Virtual Machines
• Setting up a VM with boot diagnostics
• Setting up a Log Analytics workspace and Azure Monitor VM Insights

Upon completion of this module, students will be able to:

• Deploy Azure Monitor for IaaS VMs in Azure and on-premises environments.
• View VM metrics in Azure Metrics Explorer.
• Use the monitoring data to diagnose problems.
• Evaluate Azure Monitor logs and configure Azure Monitor VM Insights.
• Configure a Log Analytics workspace.
• Troubleshoot on-premise and hybrid network connectivity.
• Troubleshoot AD DS service outages or degraded performance.
• Recovery of deleted security objects and the AD DS database.
• Resolve hybrid authentication issues.

Facilitation of hybrid management

This module covers tools that make it easier to manage Windows IaaS VMs remotely. The module also covers using Azure Arc with on-premises server instances, deploying Azure policies with Azure Arc, and using role-based access control (RBAC) to restrict access to log analytics data.

Lessons

• Remotely administer and manage virtual machines with Windows Server IaaS
• Manage hybrid workloads with Azure Arc

Lab: Using Windows Admin Center in hybrid scenarios

• Deploying Azure VMs with Windows Server
• Implementing hybrid connectivity with the Azure network adapter
• Deploying the Windows Admin Center Gateway in Azure
• Verifying the functionality of the Windows Admin Center gateway in Azure

Upon completion of this module, students will be able to:

• Select appropriate tools and techniques for remote management of Windows IaaS VMs.
• Explain how to include on-premises Windows Server instances in Azure Arc.
• Connect hybrid machines to Azure via the Azure portal.
• Use Azure Arc to manage devices.
• Restrict access with RBAC.

Security solutions in hybrid scenarios

This module describes how to secure on-premises Windows Server resources and Azure IaaS workloads. The module covers how to improve network security for Windows Server Infrastructure as a Service (IaaS) virtual machines (VMs) and how to diagnose network security issues with these VMs. In addition, the module introduces the Azure Security Center and explains how to integrate Windows Server computers with the Security Center. The module also describes how to enable Azure Update Management, deploy updates, check an update assessment, and manage updates for Azure VMs. The module explains how to use adaptive application controls and BitLocker disk encryption to protect Windows Server IaaS VMs. Finally, the module explains how to monitor Windows Server Azure IaaS VMs for changes in files and the registry, and how to monitor changes to application software.

Lessons

• Implementation of network security of Windows Server IaaS VM.
• Verification of virtual machine security with Windows Server IaaS
• Manage Azure updates
• Creation and implementation of application lists with adaptive application control
• Configuring BitLocker Disk Encryption for Windows IaaS Virtual Machines
• Implementing change tracking and file integrity monitoring for Windows Server IaaS VMs.

Lab: Using Azure Security Center in hybrid scenarios

• Deploying Azure VMs with Windows Server
• Azure Security Center konfigurieren
• Integration of local Windows servers into the Azure Security Center
• Review Azure Security Center Hybrid Features
• Configuring Windows Server 2019 Security in Azure VMs

Upon completion of this module, students will be able to:

• Diagnose network security issues in Windows Server IaaS virtual machines.
• Include Windows Server computers in the Azure Security Center.
• Deploy and manage updates to Azure VMs by enabling Azure Automation Update Management.
• Implement adaptive application controls to protect Windows Server IaaS VMs.
• Configure Azure Disk Encryption for Windows IaaS virtual machines (VMs).
• Back up and restore encrypted data.
• Monitor Windows Server Azure IaaS VMs for changes in files and the registry.