Azure VPN – Point to Site – Part 2/2

Welcome to part 2 of the Azure VPN blog, here you can find part 1. This part of the blog explains how to configure Azure VPN with Always ON and Azure Active Directory authentication and MFA. This will allow Modern Managed Azure AD Joined Windows 10 workplace to connect secure to the Azure network, and if required and you have a route back to on-premises you will be able to connect to on-premises network as well.

Continue reading Azure VPN – Point to Site – Part 2/2

Azure VPN – Part 1/2

This new Azure related blog describes how to extend your on-premises network to the Azure datacenter. The blog explains how to create an Azure Virtual Network, create VPN gateway, and connect it to your on-premises environment. In part 2 we expand this solution with Point-to-Site VPN, with Always ON – Azure VPN, allowing Modern Managed clients to connect via VPN to Azure Virtual Network, and if required to your on-premises network.


This picture shows the setup we are going to create in this BLOG.

The blog assumes you have basic knowledge about networking and how the Azure portal works. The region I usually work in is West Europe. Please adjust your region to you preferred Azure Region.

Part 1: Site-to-Site VPN

  1. Create Azure VNET
  2. Create Azure Virtual Network Gateway
  3. Create Virtual Machine in Azure
  4. Create Site-2-Site between Azure and Sophos XG
    1. Configure Azure
    2. Configure Sophos XG
    3. Proof of the pudding

Coming Soon: Part 2: Azure VPN (Point-to-Site)

Continue reading Azure VPN – Part 1/2

Azure AD – Directory Roles – Where are you?

Today I noticed something strange. I am scripting with AzureAD PowerShell against Azure AD. I have created a script that will create a Service Principal Name with Directory Reader role. This worked perfectly in my old trial/demo tenant and in customer tenants.

Last week I had to recreate my test lab environment because the licenses expired (I use 1 year demo tenants). Today I tried to create the SPN with the previously created PowerShell script and add the Directory Reader Role.

That script errored out at the line:
Add-AzureADDirectoryRoleMember -ObjectId (Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq “Directory Readers”}).Objectid -RefObjectId $sp.ObjectId

I tried logging in with Connect-AzureAD to the tenant in a new PowerShell window with my Global Admin account to the same tenant. After that I tried this command: Get-AzureADDirectoryRole


According to this PowerShell command there are only two Directory Roles.

Continue reading Azure AD – Directory Roles – Where are you?

Windows Virtual Desktop – Dutch Language pack

Windows Virtual Desktop – Windows 10 Multisession – comes only in one language, that is English. My native language is Dutch, and I work for a lot of Dutch clients who want their WVD also in Dutch.

Adding a different language manually on a Windows 10 laptop is not so hard, just go to the settings, language add the language … well you know the drill. When building your WVD image for W10 Multisession you need to add the language pack to the image. There are many ways to do so. Microsoft has documented this on this DOCS page: https://docs.microsoft.com/en-us/azure/virtual-desktop/language-packs

This BLOG Post will explain how to add the language pack to your image or running Session Hosts and create a GPO that will change the language for your users. Because my native language is Dutch, I will explain how to create the GPO for Dutch language. It should work for all languages.

Disclaimer:
Some GPO settings are registry values, most of them are reverse engineered by me. I changed the settings on a lab machine from English to Dutch and monitored what registry values changed. Also I verified those registry values with a regular Windows 10 Pro Dutch version installed from an ISO file. Those settings where used in my GPOs. Use this BLOG at your own risk. See my disclaimer.

Inspiration:

My setup:

  • Windows Server 2019 Domain Controller with AAD Connect running on an B2S in Azure
  • Windows 10 Multi Session 20H2 without M365 Apps for Enterprise
Continue reading Windows Virtual Desktop – Dutch Language pack

MDT in a Box – Additional Scripts

Scripts

In an earlier blogpost I explained how to install Microsoft Deployment Toolkit on a Windows Server running in Azure. This “MDT in a Box” allows you to create OS images for many purposes. To make the process easier I have developed some PowerShell scripts. The scripts where discussed in the online meetup of Dutch Windows Virtual Desktop User Group live session on December the 7th. This meetup was recorded and can be viewed here. (not available yet)

Three of them are listed here.

  • MDT_Deployment_v2.ps1
  • LTImdtimageversion.ps1
  • Tosysprep.ps1

These scripts work very well with the MDT in a Box machine I created (see this page for instructions on how to create that). For instruction on how to install these scripts in your MDT environment check this section below!

Continue reading MDT in a Box – Additional Scripts

Azure NAT – Revisited

This blogpost is a Revisit of the former Azure NAT post. During the writing of the BLOG Azure NAT seemed to be a perfect solution for creating a single outbound IP for WVD servers. It will make sure all WVD servers have the same PUBLIC IP to browse the web. Making whitelisting for websites, MFA and other solution easily possible.

Unfortunately I have implemented the Azure NAT Gateway in a customer location and has a bad side effect I did not anticipate. At time of writing I give you one advice:

DO NOT IMPLEMENT AZURE NAT GATEWAY FOR WVD

The WVD connection becomes very unstable. Users randomly get disconnected/reconnected during the session.

Continue reading Azure NAT – Revisited

Azure NAT

DO NOT IMPLEMENT AZURE NAT GATEWAY FOR WVD

We are currently investigating issues at a customer site, that is using Azure NAT Gateway, I will release a blogpost next week when the confirmation comes back that the issue is resolved.

Keeping below blog for reference!!! (20200807)

Introduction

In a former blogpost I described a simple way to create a static PUBLIC IP for more than one Virtual Machine in Microsoft Azure. The reason is still the same, you might need a simple and cheap method of using a single PUBLIC IP for one or more RDS/WVD machines, so that all users browse via the same PUBLIC IP to the internet. This is especially useful when your users use an IP whitelisted website.

Continue reading Azure NAT

MDT in a Box – Introduction

Introduction

This BLOG will describe the instruction how to create your very own “MDT in a Box” server. You can use this server to create images for physical computers, RDS, WVD and probably also other VDI environments. MDT is Microsoft Deployment Toolkit, a few Windows tool to automate the Operation System Deployment (OSD). I use this often in my work for customers to create “golden images” for RDS or WVD.

With the MDT in a box you can create VHD or WIM files for your environments, or for you client environments. You can install several applications, scripts, language packs and updates in this task sequence.

In my work I use MDT to create “golden images” for RDS2019 and Windows Virtual Desktop with Windows 10 Enterprise Multi Session.

This BLOG is very long so I split it in a few parts.

1. Prepare the Server

2. Install MDT

3. Configure MDT

4. Deploy Windows 10 – ISO

5. Deploy Windows 10 – Multisession (WVD)

6. Add applications

7. Add language pack.

8. Add Windows Updates

Have fun!

MDT in a box – Part 1 – Prepare the Server

Introduction

This BLOG will describe the instruction how to create your very own “MDT in a Box” server. You can use this server to create images for physical computers, RDS, WVD and probably also other VDI environments. MDT is Microsoft Deployment Toolkit, a few Windows tool to automate the Operation System Deployment (OSD). I use this often in my work for customers to create “golden images” for RDS or WVD.

With the MDT in a box you can create VHD or WIM files for your environments, or for you client environments. You can install several applications, scripts, language packs and updates in this task sequence.

In my work I use MDT to create “golden images” for RDS2019 and Windows Virtual Desktop with Windows 10 Enterprise Multi Session.

This BLOG is very long so I split it in a few parts.

1. Prepare the Server

2. Install MDT

3. Configure MDT

4. Deploy Windows 10 – ISO

5. Deploy Windows 10 – Multisession (WVD)

6. Add applications

7. Add language pack.

8. Add Windows Updates

MDT in a Box – Part 1 – Prepare the Server

Deploy a Windows 2019 Server in Azure with a v3 type machine. We need v3 for Nested Virtualization.

I use a D2s_v3, with a [smalldisk] Win2019 GUI image, and a few extra disks. Except for the Hyper-V disks regular Standard HDD will do just fine. If you have enough Azure ‘money’ you can pump it up to D4s_v3 with Premium SSD to speed things up.

Continue reading MDT in a box – Part 1 – Prepare the Server

MDT in a Box – Part 2 – Install MDT

MDT in a Box – Part 2 – Install MDT

Introduction

This BLOG will describe the instruction how to create your very own “MDT in a Box” server. You can use this server to create images for physical computers, RDS, WVD and probably also other VDI environments. MDT is Microsoft Deployment Toolkit, a few Windows tool to automate the Operation System Deployment (OSD). I use this often in my work for customers to create “golden images” for RDS or WVD.

With the MDT in a box you can create VHD or WIM files for your environments, or for you client environments. You can install several applications, scripts, language packs and updates in this task sequence.

In my work I use MDT to create “golden images” for RDS2019 and Windows Virtual Desktop with Windows 10 Enterprise Multi Session.

This BLOG is very long so I split it in a few parts.

1. Prepare the Server

2. Install MDT

3. Configure MDT

4. Deploy Windows 10 – ISO

5. Deploy Windows 10 – Multisession (WVD)

6. Add applications

7. Add language pack.

8. Add Windows Updates

MDT in a Box – Part 2 – Install MDT

Install ADK

Start the installer (adksetup.exe), change path if required and click Next.

Choose your privacy setting, Next.

Continue reading MDT in a Box – Part 2 – Install MDT