0% found this document useful (0 votes)

41 views159 pages

20533D PDF

1. The document provides instructions for a lab on implementing Microsoft Azure Infrastructure Solutions. It includes 4 exercises to explore the Azure portal, create and manage resources using the Azure portal and Azure PowerShell, and connect to Azure and manage resources using Azure CLI. 2. The first exercise has students use the Azure portal to customize the dashboard and view billing. The second has them create a resource group and route table using the Azure portal and add tags. 3. The third exercise connects to Azure using PowerShell, creates resources, and moves a resource to another resource group. 4. The final exercise connects to Azure using CLI, creates resources, moves a resource, and removes the lab resources.

Uploaded by

fibowop325

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

41 views159 pages

20533D PDF

Uploaded by

fibowop325

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 159

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

20533D
Implementing Microsoft Azure
Infrastructure Solutions
Module 1: Introduction to Microsoft Azure
Lab: Managing Microsoft Azure
Scenario
A. Datum Corporation wants to expand their cloud presence by taking advantage of the benefits of
Azure. Your task is to explore and compare the available IaaS features by using the Azure portal,
Windows PowerShell, and Azure CLI.

Objectives
After completing this lab, you will be able to:

• Use the Azure portals.

• Use Azure Resource Manager features via the Azure portal.

• Use Azure PowerShell.

• Use Azure CLI

Lab Setup
Estimated Time: 50 minutes
Virtual Machine: 20533D-MIA-CL1

User Name: Student

Password: Pa55w.rd
Before starting this lab, ensure that you have performed the “Preparing the Environment”
demonstration tasks at the beginning of the first lesson in this module, and that the setup script has
completed.

Note: The Microsoft Azure portal is continually improved, and the user interface might have been
updated since this lab was written. Your instructor will make you aware of any differences between the
steps described in the lab and the current Azure portal user interface.

Exercise 1: Using the Azure portals

Scenario
A. Datum has asked you to explore the available browser-based Azure portals to assess how the
corporation will use them. In the Azure portal, you must observe the organization of resources and
customize the interface to make your testing environment more accessible. In the Azure Account
Center, you must view and download your current billing data.
The main tasks for this exercise are as follows:

1. Use the Azure portal

2. Use the Azure account portal

▶ Task 1: Use the Azure portal

1. In Microsoft Edge, browse to the Azure portal.

2. Edit the dashboard by changing the size of the All resources tile to 4x6.

Version: D1
3. Move down the Service health tile and the Marketplace tile such that their top edge aligns with the
bottom edge of the Quickstart tutorials tile.

4. Move the Quickstart tutorials tile such that its left edge aligns with the right edge of the All resources
tile and complete the edits.

5. Review the results and reset the dashboard to the default state.

6. Add Virtual machine scale sets to the hub menu. Leave the Microsoft Edge window open.

▶ Task 2: Use the Azure account portal

1. Start Microsoft Edge and browse to the Azure account portal.

2. If prompted, sign in by using the Microsoft account that is the Account Administrator of your Azure
subscription.
3. On the Account portal page, navigate to the summary page of your Azure subscription and review the
billing summary for your subscription.

4. From the summary page, download usage details in Version 2.

5. Open the usage details in Notepad. Note that this is intended to simply review its content – typically to
analyze it in more details, you would use Microsoft Excel or other program capable of parsing csv files.
The file might not include any data at this point if you have not yet deployed any resources into your
subscription.
6. Close Notepad.

Result: After completing this exercise, you should have used the Azure portals.

Exercise 2: Using the Azure Resource Manager features in the Azure portal
Scenario
A. Datum has asked you to create some temporary resources in Azure via the Azure portal. You must
create a resource group and a resource, and then tag them to indicate that they are part of the lab
environment. Finally, you must delegate the contributor permissions to the resource.

The main tasks for this exercise are as follows:

1. Create and manage a resource group

2. Create Azure resources

3. Configure tagging

4. Configure RBAC

▶ Task 1: Create and manage a resource group

1. Switch back to the Microsoft Edge window displaying the Azure portal.

2. In the Azure portal, navigate to the Resource groups blade.

3. From the Resource groups blade, add a new resource group with the following settings:
• Resource group name: 20533D0101-LabRG

• Subscription: the name of your Azure subscription

• Resource group location: the Azure region closest to the lab location

Version: D1
▶ Task 2: Create Azure resources
1. In the Azure portal, navigate to the New blade.

2. From the New blade, create a new route table with the following settings:

• Name: 20533D0101-rt

• Subscription: the same Azure subscription in which you created the resource group

• Resource group name: click Use existing and select 20533D0101-LabRG from the drop-down list

• Resource group location: the same Azure region in which you created the resource group

▶ Task 3: Configure tagging

1. In the Azure portal, assign the tag named project with the value test to the resource group 20533D0101-
LabRG.

2. In the Azure portal, assign the tag named project with the value test to the route table 20533D0101-rt
3. From the service menu, navigate to the Tags blade.
4. View entries with the tag project : test.

5. Pin the list of resources with the tag project : test to dashboard.

▶ Task 4: Configure RBAC

1. In the Azure portal, navigate to the 20533D0101-LabRG resource group.
2. From the resource group blade, grant the contributor role to a valid Microsoft account name.

Result: After completing this exercise, you should have used the Azure Resource Manager features in
the Azure portal.

Exercise 3: Using Azure PowerShell

Scenario
A. Datum has asked you to investigate the capabilities of Azure PowerShell. You must connect to your
Azure subscription by using Azure PowerShell, use Azure PowerShell to create a resource group and
a resource, and then move the resource to another resource group.
The main tasks for this exercise are as follows:

1. Connect to your Azure subscription by using Azure PowerShell

2. Manage Azure resources and resource groups by using Azure PowerShell

▶ Task 1: Connect Azure PowerShell to your Azure subscription

1. On MIA-CL1, start Windows PowerShell ISE as Administrator.
2. From the console pane of the Windows PowerShell ISE window, authenticate to Azure Resource
Manager endpoint of your Azure subscription.

3. From the console pane of the Windows PowerShell ISE window, review the list of subscriptions
associated with the account you used to sign in.

4. From the console pane of the Windows PowerShell ISE window, enumerate Azure resource providers,
resource types, and the Azure regions where these resources are available.

Version: D1
▶ Task 2: Manage Azure resources and resource groups by using Azure
PowerShell
1. In the Windows PowerShell ISE window, open the E:\Labfiles\Lab01\Starter\Set-20533D0101Lab.ps1 file.

2. In the # Variables section, note the values of predefined variables. They need to match the names of
resource and the resource group you created in the previous exercise.
3. Under the line that states # Identify the location of the resource group containing the resource, type
the following:

$locName = (Get-AzureRmResourceGroup -Name $rg1Name).Location

4. Run the resulting script.

5. Under the line that states # Create a new resource group in the same location, type the following:

$rg2 = New-AzureRmResourceGroup -Name $rg2Name -Location $locName

6. Run the newly typed line only.

7. Under the line that states # Retrieve an object representing the resource and store it in a variable,
type the following:

$res = Get-AzureRmResource -ResourceName $resName -ResourceGroupName $rg1Name

8. Run the newly typed line only.

9. Under the line that states # Move the resource to the new resource group, type the following:
Move-AzureRmResource -DestinationResourceGroupName $rg2Name -ResourceId $res.ResourceId

10. Use the resulting script to move the resource represented by the $res variable to the resource group
represented by the variable $g2.
11. Under the line that states # View resources in the new resource group, type the following:

Get-AzureRmResource | Where-Object ResourceGroupName -eq $rg2Name

12. Run the newly typed line.

Result: After completing this exercise, you should have used Azure PowerShell to manage Azure
resources and resource groups.

Exercise 4: Using Azure CLI

Scenario
A. Datum has asked you to investigate the capabilities of Azure CLI. You must connect to your Azure
subscription by using Azure CLI. Then you must use Azure CLI to create a resource group and a
resource, and move the resource to another resource group.

The main tasks for this exercise are as follows:

1. Connect to your Azure subscription by using Azure CLI

2. Manage Azure resources and resource groups by using Azure CLI

3. Remove the lab environment

▶ Task 1: Connect to your Azure subscription by using Azure CLI

1. On MIA-CL1, start Command Prompt as Administrator

Version: D1
2. From Administrator: Command Prompt, use Azure CLI 2.0 to sign in to your Azure subscription.

3. From Administrator: Command Prompt, use Azure CLI 2.0 to display properties of the Azure
subscription associated with the account you used to sign in. Take note of the value of the id parameter,
representing your Azure subscription ID. You will need it in the next task.

4. From Administrator: Command Prompt, use Azure CLI 2.0 to list Azure resource providers, resource
types, and the Azure regions where these resources are available.

▶ Task 2: Manage Azure resources and resource groups by using Azure CLI
1. From Administrator: Command Prompt, use Azure CLI 2.0 to display properties of the resource group
20533D0101-LabRG.

2. From Administrator: Command Prompt, use Azure CLI 2.0 to list resources in the resource group
20533D0102-LabRG.
3. In the list of resources, note the value of the id property of the 20533D0101-rt.

4. From Administrator: Command Prompt, use Azure CLI 2.0 to move the 20533D0101-rt resource from
the resource group 20533D0102-LabRG to the resource group 20533D0101-LabRG.
5. From Administrator: Command Prompt, use Azure CLI 2.0 to list resources in the resource group
**20533D0101-Lab

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.
2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.
5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.
8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have used Azure CLI to manage Azure resources
and resource groups.

Question Why did you use Azure PowerShell cmdlets that contained Rm in the lab?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
This document is provided “as-is.” Information and views expressed in this document, including URL
and other Internet Web site references, may change without notice. You bear the risk of using it. Some
examples are for illustration only and are fictitious. No real association is intended or inferred.
Microsoft makes no warranties, express or implied, with respect to the information provided here.

Version: D1
Module 2: Implementing and managing Azure networking
Lab A: Using a deployment template and Azure
PowerShell to implement Azure virtual networks
Scenario
A. Datum Corporation plans to create several virtual networks in their Azure subscription. They will all
reside in the same Azure region. You want to test the deployment of Azure virtual networks by using
both imperative and declarative methods.

Objectives
After completing this lab, you will be able to:

• Create a virtual network by using deployment templates.

• Create a virtual network by using Azure PowerShell.

• Create a virtual network by using Azure CLI

Lab Setup
Estimated Time: 30 minutes

Virtual Machine: 20533D-MIA-CL1

User Name: Student

Password: Pa55w.rd

Exercise 1: Creating an Azure virtual network by using a deployment template

Scenario
A. Datum wants to test the provisioning of virtual networks. You must configure these virtual networks
by using deployment templates from GitHub
The main tasks for this exercise are as follows:

1. Review a GitHub Azure quickstart template

2. Perform the deployment from the Azure portal

▶ Task 1: Review a GitHub Azure quickstart template

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.
2. Start Microsoft Edge and browse to the Virtual Network with two Subnets Github-hosted Azure
quickstart template at http://aka.ms/Mt32e4.

3. From the Virtual Network with two Subnets page, click Deploy to Azure.
4. If prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. In the Azure portal, click Edit template.

Version: D1
6. Review the structure of the JavaScript Object Notation (JSON) file. Examine the placeholders for values
that can be edited during the deployment. This template contains the following parameters: vnetName,
vnetAddressPrefix, subnet1Prefix, subnet1Name, subnet2Prefix, and subnet2Name.

7. Review the content of the Resources section to identify type of the resource, its name, and properties.

8. Close the Edit Template blade without making any changes.

▶ Task 2: Perform the deployment from the Azure portal

1. From the Create a Virtual Network with two Subnets blade, deploy the template with the following
settings:

• Subscription: the name of your subscription

• Resource group: create a new group named 20533D0203-LabRG

• Location: an Azure region close to the location of the lab environment

• Vnet Name: 20533D0203-vnet

• Vnet Address Prefix: 10.10.0.0/16

• Subnet1Prefix: 10.10.0.0/24
• Subnet1Name: Subnet1

• Subnet2Prefix: 10.10.1.0/24

• Subnet2Name: Subnet2
2. Verify that provisioning of the new virtual network named 20533D0203-vnet completed successfully.

Result: After completing this exercise, you should have created virtual networks for A. Datum HQ.

Exercise 2: Creating a virtual network by using Azure PowerShell

Scenario
A. Datum is expanding their services in Azure by using both declarative and imperative deployment
methods and they ask you to test provisioning of a new network by using Azure PowerShell.
The main tasks for this exercise are as follows:

1. Create a virtual network by using PowerShell

▶ Task 1: Create a virtual network by using PowerShell

3. From the console pane of the Windows PowerShell ISE window, review the list of subscriptions
associated with the account you used to sign in. Identify the value of the subscription Id property of the
Azure subscription you want to use in this lab.

4. If there are multiple Azure subscriptions associated with your account, run the Set-AzureRmContext with
the -SubscriptionId parameter to designate the one you want to use in this lab.

5. Run the New-AzureRMResourceGroup cmdlet to create a new resource group named 20533D0204-
LabRG in the same Azure region you chose in the previous exercise.

Version: D1
6. Run the New-AzureRmVirtualNetwork cmdlet to create a new virtual network named 20533D0204-vnet
with the address space 10.11.0.0/16 in the 20533D0204-LabRG resource group and the same Azure
region as the resource group.

7. Run the Add-AzureRmVirtualNetworkSubnetConfig cmdlet to add a subnet named Subnet1 with the
address prefix 10.11.0.0/24 to the virtual network 20533D0204-vnet.

8. Finalize your configuration by running the Set-AzureRmVirtualNetwork cmdlet.

Result: After completing this exercise, you should have created a virtual network by using Azure
PowerShell.

Exercise 3: Creating a virtual network by using Azure CLI

Scenario
A. Datum is expanding their services in Azure by using both declarative and imperative deployment
methods. They have asked you to test the provisioning of a new network by using Azure CLI.
The main tasks for this exercise are as follows:

1. Creating a virtual network by using Azure CLI

▶ Task 1: Creating a virtual network by using Azure CLI

1. On MIA-CL1, start Command Prompt as Administrator
2. From Administrator: Command Prompt, use Azure CLI 2.0 to sign in to your Azure subscription.

5. Run the az group create command to create a new resource group named 20533D0205-LabRG in the
same Azure region you chose in the previous exercise.

6. Run the az network vnet create command to create a virtual network named 20533D0205-vnet with the
address space 10.12.0.0/16 and a subnet named Subnet1 with the address prefix of 10.12.0.0/24 in the
20533D0205-LabRG resource group and the same Azure region as the resource group.

7. Run the az network vnet subnet create command to add a subnet named Subnet2 with the address
prefix 10.12.1.0/24 to the virtual network 20533D0205-vnet.
Result: After completing this exercise, you should have created a virtual network by using Azure CLI.

Question What are some of the methods you can use to create an Azure virtual network?

Lab B: Configuring VNet peering

Scenario
Now that A. Datum Corporation has deployed Azure Resource Manager VNets, the company wants to
be able to provide direct connectivity between them. Your plan is to implement VNet peering to provide
the optimal performance with minimum cost.

Objectives
After completing this lab, you will be able to:

Version: D1
• Connect Azure virtual networks using VNet peering.

• Configure VNet peering-based service chaining

• Validate virtual network connectivity using Azure-based and VM-based tools.

Lab Setup
Estimated Time: 35 minutes

Virtual Machine: 20533D-MIA-CL1

User Name: Student

Password: Pa55w.rd

Before starting this lab, ensure that you have performed the “Preparing the Environment”
demonstration tasks at the beginning of the first lesson in this module, and that the setup script has
completed.

Exercise 1: Using the Azure portal to configure VNet peering

Scenario
A. Datum wants to use VNet peering to provide connectivity between pairs of virtual networks.

The main tasks for this exercise are as follows:

1. Configure VNet peering for the first virtual network

2. Configure VNet peering for the second virtual network

▶ Task 1: Configure VNet peering for the first virtual network

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd and that the Add-
20533DEnvironment script successfully completed. Start Microsoft Edge, browse to the Azure portal,
and sign in by using the Microsoft account that is the Service Administrator of your Azure subscription.

2. In Microsoft Edge, navigate to the 20533D0201-vnet virtual network blade.

3. From the 20533D0201-vnet blade, create a VNet peering with the following settings:

• Name: 20533D0201-vnet-To-20533D0202-vnet

• Virtual network deployment model: Resource manager

• Subscription: the name of your Azure subscription

• Virtual network: 20533D0202-vnet

• Allow virtual network access: Enabled

• Allow forwarded traffic: enabled

• Allow gateway transit: disabled

• Use remote gateways: disabled

Version: D1
▶ Task 2: Configure VNet peering for the second virtual network
1. In Microsoft Edge, navigate to the 20533D0202-vnet virtual network blade.

2. From the 20533D0202-vnet blade, create a VNet peering with the following settings:

• Name: 20533D0202-vnet-To-20533D0201-vnet

• Virtual network deployment model: Resource manager

• Subscription: the name of your Azure subscription

• Virtual network: 20533D0201-vnet

• Allow virtual network access: Enabled

• Allow forwarded traffic: enabled

• Allow gateway transit: disabled

• Use remote gateways: disabled

Result: After completing this exercise, you should have configured VNet peering between two virtual
networks.

Exercise 2: Configuring VNet peering–based service chaining

Scenario
A. Datum now wants to test the service chaining capabilities of VNet peering to minimize cost and
management overhead of the Azure virtual network infrastructure.
The main tasks for this exercise are as follows:

1. Configure IP forwarding
2. Configure user defined routing
3. Configure routing on an Azure VM running Windows Server 2016

▶ Task 1: Configure IP forwarding

1. In Microsoft Edge, navigate to the 20533D0201-nic1 blade.
2. On the 20533D0201-nic1 blade, modify the IP configurations by setting IP forwarding to Enabled.

▶ Task 2: Configure user defined routing

1. In the Azure portal, create a new route table with the following settings:

• Name: 20533D02-rt1

• Subscription: the name of your Azure subscription

• Resource group: 20533D0202-LabRG

• Location: the same Azure region in which you created the virtual network 20533D0202-vnet

2. In the Azure portal, add to the rout table a route with the following settings:
• Route name: custom-route-to-20533D0201-vnet

• Address prefix: 10.0.0.0/22

• Next hop type: Virtual appliance

Version: D1
• Next hop address: 10.0.0.4

3. In the Azure portal, associate the route table with the subnet-1 of the 20533D0202-vnet.

▶ Task 3: Configure routing on an Azure VM running Windows Server 2016

1. On MIA-CL1, from the Azure portal, start a Remote Desktop session to 20533D0201-vm1 Azure VM.

2. When prompted to authenticate, specify the following credentials:

• User name: Student

• Password: Pa55w.rd1234

3. Once you are connected to 20533D0201-vm1 via the Remote Desktop session, from Server Manager,
install the Remote Access server role with the Routing role service and all required features.

4. In the Remote Desktop session to 20533D0201-vm1, start the Routing and Remote Access console.

5. In the Routing and Remote Access console, run Routing and Remote Access Server Setup Wizard
and enable LAN routing.

6. Start Routing and Remote Access service.

7. In the Remote Desktop session to 20533D0201-vm1, start the Windows Firewall with Advanced
Security console and enable File and Printer Sharing (Echo Request - ICMPv4-In) inbound rule for all
profiles.

Result: After completing this exercise, you should have configured VNet peering–based service
chaining.

Exercise 3: Validating virtual network connectivity

Scenario
A. Datum now wants to validate the VNet peering configuration by testing connectivity between virtual
machines on different virtual networks.
The main tasks for this exercise are as follows:

1. Configure Windows Firewall with Advanced Security on an Azure VM

2. Test service chaining between peered virtual networks

3. Remove the lab environment

▶ Task 1: Configure Windows Firewall with Advanced Security on an Azure VM

1. On MIA-CL1, from the Azure portal, start a Remote Desktop session to 20533D0201-vm2 Azure VM.

2. When prompted to authenticate, specify the following credentials:

• User name: Student

• Password: Pa55w.rd1234

3. In the Remote Desktop session to 20533D0202-vm1, start the Windows Firewall with Advanced
Security console and enable File and Printer Sharing (Echo Request - ICMPv4-In) inbound rule for all
profiles.

▶ Task 2: Test service chaining between peered virtual networks

1. On MIA-CL1, from the Azure portal, start a Remote Desktop session to 20533D0202-vm1 Azure VM.

Version: D1
2. When prompted to authenticate, specify the following credentials:

• User name: Student

• Password: Pa55w.rd1234

3. Once you are connected to 20533D0201-vm1 via the Remote Desktop session, start Windows
PowerShell.

4. In the Windows PowerShell window, run the following:

Test-NetConnection -ComputerName 10.0.1.4 -TraceRoute

5. Verify that test is successful and note that the connection was routed over 10.0.0.4

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.
4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have validated virtual network connectivity in the
VNet peering configuration
Question What do you consider to be the most important advantages of VNet peering?

©2016 Microsoft Corporation. All rights reserved.

This document is provided “as-is.” Information and views expressed in this document, including URL
and other Internet Web site references, may change without notice. You bear the risk of using it. Some
examples are for illustration only and are fictitious. No real association is intended or inferred.
Microsoft makes no warranties, express or implied, with respect to the information provided here.

Version: D1
Module 3: Implementing virtual machines
Lab A: Deploying Azure VMs
Scenario
As part of the planning for deployment of Azure VMs to Azure, Adatum Corporation has evaluated its
deployment options. You must use the Azure portal and Azure PowerShell to deploy two Microsoft
Azure VMs for the database tier of the Research and Development application. To facilitate resource
tracking, you should ensure that the virtual machines are part of the same resource group. Both VMs
should be part of the same availability set.

Objectives
After completing this lab, you will be able to:

• Create Azure VMs by using the Azure portal and Azure PowerShell.
• Validate virtual-machine creation.

Lab Setup
Estimated Time: 35 minutes
Virtual machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

Exercise 1: Creating Azure VMs by using the Azure portal and Azure PowerShell
Scenario
You must deploy two Azure VMs that are running Windows Server 2016 Datacenter. Name these
machines 20533D03LabVM1 and 20533D03LabVM2. You will use the Azure portal to deploy one VM,
and Azure PowerShell to deploy the other VM. You must deploy both virtual machines into the
20533D0301-LabRG resource group, and you must configure the virtual machines to use the database
subnet of the 20533D0301-LabVNet virtual network. Both VMs should use managed disks and be part
of the same availability set. After deploying the virtual machines, you will confirm successful
deployment of the virtual machines.
The main tasks for this exercise are as follows:

1. Use the Azure portal to create a virtual machine

2. Use Azure PowerShell to create a virtual machine

▶ Task 1: Use the Azure portal to create a virtual machine

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.
3. In the Azure portal, create a new Windows Server 2016 Datacenter Azure VM with the following
settings:

• Name: 20533D03labVM1

• VM disk type: HDD

Version: D1
• User name: Student

• Password: Pa55w.rd1234

• Subscription: the name of your Azure subscription

• Resource group: create a new resource group named 20533D0301-LabRG.

• Location: an Azure region close to the location of the lab environment.

• Size: Standard_D1_v2

• Use managed disks: Yes

• Availability set: 20533D0301-db-avset with 3 fault domains and 5 update domains

• Virtual network: 20533D0301-labVNet with address space 10.0.0.0/20 and a subnet named database
with the address range 10.0.0.0/24

• Accept the default settings for the Public IP address, Network security group (firewall), Extensions,
Auto-shutdown, and Monitoring configuration.
4. Wait for the deployment to complete successfully.

5. Leave the Microsoft Edge with the Azure portal window open.

▶ Task 2: Use Azure PowerShell to create a virtual machine

1. On MIA-CL1, open a Windows PowerShell ISE window as Administrator
2. In the Windows PowerShell ISE, open the script E:\Labfiles\Lab03\Starter\New-
AzureRm20533D03VM.ps1 and review its content.

3. Run the script.

4. When prompted, sign in using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple subscriptions, select the one you used when running Add-20533DEnvironment at
the beginning of this module.
6. When the script is complete, leave the Windows PowerShell ISE window open.

Result: After completing this exercise, you have created virtual machines by using the Azure portal
and Azure PowerShell.

Exercise 2: Validating Azure VM deployment

Scenario
You now must validate the creation and configuration of the Azure VMs that you created, to ensure
that they function properly.

The main tasks for this exercise are as follows:

1. Use Azure PowerShell to validate virtual machine deployment

2. Use the Azure portal to validate virtual machine deployment

▶ Task 1: Use Azure PowerShell to validate virtual machine deployment

1. In the Windows PowerShell ISE window, at the command prompt, run the following command:

Get-AzureRmResource | Where-Object ResourceType -like "*VirtualMachines"

Version: D1
2. Confirm that the 20533D03labVM1 and the 20533D03labVM2 virtual machines are listed.

3. Close the Windows PowerShell ISE window.

▶ Task 2: Use the Azure portal to validate virtual machine deployment

1. On MIA-CL1, in the Microsoft Edge window, in the Azure portal, navigate to the 20533D0301-LabRG
resource group blade.

2. On the 20533D0301-LabRG blade, review the list of resources associated with both virtual machines.

3. In the Azure portal, navigate to the 20533D03labVM1 blade, and confirm the following values:

• Resource group: 20533D0301-LabRG

• Virtual network/subnet: 20533D0301-labVNet/database

4. Repeat step 3 for the 20533D03labVM2 virtual machine.

Result: After completing this exercise, you will have validated the creation and configuration of Azure
Virtual Machines.

Question What differences regarding Azure VM resources did you notice when you created a virtual
machine in the Azure portal versus in Azure PowerShell?

Lab B: Deploying Azure VMs by using Azure Resource

Manager templates
Scenario
You must use an Azure Resource Manager template to deploy two additional Linux VMs and two
additional Windows VMs that the ResDev application will use. The virtual machines should be part of
the resource group, to facilitate resource tracking. Linux virtual machines should reside on the virtual
networks’ app subnet, and Windows virtual machines should reside on the web subnet of the
20533D0301-LabVNet virtual network.

Objectives
After completing this lab, you will be able to:
• Use Visual Studio and an Azure Resource Manager template to deploy Azure VMs

• Use Azure PowerShell and an Azure Resource Manager template to deploy Azure VMs

• Use Azure CLI and an Azure Resource Manager template to deploy Azure VMs

Lab Setup
Estimated Time: 25 minutes

Virtual machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

The virtual machine should be running from the previous lab.

Version: D1
Exercise 1: Using Visual Studio and an Azure Resource Manager template to
deploy Azure VMs

Scenario
You must use Visual Studio to deploy two Linux Azure Resource Manager virtual machines for use as
app servers in the ResDev app. You should name the servers 20533D03LabVM3 and
20533D03LabVM4. You have a deployment-template solution and the deployment details for both
virtual machines. You must deploy the two virtual machines from Visual Studio, and then confirm that
the virtual machines have been deployed successfully by using Azure PowerShell.

The main tasks for this exercise are as follows:

1. Use Visual Studio to deploy Linux app servers Azure VMs

2. Use Azure PowerShell to validate the deployment of the app servers Azure VMs

▶ Task 1: Use Visual Studio to deploy Linux app servers Azure VMs
1. On MIA-CL1, start Visual Studio. If prompted, sign in with your Microsoft account credentials. If prompted
to create configure Visual Studio Team Services account, click Not now, maybe later.
2. In Visual Studio, open the solution ResDevLinuxDeploy.sln from
E:\Labfiles\Lab03\Starter\Projects\ResDevLinuxDeploy.

3. View the contents of the azuredeploy.json template.

4. From the Solution Explorer, start a new deployment process of the first virtual machine into the
20533D0301-LabRG resource group with the following settings:

• vmName: 20533D03LabVM4
• adminUsername: Student

• adminPassword: Pa55w.rd1234

• virtualNetworkName: 20533D0301-LabVNet
• resourceGroupName: 20533D0301-LabRG

• subnetName: app
• subnetPrefix: 10.0.1.0/24
• vmSize: Standard_D1_V2

• ubuntuOSVersion: specify 16.04.0-LTS or a more recent version if available

• storageAccountType: Standard_LRS
Note: Deployment will run with the output that appears in the Output pane, which is at the bottom of
the window. When deployment is complete, you will receive a message stating that the template was
deployed successfully to the resource group 20533D0301-LabRG.

5. View the contents of the Azuredeploy.parameters.json file to verify that the parameters that you
provided during deployment have been saved in this file.

6. Start another deployment process by using the deployment that you used for the first virtual machine.
7. Deploy another Azure VM by using the same template, setting its name to 20533D03LabVM3 but leaving
all other parameter values the same.
8. Close the solution but leave Visual Studio open.

Version: D1
▶ Task 2: Use Azure PowerShell to validate the deployment of the app servers
Azure VMs
1. On MIA-CL1, start Windows PowerShell ISE as Administrator.

2. From the console pane of the Windows PowerShell ISE window, authenticate to Azure Resource
Manager endpoint of your Azure subscription.
3. From the console pane of the Windows PowerShell ISE window, review the list of subscriptions
associated with the account you used to sign in. Identify the value of the subscription Id property of the
Azure subscription you want to use in this lab.

4. If there are multiple Azure subscriptions associated with your account, run the Set-AzureRmContext with
the -SubscriptionId parameter to designate the one you want to use in this lab.

5. From the console pane of the Windows PowerShell ISE window, identify all resources in the resource
group 20533D0301-LabRG, including their ResourceName and ResourceType properties by running
the Find-AzureRMResource cmdlet.

6. In the cmdlet output, note the resources created in this exercise including virtual machines, disks, NICs,
public IPs, and a storage account.

7. Leave the Windows PowerShell ISE window open for the next exercise.

Result: After completing this exercise, you will have deployed Azure Virtual Machines by using Visual
Studio and an Azure Resource Manager template.

Exercise 2: Using Azure PowerShell and an Azure Resource Manager template to

deploy Azure VMs
Scenario
You must deploy the Web tier virtual machines by using an Azure Resource Manager template and the
Azure portal. The Web tier should consist of two virtual machines named 20533D03LabVM5 and
20533D03LabVM6, running Windows Server 2016. You should deploy these two VMs to the
20533D0301-LabRG resource group and the web subnet of the 20533D0301-LabVNet virtual
network. You have a template and a Windows PowerShell script that you should edit to use to deploy
the first of these two VMs. After you deploy the first VM, confirm the deployment by viewing the newly
deployed resources in the Azure portal.

The main tasks for this exercise are as follows:

1. Use Azure PowerShell to deploy the Windows virtual machines

2. Use the Azure portal to monitor deployment

3. Use the Azure portal to validate deployment of the Windows virtual machine

▶ Task 1: Use Azure PowerShell to deploy the Windows virtual machines

1. In the Windows PowerShell ISE window that you launched in the previous exercise, open
E:\Labfiles\Lab03\Starter\Templates\Deploy-AzureResourceGroup.ps1

2. Review the script that will deploy the template. > Note: Note the $templateFile and $rgName variables.
These represent the location of the Azure Resource Manager template file and the resource group to
which you will deploy the virtual machines.

3. Switch to Visual Studio and open the file

E:\Labfiles\Lab03\Starter\Templates\azuredeploywebvm.json. > Note: Note that the template has a

Version: D1
very similar structure to the template for the Linux virtual machines in the previous exercise. The primary
differences between the two templates include the variables identifying the operating system image, the
target subnet, and the availability set. You could replace these variables with equivalent parameters, in
order to minimize the number of templates used to deploy Azure VMs.
4. Close Visual Studio.

5. Switch back to the Windows PowerShell ISE window and run the Deploy-AzureResourceGroup.ps1
script. When prompted, provide the following values:
• vmName: 20533D03LabVM5

• adminPassword: Pa55w.rd1234
• virtualNetworkName: 20533D0301-LabVNet

▶ Task 2: Use the Azure portal to monitor deployment

1. To monitor the progress of the deployment, in Microsoft Edge, in the Azure portal, navigate to the
20533D0301-LabRG resource group blade.
2. On the 20533D0301-LabRG blade, in the Settings section, click the Deployments link.

3. On the 20533D0301-LabRG - Deployments blade, click the WebTierVM1-Deployment link.

▶ Task 3: Use the Azure portal to validate deployment of the Windows virtual
machine
1. In Microsoft Edge, in the Azure portal, navigate back to the 20533D0301-LabRG blade.
2. On the 20533D0301-LabRG blade, in the Overview section, view the list of resources.

3. Navigate to the 20533D03LabVM5 blade and, in the Essentials section, note that 20533D03LabVM5 has
been assigned to the 20533D0301-LabVNet/web virtual network/subnet and the operating system is
Windows.
Result: After completing this exercise, you should have deployed Azure Virtual Machines by using
Azure PowerShell and Resource Manager templates.

Exercise 3: Using Azure CLI and an Azure Resource Manager template to deploy
Azure VMs
Scenario
You also want to test an alternative process of deploying Azure VMs by using Azure CLI and Azure
Resource Manager templates.

The main tasks for this exercise are as follows:

1. Use Azure CLI to deploy the Windows virtual machines

2. Use the Azure portal to monitor deployment

3. Use the Azure portal to validate deployment of the Windows virtual machine

4. Remove the lab environment

▶ Task 1: Use Azure CLI to deploy the Windows virtual machines

1. On MIA-CL1, start Command Prompt as Administrator

2. From Administrator: Command Prompt, use Azure CLI 2.0 to sign in to your Azure subscription.

Version: D1
3. From Administrator: Command Prompt, use Azure CLI 2.0 to display properties of the Azure
subscription associated with the account you used to sign in. Take note of the value of the id parameter,
representing your Azure subscription ID.

4. Run the az account set command to specify the subscription in which you are going to create a virtual
network.

5. Run the az group deployment create command to create a deployment named WebTierVM2-
Deployment of an Azure VM named 20533D03LabVM6 into the virtual network 20533D0301-LabVNet
and the resource group 20533D0301-LabRG by using the template
E:\Labfiles\Lab03\Templates\azuredeploywebvm.json
6. When prompted to provide securestring value for adminPassword, type Pa55w.rd1234.

▶ Task 2: Use the Azure portal to monitor deployment

3. On the 20533D0301-LabRG - Deployments blade, click the WebTierVM2-Deployment link.

3. Navigate to the 20533D03LabVM6 blade and, in the Essentials section, note that 20533D03LabVM6 has
been assigned to the 20533D0301-LabVNet/web virtual network/subnet and the operating system is
Windows.

▶ Task 4: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.
3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have deployed Azure Virtual Machines by using
Azure CLI and Resource Manager templates.

Version: D1
Question Can Microsoft Visual Studio and Azure PowerShell use the same Azure Resource Manager
template to deploy an Azure VM?

Question How would you configure an Azure Resource Manager template to deploy multiple Azure
VMs with different configurations?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 4: Managing virtual machines
Lab: Managing Azure virtual machines
Scenario
Now that you have validated basic deployment options of Azure VMs, you need to start testing more
advanced configuration scenarios. Your plan is to step through a sample configuration a two-tier A.
Datum ResDev application. As part of your tests, you will install IIS by using the VM DSC extension on
the front-end tier. You will also set up a multi-disk volume by using Storage Spaces in a Windows
Azure VM in the back-end tier.

Objectives
After completing this lab, you will be able to:

• Creating and configuring Azure Load Balancing.

• Implement desired state configuration of Azure VMs.

• Implement Storage Space–based simple volumes in Azure VMs.

Lab Setup
Estimated Time: 60 minutes

Virtual Machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

Exercise 1: Creating and configuring Azure Load Balancing

Scenario
You need to test the ability of Azure VMs in the same availability set to operate in a load balanced
configuration by leveraging Azure load balancer.
The main tasks for this exercise are as follows:

1. Review the existing deployment

2. Implement an Azure Load Balancer

▶ Task 1: Create virtual machines in an availability set

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.
2. Start Microsoft Edge, browse to the Azure portal and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

3. In the Azure portal, navigate to the resource group 20533D0401-LabRG.

4. On the 20533D0401-LabRG blade, review the list of resources. Note that includes an availability set
named 20533D0401-avset.

5. Navigate to the 20533D0401-avset blade and note that the availability set has 2 fault domains, 5 update
domains, and it contains two virtual machines. Also note that each VM has a unique fault domain and
update domain.

6. Leave the Microsoft Edge window with the Azure portal open.

Version: D1
▶ Task 2: Implement an Azure Load Balancer
1. On MIA-CL1, from the Azure portal, create an Azure load balancer with the following settings:

• Name: 20533D0401-ilb

• Type: Public

• Public IP address: create a new IP address named 20533D0401-ilbfe with dynamically assigned IP
address

• Subscription: the name of your Azure subscription

• Resource group: 20533D0401-LabRG

• Location: the same Azure region you chose when running the provisioning script at the beginning of this
module

2. Configure the newly created load balancer with the backend pool named 20533D0401-ilb-bepool and
associate it to the availability set 20533D0401-avset with ipconfig1 of 20533D0401-vm0 and ipconfig1*
of 20533D0401-vm1**.
3. Configure the load balancer with the health probe that has the following settings:
• Name: 20533D0401-ilb-probetcp80

• Protocol: HTTP
• Port: 80
• Path: /

• Interval: 5
• Unhealthy threshold: 2

4. Configure the load balancer with the following load balancing rule:

• Name: 20533D0401-ilb-ruletcp80
• IP Version: IPv4
• Frontend IP address: LoadBalancerFrontEnd

• Protocol: TCP

• Port: 80
• Backend port: 80

• Backend Pool: 20533D0401-ilb-bepool (2 virtual machines)

• Probe: 20533D0401-ilbprobetcp80 (HTTP:80)

• Session persistence: None

• Idle timeout: 4
• Floating IP (direct server return): Disabled

5. Add to the load balancer with the following inbound NAT rule:

• Name: 20533D0401-ilb-natrulerdpvm0
• Frontend IP address: LoadBalancerFrontEnd

Version: D1
• Service: Custom

• Protocol: TCP

• Port: 33890

• Associated to: 20533d0401-avset (availability set)

• Target virtual machine: 20533D0401-vm0

• Network IP configuration: ipconfig1

• Port mapping: Custom

• Floating IP (direct server return): Disabled

• Target port: 3389

6. Add to the load balancer with the following inbound NAT rule:

• Name: 20533D0401-ilb-natrulerdpvm1

• Frontend IP address: LoadBalancerFrontEnd

• Service: Custom

• Protocol: TCP

• Port: 33891
• Associated to: 20533d0401-avset (availability set)
• Target virtual machine: 20533D0401-vm1

• Network IP configuration: ipconfig1

• Port mapping: Custom

• Floating IP (direct server return): Disabled

• Target port: 3389

Note: This configuration will allow you to connect to both Azure VMs via RDP even though they do not
have directly assigned public IP address.

7. On the 20533D0401-ilb blade, review the Essentials section and identify the public IP address assigned
to the load balancer. Note that at this point, you will not be able to connect to the two virtual machines in
the backend pool, because they are not running a web server and the connectivity is additionally
restricted by default network security group settings and the operating system-level firewall. You will
change these settings later in this lab.
Result: After completing this exercise, you should have created and configured a load balancer in front
of two Azure VMs in the same availability set.

Exercise 2: Implement desired state configuration of Azure VMs.

Scenario
You need to test the implementation of the desired state configuration in Azure by using VM Agent
DSC extension to install the default IIS website on two Azure VMs that will host the web tier of the A.
Datum ResDev application. Once the installation is complete, you must test the availability of this
setup by verifying that load balanced access to the default website is not affected by shutting down
one of the Azure VMs.

Version: D1
The main tasks for this exercise are as follows:

1. Install and configure IIS by using DSC and Windows PowerShell

2. Test the DSC configuration and virtual machine availability

▶ Task 1: Install and configure IIS by using DSC and Windows PowerShell
1. On MIA-CL1, start File Explorer and browse to the E:\Labfiles\Lab04\Starter folder.

2. In the E:\Labfiles\Lab04\Starter folder, right-click on the IISInstall.ps1 file and select Edit from the right-
click menu. This will open the file in the Windows PowerShell ISE.
3. Review the content of the file. Note that this is a DSC configuration that controls the installation of the
Windows Server 2016 Web-Server role.

4. Close the Windows PowerShell ISE window.

5. In the File Explorer, right click on the E:\Labfiles\Lab04\Starter\Deploy-20533D0401DSC.ps1 file and

select Edit from the right-click menu. This will open the file in the Windows PowerShell ISE window with
the current directory set to E:\Labfiles\Lab04\Starter.
6. Review the content of the script. Note the variables that it uses, including the storage account and its key.
The script first retrieves the storage account from the resource group, and then publishes the DSC
configuration defined in the Install.ps1 into it, placing it in the default DSC container named windows-
powershell-dsc, stores the resulting module URL in a variable, and then sets the Azure Agent VM DSC
extension on two virtual machines deployed by the provisioning script by referencing that URL. The script
generates a shared access signature token that provides read only access to the blob representing the
DSC configuration archive.

7. Start the execution of the script. When prompted, sign in with the username and the password of an
account that is either a Service Administrator or a Co-Admin of your Azure subscription. Wait until the
script completes.
8. On MIA-CL1, open Internet Explorer and navigate to the Azure portal.

9. Initiate a Remote Desktop session to 20533D0401-vm1 from the Azure portal.

10. When prompted to enter credentials to connect, type Student as the user name and Pa55w.rd1234 as
the password.

11. Once you establish a Remote Desktop session to the VM, in the Server Manager window, verify that IIS
appears in the left pane, indicating that the Web Server (IIS) server role is installed.

12. Repeat steps 9 through 11 for the other virtual machine, 20533D0401-vm2.

13. After completing the tasks, switch back to your lab computer MIA-CL1. Leave both Remote Desktop
sessions open.

▶ Task 2: Test the DSC configuration and virtual machine availability

1. From the Azure portal within the Internet Explorer window on MIA-CL1, create a new inbound security
rule for the 20533D0401-web-nsg security group with the following settings:

• Source: Any
• Source port ranges: Any

• Destination: Any

• Destination port ranges: 80

Version: D1
• Protocol: TCP

• Action: Allow

• Priority: 1100

• Name: allow-http
2. From the Azure portal, identify the IP address of the 20533D0401-ilb load balancer.

3. From MIA-CL1, open a new InPrivate Browsing Internet Explorer session and browse to this IP address.

4. Verify that you can access the default IIS webpage and close the InPrivate Browsing session.
5. From the Remote Desktop sessions to two Azure VMs, stop the World Wide Web Publishing Service
service on both 20533D0401-vm0 and 20533D0401-vm1

6. From MIA-CL1, open a new InPrivate Browsing Internet Explorer session.

7. In the new InPrivate Browsing window, delete browsing history.

8. Browse to the IP address of the 20533D0401-ilb load balancer again and verify that you can no longer
access the default IIS webpage.

9. From the Remote Desktop session window, start the World Wide Web Publishing Service service on
20533D0401-vm0.
10. Once the service is running, switch back to MIA-CL1 and refresh the InPrivate Browsing Internet Explorer
window. Verify that you can again access the default the default IIS webpage. Note that you might need
to wait about a minute after you start the World Wide Web Publishing Service service.

Note: Optionally you can repeat this sequence, but this time stopping the World Wide Web
Publishing Service on 20533D0401-vm0 and starting it on 20533D0401-vm1. As long as the service
is running on at least one of the two virtual machines, you should be able to access the webpage.

Result: After completing this exercise, you should have implemented DSC.

Exercise 3: Implementing Storage Spaces–based volumes

Scenario
To test provisioning of multi-disk volumes on Azure VMs, you want to create three new VM disks,
attach them to the Azure VMs that will host the database tier of the A. Datum ResDev application, and
then use Storage Spaces to create a new volume.

The main tasks for this exercise are as follows:

1. Attach VHDs to an Azure VM

2. Configure a Storage Spaces simple volume

3. Remove the lab environment.

▶ Task 1: Attach VHDs to an Azure VM

1. On MIA-CL1, from the Azure portal in the Internet Explorer window, attach to the 20533D0401-vm2 virtual
machine a managed data disks with the following settings:

• Name: 20533D0401-vm2-data01
• Resource group: ensure that the Use existing option is selected and 20533D0401-LabRG appears in the
drop down list.

Version: D1
• Account type: Standard_LRS

• Source type: None (empty disk)

• Size: 128

• HOST CACHING: None

2. On MIA-CL1, from the Azure portal in the Internet Explorer window, attach to the 20533D0401-vm2 virtual
machine a managed data disks with the following settings:
• Name: 20533D0401-vm2-data02

• Resource group: ensure that the Use existing option is selected and 20533D0401-LabRG appears in the
drop down list.

• Account type: Standard_LRS

• Source type: None (empty disk)

• Size: 128
• HOST CACHING: None

▶ Task 2: Configure a Storage Spaces simple volume

1. On MIA-CL1, switch to the Remote Desktop session to 20533D0401-vm2.

2. While connected to 20533D0401-vm2, from the Server Manager window, create a storage pool named
StoragePool1 consisting of two newly attached disks.

3. From the Server Manager window, create a new virtual disk named VirtualDisk1 using StoragePool1
with the Simple storage layout, the Fixed provisioning type, and the maximum size.

4. From the Server Manager window, create a new volume of maximum size, mount it as the F: drive and
format it with NTFS and a default allocation unit.

5. From the desktop of 20533D0401-vm2, open File Explorer and verify that there is a new drive F.
6. Close the Remote Desktop session to 20533D0401-vm2.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Version: D1
Result: After completing this exercise, you should have implemented Storage Spaces based volumes.

Question Why would you use Storage Spaces in an Azure VM considering that Azure already
provides highly available storage built into a storage account?
©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 5: Implementing Azure App Service
Lab: Implementing web apps
Scenario
The A. Datum Corporation’s public-facing web app currently runs on an IIS web server at the
company’s chosen ISP. A. Datum wants to migrate this web app into Azure. You must test the Web
Apps functionality by setting up a test A. Datum web app. An internal team provides you with a test
web app to deploy. You must ensure that they can continue to stage changes to the test web app
before deploying those changes to the public-facing site. A. Datum is a global company, so you also
want to test Azure Traffic Manager, and show your organization’s decision makers how it distributes
traffic to instances close to users of the web app.

Objectives
After completing this lab, you will be able to:

• Create a new web app.

• Deploy a web app.

• Manage web apps.

• Implement Traffic Manager to load-balance web apps.

Lab Setup
Estimated Time: 60 minutes

Virtual machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

Exercise 1: Creating web apps

Scenario
You must set up a test web app in Azure. As the first step in the setup process, you want to create a
new web app. Later in this lab, you will deploy this web app to the test web app.
The main tasks for this exercise are as follows:

1. Create a web app

2. Add a deployment slot

3. Configure deployment credentials

▶ Task 1: Create a web app

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Open Microsoft Edge, browse to the Azure portal, and then sign in using the Microsoft account that is the
Service Administrator of your subscription.
3. To create a new web app, use the following information:

• App name: any unique valid name

• Resource Group: 20533D0501-LabRG

Version: D1
• Web Hosting Plan Name: 20533D0501LabPlan

• Location: an Azure region close to the lab location

• Pricing tier: S1 Standard

• Application Insights: leave at its default value

▶ Task 2: Add a deployment slot

1. In the Azure portal, add a new deployment slot to the web app that you created in the first task, using the
following information:

• Name: Staging
• Configuration Source: accept the default setting

2. Open Windows PowerShell window and authenticate to your Azure subscription by signing in using the
Microsoft account that is the Service Administrator of your subscription.
3. If you have multiple subscriptions, select the target one by running the Azure PowerShell Set-
AzureRmContext cmdlet.
4. Use the Azure PowerShell Get-AzureRmWebApp and Get-AzureRMWebAppSlot cmdlets to identify
the web app and staging slot that you created.

5. Keep the Azure PowerShell window open.

▶ Task 3: Configure deployment credentials

1. In the Azure portal, on the web app blade, set the following deployment credentials for the web app that
you created in the first task:

• FTP/Deployment User Name: a unique name

• Password: Pa55w.rd
Result: After completing this exercise, you should have created a new web app in the Azure portal,
and configured the new web app with deployment slots and deployment credentials.

Exercise 2: Deploying a web app

Scenario
Now that you created a web app in Azure, and added a deployment slot for the web app, you can
publish the internally developed web app that the A. Datum web-development team supplied. In this
exercise, you will use a publishing profile in Visual Studio 2015 to connect to the new web app and
deploy the web content.

The main tasks for this exercise are as follows:

1. Obtain a publishing profile

2. Deploy a web app

▶ Task 1: Obtain a publishing profile

1. From the Azure portal, download the publish profile for the Web app you created in Exercise 1.
2. Open the web-application project stored in E:\LabFiles\Lab05\Starter\AdatumWebsite\AdatumWebsite.sln
in Visual Studio.

Version: D1
3. Start debugging the web application, examine the web page automatically displayed on a new Microsoft
Edge tab and then, close that tab.

Note: When you start the web application in Visual Studio, the web app runs in IIS Express on your
local workstation.

▶ Task 2: Deploy a web app

1. In Visual Studio, start the Publish Wizard for the AdatumWebsite project, and then import the
.PublishSettings file that you downloaded in task 1 of this exercise.

2. Publish the new website to Azure.

Note: When the operation is complete, Microsoft Edge opens and displays the new web app hosted in
Azure.

3. Verify that A. Datum’s web app opens in Microsoft Edge and then verify the web app’s current address.

4. Close Microsoft Edge.

5. Leave Visual Studio open.

Result: After completing this exercise, you should have deployed a web app hosted in Azure.

Exercise 3: Managing web apps

Scenario
The web-deployment team created an updated style sheet for the A. Datum’s test web app. You have
to demonstrate how you can deploy these changes to a staging slot, and then test them, before you
deploy to the production A. Datum web app. In this exercise, you will upload the new web app to the
staging slot that you created in Exercise 1, and you then will swap the new version of the web app into
the production slot.

The main tasks for this exercise are as follows:

1. Deploy a web app for staging

2. Swap deployment slots

3. Roll back a deployment

▶ Task 1: Deploy a web app for staging

1. In the Azure portal, download a publishing profile for the Staging slot for your web app.
2. Open the project in E:\LabFiles\Lab05\Starter\NewAdatumWebsite\AdatumWebsite.sln in Visual Studio

3. Start the web app publishing process and import the staging publishing profile that you downloaded in the
first step of this task.
4. Publish the new web app to the Staging slot.

5. Close Microsoft Edge.

6. Leave Visual Studio open.

▶ Task 2: Swap deployment slots

1. In Microsoft Edge, in the Azure portal, navigate to the web app that you created in Exercise 1.

2. From the Azure portal, use the URL link for your web app to open it in another Microsoft Edge tab.

Version: D1
3. Notice that the color scheme has not changed, because the Web app with the new color scheme is still in
the staging slot. Close the Microsoft Edge tab displaying the A. Datum web app.

4. From the web app blade in the Azure portal, swap the staging and production web-app slots.
5. When the swap completes, use the URL link again to browse to the web app and notice that the color
scheme has changed.

6. Close the Microsoft Edge tab that displays the A. Datum’s web app.

▶ Task 3: Roll back a deployment

1. In the Azure portal, swap the staging and production slots again. > Note: By swapping the slots a second
time, you simulate a deployment rollback.

2. When the swap is complete, browse to the web app. Notice that the color scheme has reverted to the
original one.
3. Close the Microsoft Edge tab displaying the A. Datum web app.

Result: After completing this exercise, you should have an updated web app in the staging slot and
have tested the slot swap functionality.

Exercise 4: Implementing Traffic Manager

Scenario
Because A. Datum has customers around the globe, you must ensure that the A. Datum web apps
perform well when serving requests from multiple locations around the world. You must evaluate
Traffic Manager to verify that web content is served from a location that is close to customers. To
accomplish this, you will set up a deployment of Traffic Manager serving content of a test web app
from two different Azure regions.

The main tasks for this exercise are as follows:

1. Deploy a web app to another region

2. Create a Traffic Manager profile

3. Add endpoints, and configure Traffic Manager

4. Test Traffic Manager

5. Remove the lab environment

▶ Task 1: Deploy a web app to another region

1. In Azure PowerShell, identify the settings of your test web app by using the Get-AzureRmWebApp
cmdlet. Note the name of the web app and its location.
2. Choose an Azure region that is different from the location of the original web app, preferably on a
different continent. This will become the SecondLocation.

3. Use the New-AzureRmResourceGroup cmdlet to create a new resource group named 20533D0502-
LabRG located in the SecondLocation.

4. Use the New-AzureRmAppServicePlan cmdlet to create a new App Service plan named
20533D0502LabPlan with the Standard pricing tier in the resource group 20533D0502-LabRG and the
SecondLocation.

Version: D1
5. Use the New-AzureRMWebApp cmdlet to create a new web app. Use the following information for the
web app:

• Resource group: 20533D0502-LabRG

• Name: a unique name (use the Test-AzureRmDnsAvailability cmdlet to identify it)

• Service plan: 20533D0502LabPlan

• Location: SecondLocation
6. In the Azure portal, download a publishing profile for the web app you just created.

7. Open the project in E:\LabFiles\Lab05\Starter\AdatumWebsite\AdatumWebsite.sln in Visual Studio:

8. Start the Publish Web Wizard, and then import the publish settings file that you just downloaded.

9. Publish the web app, and then close Microsoft Edge and Visual Studio.

▶ Task 2: Create a Traffic Manager profile

1. In the Azure portal, create a new Traffic Manager profile by using the following information:

• Name: a unique domain name

• Routing Method: Performance

• Resource Group: 20533D0503-LabRG

• Resource group location: an Azure region that is closest to the lab location

▶ Task 3: Add endpoints, and configure Traffic Manager

1. From the Traffic Manager profile blade in the Azure portal, add the web apps that you created in Exercise
1 and Exercise 4 as the Traffic Manager profile endpoints.

2. From the Traffic Manager profile blade, modify the profile configuration by setting the DNS TTL value to
30 seconds.

▶ Task 4: Test Traffic Manager

1. From the Azure portal, use the DNS name of the Traffic Manager profile to browse to the web app
instance corresponding to the closest endpoint.
2. Use the nslookup command to resolve the DNS name of the Traffic Manager profile. > Note: Review the
DNS records listed in the output of the command to identify the web app instance returned from the
Traffic Manager profile
3. In the Azure portal, disable the Traffic Manager endpoint representing the web app instance you identified
in the previous step.

4. Use the nslookup command again to resolve the DNS NAME for your Traffic Manager profile. The
results should differ from those in step 2. > Note: You might have to wait in order for the endpoint state
change to take effect. Wait about 1 minute and re-run the nslookup command.

▶ Task 5: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

Version: D1
3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.
5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have implemented two Azure web apps and a
Traffic Manager profile configured to distribute requests between them.

Question In Exercise 2, you deployed the A. Datum production web app to Azure. In Exercise 3, you
deployed a new version of the site to a staging slot. How can you tell, within Microsoft Edge, which is
the production site and which is the staging site?

Question At the end of Exercise 4, you used an FQDN within the trafficmanager.net domain to access
your web app. How can you use your own registered domain name to access this web app?
©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 6: Planning and implementing storage, backup,
and recovery services
Lab: Planning and implementing Azure Storage
Scenario
The IT department at A. Datum Corporation uses an asset management application to track IT assets
such as computer hardware and peripherals. The application stores images of asset types and
invoices for asset purchases As part of A. Datum’s evaluation of Azure, you need to test migration of
these images and invoice documents to Azure storage. A. Datum also wants to evaluate Azure File
storage for providing SMB 3.0 shared access to invoices. Currently, corporate file servers host this
content. Additionally, A. Datum wants to evaluate the ability of Azure Backup to protect files and
folders of on-premises computers.

Objectives
After completing this lab, you will be able to:
• Creating and configuring Azure Storage.

• Use Azure file storage.

• Protecting data with Azure Backup.

Lab Setup
Estimated Time: 60 minutes
Virtual machine: 20533D-MIA-CL1

• User name: Student

• Password: Pa55w.rd
Before starting this lab, ensure that you have performed the “Preparing the environment”
demonstration tasks at the beginning of the first lesson in this module and that the setup script has
completed.

Exercise 1: Creating and configuring Azure Storage

Scenario
A. Datum currently stores images for IT assets on the on-premises file servers. As part of your Azure
evaluation, you want to test storing these images as blobs in Azure storage so that a new Azure-based
version of the asset management application can easily access them.

The main tasks for this exercise are as follows:

1. Create a storage account

2. Install AzCopy

3. Use AzCopy to upload blobs

▶ Task 1: Create a storage account

1. Ensure that you are signed in to the MIA-CL1 virtual machine as Student with the password Pa55w.rd
and that the setup script that you ran in the “Preparing the environment” demonstration has completed.

Version: D1
2. Use Internet Explorer to sign in to the Azure portal by using the Microsoft account that is the Service
Administrator or a Co-Administrator of your Azure subscription.

3. Create a new storage account with the following settings:

• Name: a valid, unique name consisting of between 3 and 24 lower case characters or digits

• Deployment model: Resource Manager

• Account kind: Storage (general purpose v1)

• Performance: Standard

• Replication: Locally-redundant storage (LRS)

• Secure transfer required: Disabled

• Subscription: the name of your Azure subscription

• Resource group: ensure that Create new is selected and, in the textbox below, type 20533D0602-LabRG

• Location: the same Azure region that you chose when running the provisioning script at the beginning of
this module

• Virtual networks (Preview): Disabled

• Pin to dashboard: clear the check box

4. After the storage account creates, add a blob container named asset-images with private access.

▶ Task 2: Install AzCopy

1. Download and install AzCopy from http://aka.ms/AzCopy. Note that this page also includes
documentation and examples for using AzCopy.
2. Start Windows PowerShell ISE as Administrator.

3. In the console pane of Windows PowerShell ISE, change the current directory by running

Set-Location -Path 'C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy'`

4. Test the installation by running the following command at a command prompt:

.\AzCopy /?

5. Keep the Windows PowerShell ISE window open for the next task.

▶ Task 3: Use AzCopy to upload blobs

1. In the Windows PowerShell ISE window, type the following in the script pane:
.\AzCopy.exe /Dest:https://<storage-account-name>.blob.core.windows.net/asset-images
/destkey:<access-key> /Source:E:\Labfiles\Lab06\Starter\asset-images

2. In the Azure portal, copy the name of the Storage account you created earlier in this exercise.
3. In the script pane of the Windows PowerShell ISE, replace the <storage-account-name> entry with the
storage account name you copied from the Azure portal.

4. In the Azure portal, copy the first access key of the Storage account.

5. In the script pane of the Windows PowerShell ISE, replace the <access-key> entry with the storage
account key you copied from the Azure portal.

Version: D1
6. Execute the command in the script pane and wait for the command to complete. Review the file transfer
information.

7. In the Azure portal, navigate to the asset-images container blade and verify that the container contains
six blobs.

Result: At the end of this exercise, you should have created a new Azure storage account with a
container named asset-images and copied files from your local computer to that container by using
the AzCopy utility.

Exercise 2: Using Azure File storage

Scenario
A. Datum currently stores invoices for IT assets on the on-premises file servers. As part of your
evaluation of Azure, you want to test an upload of these files to a file share in your Azure storage
account.

The main tasks for this exercise are as follows:

1. Create a file share and upload files

2. Access a file share from a VM

▶ Task 1: Create a file share and upload files

1. Switch to the Windows PowerShell ISE window and run the Add-AzureRmAccount cmdlet. When
prompted, sign in by using the Microsoft account that is the Service Administrator of your Microsoft Azure
subscription.
2. From the Windows PowerShell ISE, open E:\Labfiles\Lab06\Starter\New-20533D06FileShare.ps1

3. In the script pane, in the $storageAccountName variable declaration at the beginning, replace the
<storage-account-name> value with the name of the Azure storage account that you created in the
previous exercise.
4. Review the script, noting that it:

• Sets the values of variables named 𝑠𝑠ℎ𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎 ∗∗ 𝑎𝑎𝑎𝑎𝑎𝑎 ∗∗directoryName for the file share and the
directory to create in the Azure Storage account

• Uses the Get-AzureRmStorageAccountKey cmdlet to retrieve the access key for your storage account.

• Uses the New-AzureStorageContext cmdlet to create a security context for connections to the target
storage account based on the key you retrieved
• Uses the New-AzureStorageShare cmdlet to create an Azure Storage account file share

• Uses the New-AzureStorageDirectory cmdlet to create a directory in the share

• Sets the location of the folder hosting source files to be copied to the Azure Storage file share directory

• Loops through the files in the source folder and uses the Set-AzureStorageFileContent cmdlet to copy
each of them the folder in the Azure file share.

5. Run the script to upload the files.

6. Observe the script as it runs, and then view the output. When you finish, close Windows PowerShell ISE.

Version: D1
▶ Task 2: Access a file share from a VM
1. Connect to the 20533D0601-vm1 VM in your Azure subscription via Remote Desktop by using the
following credentials:

• User name: Student

• Password: Pa55w.rd1234

2. Once connected, on 20533D0601-vm1, turn off IE Enhanced Security Configuration for administrators.

3. Use Internet Explorer to navigate to the Azure portal and, when prompted, sign in by using the Microsoft
account that is the Service Administrator of your Azure subscription.
4. In the Azure portal, navigate to the assets file service blade of the storage account that you created in
the previous exercise, click Connect and copy the net use command in the Connecting from Windows
section that needs to be run in order to connect to the assets file share from a Windows computer.
5. In the Remote Desktop session, start Windows PowerShell ISE and paste the net use command into the
script window.

6. Modify the command you copied so by replacing [drive letter] with Z:.
7. In Windows PowerShell ISE, execute the command and verify it completed successfully by creating a Z:
drive mapping.

8. In the Command Prompt window, enter the following command to view the contents of the invoices folder
in drive Z:, which is now mapped to the assets file share that you created in the previous task:

Get-ChildItem -Path 'Z:\invoices'

9. Verify that invoices are listed.

10. Sign out of the 20533D0601-vm1 VM to end the remote desktop session.

Result: At the end of this exercise, you should have created an Azure storage account file share
named assets that contains a folder named invoices with copies of invoice documents. You should
have also mapped a drive from an Azure VM to the Azure storage account file share.

Exercise 3: Protecting data with Azure Backup

Scenario
A. Datum currently uses an on-premises backup solution. As part of your Azure evaluation, you want
to test protection of on-premises asset image files and invoices by backing them up to the cloud. To
accomplish this, you intend to use Azure Backup.

The main tasks for this exercise are as follows:

1. Create a recovery services vault

2. Configure the vault for on-premises backup

3. Install and configure the Azure Recovery Services Agent

4. Create a backup schedule

5. Run a backup

6. Stop backups and delete the Azure Recovery services vault

7. Remove the lab environment

Version: D1
▶ Task 1: Create a recovery services vault
1. In Internet Explorer, open the Azure portal.

2. Create a new recovery services vault with the following settings:

• Name: vault20533D06

• Subscription: the name of your Azure subscription

• Resource group: create a new resource group named 20533D0603-LabRG

• Location: the same Azure region that you chose when running Setup-Azure at the beginning of this
module

• Pin to dashboard: ensure that the check box is cleared

3. Wait until the vault is provisioned.

▶ Task 2: Configure the vault for on-premises backup

1. In the Azure portal, in the newly created vault, configure the backup goal with the following settings:
• Where is your workload running?: On-premises

• What do you want to back up?: Files and folders

2. Click Prepare Infrastructure.

▶ Task 3: Install and configure the Azure Recovery Services Agent

1. Download the Microsoft Azure Recovery Services Agent from the Azure portal and install it on MIA-
CL1 with the default settings.
2. Download the vault credentials file from the Azure portal

3. Register MIA-CL1 with the vault. Prior to registration, generate a passphrase and store it in the
E:\Labfiles\Lab06\Starter folder.

4. At the end of the registration process, start the Azure Backup console and leave it open for the next task.

▶ Task 4: Create a backup schedule

1. Use Azure Backup to schedule a daily backup to run at 4:30 AM and protect the following subfolders in
the E:\Labfiles\Lab06\Starter folder:
• asset-images

• invoices

2. Keep the defaults for the other backup settings.

▶ Task 5: Run a backup

1. From the Microsoft Azure Backup console, run an on-demand backup.
2. From the Azure portal, verify that MIA-CL1 is registered with the Recovery Services vault and note the
most recent backup items, which should include files and folders on the E: drive.

▶ Task 6: Stop backups and delete the Azure Recovery services vault
1. From the Azure portal, in the Recovery Services vault, delete references to mia-cl1.
2. From the Azure portal, delete the Recovery Services vault.

Version: D1
▶ Task 7: Remove the lab environment
1. On MIA-CL1, close all open windows without saving any files.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: At the end of this exercise, you should have created an Azure Recovery Services vault in your
subscription, downloaded vault credentials, and installed the Azure Recovery Services agent on the
MIA-CL1 lab computer. You should have backed up the contents of the asset-images and invoices
folders to the Recovery Services vault.
Question The asset management application stores images of hardware components as blobs and
invoices as files. If the application also needed to search the location of each asset by using an asset
type, a unique asset number, and a text description of the location, what storage options should you
consider?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 7: Implementing containers in Azure
Lab A: Implementing containers on Azure VMs
Scenario
A. Datum Corporation plans to implement some of its applications as Docker containers on Azure
VMs. To optimize this implementation, you intend to combine multiple containers by using Docker
Compose. A. Datum would also like to deploy its own private Docker registry in Azure to store
containerized images. Your task is to test the functionality of tools that facilitate deployment of Docker
hosts and Docker containers. You also need to evaluate Azure Container Registry.

Objectives
After completing this lab, you will be able to:

• Implement Docker hosts on Azure VMs

• Deploy containers to Azure VMs

• Deploy multicontainer applications with Docker Compose to Azure VMs

• Implement Azure Container Registry

Lab Setup
Estimated Time: 30 minutes
Virtual Machine: 20533D-MIA-CL1

User Name: Student

Exercise 1: Implementing Docker hosts on Azure VMs

Scenario
To test the planned deployment, you must identify the methods that would allow you to deploy Docker
hosts to Azure VMs. You decide to evaluate the Docker Toolbox for Windows.

The main tasks for this exercise are as follows:

1. Install Docker Toolbox for Windows

2. Use Docker Machine to create hosts in Azure Deploy Docker Toolbox for Windows

▶ Task 1: Install Docker Toolbox for Windows

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd, and that the Add-
20533DEnvironment script successfully completed. The script creates an Azure VM of the size that
supports nested virtualization. You will use it to install Docker Toolbox for Windows.

Version: D1
2. Start Microsoft Edge and browse to the Azure portal. When prompted, sign in by using the Microsoft
account that is the Service Administrator of your Azure subscription.

3. From the Azure portal, establish a Remote Desktop session to the 20533D0701-vm0 virtual machine.
Authenticate as Student with the password Pa55w.rd1234.

4. In the Remote Desktop session to 20533D0701-vm0, turn off IE Enhanced Security Configuration.

5. In the Remote Desktop session , start Internet Explorer and navigate to https://docs.docker.com/docker-
for-windows/install/#download-docker-for-windows

6. From the Install Docker for Windows page, run Docker for Windows Installer.exe.

7. Once the installation completed, click Close and log out.

▶ Task 2:
1. From the Azure portal, re-establish a Remote Desktop session to the 20533D0701-vm0 virtual machine.
Authenticate as Student with the password Pa55w.rd1234.

2. In the Remote Desktop session to 20533D0701-vm0, if prompted in Docker for Windows dialog box
whether to enable Hyper-V, click Cancel.

3. In the Remote Desktop session, start Internet Explorer and browse to the Azure portal. When prompted,
sign in by using the Microsoft account that is the Service Administrator of your Azure subscription.
4. In the Azure portal, start Bash (Linux) session in Cloud Shell.

5. From the Cloud shell pane, identify the Id of your Azure subscription. Copy its value to Clipboard.

6. In the Cloud shell, enumerate the Skus of the images of Canonical Ubuntu Server available in the Azure
region you selected when running Add-20533DEnvironment at the beginning of this module.
7. Verify that 16.04.0-LTS is available. If that is not the case, replace 16.04.0-LTS with one of avaialble
SKUs in step 11.

8. Close Cloud Shell.

9. In the Remote Desktop session, start Command Prompt as Administrator.

10. In the Administrator: Command Prompt window, change the current directory to the location of the
user profile.

11. From the Administrator: Command Prompt window, create a new Azure VM named “20533d0702-
vm0” and configured as Docker host by running docker-machine with the following settings:
• –azure-ssh-user: student

• –azure-subscription-id: the value of the Subscription Id you copied into Clipboard

• –azure-open-port 80
• –azure-image: “Canonical:UbuntuServer:16.04.0-LTS:latest”
• –azure-location: the name of the Azure region you selected when running Add-20533DEnvironment at
the beginning of this module
• –azure-resource-group: “20533D0702-LabRG”

• –azure-availability-set: “20533D0702-avset”

• –azure-static-public-ip

Version: D1
• –azure-size: an available VM size

12. When prompted, authenticate to your Azure subscription.

13. Close the Internet Explorer window.

14. In the Administrator: Command Prompt window, monitor the progress of provisioning the Azure VM.
15. Wait for the Azure VM to be provisioned. Next, use the docker-machine command to list the Docker host
on the newly provisioned Azure VM.
16. Use the docker-machine command with the ip switch to obtain the IP address of the Docker host Azure
VM

17. Verify connectivity to the target Docker Azure VM, by running the docker command with the following
parameters from the Administrator: Command Prompt window:

• –tlsverify

• –tlscacert: C:.docker.pem
• –tlscert: C:.docker.pem

• –tlskey: C:.docker.pem

Result: After you complete this exercise, you should have successfully installed Docker Toolbox for
Windows and created a Docker host in an Azure VM.

Exercise 2: Deploying containers to Azure VMs

Scenario
After deploying the Docker host VM, you intend to use Docker Machine, which the Docker Toolbox
includes, to verify that the Docker host is operational. To accomplish this, you want to run a sample
containerized nginx web server, available from Docker Hub.
The main tasks for this exercise are as follows:

1. Configure docker-machine environment.

2. Run a container in a Docker host running on an Azure VM.

▶ Task 1: Configure docker-machine environment.

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
enumerate the docker-machine environment representing the connection to the 20533d0702-vm0
Docker host.

2. In the Administrator: Command Prompt window, assign the values to the DOCKER_CERT_PATH,
DOCKER_HOST, DOCKER_MACHINE_NAME, and DOCKER_TLS_VERIFY environment variables
such that they represent the connection parameters to the 20533d0702-vm0 Docker host.

▶ Task 2: Run a container in a Docker host running on an Azure VM

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
use the docker command to start nginx container from the Docker Hub, making it available on TCP port
80.

2. Monitor the progress of the container deployment. Verify the successful outcome, by running the docker
command with the ps switch from the Administrator: Command Prompt window.

Version: D1
3. Use the docker-machine command with the ip switch to obtain the IP address of the Docker host Azure
VM

4. Start Internet Explorer and browse to the IP address you obtained in the previous step. Verify that
Internet Explorer displays the Welcome to nginx! page

Result: After you complete this exercise, you should have successfully run a sample containerized
web server nginx on the Docker host Azure VM.

Exercise 3: Deploying multicontainer applications with Docker Compose to Azure

VMs

Scenario
You intend to implement some A. Datum applications by using multiple containers. To accomplish this,
you will test the deployment of multicontainer images by using Docker Compose.

The main tasks for this exercise are as follows:

1. Create a compose file
2. Deploy the containers with docker-compose to an Azure VM

▶ Task 1: Create a compose file

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
verify that Docker Compose is installed on the target Docker Azure VM by running the docker-compose
command with the –version parameter.

2. From the Administrator: Command Prompt window, in the current directory, create a new file named
docker-compose.yml with the following content (you can find the file in the E:\Labfiles\Lab07\Solution
folder):

version: "3"
services:
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: Pa55w.rd

▶ Task 2: Deploy the containers with docker-compose to an Azure VM

1. In the Remote Desktop Session to 20533D0701-vm0, from the Administrator: Command Prompt
window, deploy containers defined in the docker-compose.yml file to the Docker host in the Azure VM
20533d0702-vm0.

2. Monitor the progress of the container deployment. Use the docker command with the ps switch to verify
the successful outcome.

Version: D1
▶ Task 3: Connect to a multi-container application running on an Azure VM
1. In the Remote Desktop Session to 20533D0701-vm0, in the Azure portal, navigate to the 20533D0702-
vm0-firewall blade.

2. From the 20533D0702-vm0-firewall blade, add an inbound security rule with the following settings:
• Source: Any

• Source port ranges: *

• Destination: Any
• Destination port ranges: 8080

• Protocol: TCP

• Action: Allow
• Priority: 1100

• Name: Port8080-TcpAllowAny

3. Wait for the operation to complete. Next, start Internet Explorer and browse to the port 8080 on the IP
address you obtained in the previous step. Verify that Internet Explorer displays the Wordpress
Installation page

Result: After you complete this exercise, you should have successfully implemented a multi-container
application by using Docker Compose.

Exercise 4: Implementing Azure Container Registry

Scenario
Now that you have successfully implemented a Docker host in an Azure VM and deployed
containerized images from Docker Hub, you want to test the setup and image deployment by using
Container Registry. In your tests, you will use a sample image available from Docker Hub. You will
start by creating a container registry. Next, you will download the sample image to your lab computer
and upload it to the newly created private registry. Finally, you will deploy the image from the private
registry to the Docker host in Azure VM.
The main tasks for this exercise are as follows:

1. Create an Azure Container Registry

2. Identify Azure Container Registry authentication settings.

3. Push an image to Azure Container Registry.

4. Download and deploy images from the Azure Container Registry

5. Remove the lab environment

▶ Task 1: Create an Azure Container Registry

1. In the Remote Desktop session to 20533D0701-vm0, in the Azure portal in the Internet Explorer window,
create a new Azure Container Registry with the following settings:

• Registry name: a unique name consisting of between 5 and 50 alphanumeric characters

• Subscription: the name of the Azure subscription you are using in this lab
• Resource group: click Create new and, in the text box below, type 20533D0703-LabRG

Version: D1
• Location : East US

• Admin user: Enable (this allows you to use the registry name as username and admin user access key
as password to docker login to the registry)
• SKU : Basic

2. Wait for the operation to complete.

▶ Task 2: Identify Azure Container Registry authentication settings.

1. In the Remote Desktop session to 20533D0701-vm0, in the Azure portal in the Internet Explorer window,
navigate to the blade of the Azure container registry you created in the previous task.

2. On the container registry blade, copy the container registry password to Clipboard.

3. Note the values of the Username and the Login server entries. The username should match the registry
name and the login server name should consist of the registry name followed by the .azurecr.io suffix.

▶ Task 3: Push an image to Azure Container Registry.

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
log in to the Azure Container registry you created in the first task by running the docker login command,
providing the name of the login-server you identified in the previous task as well as the following
parameters:

• –username: the value of Username you identified in the previous task

• –password: the value of password you copied to Clipboard in the previous task

2. Ensure that you receive the Login succeeded message. Next, pull the microsoft/aci-helloworld image
from Docker Hub by running the docker pull command from the Administrator: Command Prompt
window.
3. Wait for the image to be downloaded to the Docker Azure VM. Next, tag the image with the Azure
Container registry name by running from the Administrator: Command Prompt window the docker tag
command with the login-server/aci-helloworld:v1 parameter, replacing the login-server entry with the
value you identified in the previous task.

4. Push the tagged image to the Azure Container registry by running from the Administrator: Command
Prompt window the docker push command with the login-server/aci-helloworld:v1 parameter,
replacing the login-server entry with the value you identified in the previous task.

5. Wait for the image to be pushed to the registry. Next, in the Azure portal, from the container registry
blade, verify that the Azure Container registry contains the aci-helloworld repository

▶ Task 4: Download and deploy images from the Azure Container Registry
1. In the Remote Desktop session to 20533D0701-vm0, pull the newly tagged image from the Azure
Container registry, by running from the Administrator: Command Prompt window the docker pull
command with the login-server/aci-helloworld:v1 parameter, replacing the login-server entry with the
value you identified earlier in this exercise.

2. Note that, in this case, the image does not need to be downloaded, since it is already present on the
target Docker Azure VM.
3. Deploy the image downloaded from the Azure Container registry, by running from the Administrator:
Command Prompt window the docker run command with the login-server/aci-helloworld:v1

Version: D1
parameter, replacing the login-server entry with the value you identified earlier in this exercise. Deploy
the web service running in the container such that it is accessible via port 8081.

4. Run the docker ps command to verify that the image has been successfully deployed.
5. Note that the output includes the tagged image.

6. Close the Remote Desktop Session to 20533D0701-vm0.

▶ Task 5: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After you complete this exercise, you should have successfully tested image deployment by
using Azure Container Registry.
Question

Which method would you use when deploying Docker hosts on Azure VMs?
Question
What authentication and authorization method do you intend to use when implementing Azure
Container Registry?

Lab B: Implementing Azure Container Service (ACS)

Scenario
A. Datum is considering implementing containers on a larger scale by leveraging the capabilities that
ACS offers. You intend to choose one of the three orchestrators available and test its functionality. You
want to test load balancing and scaling of a sample containerized application.

Objectives
After completing this lab, you will be able to:

• Create an ACS cluster.

• Manage the ACS cluster.

Lab Setup
Estimated Time: 30 minutes

Version: D1
Virtual Machine: 20533D-MIA-CL1

User Name: Student

Password: Pa55w.rd

Exercise 1: Creating an ACS cluster

Scenario
You must start by identifying the prerequisites for deploying an ACS cluster. You plan to install the
cluster by using the Azure portal.

The main tasks for this exercise are as follows:

1. Create an ACS Kubernetes cluster

2. Connect to the ACS Kubernetes cluster.

3. Remove the lab environment.

▶ Task 1: Create an ACS Kubernetes cluster

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd and that the Remove-
20533DEnvironment script successfully completed. In the Azure portal, in the Microsoft Edge window,
start the Bash prompt in Cloud Shell.

2. From the Bash prompt, in the Cloud shell pane, create a new resource group named 20533D0704-
LabRG in the Azure region where you want to deploy the ACS Kubernetes cluster.

3. From the Bash prompt, in the Cloud shell pane, use the az acs create command with the following
parameters to create a new Kubernetes cluster:
• –orchestrator-type: kubernetes

• –resource-group: 20533D0704-LabRG

• –name: 20533D0704-k8scluster
• –generate-ssh-keys

4. Wait for the deployment to complete.

▶ Task 2: Connect to the ACS Kubernetes cluster.

1. Download and configure the credentials to access the ACS Kubernetes cluster, by running the az acs
kubernetes get-credential command with the following parameters from the Bash prompt in the Cloud
shell pane:

• –resource-group: 20533D0704-LabRG

• –name 20533D0704-k8scluster

2. Verify connectivity to the ACS Kubernetes cluster, by running the kubectl get nodes command from the
Bash prompt in the Cloud shell pane

3. Review the output and verify that the agent nodes are reporting the Ready status.

Version: D1
Result: After you complete this exercise, you should have successfully deployed a new ACS cluster
with the orchestrator of your choice.

Exercise 2: Managing an ACS cluster

Scenario
With the new ACS cluster running, you must connect to it, deploy a sample containerized application in
it, and validate its availability and resiliency by testing clustering features such as scaling and load
balancing.

The main tasks for this exercise are as follows:

1. Deploy a containerized application to the ACS Kubernetes cluster

2. Manage deployment of a containerized application on the ACS Kubernetes cluster

▶ Task 1: Deploy a containerized application to the ACS Kubernetes cluster

1. In the Azure portal, in the Microsoft Edge window, in the Cloud shell pane, create a deployment named
nginx-20533d0704 from the Docker Hub by running the kubectl run command with the following
parameters:
• –image: nginx

• –replicas: 1

• –port: 80
2. Verify that a Kubernetes pod has been created by running kubectl get pods command from the bash
prompt in the Cloud shell pane.
3. Identify the state of the deployment by running kubectl get deployment command from the bash prompt
in the Cloud shell pane.

4. Make the deployment nginx-20533d0704 available from Internet by running kubectl expose command
from the bash prompt in the Cloud shell pane with the following parameters:

• –port: 80

• –type: LoadBalancer
5. Identify whether the public IP address has been provisioned by running kubectl get services command
from the bash prompt in the Cloud shell pane.

7. Start Microsoft Edge and browse to the IP address you obtained in the previous step. Verify that Internet
Explorer displays the Welcome to nginx!

▶ Task 2: Manage deployment of a containerized application on the ACS

Kubernetes cluster
1. Scale the deployment nginx-20533d0704 by running kubectl scale command from the bash prompt in
the Cloud shell pane with the –replicas parameter set to 2.

2. Verify the outcome of scaling the deployment by running kubectl get pods command from the bash
prompt in the Cloud shell pane.

Version: D1
3. In the output of the command you ran in the previous step, verify that the number of pods increased to 2.

4. Delete the nginx-20533d0704 deployment by running kubectl delete command from the bash prompt in
the Cloud shell pane.
5. Verify that the command you ran in the previous step completed successfully by running kubectl get
deployment command from the bash prompt in the Cloud shell pane.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After you complete this exercise, you should have successfully deployed a containerized
workload to the new ACS cluster and validated its availability.
Question

What deployment methodology would you choose when deploying ACS clusters?
Question
What are the primary advantages of using ACS for deploying container clusters?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 8: Implementing Azure Cloud Services
Lab: Implementing PaaS cloud services
Scenario
You want to evaluate the capabilities of Azure Cloud Services to host A. Datum web applications. Your
development team has provided a simple cloud service project that you can use to test its functionality
in Azure. You want to show how staging and production slots can be used to simplify the deployment
of new versions of the cloud service. You also want to determine whether you can monitor the service
to get clear information on resource usage.

Objectives
At the end of this lab, you will be able to:

• Configure and deploy a cloud service to Azure.

• Deploy a cloud service for staging and enable Remote Desktop Protocol (RDP) access.

• Configure metrics and alerts to monitor the cloud service state.

Lab Setup
Estimated Time: 60 minutes

Virtual machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

Exercise 1: Deploying a cloud service

Scenario
You have been asked to test the deployment of a sample cloud service to Azure.

The main tasks for this exercise are as follows:

1. Create an Azure SQL Server Database for an Azure Cloud Service

2. Create an Azure Storage account for an Azure Cloud Service

3. Configure the service definition file

4. Deploy an Azure Cloud Service

▶ Task 1. Create an Azure SQL Server Database for an Azure Cloud Service
1. Sign in to the MIA-CL1 lab virtual machine as Student with the password Pa55w.rd

2. Start Microsoft Edge, browse to the Azure portal, and sign in with an account that is the Service
Administrator of your Azure subscription.
3. From the Azure portal, identify the region in which you can provision an Azure VM of the size
Standard_A1_v2. This will be the region you will use to provision all resources in this lab.

4. Create a new Azure SQL Database with the following settings:

• Database name: CloudServiceProdDB

• Subscription: the name of your Azure subscription

Version: D1
• Resource group: a new resource group named 20533D0801-LabRG

• Select source: Blank database

• Server: create a new server with the following settings:

– Server name: any valid, unique name

– Server admin login: Student

– Password: Pa55w.rd

– Confirm password: Pa55w.rd

– Location: the Azure region you identified in the step 3 of this task

– Allow azure services to access server: make sure that the checkbox is enabled
• Want to use SQL elastic pool?: Not now

• Pricing tier: Basic

• Collation: leave at the default value

• Pin to dashboard: leave the checkbox clear

▶ Task 2. Create an Azure Storage account for an Azure Cloud Service

1. From the Azure portal, create a new storage account with the following settings:

• Name: any unique name consisting of between 3 and 24 lower case letters or digits
• Deployment model: Resource manager

• Account kind: Storage (general purpose v1)

• Performance: Standard
• Replication: Locally-redundant storage (LRS)

• Secure transfer required: Disabled

• Subscription: the name of the Azure subscription where you created the SQL database in the previous
task
• Resource group: ensure that the Use existing option is selected and click 20533D0801-LabRG in the
drop-down list

• Location: the same location you specified in the previous task

• Virtual networks (Preview): Disabled

• Pin to dashboard: leave the checkbox unchecked

▶ Task 3: Configure the service definition file

1. Launch Visual Studio, and then open the ServiceConfiguration.Cloud.cscfg file located in
E:\LabFiles\Lab08\Starter\Production\Package folder.

2. In the file, set the Instance count attribute for the AdatumAdsWeb and AdatumAdsWorker roles to 2.

3. Switch to the Azure portal, navigate to the blade of the storage account you created earlier in this
exercise and, from its Access keys blade, copy the value of the CONNECTION STRING entry of the
Primary key.

Version: D1
4. Back in the ServiceConfiguration.Cloud.cscfg file in the Visual Studio interface, replace all values of
the StorageConnectionString attribute with the value you copied from the Azure portal.

5. In the ServiceConfiguration.Cloud.cscfg file in the Visual Studio interface, replace all values of the
Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString attribute with the value you copied
from the Azure portal.

6. Switch to the Azure portal, navigate to the blade of the Azure SQL database you created earlier in this
exercise, and, from its blade, copy the value of the ADO.NET database connection string entry.

7. In the ServiceConfiguration.Cloud.cscfg file in the Visual Studio interface, replace the value of the
AdatumAdsDbConnectionString attribute with the value you copied from the Azure portal.
8. In the database connection string you just pasted, replace {your_username} with Student.

9. In the database connection string you just pasted, replace {your_password} with Pa55w.rd.

10. Save ServiceConfiguration.Cloud.cscfg.

▶ Task 4: Deploy the Azure Cloud Service

1. From the Azure portal, create a new Azure Cloud Service with the following settings:
• DNS name: any valid, unique name

• Subscription: the name of the Azure subscription you have been using for this lab
• Resource group: ensure that the Use existing option is selected and click 20533D0801-LabRG in the
drop-down list

• Location: the same location you have been using in this lab

2. As part of the creation of the cloud service, set the production deployment name to AdatumAdsProd.
3. Upload the package AdatumAds.cspkg from E:\LabFiles\Lab08\Starter\Production\Package.

4. Upload the configuration file ServiceConfiguration.Cloud.cscfg from

E:\LabFiles\Lab08\Starter\Production\Package.

5. Wait for the deployment to complete.

Note: The deployment might take a few minutes.

Result: At the end of this exercise, you should have created a storage account and a SQL database,
edited the service configuration file, and deployed the cloud service to the production slot.

Exercise 2: Configuring deployment slots and RDP

Scenario
The development team has provided another version of the Azure Cloud Service you deployed to
Azure. You want to determine how you can use deployment slots to stage and deploy new versions of
cloud services. You will use the same configuration you used for the production service. You also want
to test Remote Desktop connectivity to individual instances of cloud service roles.

The main tasks for this exercise are as follows:

1. Perform a staged deployment of an Azure Cloud Service

2. Configure RDP access

3. Test connectivity

Version: D1
▶ Task 1: Perform a staged deployment of an Azure Cloud Service
1. From the Azure portal, add a new staging deployment to the newly created Azure Cloud Service by
uploading package and configuration files.

2. Set the staging deployment name to AdatumAdsStage.

3. Upload the package AdatumAdsCloudService.cspkg from E:\LabFiles\Lab08\Starter\Staging\Package.

4. Upload the configuration file ServiceConfiguration.Cloud.cscfg from

E:\LabFiles\Lab08\Starter\Production\Package.

5. Wait for the deployment to complete

Note: Wait for the deployment to complete. This might take a few minutes. You can monitor the
progress in the Roles and instances section of the staging blade.

▶ Task 2: Configure RDP access

1. On MIA-CLI, start Windows PowerShell as Administrator**
2. From the Windows PowerShell session, use the Add-AzureAccount cmdlet to sign in with an account
that is the Service Administrator of your Azure subscription.

3. If there are multiple subscriptions associated with your account, use the Select-AzureSubscription
cmdlet to select the target subscription.

4. Next, execute the following script (make sure to replace cloud-service-name with the name of the cloud
service you deployed earlier in this lab):
$serviceName = 'cloud-service-name'

$userName = 'Student'

$securePassword = 'Pa55w.rd1234' | ConvertTo-SecureString -AsPlainText -Force

$expirationDate = $(Get-Date).AddDays(31)

$credential = New-Object System.Management.Automation.PSCredential

$userName,$securePassword

Set-AzureServiceRemoteDesktopExtension -ServiceName $serviceName -Credential $credential -

Expiration $expirationDate -Slot Production

Set-AzureServiceRemoteDesktopExtension -ServiceName $serviceName -Credential $credential -

Expiration $expirationDate -Slot Staging

▶ Task 3: Test connectivity

1. From the Azure portal, identify the URL of the production deployment of the Azure Cloud Service you
deployed in the previous exercise.
2. Use Microsoft Edge to navigate to the URL representing the production deployment of the Azure Cloud
Service.

3. Leave the Microsoft Edge window open. You will use it later in this exercise.

Version: D1
4. From the Azure portal, identify the URL of the staging deployment of the Azure Cloud Service you
deployed in the previous exercise.

5. Navigate to the URL representing the staging deployment of the Azure Cloud Service by using Microsoft
Edge.

6. Close the Microsoft Edge tab showing the staging deployment.

7. Connect via Remote Desktop to the AdatumAdsWeb_IN_0 instance of the production deployment.

8. Close the remote desktop connection.

Result: At the end of this exercise you have performed a staging deployment of an Azure Cloud
Service, enable RDP access to an Azure Cloud Service, and connected to cloud service instances via
HTTP and via RDP.

Exercise 3: Monitoring cloud services

Scenario
You have been asked to evaluate the network traffic used by the new version of the Azure Cloud
Service that you deployed to the production environment. To accomplish this, you will start collecting
network-related monitoring metrics and configure an alert.
The main tasks for this exercise are as follows:

1. Add metrics to the Azure Cloud Service monitoring

2. Create an alert for a cloud service

3. Monitor a cloud service

4. Remove the lab environment

▶ Task 1: Add metrics to the Azure Cloud Service monitoring

1. In the Microsoft Edge window, in the Azure portal, navigate to the blade of the Production slot of the cloud
service.
2. From the production slot of the cloud service, navigate to its Metrics blade.

3. On the Metrics blade, ensure that AdatumAdsWeb appears in the Role drop down list, and scroll down
to the Network in and out chart.

▶ Task 2: Create an alert

1. In the Azure portal, add an alert to the Production slot of the cloud service with the following settings:

• Name: Network In Alert

• Description: Test network in alert

• Alert on: Metrics

• Subscription: the name of the Azure subscription you are using in this lab

• Resource group: 20533D0801-LabRG

• Resource: leave at its default value

• Metric: Network In

• Condition: greater than

Version: D1
• Threshold: 1

• Period: Over the last 5 minutes

• Email owners, contributors, and readers: enable the checkbox

• Additional administrator email(s): type the email address of the Service Administrator account of your
Azure subscription

• Webhook: leave the textbox clear

2. Generate network traffic to the production deployment by refreshing the production deployment page
displayed in Microsoft Edge, which you opened earlier in this exercise.

Note: It might take over 5 minutes before the alert is triggered.

▶ Task 3: Monitor an active cloud service

1. In the Azure portal, navigate to the Monitor blade, locate the Network In Alert entry, and identify the
value in the LAST ACTIVE column.

2. Open another Microsoft Edge tab, browse to www.hotmail.com, and sign in with the username and
password of the Microsoft Account that is the Service Administrator of your Azure subscription.

3. In the list of emails, click Microsoft Azure Alerts.

4. Inspect the details of the alert.

5. Close Microsoft Edge.

▶ Task 4: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.
5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: At the end of this exercise, you will have configured monitoring for an Azure Cloud Service
with a new metric and an alert.
Question In Exercise 2, you enabled RDP access and used the RDP client to connect to an instance
of a web role. Why would administrators want to connect to cloud service role instances via RDP?

Question You want to ensure you can identify the volume of network traffic your Azure Cloud Service
has received over the last hour. Should you configure a monitoring metric or an alert?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
The text in this document is available under the Creative Commons Attribution 3.0 License, additional
terms may apply. All other content contained in this document (including, without limitation,
trademarks, logos, images, etc.) are not included within the Creative Commons license grant. This
document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes.

Version: D1
Module 9: Implementing Azure Active Directory
Lab: Implementing Azure AD
Scenario
The IT department at A. Datum Corporation currently uses AD DS, and a range of Active Directory-
aware applications. While preparing for synchronizing its AD DS to Azure AD, A. Datum wants you to
test some of the features of Azure AD. The company wants you to control access to third-party SaaS
apps by using Azure AD users and groups. A. Datum also wants you to configure SSO to these apps
and protect them by using Multi-Factor Authentication.

In addition to these tasks, A. Datum wants you to evaluate some of the advanced features Azure AD
Premium offers. It also wants you join a Windows 10-based computer to an Azure AD tenant to
prepare for implementing this configuration on all the Windows 10-based computers in the Research
department.

Objectives
After completing this lab, you will be able to:
• Administer Azure AD.

• Configure SSO for Azure AD gallery applications.

• Configure multi-factor authentication for administrators.
• Use the advanced features offered by Azure AD Premium.

• Configure SSO from a Windows 10-based computer that is joined to Azure AD.

Lab Setup
Estimated Time: 60 minutes

Virtual Machine: 20533D-MIA-CL1

Username: Student

Password: Pa55w.rd

Before you start this lab, ensure that you complete the tasks in the Preparing the environment
demonstration, which is in the first lesson of this module. Also ensure that the setup script is complete.

Exercise 1: Administering Active AD

Scenario
You want to test the functionality of Azure AD by first creating a new Azure AD tenant and enabling the
Premium functionality. You then want to create some pilot users and groups in Azure AD. You plan to
use the Azure portal interface and Microsoft Azure Active Directory Module for Windows PowerShell.

The main tasks for this exercise are as follows:

1. Create directories

2. Activate Azure AD Premium trial

3. Manage users by using the Azure portal

4. Manage groups by using the Azure portal

5. Manage users and groups by using Azure PowerShell

Version: D1
▶ Task 1: Create directories
1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge, browse to the Azure portal at http://portal.azure.com and then, when prompted, and
then sign in using the Microsoft account that is the Service Administrator of your subscription.
3. Add a directory by using the following settings:

• Organization name: Adatum

• Initial domain name: a unique, valid name

• Country or region: United States

4. Leave Microsoft Edge open and wait until the Azure Active Directory tentant is provisioned. Note the
unique name you specified, since you will need it later in this task.

▶ Task 2: Activate Azure AD Premium trial

1. In the Azure portal, navigate to the Adatum directory.
2. Activate the Azure AD Premium trial.

▶ Task 3: Manage users by using the Azure portal

1. Create a user in the Adatum directory with the following settings:
• Name: Remi Desforges

• User name: rdesforges@_domain-name_.onmicrosoft.com where domain-name is the name you

assigned to the Azure Active Directory tenant in the first task of this exercise
• First Name: Remi
• Last Name: Desforges

2. Note the new password.

3. Create another user in the Adatum directory with the following settings:
• Name: Karen Gruber

• User name: kgruber@_domain-name_.onmicrosoft.com where domain-name is the name you

assigned to the Azure Active Directory tenant in the first task of this exercise

• First Name: Karen

• Last Name: Gruber

• Directory role: Global administrator

4. Note the new password.

5. Open an InPrivate Microsoft Edge window, navigate to the Azure portal, sign in as Remi Desforges, when
prompted, change the password to a new value and then sign-out and close the InPrivate Microsoft Edge
window. Take a note of the new password.

6. Open an InPrivate Microsoft Edge window, navigate to the Azure portal, sign in as Karen Gruber, when
prompted, change the password to a new value and then sign-out and close the InPrivate Microsoft Edge
window. Take a note of the new password.

7. Note the message stating No subscription found. Click SIGN OUT and close the in-private session of
Microsoft Edge.

Version: D1
▶ Task 4: Manage groups by using the Azure portal
1. From the Azure portal, assign an Azure Active Directory Premium P2 license to your user account in the
Adatum Azure AD.

2. From the Azure portal, enable self-service group management and allow users to create security groups.
3. Create the following group in the Adatum directory:

• Name: Sales

• Description: Sales employees

• Membership type: Assigned

• Enable Office features?: No

5. Add Remi Desforges to the Sales group.

6. Create the following group in the Adatum directory:

• Name: Marketing

• Description: Marketing employees

• Membership type: Assigned

• Enable Office features?: No

7. Add Karen Gruber to the Marketing group.

8. Create the following group in the Adatum directory:

• Name: Sales and Marketing

• Description: Sales and Marketing employees

• Membership type: Assigned

• Enable Office features?: No

9. Add the Sales and Marketing groups to the Sales and Marketing group.

▶ Task 5: Manage users and groups by using Azure PowerShell

1. Start Windows PowerShell ISE as an administrator.
2. Open E:\Labfiles\Lab09\Starter\Set-20553D0901Lab.ps1.

3. In the PowerShell ISE, in the command prompt pane, enter the following command, and then press
Enter:
Connect-MsolService

4. When prompted, sign in as Karen Gruber.

5. In the PowerShell ISE, in the script pane, locate the following code:
New-MsolUser -UserPrincipalName mledford@<#Copy your Azure Directory domain name
here#>.onmicrosoft.com -DisplayName "Mario Ledford" -FirstName "Mario" -LastName "Ledford" -
Password 'Pa55w.rd123' -ForceChangePassword $false -UsageLocation "US"
6. Replace <#Copy your Azure Directory domain name here#> with the unique name you used to specify
the DNS domain name of the Adatum Azure AD tenant. In the Windows PowerShell ISE, in the script

Version: D1
pane, select the code that you just edited. On the toolbar, click the Run Selection button and wait for the
script to complete.

7. In the PowerShell ISE, in the command prompt pane, run the following command to list all the users:
Get-MsolUser

8. Create a new group by running the following command:

New-MsolGroup -DisplayName "Azure team" -Description "Adatum Azure team users"

9. In the PowerShell ISE, in the command prompt pane, enter the following command, and then press Enter
to list all the groups:

Get-MsolGroup
10. In the PowerShell ISE, in the script pane, locate the following code, and then select it:

$group = Get-MsolGroup | Where-Object {$_.DisplayName -eq "Azure team"}

11. On the toolbar, click the Run Selection button and wait for the script to complete.
12. In the PowerShell ISE, in the Script pane, locate the following code and select it:

$user = Get-MsolUser | Where-Object {$_.DisplayName -eq "Mario Ledford"}

13. On the toolbar, click the Run Selection button, and wait for the script to complete.

14. In the PowerShell ISE, in the Script pane, locate the following code and select it:
Add-MsolGroupMember -GroupObjectId $group.ObjectId -GroupMemberType "User" -
GroupMemberObjectId $user.ObjectId

15. On the toolbar, click the Run Selection button, and wait for the script to complete.
16. In the PowerShell ISE, in the script pane, locate the following code and select it:

Get-MsolGroupMember -GroupObjectId $group.ObjectId

17. On the toolbar, click the Run Selection button, and wait for the script to complete.

18. Switch to Microsoft Edge displaying the Azure portal.

19. From the adatum blade, verify that Mario Ledford appears in the list of users.
20. From the adatum blade, verify that Azure team appears in the list of groups.

Result: After completing this exercise, you should have created some pilot users and groups in Azure
AD by using the Azure portal and Microsoft Azure Active Directory Module for Windows PowerShell.
You will also enable the Azure AD Premium functionality.

Exercise 2: Configuring Application SSO

Scenario
Because A. Datum is planning to deploy cloud-based applications, and requires users to use SSO for
these applications, you now want to install and configure a test application, and then validate the SSO
experience.

The main tasks for this exercise are as follows:

1. Add directory applications and configure SSO

2. Test SSO

Version: D1
▶ Task 1: Add directory applications and configure SSO
1. In the Adatum directory, add the Microsoft Account (Windows Live) application from the gallery:

2. Configure single sign-on for the application with the Pasword-based Sign-on setting.

3. Assign the application to Mario Ledford.

4. Select the option that allows you to enter the Microsoft account credentials on behalf of the user.

5. In the Email Address box, type the name of your Microsoft account you are using for this lab. In the
Password box, type the corresponding password, and then click the check mark.
6. In the Adatum directory, add the Skype application from the gallery:

7. Configure single sign-on for the application with the Pasword-based Sign-on setting.

8. Assign the application to Mario Ledford

▶ Task 2: Test SSO

1. Open an Microsoft Edge window and browse to https://myapps.microsoft.com. When prompted, sign in by
using specify the full user name (including the @_domain name_.onmicrosoft.com suffix) of the Mario
Ledford’s account and the corresponding password Pa55w.rd.
2. On the applications page, click the ellipsis next to Skype. Note the option to update the credentials.

3. On the applications page, click the ellipsis next to Microsoft Account. Note that there is no option to
update the credentials.
4. Click Skype and, when prompted, install the Access Panel Extension with the default settings and enable
the extension once the installation completes.

5. Restart Microsoft Edge and browse to https://myapps.microsoft.com. When prompted, sign in as Mario
Ledford.

6. From the Application Access Panel, start Skype. Note that you are now prompted for credentials,
because you did not enter any credentials on behalf of the user when configuring SSO.
7. Click Cancel in the Skype dialog box.

8. Sign out from the Application Access Panel and close Microsoft Edge.

Result: After completing this exercise, you should have installed and configured a test application and
validated the SSO experience.

Exercise 3: Configuring Multi-Factor Authentication

Scenario
Because A. Datum requires applications to use Multi-Factor Authentication, you now want to configure
and test Multi-Factor Authentication for Global Administrators.

The main tasks for this exercise are as follows:

1. Configure Multi-Factor Authentication

2. Test Multi-Factor Authentication

▶ Task 1: Configure Multi-Factor Authentication

1. Start Internet Explorer and sign in to the Azure portal by using the Microsoft account that is the Service
Administrator of your subscription.

Version: D1
2. Enable Multi-Factor Authentication for the Adatum Azure AD user account of Karen Gruber.

3. Close Microsoft Edge.

▶ Task 2: Test Multi-Factor Authentication

1. Open Microsoft Edge, browse to https://myapps.microsoft.com, and sign in as Karen Gruber. You will
be presented with the message stating Your admin has required that you set up this account for
additional security verification.

2. Click Set it up now.

3. On the Additional security verification page, in the first drop-down list, select Authentication phone.
Enter your phone number and select the option Call me.

4. Close Microsoft Edge

Result: After completing this exercise, you should have configured Multi-Factor Authentication for a
Global Admin account.

Exercise 4: Configuring SSO from a Windows 10-based computer that is joined to

Azure AD
Scenario
A. Datum has an increasing demand to provide its remote and mobile users, who are using Windows
10-based devices, with secure access to the cloud resources. The company wants to join Windows 10
devices to Azure AD and simplify access to cloud resources by enabling SSO. Before they can
implement this, you want to test this functionality by joining a WindowsÂ 10-based computer to Azure
AD.

The main tasks for this exercise are as follows:

1. Join a Windows 10-based computer to Azure AD

2. Authenticate to Azure from a Windows 10 Azure-joined computer

3. Remove the lab environment

▶ Task 1: Join a Windows 10-based computer to Azure AD

1. Start Microsoft Edge and sign in to the Azure portal by using your Azure subscription.

2. Verify that the Adatum directory allows all users to join their devices to Azure AD.

3. On MIA-CL1, click Settings, click Accounts, and then join MIA-CL1 into Azure AD by using the Adatum
Azure AD credentials of Karen Gruber.

4. In the Azure portal, verify that MIA-CL1 is shown on the Devices blade of the Karen Gruber user
account.

5. Restart MIA-CL1.

▶ Task 2: Authenticate to Azure from a Windows 10 Azure-joined computer

1. Sign in to MIA-CL1 by using the Karen Gruber’s Adatum Azure AD account and the password you set for
this account in exercise 1.

2. Accept the incoming call and press # key on your phone to complete verification.

3. Set up a PIN.

Version: D1
4. Start Microsoft Edge and browse to the Azure portal.

5. Verify that you are automatically signed in as Karen Gruber by using SSO.

6. Sign out from MIA-CL1

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have joined the MIA-CL1 computer to Azure AD and
tested the SSO access to the resources in the cloud.

Question What is the major benefit of joining Windows 10-based devices to Azure AD?
Question What is the requirement for Delegated Group Management in Azure AD?
©2016 Microsoft Corporation. All rights reserved.

Version: D1
Module 10: Managing an Active Directory infrastructure in
a hybrid environment
Lab: Implementing and managing Azure AD
synchronization
Scenario
A. Datum Corporation users currently rely on Active Directory to authenticate when accessing on-
premises applications. While evaluating Azure Active Directory for A. Datum, you need to explore the
possiblity of using existing Active Directory users and groups to authenticate access to resources in
Azure, including third-party Software as a service (SaaS) applications. You need to verify changes to
Active Directory user and group accounts can automatically replicate to Azure AD.

Objectives
After completing this lab, you will be able to:
• Configure directory synchronization.

• Synchronize on-premises Active Directory with Azure Active Directory.

Lab Setup
Estimated Time: 60 minutes

Virtual machine: 20533D-MIA-CL1

User name: Student

Password: Pa55w.rd

Exercise 1: Configuring directory synchronization

Scenario
A. Datum plans to implement directory integration. To test the planned implementation, you need to
deploy and configure Azure AD Connect to synchronize your test Active Directory domain with a test
Azure AD tenant. Since you are not in the position at this point to verify a custom DNS domain, you will
be using the default DNS name of the test Azure AD domain.

The main tasks for this exercise are as follows:

1. Sign in to the Azure VM hosting an Active Directory domain controller and create test Active Directory
objects.

2. Create a new Azure AD tenant and a Global Admin account

3. Install Azure AD Connect with custom settings

▶ Task 1: Sign in to the Azure VM hosting an Active Directory domain controller

and create test Active Directory objects.
1. Sign in to MIA-CL1 as Student with the password Pa55w.rd.

2. Open the file E:\Labfiles\Lab10\Starter\Set-20533D1001Lab.ps1 in Notepad and copy all lines to

Clipboard.
3. In the Microsoft Edge window, navigate to the Azure portal and, when prompted, sign in by using the
Microsoft account that is the Service Administrator of your Azure subscription.

Version: D1
4. If necessary, in the Azure portal, switch to the Default Directory.

5. Initiate a Remote Desktop Protocol (RDP) session to 20533D1001-vm1, and then sign in as
ADATUM\Student with the password Pa55w.rd1234.
6. In the Remote Desktop session, start Windows PowerShell ISE as administrator, paste the content of
Clipboard into the script pane and run the pasted commands.

7. From the Windows PowerShell ISE window, run the Get-ADUser cmdlet to verify that the list of Active
Directory user accounts includes Beverly Beach in the AccountsToSync organizational unit and
Darwin Shivers in the AccountsNotToSync organizational unit.

8. Close the Administrator: Windows PowerShell ISE window.

▶ Task 2: Create a new Azure AD tenant and a Global Admin account

1. Within the Remote Desktop session, from Server Manager, disable Microsoft Edge Enhanced Security
Configuration for administrators and users.

2. Open Microsoft Edge and navigate to the Azure portal.

3. From the Azure portal, create a new Azure AD tenant with the following settings:
• Organization name: AdatumSync

• Initial domain name: a unique, valid name

• Country or region: United States

4. Refresh the Microsoft Edge window, in the Azure portal, switch to the newly created Azure AD tenant,
and create a new Global Admin user with the following settings:

• Name: SyncAdmin
• User name: syncadmin@_domain name_.onmicrosoft.com where domain name is the unique name
you assigned to the AdatumSync Azure AD tenant earlier in this task
• First name: Sync

• Last name: Admin

• Directory role: Global administrator

• Show Password: enabled

5. Take the note of the autogenerated temporary password.

6. Open an Internet Explorer InPrivate Browsing session, sign in to the Azure portal as SyncAdmin, and
change the password to a new value. Take a note of the new value.

7. Sign out as SyncAdmin and close the InPrivate Microsoft Edge session.

▶ Task 3: Install Azure AD Connect with custom settings

1. From the Remote Desktop session to 20533D1001-vm1, switch to the Internet Explorer. Download Azure
AD Connect from https://www.microsoft.com/en-us/download/details.aspx?id=47594 to the Downloads
folder.

2. Install the Azure AD Connect tool, select custom settings, and then ensure that Password
Synchronization is selected.
3. Set the credentials for Azure AD tenant AdatumSync to the SyncAdmin Global Administrator account.

Version: D1
4. Set the AD forest account to ADATUM\Student with the password Pa55w.rd1234.

5. On the Domain and OU filtering page, limit synchronization to the AccountsToSync organization unit
only.
6. Accept the default values in the remaining wizard pages, and then start the synchronization process.
Close the wizard once the configuration is completed. > Note: You might need to wait a few minutes for
the initial synchronization to complete.

7. In the Azure portal, on the AdatumSync blade, navigate to the All Users blade of the AdatumSync
Azure AD tenantn and confirm that the list of users includes Beverly Beach from the AccountsToSync
OU but does not include Darwin Shivers from the AccountsNotToSync OU.
Result: After completing this exercise, you should have installed and configured Azure AD Connect,
and have performed initial synchronization.

Exercise 2: Managing synchonization

Scenario
A. Datum wants to test Azure AD synchronization by changing a few attributes of a user account and
then performing manual synchronization.
The main tasks for this exercise are as follows:

1. Modify attributes of an Active Directory user and Initiate manual synchronization

2. Remove the lab environment

▶ Task 1: Modify attributes of an Active Directory user and initiate delta

synchronization
1. On 20533D1001-vm1, start Windows PowerShell ISE as Administrator.
2. From the Windows PowerShell ISE console, check the value of the Title and Department attributes of
the user bbeach by using the Get-ADUser cmdlet.

3. From the Windows PowerShell ISE console, use the Set-ADUser cmdlet to set the value of the Title and
Department attributes of the user bbeach to VP and Marketing, respectively.

4. From the Windows PowerShell ISE console, import the module C:\Program Files\Microsoft AZure AD
Sync\Bin\ADSync\ADSync.psd1" and check the current synchronization settings by running the Get-
ADSyncScheduler cmdlet.

5. From the Windows PowerShell ISE console, start delta synchronization by running Start-
ADSyncSyncCycle -PolicyType Delta.

6. From the the Users and groups - All Users blade in the Azure portal, verify that the changes that you
made to the user accounts have been synchronized to Azure AD. If you do not see any changes, wait for
a few minutes, and then refresh the page.
7. Close the 20533D1001-vm1 Remote Desktop session.

▶ Task 2: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

Version: D1
3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.
5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Result: After completing this exercise, you should have changed attributes on a user account, and
then forced synchronization.

Question How do you configure organizational unit (OU)-level filtering for directory synchronization?
Question When do you use Azure AD Connect custom setup?

©2016 Microsoft Corporation. All rights reserved.

The text in this document is available under the Creative Commons Attribution 3.0 License, additional
terms may apply. All other content contained in this document (including, without limitation,
trademarks, logos, images, etc.) are not included within the Creative Commons license grant. This
document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes.
This document is provided “as-is.” Information and views expressed in this document, including URL
and other Internet Web site references, may change without notice. You bear the risk of using it. Some
examples are for illustration only and are fictitious. No real association is intended or inferred.
Microsoft makes no warranties, express or implied, with respect to the information provided here.

Version: D1
Module 11: Implementing Azure-based management and
automation
Lab: Implementing Automation
Scenario
A. Datum Corporation wishes to minimize administrative overhead as much as possible, especially for
tasks such as deploying and deprovisioning VMs. For this reason, as part of A. Datum’s evaluation of
Microsoft Azure, you have been asked to test the new Azure Automation features and, as part of your
tests, manage Azure VMs by using runbook automation.

Objectives
After completing this lab, you will be able to:

• Configure Automation accounts.

• Create runbooks.

Lab Setup
Estimated Time: 40 minutes

Virtual Machine: 20533D-MIA-CL1

User Name: Student

Password: Pa55w.rd

Before starting this lab, ensure that you have performed the “Preparing the Azure environment”
demonstration tasks at the beginning of the first lesson in this module and that the Setup-Azure script
has completed.

Exercise 1: Configuring Automation accounts

Scenario
Administrators at A. Datum Corporation spend considerable time managing Azure VMs. You want to
increase administrator productivity by using Automation to execute such tasks as shuttting down Azure
VMs at the end of the day.

The main tasks for this exercise are as follows:

1. Create an Automation account

2. Create and review Automation assets

▶ Task 1: Create an Automation account

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd, and that the setup
script you ran in the previous demonstration to prepare the environment has completed.

2. Start Microsoft Edge and sign in to the Azure portal by using the Microsoft account that is the Service
Administrator of your Azure subscription. If necessary, in the Azure portal, switch to the Default Directory.

3. From the Virtual machines blade, note that 20533D1101-vm0 and 20533D1101-vm1 virtual machines
are currently running.
4. Create a new Azure Automation account with the following settings:

Version: D1
• Name: AutomationAccount-20533D11

• Subscription: the name of your Azure subscription

• Resource group: ensure that the Create new option is selected and type 20533D1102-LabRG in the text
box

• Location: the same Azure region that you chose when running Add-20533DEnvironment script at the
beginning of this module or, if not available, another region close to it

• Create Azure Run As account: Yes

5. Wait for the Automation account to be provisioned. This should take less than a minute.

▶ Task 2: Create and review Automation assets

1. In the Azure portal, from the LabAutomationAccount blade, create the following Azure Automation non-
encrypted string variables

• Name: VM0

• Description: the first VM

• Type: String
• Value: 20533D1101-vm0

• Encrypted: No

• Name: VM1
• Description: the second VM

• Type: String

• Value: 20533D1101-vm1
• Encrypted: No

• Name: ResourceGroup

• Description: VM resource group

• Type: String

• Value: 20533D1101-LabRG
• Encrypted: No

2. In the same Automation account, create the following Schedule asset:

• Name: EndOfDay

• Description: End of day

• Starts: tomorrow’s date at 6:00:00 PM with the time zone of the Azure region containing the Automation
account

• Recurrence: Recurring

• Recur every: 1 Day

• Set expiration: No

Version: D1
3. In the list of assets, note two precreated connections AzureClassicRunAsConnection and
AzureRunAsConnection. They were created automatically during provisioning of the Automation
account since you selected the option to create the Azure Run As account.

Result: After completing this exercise, you should have configured a new Azure Automation account,
created Automation variable assets and Automation schedule asset, and reviewed the precreated
Azure Automation connection assets

Exercise 2: Creating and executing runbooks

Scenario
As part of your tests of the new Azure Automation features, you will now deploy Azure virtual machines
by using an Automation runbook.

The main tasks for this exercise are as follows:

1. Import a runbook

2. Publish and execute a runbook

3. Remove the lab environment

▶ Task 1: Import a runbook

1. From the Azure portal, import the PowerShell workflow script E:\Labfiles\Lab11\Starter\Stop-
20533D1101VMs.ps1 into your Automation account.
2. Review the content of the runbook.

▶ Task 2: Publish and execute a runbook

1. Publish the Stop-AzureVMs-Workflow runbook.
2. Start the newly published runbook.

3. View the progress of the runbook execution. Wait until the job completes.

4. From the Azure portal, verify that the of 20533D1101-vm0 and 20533D1101-vm1 virtual machines have
been stopped.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. Start Windows PowerShell as Administrator and, from the Administrator: Windows PowerShell
window, run Remove-20533DEnvironment.

3. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

4. If you have multiple Azure subscriptions, select the one you want the script to target.

5. If prompted, specify the current lab number.

6. When prompted for confirmation, type y.

7. Start Microsoft Edge, browse to the Azure portal, and sign in by using the Microsoft account that is the
Service Administrator of your Azure subscription.

8. In the Azure portal, reset the dashboard to the default state.

9. Close all open windows.

Version: D1
Result: After completing this exercise, you should have imported, published, and executed a
PowerShell workflow-based runbook that deploys two virtual machines in parallel.

Question What mechanism did you use to authenticate when accessing the Azure subscription when
running the Azure Automation runbook in the lab?

Question What should you consider when testing the execution of an Automation runbook?

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Lab Answer Key: Module 1: Introduction to Microsoft
Azure
Lab: Managing Microsoft Azure
Exercise 1: Using the Azure portals

▶ Task 1: Use the Azure portal

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge, browse to https://portal.azure.com, and sign in by using the Microsoft account that
is the Service Administrator of your Azure subscription.
3. On the Dashboard page, at the top of the screen, click Edit dashboard.

4. On the Dashboard page, right-click the All resources tile, and then click 6x4.
5. On the Dashboard page, move down the Service health tile and the Marketplace tile such that their top
edge aligns with the bottom edge of the Quickstart tutorials tile.

6. Move the Quickstart tutorials tile such that its left edge aligns with the right edge of the All resources
tile and click Done customizing.

7. Review the results, then click Edit dashboard again.

8. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
9. Click Done customizing.

10. On the Dashboard page, in the hub menu, click More services, and then, in the service menu, click the
star beside Virtual machine scale sets. Close the service menu and verify that the Virtual machine
scale sets entry appears at the bottom of the hub menu. Leave the Microsoft Edge window open.

▶ Task 2: Use the Azure account portal

1. Start Microsoft Edge and browse to https://account.windowsazure.com
2. On the Account page, click SIGN IN and, if prompted, sign in by using the Microsoft account that is the
Account Administrator of your Azure subscription.

3. On the Account portal page, on the subscriptions tab, click the name of your subscription.
4. On the summary page, review the billing summary for your subscription on the page.
5. On the summary page, on the right side of the screen, click Download usage details.

6. Click Download Usage and then click Version 2 - Preview.

7. In Microsoft Edge, when prompted whether to open or save the .csv file, click Save and then click Open.
8. When prompted How do you want to open this file?, click Notepad, uncheck the checkbox Always
use this app to open .csv files, and then click OK.

9. View the contents of the file in Notepad. Note that this is intended to simply review its content – typically
to analyze it in more details, you would use Microsoft Excel or other program capable of parsing csv files.
The file might not include any data at this point if you have not yet deployed any resources into your
subscription.

10. Close Notepad.

Version: D1
11. Close Microsoft Edge.

Result: After completing this exercise, you should have used the Azure portals.

Exercise 2: Using the Azure Resource Manager features in the Azure portal

▶ Task 1: Create and manage a resource group

1. Switch back to the Microsoft Edge window displaying the Azure portal at https://portal.azure.com.

2. In the Azure portal, in the hub menu, click Resource groups.

3. On the Resource groups blade, click Add.

4. On the Resource groups blade, type the following values, and then click Create:

• Resource group name: 20533D0101-LabRG

• Subscription: the name of your Azure subscription

• Resource group location: the Azure region closest to the lab location

▶ Task 2: Create Azure resources

1. In the Azure portal, click + Create resource, click Networking, and then click Route table.

2. On the Route table blade, specify the following settings and click Create:
• Name: 20533D0101-rt

• Subscription: the same Azure subscription in which you created the resource group

• Resource group name: click Use existing and select 20533D0101-LabRG from the drop-down list
• Resource group location: the same Azure region in which you created the resource group

▶ Task 3: Configure tagging

1. In the Azure portal, on the hub menu, click Resource groups.

2. On the Resource groups blade, click 20533D0101-LabRG, and then, on the resource group blade, click
Tags.

3. On the 20533D0101-LabRG - Tags blade, in the Name box, type project, and then in the Value box,
type test. Click Save.

4. Click Overview and, in the list of resources, click the Route table resource you created in the previous
task.

5. On the 20533D0101-rt blade, click Tags.

6. On the 20533D0101-rt - Tags blade, in the Name text box, select project from the drop-down list, and
then in the Value drop-down list, select test. Click Save.

7. In the hub menu, click All services and, in the service menu, click Tags

8. On the Tags blade, click project : test. This will display the project : test blade showing both the
resource group and the route table resource you created.

9. click the pin icon in the upper right corner of the project : test blade.

10. In the Azure portal, in the upper left corner, click Microsoft Azure to display Dashboard.

11. On the Dashboard, click the project : test tile. View again the resources associated with this tag.

Version: D1
▶ Task 4: Configure RBAC
1. In the Azure portal, in the hub menu, click the Resource groups entry in the hub menu.

2. On the Resource group blade, click 20533D0101-LabRG.

3. On the 20533D0101-LabRG resource group blade, click Access control (IAM).

4. On the access control (IAM) blade of the resource group, click Add.

5. On the Add permissions blade, in the Role drop-down list, click Contributor.

6. On the Add permissions blade, in the Select text box, type a valid Microsoft account name, click the
entry representing that account appearing underneath the text box, and click Save. You might have to
click Refresh to view the effet of the assignment of the role.

Result: After completing this exercise, you should have used the Azure Resource Manager features in
the Azure portal.

Exercise 3: Using Azure PowerShell

▶ Task 1: Connect to your Azure subscription by using Azure PowerShell

1. On MIA-CL1, right-click the Windows PowerShell icon and then click Run ISE as Administrator. When
prompted by User Account Control for confirmation, click Yes.
2. In the Windows PowerShell Integrated Scripting Environment (ISE), in the console pane, type the
following cmdlet and then press Enter:

Add-AzureRmAccount
3. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

4. In the Windows PowerShell ISE window, in the console pane, type the following cmdlet and then press
Enter:

Get-AzureRmSubscription

5. In the Windows PowerShell ISE window, in the console pane, type the following cmdlet and then press
Enter:

Get-AzureRmResourceProvider
6. Examine the output, including Azure resource providers, resource types, and the Azure regions where
these resources are available.

▶ Task 2: Manage Azure resources and resource groups by using Azure

PowerShell
1. In the Windows PowerShell ISE window, open the E:\Labfiles\Lab01\Starter\Set-20533D0101Lab.ps1
file.
2. In the # Variables section, note the values of predefined variables. They need to match the names of
resource and the resource group you created in the previous exercise.

3. Under the line that states # Identify the location of the resource group containing the resource, type
the following:

$locName = (Get-AzureRmResourceGroup -Name $rg1Name).Location

4. Select all of code in the file, including the line you just typed, right-click it, and then click Run selection.

Version: D1
5. Under the line that states # Create a new resource group in the same location, type the following:

$rg2 = New-AzureRmResourceGroup -Name $rg2Name -Location $locName

6. Select the line you just typed, right-click it, and then click Run selection.

7. Under the line that states # Retrieve an object representing the resource and store it in a variable,
type the following:

$res = Get-AzureRmResource -ResourceName $resName -ResourceGroupName $rg1Name

8. Select the line you just typed, right-click it, and then click Run selection.
9. Under the line that states # Move the resource to the new resource group, type the following:

Move-AzureRmResource -DestinationResourceGroupName $rg2Name -ResourceId $res.ResourceId

10. Select the line you just typed, right-click it, and then click Run selection. When prompted to confirm, click
Yes. Wait until the move operation completes.

11. Under the line that states # View resources in the new resource group, type the following:
Get-AzureRmResource | Where-Object ResourceGroupName -eq $rg2Name
12. Select the line you just typed, right-click it, and then click Run selection. Verify that the route table was
moved to the new resource group.
Result: After completing this exercise, you should have used Azure PowerShell to manage Azure
resources and resource groups.

Exercise 4: Using Azure CLI

▶ Task 1: Connect to your Azure subscription by using Azure CLI

1. On MIA-CL1, click Start, in the Start menu, expand the Windows System folder, right-click Command
Prompt, click More, and click Run as administrator. When prompted by User Account Control for
confirmation, click Yes.
2. From Administrator: Command Prompt, type the following command and then press Enter:

az login

3. You will be presented with the message instructing you to open a browser at the page
https://aka.ms/devicelogin and provide the code included in the message to authenicate. Start Microsoft
Edge and browse to https://aka.ms/devicelogin.

4. On the Device Login page, type the code included in the message. This will identify Microsoft Azure
Cross-platform Command Line Interface as the application publisher. Click Continue.

5. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.
6. Note the message stating that you have signed in to the Microsoft Azure Cross-platform Command Line
Interface application on your device. Close the Microsoft Edge window.

7. From Administrator: Command Prompt, type the following command and then press Enter:

az account show
8. Take note of the value of the id parameter, representing your Azure subscription ID. You will need it in
the next task.

Version: D1
9. From Administrator: Command Prompt, type the following command and then press Enter:

az provider list

10. Examine the output, including Azure resource providers, resource types, and the Azure regions where
these resources are available.

▶ Task 2: Manage Azure resources and resource groups by using Azure CLI
1. From Administrator: Command Prompt, type the following command and then press Enter:

az group show --name 20533D0101-LabRG

2. From Administrator: Command Prompt, type the following command and then press Enter:

az resource list --resource-group 20533D0102-LabRG

3. In the output of the previous command, at Administrator: Command Prompt, note the value of the id
property of the 20533D0101-rt. You will use this value in the next command.
4. From Administrator: Command Prompt, type the following command (replace guid with ID of your
Azure subscrption) and then press Enter:
az resource move --ids "/subscriptions/{guid}/resourceGroups/20533D0102-
LabRG/providers/Microsoft.Network/routeTables/20533D0101-rt" --destination-group "20533D0101-
LabRG"
5. Wait for the operation to complete.
6. From Administrator: Command Prompt, type the following command and then press Enter:

az resource list --resource-group 20533D0101-LabRG

7. Verify that the route table was moved back to the original resource group.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y. Wait for the script to complete.

8. Start Microsoft Edge, browse to the Azure portal at https://portal.azure.com, and sign in by using the
Microsoft account that is the Service Administrator of your Azure subscription.
9. In the Azure portal, click Edit dashboard.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

Version: D1
12. Close all open windows.

Result: After completing this exercise, you should have used Azure CLI to manage Azure resources
and resource groups.
©2016 Microsoft Corporation. All rights reserved.

Version: D1
Lab Answer Key: Module 2: Implementing and managing
Azure networking
Lab A: Using a deployment template, Azure PowerShell,
and Azure CLI to implement Azure virtual networks
Exercise 1: Creating an Azure virtual network by using a deployment template

▶ Task 1: Review a GitHub Azure quickstart template

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge and browse to the Virtual Network with two Subnets Github-hosted Azure
quickstart template at http://aka.ms/Mt32e4.
3. In Microsoft Edge, on the Virtual Network with two Subnets page, click Deploy to Azure.

4. If prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.
5. In the Azure portal, on the Create a Virtual Network with two Subnets blade, click Edit template.
6. Review the structure of the JavaScript Object Notation (JSON) file. Examine the placeholders for values
that can be edited during the deployment. This template contains the following parameters: vnetName,
vnetAddressPrefix, subnet1Prefix, subnet1Name, subnet2Prefix, and subnet2Name.
7. Review the content of the Resources section to identify type of the resource, its name, and properties.

8. Click Discard to close the Edit Template blade.

Note: If the template fails to load into the Azure portal, navigate to the following URL:
http://aka.ms/Fpqovq. Then, select and copy all text on the page. Paste the copied text into the Edit
template blade, then perform steps 4 and 5 to review the template and close the Edit Template blade
without making any changes.

▶ Task 2: Perform the deployment from the Azure portal

1. On the Create a Virtual Network with two Subnets blade, specify the following settings and then click
Purchase.
• Subscription: select the name of your subscription in the drop down list

• Resource group: ensure that Create new option is selected and type 20533D0203-LabRG in the text box
below

• Location: in the drop-down list, select an Azure region close to the location of the lab environment

• Vnet Name: 20533D0203-vnet

• Vnet Address Prefix: 10.10.0.0/16

• Subnet1Prefix: 10.10.0.0/24

• Subnet1Name: Subnet1

• Subnet2Prefix: 10.10.1.0/24

• Subnet2Name: Subnet2

• I agree to the terms and conditions stated above: enabled

Version: D1
2. Verify that provisioning of the new virtual network with name 20533D0203-vnet completed successfully.

Result: After completing this exercise, you should have created virtual networks by using an Azure
Resource Manager deployment template

Exercise 2: Creating a virtual network by using PowerShell

▶ Task 1: Create a virtual network by using PowerShell

1. On MIA-CL1, right-click the Windows PowerShell icon and then click Run ISE as Administrator. When
prompted by User Account Control for confirmation, click Yes.

2. In the Windows PowerShell Integrated Scripting Environment (ISE), in the console pane, type the
following cmdlet and then press Enter:

Add-AzureRmAccount

3. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

4. If you have multiple subscriptions associated with your Microsoft account, to identify the subscription in
which you are going to create a virtual network, type the following command, and then press Enter:
Get-AzureRmSubscription

5. Note the value of the Id property for each subscription in the output of the previous command. To specify
the subscription in which you are going to create a virtual network, type the following commands, and
then press Enter (replace SubscriptionId with the actual SubscriptionId property of that subscription):

Set-AzureRmContext -SubscriptionId 'SubscriptionId'

6. To create a new resource group, type the following command, and then press Enter (replace
AzureRegion with the name of the same Azure region you chose in the previous exercise):

$rg = New-AzureRMResourceGroup -Name '20533D0204-LabRG' -Location 'AzureRegion'

7. To create a new virtual network named 20533D0204-vnet with the address space 10.11.0.0/16 and store
a reference to it in the $vnet variable, type the following command, and then press Enter:

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $rg.ResourceGroupName -Name

'20533D0204-vnet' -AddressPrefix '10.11.0.0/16' -Location $rg.Location

8. To add a subnet to the new virtual network, type the following command, and then press Enter:

Add-AzureRmVirtualNetworkSubnetConfig -Name 'Subnet1' -VirtualNetwork $vnet -AddressPrefix

'10.11.0.0/24'

9. To update the configuration in the virtual network, type the following command, and then press Enter:

Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

Result: After completing this exercise, you should have created a virtual network by using Azure
PowerShell.

Exercise 3: Creating a virtual network by using Azure CLI

▶ Task 1: Creating a virtual network by using Azure CLI

Version: D1
2. From Administrator: Command Prompt, type the following command and then press Enter:

az login

4. On the Device Login page, type the code included in the message. This will identify Microsoft Azure
Cross-platform Command Line Interface as the application publisher. Click Continue.

5. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

6. Note the message stating that you have signed in to the Microsoft Azure Cross-platform Command Line
Interface application on your device. Close the Microsoft Edge window.

7. If you have multiple subscriptions associated with your Microsoft account, to identify the subscription in
which you are going to create a virtual network, type the following command, and then press Enter:

az account show

8. Note the value of the ‘id’ property for each subscription in the output of the previous command. To specify
the subscription in which you are going to create a virtual network, type the following commands, and
then press Enter (replace SubscriptionId with the actual SubscriptionId property of that subscription):

az account set --subscription "SubscriptionId"

9. To create a new resource group, type the following command, and then press Enter (replace
AzureRegion with the name of the same Azure region you chose in the previous exercise):

az group create --name 20533D0205-LabRG --location "AzureRegion"

10. To create a new virtual network named 20533D0205-vnet with the address space 10.12.0.0/16 and a
subnet named Subnet1 with the address prefix of 10.12.0.0/24, type the following command, and then
press Enter (replace AzureRegion with the name of the same Azure region you chose in the previous
exercise):
az network vnet create --name 20533D0205-vnet --resource-group 20533D0205-LabRG --location
"AzureRegion" --address-prefix 10.12.0.0/16 --subnet-name Subnet1 --subnet-prefix 10.12.0.0/24
11. To add a subnet to the new virtual network, type the following command, and then press Enter:

az network vnet subnet create --address-prefix 10.12.1.0/24 --name Subnet2 --resource-group

20533D0205-LabRG --vnet-name 20533D0205-vnet
Result: After completing this exercise, you should have created a virtual network by using Azure CLI.

Lab B: Configuring VNet peering

Exercise 1: Using the Azure portal to configure VNet peering

▶ Task 1: Configure VNet peering for the first virtual network

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd and that the Add-
20533DEnvironment script successfully completed. Start Microsoft Edge, browse to the Azure portal at
https://portal.azure.com, and sign in by using the Microsoft account that is the Service Administrator of
your Azure subscription.

Version: D1
2. In Microsoft Edge, in the Azure portal, click All services and, in the service menu, click Virtual
networks.

3. On the Virtual networks blade, click 20533D0201-vnet.

4. On the 20533D0201-vnet blade, click Peerings.

5. Click + Add.

6. On the Add peering blade, specify the following settings and click OK:
• Name: 20533D0201-vnet-To-20533D0202-vnet

• Virtual network deployment model: Resource manager

• Subscription: the name of your Azure subscription

• Virtual network: click Choose a virtual network and, on the Choose virtual network blade, click
20533D0202-vnet

• Allow virtual network access: Enabled

• Allow forwarded traffic: enabled

• Allow gateway transit: disabled

• Use remote gateways: disabled

▶ Task 2: Configure VNet peering for the second virtual network

1. In the Azure portal, navigate back to the Virtual networks blade and click 20533D0202-vnet.
2. On the 20533D0202-vnet blade, click Peerings.

3. Click + Add.
4. On the Add peering blade, specify the following settings and click OK:
• Name: 20533D0202-vnet-To-20533D0201-vnet

• Virtual network deployment model: Resource manager

• Subscription: the name of your Azure subscription
• Virtual network: click Choose a virtual network and, on the Choose virtual network blade, click
20533D0201-vnet

• Allow virtual network access: Enabled

• Allow forwarded traffic: enabled

• Allow gateway transit: disabled

• Use remote gateways: disabled

Result: After completing this exercise, you should have configured VNet peering between two virtual
networks.

Exercise 2: Configuring VNet peering–based service chaining

▶ Task 1: Configure IP forwarding

1. In Microsoft Edge, in the Azure portal, click All services and, in the service menu, click Virtual
machines.

Version: D1
2. On the Virtual machines blade, click 20533D0201-vm1.

3. On the 20533D0201-vm1 blade, click Networking

4. Click 20533D0201-nic1.

5. On the 20533D0201-nic1 blade, click IP configurations.

6. Set IP forwarding to Enabled.

7. Click Save.

▶ Task 2: Configure user defined routing

1. In Microsoft Edge, in the Azure portal, click + Create resource.

2. On the New blade, click Networking and then, click Route table

3. On the Create route table blade, specify the following and click Create:

• Name: 20533D02-rt1
• Subscription: the name of your Azure subscription

• Resource group: 20533D0202-LabRG

• Location: the same Azure region in which you created the virtual network 20533D0202-vnet
4. Wait until the route table is provisioned. Next, in the Azure portal, in the hub menu, click All services
and, in the service menu, click Route tables.
5. On the Route tables blade, click 20533D02-rt1.

6. On the 20533D02-rt1 blade, click Routes.

7. Click + Add.

8. On the Add route blade, specify the following settings and click OK:

• Route name: custom-route-to-20533D0201-vnet

• Address prefix: 10.0.0.0/22

• Next hop type: Virtual appliance

• Next hop address: 10.0.0.4

9. Back on the 20533D02-rt blade, click Subnets.

10. Click + Associate.

11. On the Associate subnet blade, click Choose a virtual network.

12. On the Resource blade, click 20533D0202-vnet.

13. On the Choose subnet blade, click subnet-1.

14. On the Associate subnet blade, click OK.

▶ Task 3: Configure routing on an Azure VM running Windows Server 2016

1. On MIA-CL1, in Microsoft Edge, in the Azure portal, in the hub menu, click All services and, in the list of
services, click Virtual machines.

2. On the Virtual machines blade, click ellipsis to the right of the 20533D0201-vm1 entry and click
Connect.

Version: D1
3. When prompted, click Save and then click Open.

4. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.
5. In the Windows Security dialog box, type the following credentials, and then click OK:

• User name: Student

• Password: Pa55w.rd1234

6. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.

7. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.

8. Once you are connected to 20533D0201-vm1 via the Remote Desktop session, in Server Manager, click
Manage and then, in the drop-down menu, click Add Roles and Features. This will start Add Roles and
Features Wizard.
9. On the Before you begin page, click Next.

10. On the Select installation type page, ensure that the Role-based or feature-based installation option
is selected and click Next.

11. On the Server destination server page, click Next.

12. On the Select server roles page, select the Remote Access check box, and then click Next.

13. On the Select features page, click Next.

14. On the Remote Access page, click Next.

15. On the Select role services page, select the Routing checkbox. When prompted whether to add
features that are required for routing, click Add Features, and then click Next.
16. On the web Server Role (IIS) page, click Next.

17. On the Select role services page, click Next.

18. On the Confirmation page, click Install.

19. Wait for the installation to complete and, on the Installation progress page, click Close.

20. In Server Manager, click Tools and then, in the drop-down menu, click Routing and Remote Access.

21. In the Routing and Remote Access console, right-click the 20533D0201-vm1 (local) node and, in the
right-click menu, click Configure and Enable Routing and Remote Access. This will start Routing and
Remote Access Server Setup Wizard.

22. On the Welcome to the Routing and Remote Access Server Setup Wizard page, click Next.

23. On the Configuration page, click Custom configuration and click Next.
24. On the Custom Configuration page, click LAN routing and click Next.

25. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.
26. In the Routing and Remote Access dialog box, click Start service.

27. In Server Manager, click Tools and then, in the drop-down menu, click Windows Firewall with
Advanced Security.

28. In the Windows Firewall with Advanced Security console, click Inbound rules.

Version: D1
29. In the list of rules, select File and Printer Sharing (Echo Request - ICMPv4-In) and click Enable Rule.

Result: After completing this exercise, you should have configured VNet peering–based service
chaining.

Exercise 3: Validating virtual network connectivity

▶ Task 1: Configure Windows Firewall with Advanced Security on an Azure VM

1. On MIA-CL1, in Microsoft Edge, in the Azure portal, in the hub menu, from the Virtual machines blade,
click ellipsis to the right of the 20533D0201-vm2 entry and click Connect.

2. When prompted, click Save and then click Open.

3. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

4. In the Windows Security dialog box, type the following credentials, and then click OK:

• User name: Student

• Password: Pa55w.rd1234

5. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.

6. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.
7. In Server Manager, click Tools and then, in the drop-down menu, click Windows Firewall with
Advanced Security.

8. In the Windows Firewall with Advanced Security console, click Inbound rules.

9. In the list of rules, select File and Printer Sharing (Echo Request - ICMPv4-In) and click Enable Rule.

▶ Task 2: Test service chaining between peered virtual networks

1. On MIA-CL1, in Microsoft Edge, in the Azure portal, in the hub menu, from the Virtual machines blade,
click ellipsis to the right of the 20533D0202-vm1 entry and click Connect.
2. When prompted, click Save and then click Open.

3. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

4. In the Windows Security dialog box, type the following credentials, and then click OK:

• User name: Student

• Password: Pa55w.rd1234

5. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.

6. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.
7. Once you are connected to 20533D0201-vm1 via the Remote Desktop session, click Start and click
Windows PowerShell.

8. In the Windows PowerShell window, type the following cmdlet and then press Enter:

Test-NetConnection -ComputerName 10.0.1.4 -TraceRoute

Version: D1
9. Verify that test is successful and note that the connection was routed over 10.0.0.4

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.
3. Type the following command, and then press Enter:

Remove-20533DEnvironment

4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. When prompted, specify the current lab number.

7. If prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

12. Close all open windows.

Result: After completing this exercise, you should have validated virtual network connectivity in the
VNet peering configuration

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Lab Answer Key: Module 3: Implementing virtual
machines
Lab A: Creating Azure virtual machines
Exercise 1: Creating virtual machines by using the Azure portal and Azure
PowerShell

▶ Task 1: Use the Azure portal to create a virtual machine

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge, browse to https://portal.azure.com, and sign in by using the Microsoft account that
is the Service Administrator of your Azure subscription.

3. In Microsoft Edge, in the Azure portal, click + Create resource, click Compute, and then click Windows
Server 2016 Datacenter.

4. On the Basics blade, specify the following:

• Name: 20533D03labVM1
• VM disk type: HDD

• User name: Student

• Password: Pa55w.rd1234
• Subscription: the name of your Azure subscription

5. In the Resource group section, click Create new and, in the text box below, type 20533D0301-LabRG.

6. In the Location drop-down list, select an Azure region close to the location of the lab environment and
click OK.
7. On the Choose a size blade, click D1_V2 Standard, and then click Select.

8. On the Settings blade, ensure that Use managed disk is set to Yes.

9. On the Settings blade, click Availability set and, on the Change availability set blade, click Create new.
10. On the Create new blade, specify the following settings and click OK:

• Name: 20533D0301-db-avset

• Fault domains: 3

• Update domains: 5

• Use managed disks: Yes (Aligned)

11. Back on the Settings blade, click Virtual network

12. On the Create virtual network blade, specify the following settings and click OK.

• Name: 20533D0301-labVNet

• Address Space: 10.0.0.0/20

• Subnet name: database

• Subnet address range: 10.0.0.0/24

Version: D1
13. Accept the default settings for the Public IP address, Network security group (firewall), Extensions,
Auto-shutdown, and Monitoring configuration.

14. On the Settings blade, click OK

15. On the Create blade, click Create.

16. Wait for the deployment to complete successfully.

17. Leave the Microsoft Edge with the Azure portal window open.

▶ Task 2: Use Azure PowerShell to create a virtual machine

1. On MIA-CL1, right-click the Windows PowerShell icon and then click Run ISE as Administrator. When
prompted by User Account Control for confirmation, click Yes.

2. In the Windows PowerShell Integrated Scripting Environment (ISE) window, open the New-
20533D03labVM2.ps1 script located in E:\Labfiles\Lab03\Starter\
3. In the Windows PowerShell ISE window, review the content of the script.

4. In the Windows PowerShell ISE window, click the Run Script icon or press F5.
5. When prompted, sign in using the Microsoft account that is the Service Administrator of your Azure
subscription.

6. If you have multiple subscriptions, select the one you used when running Add-20533DEnvironment at
the beginning of this module.

7. When the script is complete, leave the Windows PowerShell ISE window open.

Result: After completing this exercise, you have created virtual machines by using the Azure portal
and Azure PowerShell.

Exercise 2: Validating virtual machine creation

▶ Task 1: Use Azure PowerShell to validate virtual machine deployment

1. In the Windows PowerShell ISE window, at the command prompt, type the following command, and then
press Enter:
Get-AzureRmVM -ResourceGroupName $rgName

2. Confirm that the 20533D03labVM1 and the 20533D03labVM2 virtual machines are listed.
3. Close the Windows PowerShell ISE window.

▶ Task 2: Use the Azure portal to validate virtual machine deployment

1. On MIA-CL1, switch to Microsoft Edge.

2. In the Microsoft Edge window, in the Azure portal, in the Hub menu, click Resource groups.

3. On the Resource groups blade, click 20533D0301-LabRG.

4. On the 20533D0301-LabRG blade, review the list of resources associated with both virtual machines.

5. In the Hub menu, click Virtual machines.

6. On the Virtual machines blade, click 20533D03labVM1.

7. On the 20533D03labVM1 blade, confirm the following values:

• Resource group: 20533D0301-LabRG

Version: D1
• Virtual network/subnet: 20533D0301-labVNet/database

8. Repeat steps 6 and 7 for the 20533D03labVM2 virtual machine.

Result: After completing this exercise, you should have validated the configuration of Azure virtual
machines.

Lab B: Deploying Azure VMs by using Azure Resource

Manager templates
Exercise 1: Use Visual Studio and an Azure Resource Manager template to deploy
Azure Resource Manager virtual machines

▶ Task 1: Use Visual Studio to deploy Linux app servers Azure VMs
1. On MIA-CL1, on the taskbar, click the Visual Studio icon. If prompted with the message that the
evaluation period has ended, click the Sign in and provide your Microsoft account credentials. Then, on
the Host your next project in Visual Studio Team Services page, click the Not now, maybe later link.
Next, click Close.

2. In Visual Studio, click File, click Open, click Project/Solution, and then browse to
E:\Labfiles\Lab03\Starter\Projects\ResDevLinuxDeploy.
3. In the Open Project dialog box, click ResDevLinuxDeploy.sln, and then click Open. If prompted, in the
Security Warning for ResDevLinuxDeploy dialog box, clear the checkbox Ask me for every project in
this solution and click OK.

4. In Visual Studio, in the Solution Explorer window, expand Templates, and then click azuredeploy.json.
This will display the content of the Azure Resource Manager template.

5. View the content of the parameters and variables section of the template in the central window pane and
in the JSON Outline window.

6. In the Solution Explorer pane, right-click ResDevLinuxDeploy, click Deploy, and then click New.
7. In the Deploy to Resource Group window, click Add an account. When prompted, sign in with an
account that is the Service Administrator of your Azure subscription.

8. In the Deploy to Resource Group window, click the Resource Group drop-down box, and then click
20533D0301-LabRG.
9. In the Deploy to Resource Group window, click Edit Parameters.

10. In the Edit Parameters window, specify the parameter values according to details in the following list:

• vmName: 20533D03LabVM3
• adminUsername: Student

• adminPassword: Pa55w.rd1234
• virtualNetworkName: 20533D0301-LabVNet

• resourceGroupName: 20533D0301-LabRG

• subnetName: app
• subnetPrefix: 10.0.1.0/24
• vmSize: Standard_D1_V2

Version: D1
• ubuntuOSVersion: specify 16.04.0-LTS or a more recent version if available

• storageAccountType: Standard_LRS

11. In the Edit Parameters window, ensure that the Save passwords check box is enabled and then click
Save.

12. In the Deploy to Resource Group window, click Deploy. > Note: Deployment will run with the progress
displayed in the Output pane. You can determine when a deployment is complete based on a message
stating the template was deployed successfully to the resource group 20533D0301-LabRG.

13. In the Solution Explorer pane, expand the Templates folder and click Azuredeploy.parameters.json. In
the main window pane, notice that the parameters that you entered in the first deployment are saved in
this file. You can reuse these parameters for the deployment of the second app server.
14. In the Solution Explorer pane, right-click ResDevLinuxDeploy, click Deploy, and then click
20533D0301-LabRG.

15. In the Deploy to Resource Group window, click Edit Parameters.

16. In the Edit Parameters window, in the vmName Value box, type 20533D03LabVM4, and then click Save.

17. In the Deploy to Resource Group window, click Deploy. > Note: Deployment will run with the output that
appears in the Output pane, which is at the bottom of the window. When deployment is complete, you will
receive a message stating the template was deployed successfully to the resource group 20533D0301-
LabRG.

18. In the Visual Studio, click File and then on the drop-down menu, click Close Solution.
19. Leave Visual Studio open.

▶ Task 2: Use Azure PowerShell to validate the deployment of the app servers
Azure VMs
1. On MIA-CL1, right-click the Windows PowerShell icon and then click Run ISE as Administrator. When
prompted by User Account Control for confirmation, click Yes.
2. In the Windows PowerShell Integrated Scripting Environment (ISE), in the console pane, type the
following cmdlet and then press Enter:

Add-AzureRmAccount
3. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

Get-AzureRmSubscription

Set-AzureRmContext -SubscriptionId 'SubscriptionId'

6. Type the following cmdlet, and then press Enter:

Find-AzureRMResource -ResourceGroupNameContains 20533D0301-LabRG | Format-Table -

Property ResourceName, ResourceType

Version: D1
7. In the cmdlet output, note the resources created in this exercise including virtual machines, disks, NICs,
public IPs, and a storage account.

8. Leave the Windows PowerShell ISE window open for the next exercise.
Result: After completing this exercise, you should have deployed an Azure VM by using Visual Studio
and an Azure Resource Manager template.

Exercise 2: Using Azure PowerShell and an Azure Resource Manager template to

deploy Azure VMs

▶ Task 1: Use Azure PowerShell to deploy the Windows virtual machines

1. In the Windows PowerShell ISE window, click File, and then click Open.

2. In the Open dialog box, navigate to the E:\Labfiles\Lab03\Starter\Templates folder.

3. Click Deploy-AzureResourceGroup.ps1, and then click Open.

4. In the Windows PowerShell ISE window, review the script that will deploy the template. > Note: Note the
$templateFile and $rgName variables. These represent the location of the Azure Resource Manager
template file and the resource group to which you will deploy the virtual machines.
5. Switch to Visual Studio and click File, click Open, and then click File.

6. In the Open File dialog box, navigate to the E:\Labfiles\Lab03\Starter\Templates folder.

7. Click azuredeploywebvm.json, and then click Open. > Note: Note that the template has a very similar
structure to the template for the Linux virtual machines in the previous exercise. The primary differences
between the two templates include the variables identifying the operating system image, the target
subnet, and the availability set. You could replace these variables with equivalent parameters, in order to
minimize the number of templates used to deploy Azure VMs.

8. Close Visual Studio.

9. Switch back to the Windows PowerShell ISE window and run the Deploy-AzureResourceGroup.ps1
script. When prompted, provide the following values for the parameter prompts, pressing Enter after each
value:
• vmName: 20533D03LabVM5

• adminPassword: Pa55w.rd1234

• virtualNetworkName: 20533D0301-LabVNet

▶ Task 2: Use the Azure portal to monitor deployment

1. To monitor the progress of the deployment, in Microsoft Edge, in the Azure portal, on the Hub menu, click
Resource groups.

2. On the Resource groups blade, click 20533D0301-LabRG.

3. On the 20533D0301-LabRG blade, in the Settings section, click the Deployments link.
4. On the 20533D0301-LabRG - Deployments blade, click the WebTierVM1-Deployment link.

▶ Task 3: Use the Azure portal to validate deployment of the Windows virtual
machine
1. In Microsoft Edge, in the Azure portal, navigate back to the 20533D0301-LabRG blade.

Version: D1
2. On the 20533D0301-LabRG blade, in the Overview section, view the list of resources.

3. On the Resources blade, click 20533D03LabVM5.

4. On the 20533D03LabVM5 blade, in the Essentials section, note that 20533D03LabVM5 has been
assigned to the 20533D0301-LabVNet/web virtual network/subnet, and the operating system is
Windows.

Result: After completing this exercise, you should have deployed Azure Virtual Machines by using
Azure PowerShell and Resource Manager templates.

Exercise 3: Using Azure CLI and an Azure Resource Manager template to deploy
Azure VMs

▶ Task 1: Use Azure CLI to deploy the Windows virtual machines

az login

4. On the Device Login page, type the code included in the message. This will identify Microsoft Azure
Cross-platform Command Line Interface as the application publisher. Click Continue.
5. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

6. Note the message stating that you have signed in to the Microsoft Azure Cross-platform Command Line
Interface application on your device. Close the Microsoft Edge window.

8. Note the value of the id property for each subscription in the output of the previous command. To specify
the subscription in which you are going to create a virtual network, type the following commands, and
then press Enter (replace SubscriptionId with the actual SubscriptionId property of that subscription):

az account set --subscription "SubscriptionId"

9. To deploy an Azure VM based on the same template you used in the previous exercise by using Azure
CLI, from Administrator: Command Prompt, type the following command and then press Enter:

az group deployment create --name "WebTierVM2-Deployment" --resource-group "20533D0301-

LabRG" --template-file "E:\Labfiles\Lab03\Starter\Templates\azuredeploywebvm.json" --parameters
vmName=20533D03LabVM6 virtualNetworkName=20533D0301-LabVNet

10. When prompted to provide securestring value for adminPassword, type Pa55w.rd1234 and press Enter.

Version: D1
▶ Task 2: Use the Azure portal to monitor deployment
1. To monitor the progress of the deployment, in Microsoft Edge, in the Azure portal, on the Hub menu, click
Resource groups.

2. On the Resource groups blade, click 20533D0301-LabRG.

3. On the 20533D0301-LabRG blade, in the Settings section, click the Deployments link.

4. On the 20533D0301-LabRG - Deployments blade, click the WebTierVM2-Deployment link.

▶ Task 3: Use the Azure portal to validate deployment of the Windows virtual
machine
1. In Microsoft Edge, in the Azure portal, navigate back to the 20533D0301-LabRG blade.

2. On the 20533D0301-LabRG blade, in the Overview section, view the list of resources.
3. On the Resources blade, click 20533D03LabVM6.

4. On the 20533D03LabVM6 blade, in the Essentials section, note that 20533D03LabVM6 has been
assigned to the 20533D0301-LabVNet/web virtual network/subnet, and the operating system is
Windows.

▶ Task 4: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.
2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.
5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

9. In the Azure portal, click Edit dashboard.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.

11. Click Done customizing.

12. Close all open windows.
Result: After completing this exercise, you should have deployed Azure Virtual Machines by using
Azure CLI and Resource Manager templates.
©2016 Microsoft Corporation. All rights reserved.

The text in this document is available under the Creative Commons Attribution 3.0 License, additional
terms may apply. All other content contained in this document (including, without limitation,

Version: D1
trademarks, logos, images, etc.) are not included within the Creative Commons license grant. This
document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes.

Version: D1
Lab Answer Key: Module 4: Managing virtual machines
Lab: Managing Azure virtual machines
Exercise 1: Creating and configuring Azure Load Balancing

▶ Task 1: Review the existing deployment

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Microsoft Edge, browse to https://portal.azure.com, and sign in by using the Microsoft account that
is the Service Administrator of your Azure subscription.

3. In the Azure portal, in the hub menu, click Resource groups.

4. On the Resource groups blade, click 20533D0401-LabRG.

5. On the 20533D0401-LabRG blade, review the list of resources. Note that includes an availability set
named 20533D0401-avset.
6. Click 20533D0401-avset.

7. On the 20533D0401-avset blade, note that the availability set has 2 fault domains, 5 update domains,
and it contains two virtual machines. Also note that each VM has a unique fault domain and update
domain.

8. Leave the Microsoft Edge window with the Azure portal open.

▶ Task 2: Implement an Azure Load Balancer

1. On MIA-CL1, in the Azure portal, in the hub menu, click + Create resource, click Networking, and then
click Load Balancer.
2. On the Create load balancer blade, specify the following settings:

• Name: 20533D0401-ilb
• Type: Public
• Public IP address: click Choose a public IP address, on the Choose public IP address blade, click
Create new, on the Create public IP address blade, in the Name text box type 20533D0401-ilbfe,
ensure that the Dynamic option is selected, and click OK.
• Subscription: the name of your Azure subscription

• Resource group: click Use existing and, in the drop-down list, click 20533D0401-LabRG

• Location: the same Azure region you chose when running the provisioning script at the beginning of this
module

3. Click Create. Wait for the deployment to complete.

4. In the hub menu, click All services, in the service menu, click Load Balancers, and then on the Load
balancers blade, click 20533D0401-ilb.

5. On the 20533D0401-ilb blade, click Backend pools, and then click Add.

6. On the Add backend pool blade, in the Name text box, type 20533D0401-ilb-bepool, click IPv4, and
then, in the Associated to drop down list, click Availability set

7. In the Availability set drop down list, click 20533D0401-avset.

Version: D1
8. Click Add a target network IP configuration, in the Target virtual machine drop down list, click
20533D0401-vm0 and, in the Network IP configuration drop down list, click the ipconfig1 entry.

9. Click Add a target network IP configuration, in the Target virtual machine drop down list, click
20533D0401-vm1 and, in the Network IP configuration drop down list, click the ipconfig1 entry.

10. Click OK. Wait until the operation completes.

11. On the 20533D0401-ilb blade, click Health probes, and then click Add.

12. On the Add health probe blade, specify the following settings, and then click OK:

• Name: 20533D0401-ilb-probetcp80

• Protocol: HTTP

• Port: 80
• Path: /

• Interval: 5
• Unhealthy threshold: 2

13. Wait until the operation completes.

14. On the 20533D0401-ilb blade, click Load balancing rules, and then click Add.
15. On the Add load balancing rule blade, complete the following , and then click OK:
• Name: 20533D0401-ilb-ruletcp80

• IP Version: IPv4

• Frontend IP address: LoadBalancerFrontEnd

• Protocol: TCP

• Port: 80
• Backend port: 80

• Backend Pool: 20533D0401-ilb-bepool (2 virtual machines)

• Probe: 20533D0401-ilbprobetcp80 (HTTP:80)

• Session persistence: None

• Idle timeout: 4

• Floating IP (direct server return): Disabled

16. Wait until the operation completes.

17. On the 20533D0401-ilb blade, click Inbound NAT rules and then click Add.

18. On the Add inboud NAT rule blade, specify the following settings and click OK:

• Name: 20533D0401-ilb-natrulerdpvm0
• Frontend IP address: LoadBalancerFrontEnd

• Service: Custom
• Protocol: TCP

• Port: 33890

Version: D1
• Associated to: 20533d0401-avset (availability set)

• Target virtual machine: 20533D0401-vm0

• Network IP configuration: ipconfig1

• Port mapping: Custom

• Floating IP (direct server return): Disabled

• Target port: 3389

19. On the 20533D0401-ilb blade, click Inbound NAT rules and then click Add.
20. On the Add inboud NAT rule blade, specify the following settings and click OK:

• Name: 20533D0401-ilb-natrulerdpvm1
• Frontend IP address: LoadBalancerFrontEnd

• Service: Custom

• Protocol: TCP
• Port: 33891

• Associated to: 20533d0401-avset (availability set)

• Target virtual machine: 20533D0401-vm1

• Network IP configuration: ipconfig1
• Port mapping: Custom

• Floating IP (direct server return): Disabled

• Target port: 3389

Note: This configuration will allow you to connect to both Azure VMs via RDP even though they do not
have directly assigned public IP address.
21. On the 20533D0401-ilb blade, click Overview. In the Essentials section, you should be able to identify
the public IP address assigned to the load balancer. Note that at this point, you will not be able to connect
to the two virtual machines in the backend pool, because they are not running a web server and the
connectivity is additionally restricted by default network security group settings and the operating system-
level firewall. You will change these settings later in this lab.

Result: After completing this exercise, you should have created and configured a load balancer in front
of two Azure VMs in the same availability set.

Exercise 2: Implementing DSC

▶ Task 1: Install and configure IIS on Azure VMs by using Windows PowerShell
DSC
1. On MIA-CL1, right-click the Windows PowerShell icon and then click Run ISE as Administrator. When
prompted by User Account Control for confirmation, click Yes.
2. In the Windows PowerShell Integrated Scripting Environment (ISE) window, open the IISInstall.ps1 file
located in E:\Labfiles\Lab04\Starter folder.

3. Review the content of the file. Note that this is a DSC configuration that controls the installation of the
Windows Server Web-Server role.

Version: D1
4. In the Windows PowerShell ISE window, open the E:\Labfiles\Lab04\Starter\Deploy-
20533D0401DSC.ps1 file.

5. Review the content of the script. Note the variables that it uses, including the storage account and its key.
The script first retrieves the storage account from the resource group, and then publishes the DSC
configuration defined in the Install.ps1 into it, placing it in the default DSC container named windows-
powershell-dsc, stores the resulting module URL in a variable, and then sets the Azure Agent VM DSC
extension on two virtual machines deployed by the provisioning script by referencing that URL. The script
generates a shared access signature token that provides read only access to the blob representing the
DSC configuration archive.
6. Start the execution of the script. When prompted, sign in using the Microsoft account that is the Service
Administrator of your subscription. Wait until the script completes.

7. Switch to the Azure portal in the Microsoft Edge window.

8. On the Virtual machines blade, click ellipsis to the right of the 20533D0401-vm0 entry and click
Connect.

9. When prompted, click Save and then click Open.

10. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

11. In the Windows Security dialog box, type the following credentials, and then click OK:
• User name: Student
• Password: Pa55w.rd1234

12. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.
13. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.

14. After you establish a Remote Desktop session to the VM, wait for the Server Manager window to open. In
the Server Manager window, verify that IIS appears in the left pane, indicating that the Web Server (IIS)
server role is installed.

15. Repeat steps 9 through 14 for the other virtual machine 20533D0401-vm1.
16. After completing the tasks, switch back to your lab computer MIA-CL1. Leave both Remote Desktop
sessions open.

▶ Task 2: Test the DSC configuration and virtual machine availability

1. On MIA-CL1, in Microsoft Edge, in the Azure portal, in the hub menu, click Resource groups.

2. On the Resource groups blade, click 20533D0401-LabRG.

3. On the 20533D0401-LabRG blade, in the list of resources, click 20533D0401-web-nsg. This will open the
corresponding blade.

4. On the 20533D0401-web-nsg network security group blade, click Inbound security rules.
5. Click Add.

6. On the Add inbound security rule blade, ensure that Basic appears in the upper left corner, and specify
the following settings:

• Source: Any

Version: D1
• Source port ranges: *

• Destination: Any

• Destination port ranges: 80

• Protocol: TCP
• Action: Allow

• Priority: 1100

• Name: allow-http
7. Click OK.

8. Navigate back to the 20533D0401-LabRG blade.

9. On the 20533D0401-LabRG blade, in the list of resources, click 20533D0401-ilb, representing the load
balancer.

10. On the 20533D0401-ilb blade, note the value of its Public IP address entry.

11. Open a new InPrivate Microsoft Edge window, in the navigation bar, type http:// followed by the IP
address that you noted in the previous step, and then press the Enter key.

12. Verify that you can access the default IIS webpage.

13. Switch to the Remote Desktop session on 20533D0401-vm0. In the Server Manager window, click
Tools and, in the drop down menu, click Services.

14. In the Services window, scroll down to the World Wide Web Publishing Service entry, right click on it,
and click Stop in the right-click menu.
15. Switch to the Remote Desktop session on 20533D0401-vm1. In the Server Manager window, click
Tools and, in the drop down menu, click Services.

16. In the Services window, scroll down to the World Wide Web Publishing Service entry, right click on it,
and click Stop in the right-click menu.

17. Switch back to MIA-CL1. From MIA-CL1, refresh the InPrivate Microsoft Edge window.

18. Verify that the Hmm, we can’t reach this page message appears.

19. Switch back to the Services window the Remote Desktop session on 20533D0401-vm0.

20. In the Services window, right-click the World Wide Web Publishing Service entry, and then click Start
in the right-click menu.
21. Once the service is running, switch back to MIA-CL1 and refresh the InPrivate Microsoft Edge window.
Verify that you can again access the default IIS webpage. Note that you might need to wait about a
minute after you start the World Wide Web Publishing Service service.

Version: D1
Exercise 3: Implementing Storage Space-based volumes

▶ Task 1: Attach VHDs to an Azure VM

1. On MIA-CL1, in the Azure portal, on the 20533D0401-LabRG blade, in the list of resources, click
20533D0401-vm2.

2. On the 20533D0401-vm2 blade, click Disks.

3. Click + Add data disk.

4. In the Data disks section, click the drop down list in the NAME column and then click Create disk

5. On the Create managed disk blade, specify the following settings and then click Create:
• Name: 20533D0401-vm2-data01

• Resource group: ensure that the Use existing option is selected and 20533D0401-LabRG appears in the
drop down list.
• Account type: Standard_LRS

• Source type: None (empty disk)

• Size: 128

6. Wait for the operation to complete.

7. Back on the 20533D0401-vm2 blade, ensure that the HOST CACHING column contains the None entry.

8. Click + Add data disk.

9. In the Data disks section, click the drop down list in the NAME column and then click Create disk

10. On the Create managed disk blade, specify the following settings and then click Create:
• Name: 20533D0401-vm2-data02

• Resource group: ensure that the Use existing option is selected and 20533D0401-LabRG appears in the
drop down list.
• Account type: Standard_LRS

• Source type: None (empty disk)

• Size: 128
11. Back on the 20533D0401-vm2 - Disks blade, ensure that the HOST CACHING column contains the
None entry and then click Save. Wait for the operation to complete.

▶ Task 2: Configure a Storage Spaces simple volume

1. On MIA-CL1, in the Azure portal, on the 20533D0401-vm2 virtual machine blade, click Overview.

2. In the toolbar, click Connect.

3. When prompted, click Save and then click Open.

• User name: Student

Version: D1
• Password: Pa55w.rd1234

6. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.
7. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.

8. After you establish a Remote Desktop session to the VM, wait for the Server Manager window to open. In
the Server Manager window, click File and Storage Services.

9. In the navigation pane on the left side, click Storage Pools.

10. In the STORAGE POOLS pane, click the TASKS menu, and then click New Storage Pool on the drop-
down menu. This will open the New Storage Pool Wizard.
11. On the Before you begin page, click Next.

12. On the Specify a storage pool name and subsystem page, type StoragePool1 in the Name text box,
and then click Next.
13. On Select physical disks for the storage pool, select the check boxes next to the two physical disk
entries (which represent disks you attached from the Azure portal), and then click Next.

14. On the Confirm selections page, click Create.

15. On the View results page, select the Create a virtual disk when this wizard closes check box, and
then click Close.

16. In the Select the storage pool dialog box, ensure that StoragePool1 is selected and click OK. This will
launch the New Virtual Disk Wizard.
17. On the Before you begin page, click Next.

18. On the Specify the virtual disk name page, type VirtualDisk1 in the Name text box, and then click
Next.
19. On the Enclosure Awareness page, click Next.

20. On the Select the storage layout page, click Simple, and then click Next.
21. On the Specify the provisioning type page, ensure that Fixed is selected, and then click Next.

22. On the Specify the size of the virtual disk, select Maximum size, and then click Next.

23. On the Confirm selections page, click Create.

24. On the View results page, ensure that the Create a volume when this wizard closes check box is
selected, and then click Close. This will open the New Volume Wizard.

25. On the Before you begin page, click Next.

26. On the Select the server and disk page, ensure that VirtualDisk1 is selected, and then click Next.

27. On the Specify the size of the volume page, accept the default volume size, and then click Next.

28. On the Assign to a drive letter or folder page, ensure that the Drive letter is set to F, and then click
Next.

29. On the Select file system settings page, accept the default settings (NTFS with default allocation unit
size), and then click Next.

30. On the Confirm selections page, click Create.

Version: D1
31. On the Completion page, click Close.

32. From the desktop of 20533D0401-vm2, open File Explorer, and then verify that there is a new drive F:
available for use.
33. Close the Remote Desktop session to 20533D0401-vm2.

▶ Task 3: Remove the lab environment.

1. On MIA-CL1, close all open windows without saving any files.

Remove-20533DEnvironment

4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.
6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

12. Close all open windows.

Result: After completing this exercise, you should have implemented Storage Space-based volumes

©2016 Microsoft Corporation. All rights reserved.

Version: D1
Lab Answer Key: Module 5: Implementing Azure App
Service
Lab: Implementing web apps
Exercise 1: Creating web apps

▶ Task 1: Create a web app

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Open Microsoft Edge, browse to the Azure portal at http://portal.azure.com, and then sign in using the
Microsoft account that is the Service Administrator of your Azure subscription.
3. In the top-left corner of the portal, click + Create resource, and then click Web + Mobile.

4. On the Web + Mobile blade, click Web App.

5. On the Web App blade, in the App name text box, type a unique name. If the name is unique and valid, a
green check mark appears.

6. On the Web App blade, in the Resource Group, verify that the Create new option is selected and then,
in the Resource group text box, type 20533D0501-LabRG.

7. Click Windows.

8. Click App Service plan/Location.

9. On the App Service plan blade, click Create New.

10. On the New App Service Plan blade, in the App Service plan text box, type 20533D0501LabPlan.

11. In the Location drop down list, select an Azure region close to the lab location.

12. In Pricing tier, select S1 Standard, and then click Select.

13. On the New App Service Plan blade, click OK.

14. On the Web App blade, leave the Application Insights setting at its default value.

15. On the Web App blade, click Create. Wait until the web app is provisioned.

▶ Task 2: Add a deployment slot

1. In the hub menu of the Azure portal, click All services, and then click App Services.

2. On the App Services blade, click the web app that you created in the first task.

3. On the web app blade, in the DEPLOYMENT section, click Deployment slots.
4. On the Deployment slots blade, click Add Slot.

5. On the Add a slot blade, in the Name text box, type Staging.

6. In the Configuration Source list, accept the default setting and then click OK.
7. On MIA-CL1, right-click the Windows PowerShell icon on the taskbar and click Run as administrator.
When prompted, in the User Account Control dialog box, click Yes.

8. Sign in to the Azure subscription by typing the following command in the Windows PowerShell window,
and then pressing Enter:

Add-AzureRmAccount

Version: D1
9. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

10. If you have multiple subscriptions associated with your Microsoft account, to identify the subscription in
which you are going to create a virtual network, type the following command, and then press Enter:

Get-AzureRmSubscription

11. Note the value of the Id property for each subscription in the output of the previous command. To specify
the subscription in which you are going to create a virtual network, type the following commands, and
then press Enter (replace SubscriptionId with the actual SubscriptionId property of that subscription):

Set-AzureRmContext -SubscriptionId 'SubscriptionId'

12. Type the following and then press Enter:

Get-AzureRmWebApp -ResourceGroupName '20533D0501-LabRG'

13. Verify that the output references the web app that you created in the previous task.
14. Type the following and then press Enter. Replace Name of your web app with the name of the web app
you chose in the previous task:

Get-AzureRMWebAppSlot -ResourceGroupName '20533D0501-LabRG' -Name 'Name of your web

app'
15. Verify that the web app staging slot you created in this task is listed in the output

16. Keep the Windows PowerShell window open.

▶ Task 3: Configure deployment credentials

1. In the Azure portal, in the web app that you created in the first task, on the web app blade, in the
DEPLOYMENT section click Deployment credentials.

2. On the deployment credentials blade, in the FTP/Deployment user name text box, type a unique name.

3. In the Password text box, type Pa55w.rd.

4. In the Confirm password box, type Pa55w.rd, and then click Save.

Result: After completing this exercise, you should have created a new web app in the Azure portal,
and configured the new web app with deployment slots and deployment credentials.

Exercise 2: Deploying a web app

▶ Task 1: Obtain a publishing profile

1. In the Azure portal, on the blade of the web app that you created in the exercise 1, click Overview and
then click Get publish profile. You might need to first click … More if the Get publish profile option
does not appear in the toolbar at the top of the blade.

2. When prompted whether to open or save the .PublishSettings file, click Save. Microsoft Edge will save
the publishing profile in the Downloads folder on your lab computer.
3. On the taskbar, click Visual Studio.

4. On the File menu, click Open, and then click Project/Solution.

5. Browse to the folder E:\LabFiles\Lab05\Starter\AdatumWebsite, click AdatumWebsite.sln, and then click

Open. If prompted, in the Security Warning for AdatumWebsite dialog box, click OK.

Version: D1
6. On the Debug menu, click Start Debugging. This will open a new tab in the Microsoft Edge window.

7. On the new Microsoft Edge tab, under A. Datum Corporation, click Learn More.

8. In the Microsoft Edge window, click Contact.

9. Close the new Microsoft Edge tab.

▶ Task 2: Deploy a web app

1. In Visual Studio, click Debug and, in the Debug menu, click Stop Debugging.

2. In the Solution Explorer, right-click the AdatumWebsite project, and then click Publish.
3. On the Publish page, click Create new profile.

4. In the list of publishing options, click Import Profile and then click OK.

5. In the Import Publish Settings dialog box, browse to the Downloads folder.
6. Select the .PublishSettings file that you downloaded in Task 1 of this exercise, click Open, and then
click Publish.

7. This will automatically build and publish the web app from Visual Studio to the Azure Web app you
created in the first exercise and open a new tab in the Microsoft Edge window displaying it.
8. Verify that A. Datum’s web app is open in a new Microsoft Edge tab and verify the web app’s URL.

9. Close the new Microsoft Edge tab.

10. Leave Visual Studio open.

Result: After completing this exercise, you should have deployed a web app hosted in Azure.

Exercise 3: Managing web apps

▶ Task 1: Deploy a web app for staging

1. In Microsoft Edge, in the Azure portal, navigate to the blade of the web app you created in Exercise 1,
Task 1.

2. On the web app blade, in the DEPLOYMENT section, click Deployment slots.

3. On the Deployment slots blade, click the staging slot yourwebapp-staging that was created in Exercise
1, Task 2.

4. On the Staging blade, click Get publish profile. You might need to first click … More if the Get publish
profile option does not appear in the toolbar at the top of the blade.
5. When prompted, click Save.

6. Switch to Visual Studio.

7. On the File menu, click Open, and then click Project/Solution.

8. Browse to the folder E:\LabFiles\Lab05\Starter\NewAdatumWebsite.

9. Click AdatumWebsite.sln, and then click Open.

10. In Solution Explorer, right-click the AdatumWebsite project, and then click Publish.

11. In the list of publishing options, click Import Profile and then click OK. If Import Profile is not listed, you
may need to click the right pointing arrow head to display additional publishing options.

Version: D1
12. In the Import Publish Settings dialog box, browse to the Downloads folder.

13. Select the .PublishSettings file that you downloaded in step 5 of this task, click Open, and then click
Publish.
14. This will automatically build and publish the web app from Visual Studio to the Azure Web app you
created in the first exercise and open a new tab in the Microsoft Edge window displaying it.

15. Verify that A. Datum’s web app is open in a new Microsoft Edge tab and verify the web app’s URL.

16. Close the new Microsoft Edge tab.

17. Leave Visual Studio open.

▶ Task 2: Swap deployment slots

1. In the Azure portal, navigate to the web app blade and, in the Essentials section, click the URL link for
your web app. This will open another tab in a new Microsoft Edge tab. Note the color scheme.

2. Close the tab that displays the A. Datum web app.

3. In the Azure portal, on the web app blade, click Swap

4. On the Swap blade, in the Swap type drop-down list, verify that Swap is selected.
5. In the Source drop-down list, ensure that Staging is selected.

6. In the Destination drop-down list, ensure that production is selected, and then click OK.

7. Wait until swap operation completes.

8. On the web app blade, in the Essentials section, click the URL link for your web app. This will open
another tab in a new Microsoft Edge tab. Note the color scheme. Notice that the color scheme has
changed.
9. Close the tab that displays the A. Datum’s web app.

▶ Task 3: Roll back a deployment

1. In the Azure portal, on the yourwebapp blade in the command bar at the top, click Swap.
2. On the Swap blade, in the Swap type drop-down list, verify that Swap is selected.

3. In the Source drop-down list, select Staging.

4. In the Destination drop-down list, select production, and then click OK button.

5. Wait until Swap operation completes.

6. On the web app blade, in Essentials section, click the URL link for your web app. This will open another
tab in a new Microsoft Edge tab. Notice that the color scheme reverted to the original one.
7. Close the A. Datum tab in Microsoft Edge.

Result: After completing this exercise, you should have an updated web app in the staging slot and
have tested the slot swap functionality.

Exercise 4: Implementing Traffic Manager

▶ Task 1: Deploy a web app to another region

1. Switch to the Windows PowerShell window.

2. At the Windows PowerShell prompt, type the following command, and then press Enter:

Version: D1
Get-AzureRmWebApp -ResourceGroupName '20533D0501-LabRG'

3. Note the name of your original web app and its location.

4. Choose an Azure region that is different from the location of the original web app, preferably on another
continent. This will become the SecondLocation. To identify names of Azure regions, at the Windows
PowerShell prompt, type the following command, and then press Enter:

Get-AzureRmLocation | Select-Object Location

5. At the Windows PowerShell prompt, type the following command to create a new resource group, and
then press Enter (replace SecondLocation with the name of the Azure region you chose:

$rg2 = New-AzureRMResourceGroup -Name '20533D0502-LabRG' -Location 'SecondLocation'

6. At the Windows PowerShell prompt, type the following command to create a new App Service Plan, and
then press Enter:

$appSvcPlan2 = New-AzureRMAppServicePlan -Location $rg2.Location -Tier Standard -Name

'20533D0502LabPlan' -ResourceGroupName $rg2.ResourceGroupName
7. At the Windows PowerShell prompt, type the following command (where the webappname2 is a unique
name that you will assign to a new web app you will create in the SecondLocation in the next step), and
then press Enter:

Test-AzureRmDnsAvailability -DomainNameLabel 'webappname2' -Location $rg2.Location

8. Verify that the command returns True. If not, keep re-running the same command but with different
values of the DomainNameLabel parameter.

9. At the Windows PowerShell prompt, type the following command to create a new web app, and then
press Enter (the webappname2 matches the name you identified in the previous step):
New-AzureRMWebApp -ResourceGroupName $rg2.ResourceGroupName -Name 'webappname2' -
Location $rg2.Location -AppServicePlan $appSvcPlan2.Name

10. Switch to the Azure portal in the Microsoft Edge window.

11. On the left side of the Azure portal, click All services, and then click App Services.

12. On the App Services blade, click the entry representing the second web app you provisioned in this task.

13. On the web app blade, click Get publish profile. You might need to first click … More if the Get publish
profile option does not appear in the toolbar at the top of the blade.

14. When prompted, click Save.

15. Switch to Visual Studio.

16. In the Visual Studio, on the File menu, click Open, and then click Project/Solution.

17. Browse to the folder E:\LabFiles\Lab05\Starter\AdatumWebsite.

18. Click AdatumWebsite.sln, and then click Open.

19. In Solution Explorer, right-click the AdatumWebsite project, and then click Publish.

20. On the Publish page, click Create new profile.

21. In the Pick a publish target window, ensure that the Create New option is selected, click Import profile,
and click OK.

22. In the Import Publish Settings dialog box, browse to the Downloads folder.

Version: D1
23. Select the .PublishSettings file that you downloaded in step 13 of this task, and then click Open.

24. Back on the Publish page, click Publish. This will automatically build and publish the web app from
Visual Studio to the Azure Web app you created in the first exercise and open a new tab in the Microsoft
Edge window displaying it.

25. Verify that A. Datum’s web app is open in a new Microsoft Edge tab and verify the web app’s URL.

26. Close the new Microsoft Edge tab.

27. Close Visual Studio.

▶ Task 2: Create a Traffic Manager profile

1. In Microsoft Edge, in the Azure portal, click + Create resource.

2. In the Search the marketplace text box, type Traffic Manager profile and, in the list of results, click
Traffic Manager profile.
3. On the Traffic Manager profile blade, click Create.

4. On the Create Traffic Manager profile blade, in the Name text box, type a unique name. This will be
appended with the suffix trafficmanager.net. If the name is unique and valid, a green checkmark
appears.

5. In the Routing Method drop down list, select Performance.

6. In the Subscription drop down list, select the Azure subscription where you provisioned the web apps in
this lab.

7. In the Resource Group section, ensure that Create new is selected and, in the text box below, type
20533D0503-LabRG.
8. In the Resource group location drop-down list box, select the Azure region that is closest to the lab
location, and then click Create. Wait until the Traffic Manager profile is created.

▶ Task 3: Add endpoints, and configure Traffic Manager

1. In the Azure portal, in the hub menu, click All services, and then click Traffic Manager Profiles.
2. On the Traffic Manager profiles blade, click the profile you created in the previous task.

3. On the Traffic Manager profile blade, click Endpoints.

4. Click Add.
5. On the Add endpoint blade, ensure that Azure endpoint is selected in the Type drop down list.

6. In the Name text box, type the name of your web app, which you created in Exercise 1.

7. In the Target resource type drop-down list, click App Service.

8. Click Choose an app service.

9. On the Resource blade, click the web app that you created in Exercise 1.

10. Click OK to add the endpoint.

11. Repeat steps 4 through 10 to add the second endpoint for the web app that you created in Exercise 4.
Use the name of the second web app as the name of the endpoint.

12. On the traffic manager profile blade, click Configuration.

Version: D1
13. On the Traffic Manager configuration blade, in the DNS time to live (TTL) text box, replace the default
value by typing 30 and press Enter.

14. On the command bar at the top, click Save.

▶ Task 4: Test Traffic Manager

1. In Microsoft Edge, in the Azure portal, on the traffic Manager profile blade, click Overview, wait until the
MONITOR STATUS column displays the Online status for both web apps, and then, click the link under
the DNS name section.

2. Microsoft Edge displays the Adatum web app.

3. On MIA-CL1, right-click Start and, in the right-click menu, click Commmand Prompt (Admin). When
prompted, in the User Account Control dialog box, click Yes.

4. At the Command Prompt, type the following command, replacing dnsname with the fully qualified DNS
name of the Traffic Manager profile, and then press Enter:

nslookup dnsname
5. Note the DNS records that the command returns. This should include the name of the first web app.

6. In the Microsoft Edge window, switch to the tab that displays the Azure portal.

7. On the Traffic Manager profile blade, click Endpoints

8. In the list of endpoints, click the name of the web app, which name was included in the DNS records you
noted in step 5.

9. On the edpoint blade, click Disabled, and then click Save.

10. Switch to the command prompt, type the following command, replacing dnsname with the fully qualified
DNS name of the Traffic Manager profile, and then press Enter:

nslookup dnsname
11. Note that the record that the command returns is different from the one returned in step 4.
Note: You might have to wait in order for the endpoint state change to take effect. Wait about 1 minute
and re-run the nslookup command.

▶ Task 5: Reset the Azure environment

3. Type the following command, and then press Enter:

Remove-20533DEnvironment

4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

Version: D1
8. Start Microsoft Edge, browse to the Azure portal at http://portal.azure.com, and sign in by using the
Microsoft account that is the Service Administrator of your Azure subscription.

9. In the Azure portal, click Edit dashboard.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.

11. Click Done customizing.

12. Close all open windows.

Result: After completing this exercise, you should have implemented two Azure web apps and a
Traffic Manager profile configured to distribute requests between them.

Version: D1
Lab Answer Key: Module 6: Planning and implementing
storage, backup, and recovery services
Lab: Planning and implementing Azure Storage
Exercise 1: Creating and configuring Azure Storage

▶ Task 1: Create a storage account

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd and that the setup
script that you ran in the previous demonstration to prepare the environment has completed.

2. Start Microsoft Edge, and then browse to https://portal.azure.com. When prompted, sign in by using the
Microsoft account that is the Service Administrator of your Microsoft Azure subscription.

3. In the hub menu, click + Create resource, and then click Storage.

4. On the Storage blade, click Storage account - blob, file, table, queue.
5. On the Create storage account blade, apply the following settings, and then click Create:

• Name: a valid, unique name consisting of between 3 and 24 lower case characters or digits

• Deployment model: Resource Manager

• Account kind: Storage (general purpose v1)

• Performance: Standard

• Replication: Locally-redundant storage (LRS)

• Secure transfer required: Disabled

• Subscription: the name of your Azure subscription

• Resource group: ensure that Create new is selected and, in the textbox below, type 20533D0602-
LabRG.

• Location: the same Azure region that you chose when running the provisioning script at the beginning of
this module

• Virtual networks (Preview): Disabled

• Pin to dashboard: clear the check box

6. Wait until the storage account is provisioned.

7. In the hub menu, click All services, and then, in the list of services, click Storage accounts.

8. On the Storage accounts blade, click the storage account that you just created.
9. On the storage account blade, click the Blobs tile.

10. On the Blob service blade, click + Container in the toolbar.

11. In the New container section, specify the following settings, and then click OK:
• Name: asset-images

• Access type: Private (no anonymous access)

Version: D1
▶ Task 2: Install AzCopy
1. In Microsoft Edge, open a new tab, and then browse to http://aka.ms/AzCopy.

2. In the Download and install AzCopy section, click the latest version of AzCopy on Windows link.

3. When prompted, click Save. Wait until the download completes and then click Run. This will
automatically launch the setup wizard. Use the wizard to install AzCopy with the default settings. During
the setup, when prompted, in the User Account Control dialog box, click Yes.

4. On the taskbar, right-click Windows PowerShell, and then click Run ISE as Administrator. When
prompted, in the User Account Control dialog box, click Yes.

5. In the Administrator: Windows PowerShell ISE window, if the script pane is not visible, click View and
then, in the View menu, click Show Script Pane.
6. In the script pane, type Set-Location -Path 'C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy'
and then press the F5 key.

7. In the console pane, type .\AzCopy /? and then press Enter.

8. Scroll through the syntax information displayed in the console pane.

▶ Task 3: Use AzCopy to upload blobs

1. In the Administrator: Windows PowerShell ISE window, in the script pane, type:

.\AzCopy.exe /Dest:https://<storage-account-name>.blob.core.windows.net/asset-images
/destkey:<access-key> /Source:E:\Labfiles\Lab06\Starter\asset-images

2. Switch to the Microsoft Edge window displaying the Azure portal, scroll back to the blade for your storage
account, and click Access keys.

3. On the access keys blade, click the Click to copy icon next to Storage account name. If prompted to
allow access to Clipboard, click Allow access.

4. Switch to the Administrator: Windows PowerShell ISE window and replace the <storage-account-
name> entry with the content of Clipboard.
5. Switch to the Microsoft Edge window and, on the access keys blade, click the Click to copy icon next to
key1.

6. Switch to the Administrator: Windows PowerShell ISE window and replace the <access-key> entry
with the content of Clipboard.

7. Press the F5 key to execute the command in the script pane.

Note: If you execute the command and it fails, make note of the error message and the directory in
which the journal files are located. Temporary data files are put into the journal file folder with the
default path “%LocalAppData%” and need to be deleted before running the command again.

8. Examine the output in the console pane and verify that the content of the
E:\Labfiles\Lab06\Starter\asset-images folder was copied to the Azure Storage account container
asset-images.

9. In the Azure portal, on the storage account blade, click Overview.

10. In the Services section of the blade, click the Blobs tile.

11. On the Blob service blade, click the asset-images container.

12. On the asset-images blade, verify that there are six new blobs.

Version: D1
Result: At the end of this exercise, you should have created a new Azure storage account with a
container named asset-images and copied files from your local computer to that container by using
the AzCopy utility.

Exercise 2: Using Azure File storage

▶ Task 1: Create a file share and upload files

1. Switch to the Administrator: Windows PowerShell ISE window.

2. In the Windows PowerShell Integrated Scripting Environment (ISE), in the console pane, type the
following cmdlet and then press Enter:
Add-AzureRmAccount

3. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

Set-AzureRmContext -SubscriptionId 'SubscriptionId'

6. Click File, and then click Open.

7. In the Open dialog box, browse to E:\Labfiles\Lab06\Starter\, click New-20533D06FileShare.ps1, and

then click Open.

8. In the script pane, in the $storageAccountName variable declaration at the beginning, replace the
<storage-account-name> value with the name of the Azure storage account that you created in the
previous exercise.

9. Review the script, noting that it:

• Uses the Get-AzureRmStorageAccountKey cmdlet to retrieve the access key for your storage account.

• Uses the New-AzureStorageContext cmdlet to create a security context for connections to the target
storage account based on the key you retrieved

• Uses the New-AzureStorageShare cmdlet to create an Azure Storage account file share

• Uses the New-AzureStorageDirectory cmdlet to create a directory in the share

• Sets the location of the folder hosting source files to be copied to the Azure Storage file share directory

• Loops through the files in the source folder and uses the Set-AzureStorageFileContent cmdlet to copy
each of them the folder in the Azure file share.
10. Save the script and then press the F5 key.

11. Observe the script as it runs, and then view the output. When you finish, close Windows PowerShell ISE.

Version: D1
▶ Task 2: Access a file share from an Azure VM
1. From the MIA-CL1 lab VM, in Microsoft Edge, on the Azure portal, click All services, click Virtual
machines.

2. On the Virtual machines blade, click ellipsis to the right of the 20533D0601-vm1 entry and click
Connect.
3. When prompted, click Save and then click Open.

4. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

5. In the Windows Security dialog box, type the following credentials, and then click OK:

• User name: Student

• Password: Pa55w.rd1234

8. Wait for the Server Manager window to open, then click Local Server, on the Local Server page, click
the On link next to the IE Enhanced Security Configuration entry, click Off for Administrators, and then
click OK.
9. In the 20533D0601-vm1 Remote Desktop window, click the Internet Explorer icon on the taskbar. If
prompted to set up Internet Explorer, ensure that the Use recommended security, privacy, and
compatibility settings option is selected, and then click OK.
10. Browse to https://portal.azure.com, and then sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.

11. In the hub menu, click All services, and then click Storage accounts.
12. On the Storage accounts blade, click the storage account that you created in the previous exercise, and
then on the blade for your storage account, click the Files tile.

13. On the File service blade, click assets.

14. On the assets blade, click Connect in the toolbar.

15. On the Connect blade, click the Click to Copy icon next to the code appearing in the Connecting from
Windows section. If prompted whether to allow the webpage to access your Clipboard, click Allow
access.

16. Click Start, right-click Windows PowerShell ISE, in the right-click menu, click More and click Run as
administrator.

17. In the Administrator: Windows PowerShell ISE window, if the script pane is not visible, click View and
then, in the View menu, click Show Script Pane.

18. In the script pane, paste the content of Clipboard.

19. In the command line you copied, replace [drive letter] with Z:.

Note: If your key (password) has a / in it, the copy to clipboard will escape this character and replace it
with \/. This will cause the command to fail. Correct the escaped characters or copy the key directly
from Azure.

Version: D1
20. Run the command by pressing the F5 key

21. Start File Explorer, click This PC, and verify that the command executed successfully, resulting in
creation of the Z: drive mapping.
22. Back in the Windows PowerShell ISE window, in the console pane, run the following command to view
the contents of the invoices folder on the Z: drive, which is now mapped to the assets file share that you
created in a previous task:

Get-ChildItem -Path 'Z:\invoices'

23. Verify that invoice documents are listed.

24. Close the Windows PowerShell ISE window and Internet Explorer, and then sign out of the Remote
Desktop session to 20533D0601-vm1.

Exercise 3: Protecting data with Azure Backup

▶ Task 1: Create a recovery services vault

1. On the MIA-CL1, in the Azure portal displayed in Microsoft Edge, in the hub menu, click + Create
resource, on the New blade, click Storage, and, on the Storage blade, click Backup and Site
Recovery (OMS).

2. On the Recovery services vault blade, specify the following settings and click Create:

• Name: vault20533D06
• Subscription: the name of your Azure subscription

• Resource group: ensure that Create new is selected and, in the textbox below, type 20533D0603-LabRG
• Location: the same Azure region that you chose when running the provisioning script at the beginning of
this module

• Pin to dashboard: ensure that the check box is cleared

3. Wait until the vault is provisioned.

▶ Task 2: Configure the vault for on-premises backup

1. In the hub menu, click All services. In the search text box, type Recovery Services vaults and, in the
list of results, click Recovery Services vaults.

2. On the Recovery Services vaults blade, click vault20533D06.

3. On the vault20533D06 blade, click + Backup.

4. On the Backup goal blade, specify the following settings:

• Where is your workload running?: On-premises

• What do you want to back up?: Files and folders

5. Click Prepare Infrastructure.

Version: D1
▶ Task 3: Install and configure the Azure Recovery Services Agent
1. In the Azure portal, on the Prepare infrastructure blade, click the Download Agent for Windows
Server or Windows Client link.

2. When prompted, click Save. Once MARSAgentInstaller.exe finishes downloading, click Run.
3. If prompted, in the User Access Control dialog box, click Yes. This will start Microsoft Azure Recovery
Services Agent Setup Wizard.

4. On the Installation Settings page of the Microsoft Azure Recovery Services Agent Setup Wizard,
click Next.

5. On the Proxy Configuration page of the Microsoft Azure Recovery Services Agent Setup Wizard,
click Next.
6. On the Microsoft Update Opt-In page of the Microsoft Azure Recovery Services Agent Setup
Wizard, select Use Microsoft Update when I check for updates (recommended), and click Next.

7. On the Installation page of the Microsoft Azure Recovery Services Agent Setup Wizard, click Install.

8. Click Proceed to Registration. This will start Register Server Wizard.

9. Switch to Microsoft Edge displaying the Azure portal and, on the Prepare infrastructure blade, click
Download.

10. When prompted, click Save. This will save the vault credentials file to your Downloads folder.
11. Switch back to the Register Server Wizard and, on the Vault Identification page, click Browse.

12. In the Select Vault Credentials dialog box, browse to the Downloads folder, click the .VaultCredentials
file you downloaded, and click Open.

13. Click Next.

14. On the Encryption Setting page of the Register Server Wizard, click Generate Passphrase.
15. On the Encryption Setting page of the Register Server Wizard, next to the Enter a location to save
the passphrase, click Browse.

16. In the Browse For Folder dialog box, navigate to E:\Labfiles\Lab06\Starter\ and click OK.
17. Click Finish and wait for the registration to complete.
18. On the Server Registration page of the Register Server Wizard, ensure that the Launch Microsoft
Azure Recovery Services Agent checkbox is selected and click Close. This will automatically open the
Microsoft Azure Backup console.

▶ Task 4: Create a backup schedule

1. In the Microsoft Azure Backup console, in the Actions pane, click Schedule Backup.

2. In the Schedule Backup Wizard, on the Getting started page, click Next.

3. On the Select Items to Backup page, click Add Items.

4. In the Select Items dialog box, expand **E:\Labfiles06*, select the following folders, and then click OK:

• asset-images

• invoices
5. On the Select Items to Backup page, click Next.

Version: D1
6. On the Specify Backup Schedule page, ensure that the Day option is selected, in the first drop-down list
box below the At following times (Maximum allowed is three times a day) box, select 4:30 AM, and
then click Next.

7. On the Select Retention Policy page, accept the defaults, and then click Next.

8. On the Choose Initial Backup type page, accept the defaults, and then click Next.

9. On the Confirmation page, click Finish. When the backup schedule is created, click Close.

▶ Task 5: Run a backup

1. In the Microsoft Azure Backup console, in the Actions pane, click Back Up Now.

2. In the Back Up Now Wizard, on the Confirmation page, click Back Up.

3. When the backup is complete, click Close, and then close Microsoft Azure Backup.

4. Switch to the Azure portal, navigate back to the Recovery Services vault blade and click Backup items.
5. On the Backup items blade, click Azure Backup Agent.

6. On the Backup Items (Azure Backup Agent) blade, verify that there is an entry referencing the E:\ drive
of mia-cl1..

▶ Task 6: Stop backups and delete the Azure Recovery services vault
1. On the Backup Items (Azure Backup Agent) blade, click the entry referencing the E:\ drive of mia-cl1..

2. On the E:\ on mia-cl1. blade, click the mia-cl1. link.

3. On the mia-cl1. blade, click Delete.

4. On the Delete blade, in the TYPE THE SERVER NAME text box, type mia-cl1. and click Delete.

5. Navigate back to the recovery services vault blade and click Overview.
6. Click Delete. When prompted to confirm, click Yes.

▶ Task 7: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

Version: D1
10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.

11. Click Done customizing.

12. Close all open windows.

Version: D1
Lab Answer Key: Module 7: Implementing containers in
Azure
Lab A: Implementing containers on Azure VMs
Exercise 1: Implementing containers on Azure VMs

▶ Task 1: Install Docker Toolbox for Windows

4. On the Virtual machines blade, click the ellipsis (…) next to the 20533D0701-vm0 entry and, in the drop-
down menu, click Connect.
5. When prompted, click Save and then click Open.
6. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

7. In the Windows Security dialog box, type the following credentials, click the Remember me checkbox,
and then click OK:

• User name: Student

• Password: Pa55w.rd1234
8. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.
9. If prompted in the Remote Desktop session whether to allow your PC to be discoverable, click No.

10. In the Remote Desktop session to 20533D0701-vm0, in Server Manager, click Local Server.

11. Click the On link next to the IE Enhanced Security Configuration label.

12. In the Internet Explorer Enhanced Security Configuration dialog box, in the Administrators and the
Users section, click Off and click OK.

13. Click the Internet Explorer shortcut on the taskbar.

14. If prompted, ensure that Use recommended security, privacy, and compatibility settings is selected
and then click OK.

15. In Internet Explorer, navigate to https://docs.docker.com/docker-for-windows/install/#download-

docker-for-windows

16. On the Install Docker for Windows page, click Get Docker for Windows (Stable).

17. When prompted whether to run or save Docker for Windows Installer.exe, click Run.

18. Once the installation completed, click Close and log out.

Version: D1
▶ Task 2: Use Docker Machine to create hosts in Azure Deploy Docker Toolbox
for Windows
1. On MIA-CL1, in the Azure portal, on the Virtual machines blade, click the ellipsis (…) next to the
20533D0701-vm0 entry and, in the drop-down menu, click Connect.

2. When prompted, click Save and then click Open.

3. In the Windows Security dialog box, sign in as Student with the password Pa55w.rd1234

4. In the Remote Desktop session to 20533D0701-vm0, if prompted in Docker for Windows dialog box
whether to enable Hyper-V, click Cancel.

5. In the Remote Desktop session to 20533D0701-vm0, start Internet Explorer and browse to
https://portal.azure.com. When prompted, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.
6. Click the Cloud Shell icon in the toolbar.

7. If prompted, in the Welcome to Azure Cloud Shell pane, click Bash (Linux).

8. If you are presented with the You have no storage mounted message, ensure that the name of your
subscription appears in the Subscription drop down list, and click Create storage.

9. In the Cloud shell pane, type the following and press Enter:

az account show --query "id" -o tsv

10. This should display the Id of your Azure subscription. Select the output of the command, right-click the
selection, and, in the right-click menu, click Copy.

11. In the Cloud shell pane, type the following, replacing Azure-region with the name of the Azure region
you selected when running Add-20533DEnvironment at the beginning of this module, and press Enter:

az vm image list-skus --location "Azure-region" --publisher Canonical --offer UbuntuServer --output

table

12. Identify the values appearing in the Sku column in the output. Verify that 16.04.0-LTS is available. If that
is not the case, replace 16.04.0-LTS with one of avaialble SKUs in step 16 below.

13. Close the Cloud Shell pane.

14. Right-click Start and click Command Prompt (Admin).

15. From the Administrator: Command Prompt window, type the following, and then press Enter:

cd %USERPROFILE%

16. From the Administrator: Command Prompt window, type the following on one line, replacing Azure-
subscription-Id with the value of your Azure subscription ID you copied earlier in this task, and replacing
the Azure-region with the name of the Azure region you selected when running Add-
20533DEnvironment at the beginning of this module, and then press Enter (make sure to use the lower
case characters when specifying the virtual machine name and verify that the specified virtual machine
size is available in the target Azure region):
docker-machine create --driver azure --azure-ssh-user student --azure-subscription-id "Azure-
subscrption-id" --azure-open-port 80 --azure-image "Canonical:UbuntuServer:16.04.0-LTS:latest" --
azure-location "Azure-region" --azure-resource-group "20533D0702-LabRG" --azure-availability-set
"20533D0702-avset" --azure-static-public-ip --azure-size "Standard_A1_v2" "20533d0702-vm0"

Version: D1
17. The Administrator: Command Prompt window will display the message asking you to use a web
browser to open the page https://aka.ms/devicelogin and enter the code provided at the end of the
message. Start Intrenet Explorer and browse to https://aka.ms/devicelogin.

18. On the Device Login page, type the code and click Continue.

19. On the Docker Machine for Azure page, when prompted to confirm that Docker Machine for Azure is the
application that you try to sign in to, click Continue.

20. When prompted, sign in by using the Microsoft account that is the Service Administrator of the Azure
subscription which Id you provided when running docker-machine.

21. Close the Internet Explorer window.

22. In the Administrator: Command Prompt window, monitor the progress of provisioning the Azure VM.

23. Wait for the Azure VM to be provisioned. Next, in the Administrator: Command Prompt window, type
the following, and then press Enter:
docker-machine ls
24. Verify that the output includes the newly created Azure VM.

25. To obtain the IP address of the target Docker Azure VM, note the IP address in the URL column of the
output of the docker-machine ls command. Alternatively, in the Administrator: Command Prompt
window, type the following, and then press Enter:

docker-machine ip 20533D0702-vm0

26. To verify connectivity to the target Docker Azure VM, in the Administrator: Command Prompt window,
type the following on one line, replacing IP-address with the IP address you identified in the previous
step and then press Enter:
docker -D -H tcp://IP-address:2376 --tlsverify --
tlscacert=C:\Users\Student\.docker\machine\certs\ca.pem --
tlscert=C:\Users\Student\.docker\machine\certs\cert.pem --
tlskey=C:\Users\Student\.docker\machine\certs\key.pem ps
Result: After you complete this exercise, you should have successfully installed Docker Toolbox for
Windows and created a Docker host in an Azure VM.

Exercise 2: Deploying containers to Azure VMs

▶ Task 1: Configure docker-machine environment.

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
type the following, and then press Enter:

docker-machine env 20533d0702-vm0

2. Review the output returned by the docker-machine env command. Next, in the Administrator:
Command Prompt window, type the following, and then press Enter (it will not produce any output):

@FOR /f "tokens=*" %i IN ('docker-machine env 20533d0702-vm0') DO @%i

3. In the Administrator: Command Prompt window, type the following, press Enter, and verify that the
output contains Docker environment variables, including DOCKER_CERT_PATH, DOCKER_HOST,
DOCKER_MACHINE_NAME, and DOCKER_TLS_VERIFY:

SET DOCKER

Version: D1
▶ Task 2: Run a container in a Docker host running on an Azure VM
1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
type the following, and then press Enter:

docker run -d -p 80:80 --restart=always nginx

2. Monitor the progress of the container deployment. To verify the successful outcome, in the
Administrator: Command Prompt window, type the following, and then press Enter:

docker ps

3. To obtain the IP address of the target Docker VM hosting the containerized application, in the
Administrator: Command Prompt window, type the following, and then press Enter:

docker-machine ip 20533D0702-vm0

4. Start Internet Explorer and browse to the IP address you obtained in the previous step. Verify that
Internet Explorer displays the Welcome to nginx! page

Result: After you complete this exercise, you should have successfully run a sample containerized
web server nginx on the Docker host Azure VM.

Exercise 3: Deploying multi-container applications with Docker Compose to Azure

VMs

▶ Task 1: Create a compose file

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
to verify that Docker Compose is installed on the target Docker Azure VM, type the following, and then
press Enter:
docker-compose --version

2. In the Administrator: Command Prompt window, type the following, and then press Enter:

notepad docker-compose.yml
3. When prompted whether to create a new file, click Yes.

4. In Notepad, type the following text, click File and click Save (you can find the file in the
E:\Labfiles\Lab07\Solution folder):

version: "3"
services:
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: Pa55w.rd

Version: D1
▶ Task 2: Deploy the containers with docker-compose to an Azure VM
1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
type the following, and then press Enter:

docker-compose up -d
2. Monitor the progress of the container deployment. To verify the successful outcome, in the
Administrator: Command Prompt window, type the following, and then press Enter:

docker ps

▶ Task 3: Connect to a multi-container application running on an Azure VM

1. In the Remote Desktop session to 20533D0701-vm0, in the Azure portal, in the hub menu, click
Resource groups.

2. On the Resource groups blade, click 20533D0702-LabRG.

3. On the 20533D0702-LabRG blade, click 20533D0702-vm0-firewall.

4. On the 20533D0702-vm0-firewall blade, click Inbound security rules.

5. Click + Add.

6. On the Add inbound security rule blade, ensure that Basic appears in the toolbar, specify the following
settings and click OK:

• Source: Any

• Source port ranges: *

• Destination: Any

• Destination port ranges: 8080

• Protocol: TCP
• Action: Allow

• Priority: 1100
• Name: Port8080-TcpAllowAny
7. Wait for the operation to complete. Next, start Internet Explorer and browse to the port 8080 on the IP
address you obtained in the previous step. Verify that Internet Explorer displays the Wordpress
Installation page

Result: After you complete this exercise, you should have successfully implemented a multi-container
application by using Docker Compose.

Exercise 4: Implementing Azure Container Registry

▶ Task 1: Create an Azure Container Registry

1. In the Remote Desktop session to 20533D0701-vm0, in the Azure portal in the Internet Explorer window,
click + Create resource.

2. On the New blade, click Containers, and then click Azure Container Registry.
3. On the Create container registry blade, specify the following settings and click Create:

• Registry name: a unique name consisting of between 5 and 50 alphanumeric characters

Version: D1
• Subscription: the name of the Azure subscription you are using in this lab

• Resource group: click Create new and, in the text box below, type 20533D0703-LabRG

• Location : East US

• Admin user: Enable (this allows you to use the registry name as username and admin user access key
as password to docker login to the registry)

• SKU : Basic

4. Wait for the operation to complete.

▶ Task 2: Identify Azure Container Registry authentication settings.

1. In the Remote Desktop session to 20533D0701-vm0, in the Azure portal in the Internet Explorer window,
click All services, and in the service menu, click Container registries.

2. On the Container registries blade, click the Azure container registry you created in the previous task.
3. On the container registry blade, click Access keys.

4. Click the Click to copy icon next to the password entry. If prompted whether to allow the webpage to
acces your Clipboard, click Allow access.
5. Note the values of the Username and the Login server entries. The username should match the registry
name and the login server name should consist of the registry name followed by the .azurecr.io suffix.

▶ Task 3: Push an image to Azure Container Registry.

1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
to log in to the Azure Container registry you created in the first task, type the following, replacing the
user-name, password, and login-server entries with the values you identified in the previous task, and
then press Enter:
docker login --username user-name --password password login-server

2. Ensure that you receive the Login succeeded message. Next to pull an existing image from Docker Hub,
in the Administrator: Command Prompt window, type the following, and then press Enter:
docker pull microsoft/aci-helloworld

3. Wait for the image to be downloaded to the Docker Azure VM. Next, to tag the image with the Azure
Container registry name, in the Administrator: Command Prompt window, type the following, replacing
the login-server entry with the value you identified in the previous task, and then press Enter:

docker tag microsoft/aci-helloworld login-server/aci-helloworld:v1

4. To push the tagged image to the Azure Container registry, in the Administrator: Command Prompt
window, type the following, replacing the login-server entry with the value you identified in the previous
task, and then press Enter:

docker push login-server/aci-helloworld:v1

5. Wait for the image to be pushed to the registry. Next, to view the images stored in the Azure Container
registry name, in the Azure portal, in the Internet Explorer window, on the container registry blade, click
Repositories and note that the list includes the aci-helloworld repository.

Version: D1
▶ Task 4: Download and deploy images from the Azure Container Registry
1. In the Remote Desktop session to 20533D0701-vm0, in the Administrator: Command Prompt window,
to pull an image from the Azure Container registry, type the following, replacing the login-server entry
with the values you identified earlier in this exercise, and then press Enter:

docker pull login-server/aci-helloworld:v1

2. Note that, in this case, the image does not need to be downloaded, since it is already present on the
target Docker Azure VM.

3. Next, to deploy the image downloaded from the Azure Container registry, in the Administrator:
Command Prompt window, type the following, and then press Enter:

docker run -d --restart=always -p 8081:80 login-server/aci-helloworld:v1

4. To verify that the image has been successfully deployed, in the Administrator: Command Prompt
window, type the following, and then press Enter:

docker ps

5. Note that the output includes the login-server/aci-helloworld:v1 image.

6. Close the Remote Desktop Session to 20533D0701-vm0.

▶ Task 5: Remove the lab environment

3. Type the following command, and then press Enter:

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

9. In the Azure portal, click Edit dashboard.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.

11. Click Done customizing.

12. Close all open windows.
Result: After you complete this exercise, you should have successfully tested image deployment by
using Azure Container Registry.

Version: D1
Lab B: Implementing Azure Container Service (ACS)
Exercise 1: Creating an ACS Kubernetes cluster

▶ Task 1: Create an ACS Kubernetes cluster

2. If you are presented with the Welcome to Azure Cloud Shell pane, click Bash (Linux).
3. If you are presented with the You have no storage mounted message, ensure that the name of your
subscription appears in the Subscription drop down list, and click Create storage.

4. At the bash prompt, in the Cloud shell pane, type the following command, replacing Azure-region with
the name of the Azure region where you want to deploy the ACS Kubernetes cluster and then press
Enter:

az group create --name 20533D0704-LabRG --location "Azure-region"

5. At the bash prompt, in the Cloud shell pane, type the following command and then press Enter:

az acs create --orchestrator-type kubernetes --resource-group 20533D0704-LabRG --name

20533D0704-k8scluster --generate-ssh-keys

6. Wait for the deployment to complete.

▶ Task 2: Connect to the ACS Kubernetes cluster.

1. To download and configure the credentials to access the ACS Kubernetes cluster, at the bash prompt, in
the Cloud shell pane, type the following command and then press Enter:
az acs kubernetes get-credentials --resource-group 20533D0704-LabRG --name 20533D0704-
k8scluster

2. To verify connectivity to the ACS Kubernetes cluster, at the bash prompt, in the Cloud shell pane, type
the following command and then press Enter:

kubectl get nodes

3. Review the output and verify that the agent nodes are reporting the Ready status.

Result: After you complete this exercise, you should have successfully deployed a new ACS cluster
with the orchestrator of your choice.

Exercise 2: Managing an ACS cluster

▶ Task 1: Deploy a containerized application to the ACS Kubernetes cluster

1. In the Azure portal, in the Microsoft Edge window, in the Cloud shell pane, in order to deploy the nginx
container from the Docker Hub, type the following command and then press Enter:

kubectl run nginx-20533d0704 --image=nginx --replicas=1 --port=80

2. To verify that a Kubernetes pod has been created, at the bash prompt, in the Cloud shell pane, type the
following command and then press Enter:

kubectl get pods

Version: D1
3. To identify the state of the deployment, at the bash prompt, in the Cloud shell pane, type the following
command and then press Enter:

kubectl get deployment

4. To make the pod available from Internet, at the bash prompt, in the Cloud shell pane, type the following
command and then press Enter:

kubectl expose deployment nginx-20533d0704 --port=80 --type=LoadBalancer

5. To identify whether the public IP address has been provisioned, at the bash prompt, in the Cloud shell
pane, type the following command and then press Enter:

kubectl get services

6. Repeat step 5 until the value in the EXTERNAL-IP column for nginx-20533d0704 changes from
<pending> to a public IP address. Note the public IP address in the EXTERNAL-IP column for nginx-
20533d0704.
7. Start Microsoft Edge and browse to the IP address you obtained in the previous step. Verify that Internet
Explorer displays the Welcome to nginx!

▶ Task 2: Manage deployment of a containerized application on the ACS

Kubernetes cluster
1. To scale the deployment, at the bash prompt, in the Cloud shell pane, type the following command and
then press Enter:
kubectl scale --replicas=2 deployment/nginx-20533d0704

2. To verify the outcome of scaling the deployment, at the bash prompt, in the Cloud shell pane, type the
following command and then press Enter:
kubectl get pods

3. In the output of the command you ran in the previous step, verify that the number of pods increased to 2.
4. To delete the deployment, at the bash prompt, in the Cloud shell pane, type the following command and
then press Enter:

kubectl delete deployment nginx-20533d0704

5. To verify that the command you ran in the previous step completed successfully, at the bash prompt, in
the Cloud shell pane, type the following command and then press Enter:

kubectl get deployment

▶ Task 3: Remove the lab environment

3. Type the following command, and then press Enter:

Remove-20533DEnvironment

4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

Version: D1
6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

9. In the Azure portal, click Edit dashboard.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.

11. Click Done customizing.

12. Close all open windows.

Result: After you complete this exercise, you should have successfully deployed a containerized
workload to the new ACS cluster and validated its availability.

Version: D1
Lab Answer Key: Module 8: Implementing Azure Cloud
Services
Lab: Implementing Azure Cloud Services
Exercise 1: Deploying an Azure Cloud Service

▶ Task 1: Create an Azure SQL Server Database for an Azure Cloud Service
1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Windows Microsoft Edge, navigate to https://portal.azure.com, and then sign in with an account
that is the Service Administrator of your Azure subscription.
3. From the Azure portal, identify the region in which you can provision an Azure VM of the size
Standard_A1_v2. This will be the region you will use to provision all resources in this lab.

4. In the Azure portal, click + Create resource. On the New blade, click Databases and then click SQL
Database.

5. On the SQL Database blade, set the Database name to CloudServiceProdDB.

6. Ensure that the name of your Azure subscription appears in the Subscription drop down list.

7. In the Resource group section, ensure that Create new is selected and, in the textbox below, type
20533D0801-LabRG.
8. In the Select source drop down list, click Blank database.
9. Click Server.

10. On the Server blade, click Create a new server.

11. On the New server blade, specify the following settings and click Select.
• Server name: any valid, unique name

• Server admin login: Student

• Password: Pa55w.rd
• Confirm password: Pa55w.rd

• Location: ‘the Azure region you identified in step 3 of this task’

• Allow azure services to access server: make sure that the checkbox is enabled

12. Back on the SQL Database blade, in the Want to use SQL elastic pool? section, ensure that Not now
is selected

13. Click Pricing tier.

14. On the Configure performance blade, click Basic and click Apply.

15. Leave the default value in the Collation text box, leave the Pin to dashboard checkbox unchecked, and
click Create.

▶ Task 2: Create an Azure Storage account for an Azure Cloud Service

1. In the Azure portal, click + Create resource. On the New blade, click Storage and then, on the Storage
blade, click Storage account - blob, file, table, queue.

Version: D1
2. On the Create storage account blade, specify the following settings and click Create:

• Name: ‘any unique name consisting of between 3 and 24 lower case letters or digits’

• Deployment model: Resource manager

• Account kind: Storage (general purpose v1)

• Performance: Standard

• Replication: Locally-redundant storage (LRS)

• Secure transfer required: Disabled

• Subscription: ‘the name of the Azure subscription where you created the SQL database in the previous
task’

• Resource group: ensure that the Use existing option is selected and click 20533D0801-LabRG in the
drop-down list

• Location: ‘the same location you specified in the previous task’

• Virtual networks (Preview): Disabled

• Pin to dashboard: leave the checkbox unchecked

▶ Task 3: Configure the service definition file

1. On the Taskbar, click Visual Studio.
2. Click File, click Open, and then click File.

3. Browse to E:\LabFiles\Lab08\Starter\Production\Package.

4. Click ServiceConfiguration.Cloud.cscfg, and then click Open.

5. Locate the <Role> element with the name set to AdatumAdsWeb.

6. Within that <Role> element, locate the <Instances> element.

7. In the <Instances> element, set the count attribute to 2.

8. Locate the <Role> element with the name set to AdatumAdsWorker.
9. Within that <Role> element, locate the <Instances> element.

10. In the <Instances> element, set the count attribute to 2.

11. Switch to the Azure portal, and, in the hub menu, click All services.

12. In the service menu, click Storage accounts.

13. On the Storage accounts blade, in the list of storage accounts, click the storage acount you created in
the previous task of this exercise.
14. On the storage account blade, click Access keys

15. Click the Click to copy icon next to the CONNECTION STRING entry for key1. If prompted, click Allow
access.

16. Switch to Microsoft Visual Studio.

17. In the ServiceConfigurationCloud.cscfg file, locate the <Role> element with the name AdatumAdsWeb.

Version: D1
18. Within that <Role> element, locate the <Setting> element with the name set to
StorageConnectionString.

19. Delete the string in the value attribute, leaving the leading and trailing quotation marks.
20. Place the cursor between the quotation marks and then press Ctrl+V to paste the storage connection
string you copied from the Azure portal.

21. Locate the <Role> element with the name AdatumAdsWorker.

22. Within that <Role> element, locate the <Setting> element with the name StorageConnectionString.

23. Delete the string in the value attribute, leaving the leading and trailing quotation marks.

24. Place the cursor between the quotation marks and then press Ctrl+V to paste the storage connection
string you copied from the Azure portal.
25. Locate the <Role> element with the name AdatumAdsWeb.

26. Within that <Role> element, locate the <Setting> element with the name set to
Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString.
27. Delete the string in the value attribute, leaving the leading and trailing quotation marks.

28. Place the cursor between the quotation marks and then press Ctrl+V to paste the storage connection
string you copied from the Azure portal.
29. Locate the <Role> element with the name AdatumAdsWorker.

30. Within that <Role> element, locate the <Setting> element with the name set to
Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString.
31. Delete the string in the value attribute, leaving the leading and trailing quotation marks.

32. Place the cursor between the quotation marks and then press Ctrl+V to paste the storage connection
string you copied from the Azure portal.

33. Switch to the Microsoft Edge window displaying the Azure portal.

34. In the Azure portal, in the hub menu on the left, click All services.
35. In the service menu, click SQL databases.

36. On the SQL databases blade, in the list of SQL databases, click CloudServiceProdDB.

37. On the CloudServiceProdDB blade, in the Settings section, click the Connection strings link.
38. On the Database connection strings blade, ensure that the ADO.NET tab is selected, click the Click to
copy icon.

39. Switch back to Visual Studio.

40. Locate the <Role> element with the name AdatumAdsWorker.

41. Within that <Role> element, locate the <Setting> element with the name set to
AdatumAdsDbConnectionString.

42. Delete the string in the value attribute, leaving the leading and trailing quotation marks.

43. Press Ctrl+V to paste the connection string you copied to the Clipboard.

44. In the connection string you just pasted, locate the text {your_username}.

45. Delete the located text, and then replace it with Student.

Version: D1
46. In the connection string you just pasted, locate the text {your_password}.

47. Delete the located text, and then replace it with Pa55w.rd.

48. Click File and then click Save ServiceConfiguration.Cloud.cscfg.

49. Click File and then click Close.

▶ Task 4: Deploy an Azure Cloud Service

1. In the Azure portal, click + Create resource. In the Search the Marketplace text box, type Cloud
service, and, in the list of results, click Cloud service.

2. On the Cloud service blade, click Create.

3. On the Cloud service (classic) blade, specify the following settings

• DNS name: ‘any valid, unique name’

• Subscription: ‘the name of the Azure subscription you have been using for this lab’
• Resource group: ensure that the Use existing option is selected and click 20533D0801-LabRG in the
drop-down list
• Location: ‘the same location you have been using in this lab’

4. Click Package (Optional) Select a package.

5. In the Deployment label textbox, type AdatumAdsProd.

6. Ensure that the Package/configuration location option is set to from local.

7. Set Storage account to the storage account you created in the second task of this exercise.

8. Next to the Package (.cspkg, .zip) text box, click the folder icon.

9. In the Choose File to Upload dialog box, browse to E:\LabFiles\Lab08\Starter\Production\Package.

10. Click AdatumAdsCloudService.cspkg, and then click Open.

11. Wait until the package is fully uploaded.

12. Next to the Configuration (.cscfg) box, click the folder icon.

13. In the Choose File to Upload dialog box, browse to E:\LabFiles\Lab08\Starter\Production\Package.

14. Click ServiceConfiguration.Cloud.cscfg, and then click Open.

15. Wait until the configuration file is fully uploaded.

16. Ensure that Environment switch is set to Production and that the Start deployment checkbox is
enabled.
17. Click OK.
18. Back on the Cloud service (classic) blade, leave the Certificates section and the Pin to dashboard
checkbox with their default values and click Create.
Note: Wait for the deployment to complete. This might take a few minutes.

Result: You created a storage account and a SQL database, edited the service configuration file, and
deployed the cloud service to the production slot.

Version: D1
Exercise 2: Configuring deployment slots and RDP

▶ Task 1: Perform a staged deployment of an Azure Cloud Service

1. In the Azure portal in the Microsoft Edge window, in the Hub menu, click All services and then click
Cloud services (classic).

2. In the Cloud services (classic) blade, click the cloud service you created in the prevous task.
3. On the Overview page of the cloud service, click Production in the toolbar and then click Staging in the
drop-down list.

4. Click Upload in the toolbar.

5. On the Upload a package blade, in the Deployment label text box, type AdatumAdsStage.

6. Ensure that the Package/configuration location option is set to from local.

7. Click Storage account

8. On the Choose storage account blade, click the storage account you created in the previous exercise.

9. Next to the Package (.cspkg, .zip) text box, click the folder icon.

10. In the Choose File to Upload dialog box, browse to E:\LabFiles\Lab08\Starter\Staging\Package.

11. Click AdatumAdsCloudService.cspkg, and then click Open.

12. Wait until the package is fully uploaded.

13. Next to the Configuration (.cscfg) box, click the folder icon.
14. In the Choose File to Upload dialog box, browse to E:\LabFiles\Lab08\Starter\Production\Package.

15. Click ServiceConfiguration.Cloud.cscfg, and then click Open.

16. Wait until the configuration file is fully uploaded.

17. Ensure that the Start deployment checkbox is enabled.

18. Click OK.

Note: Wait for the deployment to complete. This might take a few minutes. Make sure that all roles in
the Staging slot appearing on the cloud service blade are listed with the Running status before you
proceed.

▶ Task 2: Configure RDP access

1. On MIA-CLI, on the Taskbar, right-click the Windows PowerShell icon and, in the right-click menu, click
Run as Administrator. If prompted by the User Account Control dialog box, click Yes.

2. Sign in to the Azure subscription by typing the following command in the Windows PowerShell window,
and then pressing Enter:

Add-AzureAccount

3. In the sign-in windows that appears, sign in by using the Microsoft account that is the Service
Administrator of your Azure subscription.
4. If you have multiple subscriptions associated with your Microsoft account, to identify the subscription in
which you are going to create a virtual network, type the following command, and then press Enter

Get-AzureSubscription

Version: D1
5. Note the value of the Id property for each subscription in the output of the previous command. To specify
the subscription in which you are going to create a virtual network, type the following commands, and
then press Enter (replace SubscriptionId with the actual SubscriptionId property of that subscription):

Select-AzureSubscription -SubscriptionId 'SubscriptionId'

6. Next, execute the following script by typing each of the following commands at the Windows PowerShell
prompt, replacing cloud-service-name with the name of the cloud service you deployed earlier in this
lab, and pressing Enter:
$serviceName = 'cloud-service-name'

$userName = 'Student'

$securePassword = 'Pa55w.rd1234' | ConvertTo-SecureString -AsPlainText -Force

$expirationDate = $(Get-Date).AddDays(31)

$credential = New-Object System.Management.Automation.PSCredential

$userName,$securePassword

Set-AzureServiceRemoteDesktopExtension -ServiceName $serviceName -Credential $credential -

Expiration $expirationDate -Slot Production

Set-AzureServiceRemoteDesktopExtension -ServiceName $serviceName -Credential $credential -

Expiration $expirationDate -Slot Staging

▶ Task 3: Test connectivity

1. In the Azure portal in the Microsoft Edge window, in the cloud service blade, with the Overview page
open, click Staging and then, in the drop-down list, click Production.
2. Click the link under the Site URL label. This will open the production cloud service home page in a new
Microsoft Edge tab. Leave the new Microsoft Edge tab open. You will use it in the next exercise.

3. Switch back to the Microsoft Edge tab displaying the Azure portal. In the cloud service blade, with the
Overview page open, click Production in the toolbar and then, in the drop-down list, click Staging.

4. Click the link under the Site URL label. This will open the staging cloud service home page in a new
Microsoft Edge tab. Note that the staging web site is different from the production one.
5. Close the new Microsoft Edge tab.

6. Switch back to the Azure portal. In the cloud service blade, with the Overview page open, click Staging
in the drop-down list, click Production.

7. In the cloud service blade, click Roles and Instances.

8. Click AdatumAdsWeb_IN_0.
9. On the AdatumAdsWeb_IN_0 blade, click Connect.

10. When prompted whether to open or save the AdatumAdsWeb_IN_0.rdp, click Open.

11. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

12. In the Windows Security dialog box, type the following credentials, and then click OK:

Version: D1
• User name: Student

• Password: Pa55w.rd1234

13. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes. The Remote Desktop Protocol (RDP) client displays the
desktop for the first instance of the web role.

14. Close the remote desktop connection.

15. In the Remote Desktop Connection window, click OK.

Exercise 3: Monitoring cloud services

▶ Task 1: Add metrics to the cloud service monitoring

1. In the Microsoft Edge window, in the Azure portal, click Staging and then, in the drop-down list, click
Production.
2. In the MONITORING section, click Metrics.

3. On the Metrics blade, ensure that AdatumAdsWeb appears in the Role drop down list, and scroll down
to the Network in and out chart.

▶ Task 2: Create an alert for a cloud service

1. Click Network in and out chart.

2. On the Metric blade, click Add metric alert.

3. On the Add rule blade, specify the following and click OK:

• Name: Network In Alert

• Description: Test network in alert

• Alert on: Metrics

• Subscription: the name of the Azure subscription you are using in this lab

• Resource group: 20533D0801-LabRG

• Resource: leave at its default value

• Metric: Network In

• Condition: greater than

• Threshold: 1

• Period: Over the last 5 minutes

• Email owners, contributors, and readers: enable the checkbox

• Additional administrator email(s): ‘type the email address of the Service Administrator account of your
Azure subscription’

• Webhook: leave the textbox clear

Version: D1
4. Switch to the Microsoft Edge tab showing the Production deployment of the cloud service. Refresh the
page several times.

Note: It might take over 5 minutes before the alert is triggered.

▶ Task 3: Monitor a cloud service

1. In the Azure portal, in the hub menu, click All services and then, int the service menu, click Monitor.

2. On the Monitor blade, click Alerts

3. In the list of alerts, note the Network In Alert entry and identify the value in the LAST ACTIVE column.

4. Open a new Microsoft Edge tab.

5. In the address bar, type https://www.outlook.com and then press Enter.

6. If you are prompted to sign in, type the user name and password of the Microsoft Account that is the
Service Administrator of your Azure subscription.

7. In the list of emails, click Microsoft Azure Alerts.

8. Inspect the details of the alert.

9. Close Microsoft Edge.

▶ Task 4: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.
6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

12. Close all open windows.

Result: At the end of this exercise, you will have configured monitoring for an Azure Cloud Service
with a new metric and an alert.

Version: D1
Lab Answer Key: Module 9: Implementing Azure Active
Directory
Lab: Implementing Azure AD
Exercise 1: Administering Azure AD

▶ Task 1: Create an Azure Active Directory tenant

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd.

2. Start Mirosoft Edge, browse to the Azure portal at https://portal.azure.com, and then sign in using the
Microsoft account that is the Service Administrator of your subscription.
3. In the Azure portal, in the hub menu, click + Create a resource, click Security + Identity and then, click
Azure Active Directory.

4. On the Create directory blade, specify the following and click Create:
• Organization name: Adatum

• Initial domain name: a unique, valid name

• Country or region: United States

5. Leave Mirosoft Edge open and wait until the Azure Active Directory tentant is provisioned. Note the
unique name you specified, since you will need it later in this task.

▶ Task 2: Activate Azure AD Premium trial

1. Refresh the Mirosoft Edge window displaying the Azure portal. Next, click your name in the upper right
corner of the Azure portal and, in the drop-down menu, click the name of the Azure Active Directory
tenant you created in the previous task.
2. In the hub menu of the Azure portal, click Azure Active Directory. This will display the adatum Azure
Active Directory tenant blade.

3. Click Quick Start.

4. Click Get a free trial for Azure AD Premium.
5. On the Activate blade, in the AZURE AD PREMIUM P2 section, click Free trial.

6. On the Activate Azure AD Premium P2 trial, click Activate.

7. Wait until the Azure AD Premium trial is successfully activated.

▶ Task 3: Manage users by using the Azure portal

1. Navigate back to the adatum Azure Active Directory tenant blade.

2. On the adatum blade, click Users.

3. Click + New user

4. On the User blade, specify the following settings (where domain-name is the name you assigned to the
Azure Active Directory tenant in the first task of this exercise):

• Name: Remi Desforges

• User name: rdesforges@_domain-name_.onmicrosoft.com

Version: D1
5. Click Profile and, on the Profile blade, specify the following settings and click OK:

• First Name: Remi

• Last Name: Desforges

6. Accept the default Properties, Groups and Directory role settings, click the Show Password checkbox
and note the temporary password.

7. Click Create.

8. Click + New user

9. On the User blade, specify the following settings (where domain-name is the name you assigned to the
Azure Active Directory tenant in the first task of this exercise):
• Name: Karen Gruber

• User name: kgruber@_domain-name_.onmicrosoft.com

10. Click Profile and, on the Profile blade, specify the following settings and click OK:
• First Name: Karen

• Last Name: Gruber

11. Accept the default Properties and Groups settings and click Directory role.

12. On the Directory role blade, click Global administrator and click OK.
13. Click the Show Password checkbox and note the temporary password.

14. Click Create.

15. Start an InPrivate Mirosoft Edge session and browse to the Azure portal at https://portal.azure.com.

16. When prompted to sign in, specify the full user name (including the @_domain-name_.onmicrosoft.com
suffix) of Remi Desforges’ account and the corresponding temporary password.
17. On the Update your password page, in the Current password box, type again the temporary
password. In the New password and Confirm password text boxes, type a new password, and click
Update password and sign in. Take a note of the new password.

Note: If you receive the message We’ve seen that password too many times before. Choose
something harder to guess, you’ll need to modify the password until it is unique enough to be
accepted.

18. If prompted to start Microsoft Azure tour, click Maybe later. Next, click the user name in the upper-right
corner and, in the drop-down menu, click Sign out

19. Close the InPrivate Mirosoft Edge session.

20. Start an InPrivate Mirosoft Edge window and browse to the Azure portal at https://portal.azure.com.

21. When prompted to sign in, specify the full user name (including the @_domain name_.onmicrosoft.com
suffix) of Karen Gruber’s account and the corresponding temporary password.
22. On the Update your password page, in the Current password box, type the temporary password. In
the New password and Confirm password boxes, type a new password, and click Update password
and sign in. Take a note of the new password.

Version: D1
Note: If you receive the message We’ve seen that password too many times before. Choose
something harder to guess, you’ll need to modify the password until it is unique enough to be
accepted.

23. Note the message stating No subscription found. Click SIGN OUT and close the in-private session of
Mirosoft Edge.

▶ Task 4: Manage groups by using the Azure portal

1. Switch to the Microsoft Edge window displaying the Azure portal and ensure that you are viewing the
Users - All users page of the adatum Azure Active Directory tenant blade.

2. Click your user account that is the Service Administrator of your subscription.

3. Click Profile.

4. In the Usage location drop down list, select your country and click Save.

5. Click Licenses.

6. Click + Assign.

7. On the Assign license blade, click Products.

8. On the Products blade, select the checkbox next to the Azure Active Directory Premium P2 entry and
click Select.
9. Click Assignment options.

10. On the License options blade, verify that Azure Active Directory Premium P2, Azure Active
Directory Premium Plan 1, and Azure Multi-Factor Authentication are set to On and click OK.
11. Click Assign.
12. Verify that the assignment completed successfully.

13. Navigate back to the adatum blade and click groups.

14. Click General (Note: if the options are grayed out, refresh Edge browser).
15. On the General blade, specify the following settings and click Save:

• Self-service group management enabled: Yes.

• Users can create security groups: Yes

16. Click All groups.

17. Click + New group.

18. On the Group blade, specify the following settings:
• Group Type: Security

• Group name: Sales

• Group description: Sales employees

• Membership type: Assigned

19. Click Members.

20. On the Members blade, select the checkbox next to the entry Remi Desforges and click Select.
21. Click Create and close the Group blade.

Version: D1
22. Back on the Groups - All groups blade, click + New group.

23. On the Group blade, specify the following settings:

• Group Type: Security

• Group name: Marketing

• Group description: Marketing employees

• Membership type: Assigned

24. Click Members.

25. On the Members blade, select the checkbox next to the entry Karen Gruber and click Select.

26. Click Create and close the Group blade.

27. Back on the Groups - All groups blade and click + New group.

28. On the Group blade, specify the following settings:

• Group type: Security

• Group name: Sales and Marketing

• Group description: Sales and Marketing employees

• Membership type: Assigned

29. Click Members.
30. On the Members blade, select the checkbox next to the Sales and Marketing entries and click Select.

31. Click Create and close the Group blade.

▶ Task 5: Manage users and groups by using Azure PowerShell

1. On the taskbar, right-click Windows PowerShell, and then click Run ISE as Administrator. If prompted,
in the User Account Control dialog box, click Yes.

2. In the PowerShell ISE, click File, and then click Open.

3. In the Open dialog box, browse to E:\Labfiles\Lab09\Starter\.

4. Click Set-20553D0901Lab.ps1, and then click Open.

5. If the script pane is not visible, on the View menu, click Show Script Pane.

6. In the PowerShell ISE, in the console pane, enter the following command and press Enter:
Connect-MsolService

7. In the Enter Credentials dialog box, enter the full user name (including the @_domain
name_.onmicrosoft.com suffix) of Karen Gruber and its password, and then click OK.

8. In the PowerShell ISE, in the script pane, locate the following code:

New-MsolUser -UserPrincipalName mledford@<#Copy your Azure Directory domain name

here#>.onmicrosoft.com -DisplayName 'Mario Ledford' -FirstName 'Mario' -LastName 'Ledford' -
Password 'Pa55w.rd123' -ForceChangePassword $false -UsageLocation 'US'

9. Replace <#Copy your Azure Directory domain name here#> with the unique name you used to specify
the DNS domain name of the Adatum Azure AD tenant in the first exercise of this lab.

Version: D1
10. In the PowerShell ISE window, in the script pane, select the code that you just edited.

11. On the toolbar, click the Run Selection button and wait for the script to complete.

12. In the PowerShell ISE window, in the console pane, enter the following command, press Enter, and verify
that the new user appears in the list of users:

Get-MsolUser

13. In the PowerShell ISE window, in the script pane, locate the following code and select it:
New-MsolGroup -DisplayName 'Azure team' -Description 'Adatum Azure team users'

14. On the toolbar, click the Run Selection button and wait for the script to complete.

15. In the PowerShell ISE window, in the console pane, enter the following command, press Enter, and verify
that the new group appears in the list of groups:

Get-MsolGroup

16. In the PowerShell ISE window, in the script pane, locate the following code and select it:
$group = Get-MsolGroup | Where-Object DisplayName -eq 'Azure team'

17. On the toolbar, click the Run Selection button, and wait for the script to complete.

18. In the PowerShell ISE window, in the script pane, locate the following code and select it:

$user = Get-MsolUser | Where-Object DisplayName -eq 'Mario Ledford'

19. On the toolbar, click the Run Selection button, and wait for the script to complete.

20. In the PowerShell ISE window, in the script pane, locate the following code and select it:
Add-MsolGroupMember -GroupObjectId $group.ObjectId -GroupMemberType 'User' -
GroupMemberObjectId $user.ObjectId

21. On the toolbar, click the Run Selection button, and wait for the script to complete.
22. In the PowerShell ISE window, in the script pane, locate the following code and select it:

Get-MsolGroupMember -GroupObjectId $group.ObjectId

23. On the toolbar, click the Run Selection button, and wait for the script to complete.
24. Switch to the adatum blade of the Azure portal in Mirosoft Edge.

25. Click Users, All users, and verify that Mario Ledford appears in the list of users.

26. Switch back to the adatum blade of the Azure portal in Mirosoft Edge.

27. Click Groups, All groups, and verify that Azure team appears in the list of groups.

Result: After completing this exercise, you should have created Azure AD users and groups by using
the Azure portal and Microsoft Azure Active Directory Module for Windows PowerShell. You also
should have enabled the delegated group management Azure AD Premium functionality.

Exercise 2: Configuring Application SSO

▶ Task 1: Add directory applications and configure SSO

1. Navigate to the adatum Azure Active Directory tenant blade in the Azure portal and click Enterprise
applications.

2. Click New application.

Version: D1
3. On the Add an application blade, in the Enter a name text box above the Add from the gallery section,
type Microsoft Account (Windows Live)

4. In the list of results, click Microsoft Account (Windows Live)

5. On the Microsoft Account (Windows Live) blade, type Windows Live in the Name field, and click Add.
Wait till the application gets added.

6. On the Microsoft Account (Windows Live) - Quick start blade, click Configure single sign-on
(required).

7. On the Single sign-on blade, in the Single Sign-on Mode drop-down list, select Pasword-based Sign-
on and click Save.

8. Close the Single sign-on blade and, on the Microsoft Account (Windows Live) - Quick start blade,
click Assign a user for testing (required).

9. On the Users and groups blade, click + Add user.

10. On the Add assignment blade, click Users and groups.

11. On the Users and groups blade, in the Select text box, type Mario Ledford.

12. Select the entry representing the Mario Ledford user account and click Select.
13. Click Assign Credentials.
14. On the Assign Credentials blade, next to the Assign credentials on behalf of the user? label, click
Yes.
15. On the Assign Credentials blade, in the Email Address text box, type the email address of your
Microsoft Account that is the Service Administrator of the Azure subscription you are using for this lab, in
the Password text box, type the passwod of that account, and click OK.
16. Click Assign.

17. Navigate back to the Add an application blade, in the search box, type Skype.

18. In the list of search results, click Skype and, then on the Skype blade, click Add. Wait till the application
gets added.
19. On the Skype - Quick start blade, click Configure single sign-on (required).

20. On the Single sign-on blade, in the Single Sign-on Mode drop-down list, select Pasword-based Sign-
on and click Save.

21. Close the Single sign-on blade and, back on the Skype - Quick start blade, click Assign a user for
testing (required).
22. On the Users and groups blade, click + Add user.

23. On the Add assignment blade, click Users and groups.

24. On the Users and groups blade, in the Select text box, type Mario Ledford.
25. Select the entry representing the Mario Ledford user account and click Select.

26. Click Assign.

27. On the top right side of the page, click your Azure account name, and then click Sign out.

Version: D1
▶ Task 2: Configure SSO on a client computer
1. From Microsoft Edge, browse to https://myapps.microsoft.com.

2. On the Microsoft Azure page, click Use another account.

3. When prompted to sign in, specify the full user name (including the @_domain name_.onmicrosoft.com
suffix) of the Mario Ledford’s account you created in the previous exercise and Pa55w.rd as the
corresponding password.

4. On the Apps page, click the ellipsis next to the Skype icon. Note the option to update the credentials.

5. On the Apps page, click the ellipsis next to the Microsoft Account (Windows Live) icon. Note that there
is no option to update the credentials.

6. On the Apps page, click Skype.

7. In the Skype dialog box, click Install Now.

8. In the Store window, under the Access Panel Extension header, click Get.

9. Wait for the extension to be downloaded and then, in the Store window, click Launch.

10. When prompted, in the You have a new extension dialog box in the Microsoft Edge window, click Turn
it on.

11. In the upper right corner of the Microsoft Edge window, click the ellipsis and, in the drop-down menu, click
Extensions.
12. Verify that Access Panel Extension is turned on. If not, click Access Panel Extension and move the
slider to the On position.
13. Restart Microsoft Edge and browse back to https://myapps.microsoft.com. If prompted to sign in,
specify the full user name (including the @_domain name_.onmicrosoft.com suffix) of the Mario Ledford’s
account you created in the previous exercise and Pa55w.rd as the corresponding password.
14. On the Apps page, click Skype. Note that you are prompted for credentials, because you did not enter
any credentials on behalf of the user when configuring the application single sign-on settings.

15. Click Cancel in the Skype dialog box.

16. Click the user name in the upper right corner of the Microsoft Edge page and click Sign out.

17. Close Microsoft Edge.

Result: After completing this exercise, you should have configured test applications and validated the
SSO experience.

Exercise 3: Configuring Multi-Factor Authentication

▶ Task 1: Configure Multi-Factor Authentication

1. Start Microsoft Edge, browse to the Azure portal at https://portal.azure.com, and then sign in using the
Microsoft account that is the Service Administrator of your subscription.
2. In the hub menu, click All services and then, in the service menu, click Azure Active Directory.

3. On the adatum blade, click Users and groups.

4. Click All users.

5. If the Multi-Factor Authentication button appears in the toolbar of the Users and groups - All users
blade, click Multi-Factor Authentication. This will open another Microsoft Edge tab. If prompted, sign in

Version: D1
using the Microsoft account that is the Service Administrator of your subscription. Proceed directly to step
13.

6. If the Multi-Factor Authentication button does not appear in the toolbar of the Users and groups - All
users blade, open another tab of Microsoft Edge and browse to https://manage.windowsazure.com.

7. If prompted, sign in with the credentials for the Microsoft account that is the Service Administrator of your
Azure subscription.

8. In the navigation pane, scroll down, and click ACTIVE DIRECTORY.

9. Click the right arrow next to the Adatum directory.

10. Click CONFIGURE.

11. Under multi-factor authentication, click Manage service settings.

12. If prompted, sign in with the credentials for the Microsoft account that is the Service Administrator of your
Azure subscription.
13. On the multi-factor authentication page, ensure that the users tab is displayed. In the users list, select
the check box next to Karen Gruber and, in the quick steps section, click Enable.

14. On the About enabling multi-factor auth page, click enable multi-factor auth.
15. On the Updates successful page, click close.
16. Click the user name entry in the upper right corner of the Microsoft Edge window and, in the drop down
menu, click Sign out.
17. Close the Microsoft Edge window, including both tabs.

▶ Task 2: Test Multi-Factor Authentication

1. Start Microsoft Edge and browse to https://myapps.microsoft.com.

2. On the Microsoft Azure page, click Use another account.

3. When prompted to sign in, specify the full user name (including the @_domain name_.onmicrosoft.com
suffix) of the Karen Gruber’s account and the corresponding password. You will be presented with the
message stating Your admin has required that you set up this account for additional security verification.

4. Click Set it up now.

5. On the Additional security verification page, in the first drop-down list, select Authentication phone.

6. In the Select your country or region drop down list, click the entry representing your country or region.

7. In the adjacent text box, type your mobile phone number, under Method select Send me a code by text
message, and click Next.

8. Retrieve the message on your mobile phone, type it in the text box on the page, and click Verify.
9. On the page Step 3: Keep using your existing applications, note the Get started with this app
password entry, and click Done.

10. Click the user name in the upper right corner of the Apps page and, in the drop-down menu, click Sign
out.

11. Close Microsoft Edge.

Result: After completing this exercise, you should have configured Multi-Factor Authentication for a
Global Admin account.

Version: D1
Exercise 4: Configuring SSO from a Windows 10-based computer that is joined to
Azure AD

▶ Task 1: Join a Windows 10-based computer to Azure AD

2. In the hub menu, click All services and then, in the service menu, click Azure Active Directory.

3. On the adatum blade, click Devices.

4. On the Devices - All devices blade, click Device settings.

5. Verify that the Users may join devices to Azure AD setting is set to All.

6. On MIA-CL1, click Start and then click Settings.

7. In the Settings app, click Accounts, and then click Access work or school.
8. On the Connect to work or school page, click Connect. This will open the Set up a work or school
account window.
9. Click Join this device to Azure Active Directory.

10. On the Let’s get you signed in page, specify the full user name (including the @_domain
name_.onmicrosoft.com suffix) of the Karen Gruber’s account and click Next.
11. On the Enter password page, type the password you assigned to the Karen Gruber’s account in
exercise 1 of this lab and click Sign in.

12. Since you set up Karen Gruber’s account with MFA in the previous exercise, you should receive at this
point a text message conatining a verification code. Retrieve the verification code from your mobile
phone, type it in the text box on the Help us protect your account page, and click Next.

13. On the Make sure this is your organization page, click Join.
14. On the You’re all set page, click Done.

15. Switch back to Microsoft Edge.

16. Navigate back to the adatum page, click Users and Groups, click All Users, and then click Karen
Gruber
17. On the Karen Gruber blade, click Devices.

18. Verify that MIA-CL1 appears in the list of devices.

19. Restart MIA-CL1.

▶ Task 2: Authenticate to Azure from a Windows 10 Azure-joined computer

1. Sign in to MIA-CL1 by using the full user name (including the @_domain name_.onmicrosoft.com suffix)
of the Karen Gruber’s Adatum Azure AD account and its password.

2. On the Your organization requires Windows Hello page, click Setup PIN.
3. You should receive at this point a text message conatining a verification code. Retrieve the verification
code from your mobile phone, type it in the text box on the Help us protect your account page, and
click Next.
4. On the Set up a PIN page, type and retype a PIN, and then click OK. Note that you cannot use a
common number pattern (such as identical digits) and that the PIN must be at least six characters long.

Version: D1
5. On the All set! page, click OK.

6. Start Microsoft Edge, and then go to https://portal.azure.com.

7. Verify that you are automatically signed in as Karen Gruber by using single sign-on.

8. Close all open applications sign out from MIA-CL1.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

Remove-20533DEnvironment

4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.
6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

12. Close all open windows.

Result: After completing this exercise, you should have joined the MIA-CL1 computer to Azure AD and
tested the SSO access to the resources in the cloud.

Version: D1
Lab Answer Key: Module 10: Managing an Active
Directory infrastructure in a hybrid environment
Lab: Implementing and managing Azure AD
synchronization
Exercise 1: Configuring directory synchronization

▶ Task 1: Sign in to the Azure VM hosting an Active Directory domain controller

and create test Active Directory objects.
1. Sign in to MIA-CL1 as Student with the password Pa55w.rd.

2. Right-click Start and click Run (alternatively, click Start and type Run in the Start menu Search box, or
press the Windows key+R). In the Run text box, type the following and press Enter:
Notepad E:\Labfiles\Lab10\Starter\Set-20533D1001Lab.ps1

3. In Notepad, select all lines in the file.

4. In Notepad, click Edit and, in the drop-down menu, click Copy.

5. Open Microsoft Edge and browse to the Azure portal at https://portal.azure.com.

6. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

7. Hover the mouse over the user name entry in the upper right corner of the Azure portal and ensure that
you are signed on to the correct subscription. If not, click the user name entry and, in the drop-down
menu, click the entry representing the Azure subscription that you chose when running the provisioning
script at the beginning of this module.

8. In the hub menu of the Azure portal, click All services and then, in the service menu, click Virtual
machines.
9. On the Virtual machines blade, click the ellipsis to the right of the 20533D1001-vm1 entry and click
Connect.

10. When prompted, click Save and then click Open.

11. If a Remote Desktop Connection warning message displays, select Don’t ask me again for
connections to this computer, and then click Connect.

12. In the Windows Security dialog box, type the following credentials, and then click OK:
• User name: ADATUM\Student

• Password: Pa55w.rd1234

13. If another Remote Desktop Message displays, select the Don’t ask me again for connections to this
computer checkbox, and then click Yes.

14. In the Remote Desktop Session to 20533D1001-vm1, click Start, right-click Windows PowerShell ISE,
click More, and click Run as administrator.
15. In the Administrator: Windows PowerShell ISE window, click View and, in the drop-down menu, click
Show Script Pane.

Version: D1
16. Click Edit and, in the drop-down menu, click Paste to paste the content of Set-
ADUsers20533D10Lab.ps1 you copied to Clipboard.

17. Click Debug and, in the drop-down menu, click Run/Continue.

18. In the PowerShell ISE console, type the following and press Enter:

Get-ADUser -Filter * | Select-Object DistinguishedName

19. Verify that the list of accounts includes Beverly Beach in the AccountsToSync organizational unit and
Darwin Shivers in the AccountsNotToSync organizational unit.

20. Close the Administrator: Windows PowerShell ISE window.

▶ Task 2: Create a new Azure AD tenant and a Global Admin account

1. In the Remote Desktop Session to 20533D1001-vm1, in Server Manager, click Local Server.

2. Click the On link next to the IE Enhanced Security Configuration label.

3. In the Internet Explorer Enhanced Security Configuration dialog box, in the Administrators and the
Users section, click Off and click OK.
4. Click the Internet Explorer shortcut on the taskbar.
5. If prompted, ensure that Use recommended security, privacy, and compatibility settings is selected
and then click OK.
6. In Internet Explorer, navigate to the Azure portal at https://portal.azure.com.

7. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

8. Click + Create resource in the upper left corner of the portal, click Security + Identity, and then, click
Azure Active Directory.

9. On the Active Directory Enterprise blade, specify the following settings and click Create:
• Organization name: AdatumSync

• Initial domain name: a unique, valid name

• Country or region: United States

10. Wait until the new directory is provisioned.
11. Refresh the Internet Explorer window. Next, click the user name in the upper right corner of the Azure
portal and, in the DIRECTORY section of the drop down menu, click the entry labeled AdatumSync.
12. Ensure that ADATUMSYNC appears in the upper right corner of the portal underneath your Microsoft
account name and, in the hub menu, click All services

13. In the services menu, click Azure Active Directory

14. On the adatumsync blade, click the Add a user link on the Quick tasks tile.
15. On the User blade, specify the following settings and click Create:

• Name: SyncAdmin

• User name: syncadmin@_domain name_.onmicrosoft.com where domain name is the unique name
you assigned to the AdatumSync Azure AD tenant earlier in this task

Version: D1
16. Click Profile. On the Profile blade, in the First name textbox, type Sync, in the Last name textbox type
Admin and click OK.

17. Click Directory role.

18. On the Directory role blade, click Global administrator and click OK.

19. Enable Show Password checkbox and note the password.

20. Click Create

21. Start an InPrivate Internet Explorer session and browse to the Azure portal at https://portal.azure.com.

22. When prompted to sign in, specify the full user name (including the @_domain name_.onmicrosoft.com
suffix) of the SyncAdmin account and the corresponding temporary password.

23. On the Update your password page, in the Current password box, type again the temporary
password. In the New password and Confirm password text boxes, type a new password, and click
Update password and sign in. Take a note of the new password.
Note: If you receive the message We’ve seen that password too many times before. Choose
something harder to guess, you’ll need to modify the password until it is unique enough to be
accepted.
24. In the Internet Explorer window, click the user name in the upper-right corner of the page and, in the
drop-down menu, click Sign out

25. Close the InPrivate Internet Explorer session.

▶ Task 3: Install Azure AD Connect with custom settings

1. From the Remote Desktop session to 20533D1001-vm1, start a new Internet Explorer window.
2. Download Azure AD Connect from https://www.microsoft.com/en-
us/download/details.aspx?id=47594.

3. In the pop-up bar at the bottom of the Internet Explorer window, click Save.
4. After the download is complete, click Open Folder.

5. In the File Explorer window, double-click AzureADConnect.msi to start the installation. When prompted,
click Run.

6. On the Welcome page, select I agree to the license terms and privacy notice, and then click
Continue.

7. On the Express Settings page, click Customize.

8. On the Required Component page, review the options, and then click Install.

9. On the User sign-in page, verify that Password Synchronization is selected, and then click Next.
10. On the Connect to Azure AD page, provide the credentials of the newly created SyncAdmin Azure AD
Global Admin, and then click Next:

• USERNAME: syncadmin@_domain name_.onmicrosoft.com where domain name is the unique name

you assigned to the new Azure Active Directory tenant in task 2

• PASSWORD: the password you set in task 2

11. On the Connect your directories page, verify that the adatum.com forest is selected and click Add
Directory

Version: D1
12. In the AD forest account window, click Use existing AD account, specify the following and click OK:

• DOMAIN\USERNAME: ADATUM\Student

• PASSWORD: Pa55w.rd1234, click OK

13. Click Next.

14. On the Azure AD sign-in configuration, note the message Users will not be able to sign-in Azure AD
using their on-premises credentials. This is expected since you do not have a verified domain name.
Enable the Continue without any verified domains checkbox and click Next.

15. On the Domain and OU filtering page, select the Sync selected domains and OUs check box, expand
the adatum.com entry, clear all checkboxes with exception of the one next to the AccountsToSync
entry, and then click Next.

16. On the Uniquely identifying your users page, verify that Users are represented only once across all
directories is selected, and then click Next.
17. On the Filter users and devices page, verify that Synchronize all users and devices is selected, and
then click Next.

18. On the Optional feature page, verify that Password synchronization is selected, and then click Next.
19. On the Ready to configure page, verify that Start synchronization process as soon as the
configuration completes is selected, and then click Install.

Note: Installation might take 5-10 minutes.

20. On the Configuration complete page, click Exit to close Azure AD Connect.
Note: You might need to wait a few minutes for the initial synchronization to complete.

21. Switch back to the Azure portal in the Internet Explorer window.

22. In the Azure portal, on the AdatumSync blade, click the Users and groups, click All Users and confirm
that the list of users includes Beverly Beach from the AccountsToSync OU but does not include
Darwin Shivers from the AccountsNotToSync OU.
Result: After completing this exercise, you should have installed and configured Azure AD Connect,
and have performed initial synchronization.

Exercise 2: Managing synchonization

▶ Task 1: Modify attributes of an Active Directory user and Initiate manual

synchronization
1. In the Remote Desktop Session to 20533D1001-vm1, in the Administrator: Windows PowerShell ISE
window, in the console pane, type the following command and press Enter:

$user = Get-ADUser -Filter "SamAccountName -eq 'bbeach'" -Properties Department,Title -

SearchBase 'OU=AccountsToSync,DC=adatum,DC=com'

2. In the console of the Windows PowerShell ISE window, type the following command and press Enter:

$user | Get-ADUser -Properties Department,Title

3. Note the current values of the Title and Department properties.

4. In the console of the Windows PowerShell ISE window, type the following command and press Enter:

$user | Set-ADUser -Title 'VP' -Department 'Marketing'

Version: D1
5. In the console of the Windows PowerShell ISE window, type the following command and press Enter:

$user | Get-ADUser -Properties Department,Title

6. Verify that the values of the Title and Department properties have changed.

7. In the console pane of the Windows PowerShell ISE, type the following command and press Enter:
Import-Module "C:\Program Files\Microsoft AZure AD Sync\Bin\ADSync\ADSync.psd1"

8. In the console pane of the Windows PowerShell ISE, type the following command and press Enter:

Get-ADSyncScheduler
Note: Get-ADSyncScheduler displays the current configuration settings for synchronization with
Azure AD.

9. At the Windows PowerShell command prompt, type the following command, and then press Enter:

Start-ADSyncSyncCycle -PolicyType Delta

10. Wait until synchronization completes before proceeding to the next step.
11. Switch back to the Azure portal in the Internet Explorer window.
12. In the Azure portal, on the AdatumSync blade, on the Users and groups - All Users blade, click
Beverly Beach
13. In the Overview section of the Beverly beach blade, verify that the values of the Department and Job
title entries match the ones you configured for the Active Directory account. If you do not see any
changes, wait for a few minutes, and then refresh the page.
14. Close the 20533D1001-vm1 remote desktop session, and click OK when prompted.

▶ Task 2: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

Version: D1
12. Close all open windows.

Version: D1
Lab Answer Key: Module 11: Implementing Azure-based
management and automation
Lab: Implementing Automation
Exercise 1: Configuring Automation accounts

▶ Task 1: Create an Automation account

1. Ensure that you are signed in to MIA-CL1 as Student with the password Pa55w.rd, and that the Add-
20533DEnvironment script successfully completed. The script creates two Azure VMs in your
subscription and leaves them in the running state. You will use an Azure Automation runbook to stop
them.

2. Start Microsoft Edge and browse to https://portal.azure.com. When prompted, sign in by using the
Microsoft account that is the Service Administrator of your Azure subscription.
3. Hover the mouse over the user name entry in the upper right corner of the Azure portal and ensure that
you are signed on to the correct subscription. If not, click the user name entry and, in the drop-down
menu, click the entry representing the Azure subscription that you chose when running the provisioning
script at the beginning of this module.

4. In the hub menu of the Azure portal, click All services and then, in the service menu, click Virtual
machines. On the Virtual machines blade, note 20533D1101-vm0 and 20533D1101-vm1 virtual
machines with the running status.

5. In the hub menu, click + Create resource, and then click Monitoring + Management.
6. Click Automation.
7. On the Add Automation Account blade, specify the following:

• Name: AutomationAccount-20533D11

• Subscription: the name of your Azure subscription

• Resource group: ensure that the Create new option is selected and type 20533D1102-LabRG in the text
box
• Location: the same Azure region that you chose when running Add-20533DEnvironment script at the
beginning of this module or, if not available, another region close to it

• Create Azure Run As account: Yes

8. Click Create.

9. Wait for the Automation account to be provisioned. This should take less than a minute.

▶ Task 2: Create and review Automation assets

1. In the Azure portal, in the Hub menu, click All services, and then click Automation Accounts.

2. On the Automation Accounts blade, click AutomationAccount-20533D11.

3. On the AutomationAccount-20533D11 blade, in the SHARED RESOURCES section, click Variables.

4. Click Add a variable.

5. On the New Variable blade, specify the following and click Create:

• Name: VM0

Version: D1
• Description: the first VM

• Type: String

• Value: 20533D1101-vm0

• Encrypted: No
6. Repeat the steps 4 and 5 to create additional two non-encrypted string variables. For each variable,
specify the following name, description and value::
• Name: VM1

• Description: the second VM

• Value: 20533D1101-vm1

• Name: ResourceGroup

• Description: VM resource group

• Value: 20533D1101-LabRG
7. On the AutomationAccount-20533D11 blade, on the SHARED RESOURCES section, click Schedules.
8. Click Add a schedule.

9. On the New Schedule blade, specify the following and click Create:

• Name: EndOfDay
• Description: End of day

• Starts: tomorrow’s date at 6:00:00 PM with the time zone of the Azure region containing the Automation
account

• Recurrence: Recurring

• Recur every: 1 Day

• Set expiration: No
10. On the AutomationAccount-20533D11 blade, on the SHARED RESOURCES section, click Connections.

11. Note two precreated connections AzureClassicRunAsConnection and AzureRunAsConnection. They

were created automatically during provisioning of the Automation account since you selected the option
to create the Azure Run As account.

Result: After completing this exercise, you should have configured a new Microsoft Azure Automation
account and created Automation assets.

Exercise 2: Creating and executing runbooks

▶ Task 1: Import a runbook

1. In the Azure portal, on the AutomationAccount-20533D11 blade, in the PROCESS AUTOMATION
section, click Runbooks.
2. Click Add a runbook.

3. On the Add Runbook blade, click Import an existing runbook.

4. On the Import blade, specify the following and click Create:

• Runbook file: E:\Labfiles\Lab11\Starter\Stop-20533D1101VMs.ps1

Version: D1
• Runbook type: PowerShell Workflow

• Name: Stop-AzureVMs-Workflow

• Description: Stop Azure VMs in parallel

5. On the Runbooks blade, click Stop-AzureVMs-Workflow

6. On the Stop-AzureVMs-Workflow blade, click Edit.

7. On the Edit PowerShell Workflow Runbook blade, review the content of the PowerShell workflow.

▶ Task 2: Publish and execute a runbook

1. On the Edit PowerShell Workflow Runbook blade, click Publish.

2. When prompted to confirm, click Yes. You will be automatically redirected to the Stop-AzureVMs-
Workflow blade.
3. Click Start.

4. When prompted to confirm, click Yes. You will be automatically redirected to a blade displaying the
current job, which name consists of the combination of the runbook name and timestamp of its invocation.
5. Click the Output tile.
6. Monitor the runbook execution. Wait until the job completes.

7. In the hub menu of the Azure portal, click Virtual machines. On the Virtual machines blade, note that
the status of 20533D1101-vm0 and 20533D1101-vm1 virtual machines has changed to Stopped.

▶ Task 3: Remove the lab environment

1. On MIA-CL1, close all open windows without saving any files.

2. On the taskbar, right-click the Windows PowerShell icon, and then click Run as Administrator. In the
User Account Control dialog box, click Yes.

3. Type the following command, and then press Enter:

Remove-20533DEnvironment
4. When prompted, sign in by using the Microsoft account that is the Service Administrator of your Azure
subscription.

5. If you have multiple Azure subscriptions, select the one you want the script to target.

6. If prompted, specify the current lab number.

7. When prompted for confirmation, type y.

10. Right-click unoccupied area of the dashboard and, in the right-click menu, click Reset to default state.
When prompted to confirm, click Yes.
11. Click Done customizing.

12. Close all open windows.

Version: D1
Result: After completing this exercise, you should have imported, published, and executed a
PowerShell workflow-based runbook that deploys two virtual machines in parallel.

Version: D1

Az-104 Azure Administrator Quick Notes
100% (3)
Az-104 Azure Administrator Quick Notes
104 pages
Az 04t00a Enu Powerpoint 09
No ratings yet
Az 04t00a Enu Powerpoint 09
30 pages
AZ 104 Master Cheat Sheet
100% (2)
AZ 104 Master Cheat Sheet
92 pages
Az 104t00a Enu Powerpoint 03
No ratings yet
Az 104t00a Enu Powerpoint 03
43 pages
AZ 104T00A ENU PowerPoint - 03
No ratings yet
AZ 104T00A ENU PowerPoint - 03
43 pages
AZ-104T00A-03-Azure Administration
No ratings yet
AZ-104T00A-03-Azure Administration
44 pages
Az-104 - PPT - 03
No ratings yet
Az-104 - PPT - 03
29 pages
Lesson - 02 - Manage Azure Identities
No ratings yet
Lesson - 02 - Manage Azure Identities
83 pages
ASM - HOL Step by Step
No ratings yet
ASM - HOL Step by Step
88 pages
Microsoft Azure
No ratings yet
Microsoft Azure
2 pages
104 Whizcard (2023) Final Version
No ratings yet
104 Whizcard (2023) Final Version
152 pages
Module 2: Implementing and Managing Azure Networking Lab A: Using A Deployment Template and Azure Powershell To Implement Azure Virtual Networks
No ratings yet
Module 2: Implementing and Managing Azure Networking Lab A: Using A Deployment Template and Azure Powershell To Implement Azure Virtual Networks
14 pages
Ultimate Test Drive Azure Workshop Guide
No ratings yet
Ultimate Test Drive Azure Workshop Guide
82 pages
Az-104 PDF
No ratings yet
Az-104 PDF
191 pages
Module 1: Introduction To Microsoft Azure Lab: Managing Microsoft Azure
No ratings yet
Module 1: Introduction To Microsoft Azure Lab: Managing Microsoft Azure
25 pages
AZ 104 Detailed Study Guide Passitexams
No ratings yet
AZ 104 Detailed Study Guide Passitexams
106 pages
Az 103 - Day01 Itforvn
No ratings yet
Az 103 - Day01 Itforvn
31 pages
Az 104t00a Enu Powerpoint 03
No ratings yet
Az 104t00a Enu Powerpoint 03
40 pages
Lab CLIPw SH Cloud Shell
No ratings yet
Lab CLIPw SH Cloud Shell
10 pages
BAIT3273 Tutorial 5: Core Cloud Services - Manage Services With The Azure Portal
No ratings yet
BAIT3273 Tutorial 5: Core Cloud Services - Manage Services With The Azure Portal
4 pages
20533D 01
No ratings yet
20533D 01
42 pages
Azure104 Module 2
No ratings yet
Azure104 Module 2
14 pages
Az 104t00a Enu Powerpoint 03
No ratings yet
Az 104t00a Enu Powerpoint 03
28 pages
AZ-303 and AZ-304 Links and Tips
No ratings yet
AZ-303 and AZ-304 Links and Tips
25 pages
Azure Administration Tasks
No ratings yet
Azure Administration Tasks
5 pages
Azure Discovery Day Lab Guide
No ratings yet
Azure Discovery Day Lab Guide
32 pages
AZ 104T00A ENU PowerPoint - 03
No ratings yet
AZ 104T00A ENU PowerPoint - 03
43 pages
AZ 104T00A ENU PowerPoint - 03
No ratings yet
AZ 104T00A ENU PowerPoint - 03
24 pages
Azure Administrator Associate
No ratings yet
Azure Administrator Associate
105 pages
Azure Administrator103
No ratings yet
Azure Administrator103
6 pages
8542 Courseoutline
No ratings yet
8542 Courseoutline
10 pages
Azure Syllabus
No ratings yet
Azure Syllabus
10 pages
AZ104 Section 1 Identitiesand Governance Study Material SA
No ratings yet
AZ104 Section 1 Identitiesand Governance Study Material SA
2 pages
Karthick Notes
No ratings yet
Karthick Notes
8 pages
Microsoft Azure Administrator Guia AZ 104
No ratings yet
Microsoft Azure Administrator Guia AZ 104
5 pages
LAB 03d-Manage Azure Resources by Using Azure CLI
No ratings yet
LAB 03d-Manage Azure Resources by Using Azure CLI
2 pages
Azure AZ-104 Certification
No ratings yet
Azure AZ-104 Certification
105 pages
asset-v1-Microsoft+INF216x+2T2017+type@asset+block@INF216x Azure For On-Premises Practical Exercises PDF
No ratings yet
asset-v1-Microsoft+INF216x+2T2017+type@asset+block@INF216x Azure For On-Premises Practical Exercises PDF
24 pages
Syllabus: Module 01 - Administer Identity
No ratings yet
Syllabus: Module 01 - Administer Identity
3 pages
Quiz
No ratings yet
Quiz
3 pages
AZ 104T00A ENU PowerPoint - 03
100% (1)
AZ 104T00A ENU PowerPoint - 03
33 pages
Azure Basics 1
No ratings yet
Azure Basics 1
4 pages
Whizlab Notesazure-104
No ratings yet
Whizlab Notesazure-104
105 pages
AZ-104-Exam Prep Modulewise Important Links
No ratings yet
AZ-104-Exam Prep Modulewise Important Links
8 pages
Microsoft Azure Infrastructure Solutions: Course Curriculum
No ratings yet
Microsoft Azure Infrastructure Solutions: Course Curriculum
1 page
Az 104t00a Enu Powerpoint 03
No ratings yet
Az 104t00a Enu Powerpoint 03
20 pages
AZ-104T00-A: Microsoft Azure Administrator: Course Duration: 32 Hours (4 Days)
No ratings yet
AZ-104T00-A: Microsoft Azure Administrator: Course Duration: 32 Hours (4 Days)
4 pages
Az 300 Studyguide PDF
No ratings yet
Az 300 Studyguide PDF
10 pages
Ranjeet 20533
No ratings yet
Ranjeet 20533
19 pages
Az 104t00a Enu Powerpoint 03
No ratings yet
Az 104t00a Enu Powerpoint 03
35 pages
Microsoft Azure Administration AZ-104: Skills Measured
No ratings yet
Microsoft Azure Administration AZ-104: Skills Measured
4 pages
Microsoft Azure PDF
No ratings yet
Microsoft Azure PDF
1 page
Az - 104
No ratings yet
Az - 104
7 pages
AZ 103 Azure Syllabus
No ratings yet
AZ 103 Azure Syllabus
6 pages
Microsoft AI Cloud Partner Program Benefits Guide - Feb 2025
No ratings yet
Microsoft AI Cloud Partner Program Benefits Guide - Feb 2025
77 pages
Sanet - ST B0CZ4JHLCY
No ratings yet
Sanet - ST B0CZ4JHLCY
168 pages
CNC Machine Black Book
No ratings yet
CNC Machine Black Book
87 pages
Syspro 8 Features Reference Guide
No ratings yet
Syspro 8 Features Reference Guide
135 pages
Unit III - C# - 2022 - 23
No ratings yet
Unit III - C# - 2022 - 23
28 pages
Confirmit System Requirements v18 - 20140318
No ratings yet
Confirmit System Requirements v18 - 20140318
15 pages
Visual Studio Extensibility Development: Extending Visual Studio IDE For Productivity, Quality, Tooling, Analysis, and Artificial Intelligence 2nd Edition Rishabh Verma Download
No ratings yet
Visual Studio Extensibility Development: Extending Visual Studio IDE For Productivity, Quality, Tooling, Analysis, and Artificial Intelligence 2nd Edition Rishabh Verma Download
53 pages
Az-400 5
No ratings yet
Az-400 5
40 pages
PRN222 Assignment02
No ratings yet
PRN222 Assignment02
5 pages
MilestoneMIPSDK GettingStartedGuide en-US
No ratings yet
MilestoneMIPSDK GettingStartedGuide en-US
51 pages
Azure POC's For Interns
100% (1)
Azure POC's For Interns
6 pages
RTOS FILe
No ratings yet
RTOS FILe
31 pages
Dot Net Technology PDF
No ratings yet
Dot Net Technology PDF
2 pages
KiranSree Azure Docx
No ratings yet
KiranSree Azure Docx
3 pages
Oop Lab 1 Part 2
No ratings yet
Oop Lab 1 Part 2
5 pages
Shaik Minhaj (Sr. .NET Full Stack Developer)
No ratings yet
Shaik Minhaj (Sr. .NET Full Stack Developer)
6 pages
The Evolution and Power of DOTNET
No ratings yet
The Evolution and Power of DOTNET
2 pages
Epson Gui Builder 70 Manual-Rc700a rc90 T (r6)
No ratings yet
Epson Gui Builder 70 Manual-Rc700a rc90 T (r6)
166 pages
VB Dotnet Lectures
No ratings yet
VB Dotnet Lectures
49 pages
Dhanasimmaraja Subramani - Page 1
No ratings yet
Dhanasimmaraja Subramani - Page 1
3 pages
CV Ngo Van Tin
No ratings yet
CV Ngo Van Tin
1 page
Full Stack Resume - Gayathri-1
No ratings yet
Full Stack Resume - Gayathri-1
5 pages
Lab 04
No ratings yet
Lab 04
10 pages
Dwnload Full Visual Basic 2012 How To Program 6th Edition Deitel Solutions Manual PDF
100% (28)
Dwnload Full Visual Basic 2012 How To Program 6th Edition Deitel Solutions Manual PDF
35 pages
Cuda EULA
No ratings yet
Cuda EULA
28 pages
Deploying Windows Forms Applications With ClickOnce
No ratings yet
Deploying Windows Forms Applications With ClickOnce
8 pages
2PGDCA4 (B) - Programming With ASP. Net Programming With ASP. Net Programming With ASP. Net
No ratings yet
2PGDCA4 (B) - Programming With ASP. Net Programming With ASP. Net Programming With ASP. Net
38 pages
Microsoft Azure Sample Resume 2
No ratings yet
Microsoft Azure Sample Resume 2
3 pages
Udfs 2019
No ratings yet
Udfs 2019
10 pages
BrijoTPrince ResumeM
No ratings yet
BrijoTPrince ResumeM
1 page
AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Study Guide
From Everand
AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Study Guide
Anand Vemula
No ratings yet
Designing Microsoft Azure Infrastructure Solution AZ 305
From Everand
Designing Microsoft Azure Infrastructure Solution AZ 305
Manish Soni
No ratings yet
Microsoft Azure Database Administrator DP 300
From Everand
Microsoft Azure Database Administrator DP 300
Manish Soni
No ratings yet
Microsoft Azure Administrator AZ 104
From Everand
Microsoft Azure Administrator AZ 104
Manish Soni
No ratings yet
Administering Microsoft Azure SQL Solutions DP 300
From Everand
Administering Microsoft Azure SQL Solutions DP 300
Manish Soni
No ratings yet
Microsoft Azure Developer AZ 204
From Everand
Microsoft Azure Developer AZ 204
Manish Soni
No ratings yet