Azure Winter Roundup 2016

Microsoft Azure LogoWith the weather starting to warm up and the sun out for longer, the worst of winter is behind us and we have spring to look forward to so what better time to wrap up 2016 with a recap of some of the new features to drop.

What’s New in General Availability

The all important GA milestone means these services are ready for prime time so here’s what’s new in the world of Azure since Al’s last update.

Managed Disks

Azure Virtual Machine Data DiskSince the dawn of infrastructure as a service in Microsoft Azure, Storage Account management has been one of the burdens that stayed with us into the cloud. Like managing LUN mapping and disk tier balancing from on-premises SAN arrays, we had to get the right number of Storage Accounts with the right capacity and number of IOPS in each.

Managed Disks now allows us to offload that burden to Microsoft and means we can provision IaaS VMs with the storage complexity of PaaS (read none). When we provision a machine and select the option to use Managed Disks, the platform with create everything behind the scenes.

Managed Disks are available in Premium and Standard storage flavours but the gotcha here is that for standard, you pay for the fully provisioned disk size, not the thin provisioned in use size as you do with traditional Storage Accounts so some customers may wish to continue using the conventional methods for storage.

For the full story on Managed Disks, read on at https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-managed-disks-and-larger-scale-sets/.

Read the Full Post

Office 365 Group License Management Preview

Sitting on the train yesterday evening, I was glancing across my Twitter feed when I noticed this beauty that I had to share.

https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/

Granted, the feature may be in preview right now so doesn’t quite have it’s game face on just yet but it’s still really worth looking at.

You now have ability to assign Office 365 licenses based on either Azure Active Directory or on-premise synchronised Active Directory group membership (a security group to be specific). No longer do we need to assign the licenses to each user individually or use PowerShell scripts to bulk assign the membership. Simply assign the proper licenses to the group and then make sure everyone is a member of that group. When a user is added to the group, they get the licenses and when the user is removed from the group, they get the licenses taken away, simples.

This may seem like a small feature but for customers’ adopting Office 365 from scratch or for existing customers who are buying up new features or activating license sub-components as part of a progressive Office 365 rollout, this will be an invaluable time saver. You can even have multiple groups and use dynamic group membership to have the groups populated based on attributes of a user object.

I see a real use case for this group based license assignment in scenarios where you have a limited number of licenses available for a particular product and you need to re-assign them from one individual to another. A would be a great example where one department need to use Power BI Pro but another does not and as a users’ department attribute changes from Sales to Operations (as an example), the licenses get moved around. For customers automating their starter and leaver processes, no longer will you need PowerShell Cmdlets which connect to Office 365 and assign the licenses. Just make sure the user is created as a member of the relevant groups and off they go.

I look forward to seeing this feature go into general availability and being used by customers in the field.

Apply Updates on Windows Nano Server 2016

In my previous post, List Updates on Windows Nano Server 2016, I talked about reporting the updates which are installed or missing from your Nano Servers. With that information in hand, you can now move to the more powerful aspect of actually patching them.

In my environment, I don’t want my hosts going out to Microsoft Update on their own, nor do I want to run an entire WSUS server just for a couple of Nano Servers so I patch them manually and this manual patching effort is something which will possibly resonate with others so I thought I would share it.

As it stands, the script requires you to fetch the updates yourself. I am going to work on something using Invoke-WebRequest in PowerShell to automate that step too, but that’s a small price to pay given the minimal number of updates Nano Server requires. Use the Microsoft Update Catalog at https://catalog.update.microsoft.com to obtain any updates you need. Something that was pointed out by Thomas Maurer in his Nano Server updates post at http://www.thomasmaurer.ch/2016/10/how-to-install-updates-on-nano-server/, there is an update for your Nano Servers which is not actually listed and this is the Servicing Stack Update for Windows 10 Version 1607, KB3176939 which you can download from http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3176936. This update is designed to be installed first and it improves the reliability and stability of the servicing stack in Windows which is used by the update process.

Read the Full Post

List Updates on Windows Nano Server 2016

Windows Server 2016 introduced the new SKU, Nano Server. Nano Server is an extremely low footprint operating system designed for micro services and rapid deployment and provisioning and currently supports roles including Failover Clustering, Hyper-V, File Server, Web Server and DNS Server.

With Nano Server being completely headless and at this moment in time, not supporting a Configuration Manager agent for managing operating system patches, there needs to be a way for you to to track and manage patching on them. At home I run two Nano Server hosts using Hyper-V to host some virtual machines and a third running inside a VM for some testing workloads. I decided I wanted to script a way of at least going some way to automate the patching.

The first script below lists the updates that your Nano Server has installed already for reporting purposes. The second lists the updates which are available and require installation. It’s worth noting that for this to work, your Nano Server machines will need access to an update service to find out what updates are available, be it Microsoft Update or WSUS. If you are reading this thinking that you didn’t know Nano Server could use WSUS, well sure it can, you just need to populate the same registry keys you would on a normal Windows machine.

The code for returning the list of updates comes direct from the Microsoft Blog at https://blogs.technet.microsoft.com/nanoserver/2016/10/07/updating-nano-server/ however this assumes a manual process so I have wrapped this up to provide a level of automation.

Read the Full Post