Azure Cool Blob Storage

Azure’s new cool blob is now GA. But what is cool blob?

Well cool blob is a new blob storage feature for data that is accessed infrequently. In other words it’s good for backups, archives, scientific data etc.

The price of a cool blob is extremely low, between 1 to 1.6 cents per GB per month depending on region.

Cool blobs come with a 99% SLA compared with the 99.9% SLA offered on it’s hot tier. Azure cool blobs API is 100% compatible with existing blob storage offerings.

The Service is only available using the new modern ARM deployment, so if for some reason you need to use classic deployment then you cant take advantage of the new service. Also the service is offered as a block blob for unstructured data, so it can’t be used to store IAAS VHD’s, this makes sense as VHD’s need random read and write operations.

You can read more on the new offering at the Azure Blog over here


Important Notice For All Office 365 Hybrid Environments

Just saw this important blog issue from Microsoft.

On April the 15th Microsoft is renewing the TLS Certificate used by Office 365.

This means that hybrid mail flow may be broken for users who do not take appropriate action.

This fix is quite simple. All on-prem servers used for hybrid  need to be updated to Exchange 2013 CU9 or later and the Exchange hybrid wizard needs to be run again.

You can find the latest version of the hybrid wizard over here

You can find the full Microsoft blog regarding this issue over here

How To Manage Scheduler in new Azure AD Connect

As I mentioned last week the new version of Azure AD Connect has been released and now includes a built in scheduler. This means that it no longer relies on the Windows Task Scheduler to run synchronization jobs. While this is defiantly an improvement it does mean that you can no longer use the Windows task scheduler to manually run a job. That is now all down to PowerShell, so after tinkering around a bit I decided to list some of the most required commands for running jobs.

Fist of all after initial installation there is a Check box to start the initial sync after installation. If you do not check this box the sync will never run until a correct command is issued.Start Sync

To check if Sync is enabled or not we need to run the following command Get-ADSyncScheduler

Check Sync

In my case you can see that SyncCycleEnabled is set to true. However if it set to false then the client is not performing any syncs.
To enable the Sync cycle you will need to issue the following command Set-ADSyncScheduler -SyncCycleEnabled $True
The sync will be run automatically once every 30 minutes.

To manually kick off a sync cycle we will need to issue one of the following commands.

Start-ADSyncSyncCycle -PolicyType Delta

A delta sync cycle will:

  • Delta import on all connectors
  • Delta sync on all connectors
  • Export on all connectors

This is the command that you will usally use to run a manuall sync.

You could also run a full cycle by issuing the following command
Start-ADSyncSyncCycle -PolicyType Initial

An initial sync cycle will

  • Full import on all connectors
  • Full sync on all connectors
  • Export on all connectors

You mainly want to issue this command if you have made one of the following changes:

  • Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included

If for some reason you need to stop the Sync Scheduler then you can issue the following command Stop-ADSyncSyncCycle

So now that you know the commands you can go ahead and update to the latest version of Azure AD Connect.





New Azure AD Connect

The new version of Azure AD connect has been released.

So what’s new?

  • Automatic upgrade feature for Express settings customers.
    Support for the global admin using MFA and PIM in the installation wizard.
  • user’s sign-in can be changed after initial install.
  • We can now set Domain and OU filtering in the installation wizard.
  • We get a Scheduler is built-in to the sync engine.

Also Device Writeback and Directory extensions are now fully available (previously these were preview only).

You can download the new version of Azure AD Connect here.

Azure V2 is now the default portal

For those who have worked with Azure already you’ve probably seen the link for the preview portal?

Well the preview portal is now more or less out of preview. I say more or less as some services such as Azure AD will still redirect you back to the classic portal.

However most services such as Virtual Machines, Networking, SQL… can now be fully managed through the new portal.

The new portal isn’t just a portal it’s partly a new Azure and is being referred to as Azure V2.

There a re many functionality changes the main being that we now cluster recourses into a resource group (AKA – ARM – Azure Resource Manager) to allow for lifecycle management of shared resources.
This in a way replaces the former Cloud Service.

Also Networking is rebuilt from the ground up, objects such as load balancers and nics which provide a lot of flexibility in how you design your resources.
Allowing us to separately manage traffic rules per ARM, VM, nic or load balancer.

Unfortunately current VM’s and resources created in Cloud Service are still managed through the classic portal. Only newly created VM’s created in the new portal (or Powershell) and odcourse deployed to ARM can be managed from the New portal.

My understanding is that Microsoft is working on a migration path to the New model.

Let’s hope they make this available to us soon.

Linux Integration Services 4.0.11 released for Hyper-V

Microsoft just released and update for Linux integration tools.
The new integration tools are available for download here

The integration tools allow running of the supported Linux distributions on the following platforms:

  • Windows Server 2008 R2 (applicable editions)
  • Microsoft Hyper-V Server 2008 R2
  • Windows 8 Pro, 8.1 Pro, 10 and 10 Pro
  • Windows Server 2012 and 2012 R2
  • Microsoft Hyper-V Server 2012 and 2012 R2
  • Windows Server Technical Preview
  • Microsoft Hyper-V Server Technical Preview
  • Microsoft Azure

The new integration tools add support for the following Linux releases:

  • Red Hat Enterprise Linux 5.5-5.11 32-bit, 32-bit PAE, and 64-bit
  • Red Hat Enterprise Linux 6.0-6.7 32-bit and 64-bit
  • Red Hat Enterprise Linux 7.0-7.1 64-bit
  • CentOS 5.5-5.11 32-bit, 32-bit PAE, and 64-bit
  • CentOS 6.0-6.7 32-bit and 64-bit
  • CentOS 7.0-7.1 64-bit
  • Oracle Linux 6.4-6.7 with Red Hat Compatible Kernel 32-bit and 64-bit
  • Oracle Linux 7.0-7.1 with Red Hat Compatible Kernel 64-bit

Also remember that many Linux distributions already have Integration tools included with them and there is no need for a separate install.
You can find the list of supported Linux versions over here.

Connecting Windows 10 to Azure AD

Las year Microsoft released Azure AD. Now at first I wasn’t sure what the value of this product really was. As time has gone by we’ve learnt that apart from being the foundation for office 365 user management Azure AD can be used for allowing SSO between cloud services including non Microsoft services such as Salesforce, Dropbox, Box and way more.

But with Windows 10 comes the big change. I’ve been running the preview version of windows 10 for the better part of 3 months now and I must say that I am thoroughly enjoying both the OS and the Azure AD connection. Connecting your Windows 10 to Azure AD allow for SSO with all supported platforms. This of course includes office 365 (Web based SSO requires using Microsoft Edge as your browser), CRM Online and any other service that you have connected to Azure AD such as Salesforce, Dropbox and so forth. You can also extend capabilities to GPO, Anti Virus management, Software Deployment and more by using an MDM solution such as Microsoft Intune.

So how do we connect are Windows 10 device to Azure AD?
Well the easiest way is to simply login to the device using your company (Azure AD) credentials. If your device is already setup and using a different set of credentials don’t panic, you can still connect your device to Azure AD. Simply open up Settings and head over to System and click Join Azure AD. You will be prompted for credentials and your computer will be joined to the Azure AD. Connecting your device to Azure AD will also automatically set up the built in Mail & Calendar apps to connect to your office 365 account.

Azure AD Join

Now what would I like to see coming?

I believe that the possibility of syncing local AD GPO’s to Azure AD would be a great improvement. And of course managing the GPO through Azure AD and not an MDM product would also vastly improve the products usability.

Either way this is still a great value addition, especially for companies with remote workforce who have PC’s that are not connected the Local Domain and also a great solution for temp workers who just require Mail and SSO capabilities with company products.