azure ppe lab guide (print out)

Microsoft Partner Practice Enablement Boot Camp Lab Guide

ContentsLab 1: Create a Virtual Machine in Microsoft Azure....................................................................................5

Overview.....................................................................................................................................................5

Objectives................................................................................................................................................5

System requirements..............................................................................................................................5

Exercise 1: Create a Virtual Machine using the Management Portal.......................................................5

Task 1 – Login......................................................................................................................................5

Task 2 – Create a storage account to contain VHDs for the virtual machines......................................6

Task 3 – Show the QUICK CREATE virtual machine creation option.....................................................7

Task 4 – Create a virtual machine with the GALLERY virtual machine creation option........................8

Lab 1: Summary.....................................................................................................................................11

Lab 2: Connecting Virtual Machines.........................................................................................................11

Overview...................................................................................................................................................11

Objectives..............................................................................................................................................11

System requirements............................................................................................................................11

Exercise 1: Create a virtual machine in an existing cloud service..........................................................11

Task 1 – Create an Availability set for High availability......................................................................11

Exercise 2: Create a virtual machine in an existing cloud service..........................................................13

Task 1 – Create virtual machine using the FROM GALLERY OPTION..................................................13

Exercise 3: Test network connectivity with Ping....................................................................................15

Task 1 – Enable ICMP on demovm2 to validate connectivity.............................................................15

Lab 2: Summary.....................................................................................................................................17

Lab 3: Configuring the Azure Load Balancer..............................................................................................17

Overview...............................................................................................................................................17

Objectives..............................................................................................................................................17


Exercise 1: Configure Web Servers........................................................................................................18

Task 1 – Install and Configure IIS.......................................................................................................18

Exercise 2: Configuring the Load Balancer............................................................................................20

Task 1- Creating a Load Balanced Set................................................................................................20

Exercise 3: Verify Load Balancing ..........................................................................................................24

Task 1- Verify Load Balancing............................................................................................................24

Task 2- View Web Logs to See the Load Balancer HTTP Probes.........................................................25

Lab 3: Summary.....................................................................................................................................27

Lab 4: Configuring Access Control Lists......................................................................................................28

Exercise 1: Secure Remote Desktop Access Only to the Local Network................................................28

Task 1– Save the .RDP file for demovm2 and Validate Connectivity..................................................28

Task 2– Enable an Access Control List................................................................................................29

Task 3– Validate the Access Control List............................................................................................31

Lab 4: Summary....................................................................................................................................31

Lab 5: Configuring Point-to-Site.................................................................................................................31

Exercise 1: Create a Virtual Network.....................................................................................................31

Task 1 – Create a Virtual Network.....................................................................................................31

Exercise 2: Deploy a Virtual Machine into the Virtual Network.............................................................32

Task 1 – Deploy a Virtual Machine into the Virtual Network.............................................................32

Exercise 3: Configure Point-To-Site Connectivity for the Virtual Network.............................................34

Task 1 – Enable Point-To-Site Connectivity........................................................................................34

Task 2 – Create a Network Gateway..................................................................................................34

Task 3 – Create a Virtual Network Authentication Certificate...........................................................34

Task 4 – Upload Client Authentication Certificate to Microsoft Azure...............................................35

Exercise 3: Configure Client Machine to Connect to Virtual Network...................................................36

Task 1 – Install client certificate (.PFX) to authenticate to the Virtual Network................................36

Task 2 – Install the Client VPN Package.............................................................................................37

Exercise 3: Connect to the Virtual Machine using Point-To-Site VPN Connectivity...............................38

Task 1 – Get IP Address of Virtual Machine in the Virtual Network...................................................38

Task 2 – Connect to Virtual Network through the VPN Client...........................................................38

Task 3 – Connect to Virtual Machine using Internal IP Address.........................................................40

Task 4 – Remove Public Endpoints for Virtual Machine.....................................................................41

Lab 5: Summary.....................................................................................................................................42

Lab 6: Create and Configure an Azure Active Directory.............................................................................42

Overview...................................................................................................................................................42

Objectives..............................................................................................................................................42

Exercise 1: Create an Azure Active Directory using the Microsoft Azure Management Portal..............42

Task 1 – Login to the Azure Management Portal...............................................................................42

Task 2 – Create a new Active Directory.............................................................................................43

Task 3 - Associate the Active Directory with your Azure subscription...............................................43

Exercise 2: Add Users to Active Directory..............................................................................................44

Task 1 – Add a Global Administrator to the Active Directory.............................................................44

Task 2 – Add a User to the Active Directory.......................................................................................47

Task 3 – Add a Co-Administrator for the Microsoft Azure Subscription............................................48

Exercise 3: Create a Security Group and add Users to the Group..........................................................49

Task 1 – Sign-in to the Azure Management Portal as the Global Administrator................................49

Task 2 – Create a Security Group.......................................................................................................50

Task 3 – Add a User to the Security Group........................................................................................51

Exercise 4: Sign-in to the Azure Management Portal as a User.............................................................52

Lab 6: Summary.....................................................................................................................................54

Lab 7: Application Access..........................................................................................................................54

Overview...............................................................................................................................................54

Objectives..............................................................................................................................................55

Prerequisites..........................................................................................................................................55

Exercise 1: Add a SaaS Application from the Azure Application Gallery to your Azure Active Directory...............................................................................................................................................................55

Task 1 – Add the Microsoft OneDrive Application.............................................................................55

Task 2 – Assign user access to the Microsoft OneDrive application...................................................57

Task 3 – Use the Access Panel to see and launch Microsoft OneDrive..............................................58

Lab 7: Summary.....................................................................................................................................61

Lab 8: Multi-Factor Authentication............................................................................................................62

Overview...................................................................................................................................................62

Objectives..............................................................................................................................................62

Prerequisites..........................................................................................................................................62

Exercise 1: Create a Multi-Factor Authentication Provider....................................................................62

Task 1 – Sign-in to Azure Management Portal...................................................................................62

Task 2 – Create a Multi-Factor Authentication Provider....................................................................63

Exercise 2: Mange Multi-Factor Authentication for a User in the Active Directory...............................64

Task 1 – Enable Multi-Factor Authentication for User.......................................................................64

Task 2 – Setup Additional Security Verification for User....................................................................66

Exercise 3: View Multi-Factor Authentication Report............................................................................69

Task 1 – Run a Multi-Factor Authentication Report...........................................................................69

Task 2 – View a Multi-Factor Authentication Report.........................................................................71

Lab 8: Summary....................................................................................................................................72

Lab 9: Websites with a SQL Backend.........................................................................................................72

Overview...................................................................................................................................................72

Objectives..............................................................................................................................................72


Exercise 1: Configure the Database...........................................................................................................73

Task 1 – Create a SQL Server Virtual Machine...................................................................................73

Task 2 – Create Orchard Database.....................................................................................................78

Exercise 2: Create a Microsoft Azure Website using Orchard CMS........................................................82

Task 1 – Create the Orchard Website................................................................................................82

Lab 9: Summary....................................................................................................................................85

Lab 1: Create a Virtual Machine in Microsoft Azure

Overview

In this lab you will learn how to use the Microsoft Azure Management Portal options for creating a virtual machine.

Objectives

This lab will show how to:

Login to the Management Portal

Create a Virtual Machine

System requirements

You must have the following to complete this demo:

A reliable Internet connection

An active Microsoft Azure subscription

Estimated time to complete this demo: 10 Minutes

Exercise 1: Create a Virtual Machine using the Management Portal

Task 1 – Login1. Launch a browser and navigate to https://manage.windowsazure.com. Once prompted login

with your Microsoft Azure credentials.

Note: You may need to launch an "in-private" session in your browser if you have multiple Microsoft Accounts.

https://manage.windowsazure.com/

2. After you enter your email, select whether this is a Microsoft or Organization account.

3. From there you will be directed to the correct provider to login with your password.

Task 2 – Create a storage account to contain VHDs for the virtual machines.1. Click on the +NEW link at the bottom-left corner of the screen.

2. Select DATA SERVICES -> STORAGE -> QUICK CREATE

3. Specify the storage account properties. a. A unique name(Should be all lowercase) for the storage account URLb. The Microsoft Azure Location to create the storage account in. c. Select Locally Redundant for Replication field.

4. Press the checkmark next to CREATE STORAGE ACCOUNT to provision the storage account.

5. Before proceeding wait for the storage account creation to complete. (as seen below)

Task 3 – Show the QUICK CREATE virtual machine creation option.1. Click the NEW button at the bottom left of the management portal.

2. Click COMPUTE, VIRTUAL MACHINE and then QUICK CREATEto

3. Review the options on the screen for Windows Server or Linux based virtual machine in this view but do not actually create the virtual machine.

a. DNS NAME: Unique host name. This value is also the name of the cloud service container for the virtual machine. The virtual machine created here will also be named the same as the cloud service.

b. USER NAME: local administrator account name (cannot be administrator)

c. REGION/AFFINITY GROUP: the data center location to create the virtual machine in.

Task 4 – Create a virtual machine with the GALLERY virtual machine creation option.

1. Click the NEW button at the bottom left of the management portal.

2. Click COMPUTE, VIRTUAL MACHINE and then FROM GALLERY

Highlight the virtual machine gallery option available. Select Windows Server 2012 R2 Datacenter and click the 'next arrow' button at the bottom right.

3. Enter the configuration for the virtual machine.

a. VIRTUAL MACHINE NAME: This is the computer name: demovm1. This value must be unique within the same cloud service.

b. SIZE: Small

c. NEW USER NAME: demouser

d. PASSWORD: demo@pass1

4. On the next screen, specify a unique name for your cloud service. Select the same Microsoft Azure region that you created the storage account in in task two. For now, keep availability set as none.

5. On the final page place a checkmark by Microsoft Antimalware and press the Checkmark to Complete.

Lab 1: Summary

In this lab you have learned how to provision a Microsoft Azure Storage Account to act as the underlying storage for Microsoft Azure Virtual Machines. You have also walked through both the QUICK CREATE and GALLERY creation options of the Microsoft Azure Management portal and created a virtual machine with Microsoft Antimalware enabled.

Lab 2: Connecting Virtual Machines

Overview

In this lab, you will use the Microsoft Azure Management Portal to create a second virtual machine in the cloud service created in the previous lab. You will then demonstrate network connectivity, including name resolution and enabling ICMP for ping validation.

Objectives

This demo will show how to:

Configure Availability Sets

Create a virtual machine in an existing cloud service

Enable ICMP on the virtual machines firewalls and demonstrate name resolution and ping.

System requirements




Completed Lab 1 – Creating a Virtual Machine


Exercise 1: Create a virtual machine in an existing cloud service

Task 1 – Create an Availability set for High availability1. Open the configuration for demovm1 that was created in the previous lab by clicking on the

name column of the virtual machine list.

2. Once open click on the CONFIGURE tab.

3. In the settings section, Choose Create an Availability Set in the AVAILABILITY SET dropdown and specify: DemoAVset for the availability set name.

4. Click on the SAVE button.

5. When prompted to restarted click YES.

6. Wait for the Availability set to be created before moving to the next exercise.

Exercise 2: Create a virtual machine in an existing cloud service

Task 1 – Create virtual machine using the FROM GALLERY OPTION1. Click the NEW button at the bottom left of the management portal.

2. Click COMPUTE, VIRTUAL MACHINE and then FROM GALLERY.

3. Highlight the virtual machine gallery option available. Select Windows Server 2012 R2 Datacenter and click the right arrow button at the bottom right corner.

4. Enter the configuration for the virtual machine and click the next arrow to continue.

a. VIRTUAL MACHINE NAME: demovm2

b. SIZE: Small

c. NEW USER NAME: demouser

d. PASSWORD: demo@pass1

5. Select the previously created cloud service from the CLOUD SERVICE drop down. Select the same storage account and the availability set created in the first exercise.

6. Accept the defaults on the endpoint configuration page.

7. Click the Checkmark at the bottom of the screen to complete the virtual machine creation. This will take some time.

Exercise 3: Test network connectivity with Ping

Task 1 – Enable ICMP on demovm2 to validate connectivity.1. Log into the first virtual machine demovm1 by highlighting the virtual machine and clicking

the CONNECT button.

2. Once prompted login with the credentials specified in the creation wizard.

3. Open a command prompt in demovm1, by pressing <Windows Key + R> and typing in CMD then <enter>.

4. Type in ping demovm2. You should resolve an IP address, but there will be no response from the server.

5. Log into the second virtual machine demovm2, by highlighting the virtual machine and clicking the CONNECT button.

6. Once prompted, login with the credentials that you specified in this lab.

7. Once logged in, using Server Manager, click on Tools, Windows Firewall with Advanced Security.

8. Click Inbound Rules

9. Find the File and Printer Sharing (Echo Request ICMPv4-In) rule, right click on it and select Enable Rule.

10. Switch back to demovm1 and in the same command prompt execute ping demovm2 again. This time you should see a response from demovm2.

Lab 2: Summary

In this lab you learned how to provision a second virtual machine in an existing cloud service and join it to an existing availability set. From there you learned how to enable ICMP connectivity (which would apply to any other protocol) to allow connectivity between the two virtual machines.

Lab 3: Configuring the Azure Load Balancer

Overview

In this lab, you will install IIS and configure load balanced HTTP endpoints on demovm1 and demovm2. You will also learn how to use the IIS Web Logs to troubleshoot the Microsoft Azure HTTP Load Balancer probe.

Objectives


Configure load balancing between multiple virtual machines.

Testing and troubleshoot the load balancing probe using web logs.

System requirements




Completed the labs in Module 1.


Exercise 1: Configure Web Servers

In this exercise, you will see how to configure the default iisstart.htm file to see which server is servicing the Load balancer.

Task 1 – Install and Configure IIS1. Select the demovm1 that you created earlier.

2. Click on the CONNECT button at the bottom.

3. You will see a pop up for the download of RDP file at the bottom of the page, click on the OPEN button.

4. Enter the credentials for the virtual machine Demovm1 and click ok.

5. Once logged in click the PowerShell Icon on the task bar then execute the following PowerShell command.

Install-WindowsFeature "Web-Server" -IncludeAllSubFeature –IncludeManagementTools

6. While IIS is installing repeat steps 1-5 on demovm2.

7. Once IIS is installed on the servers navigate to the file iisstart.htm under the folder c:\inetpub\wwwroot. This folder is automatically created when the web-server role is installed.

8. Now you have to edit the default iisstart.htm file by right clicking then select open with notepad.

9. Once notepad is open, add the server name (demovm1) followed by the <br> tag, as shown in the below screenshot and save it. This change will allow you to see which server the request is currently being served from.

10. Repeat Steps 7-9 on the demovm2 virtual machine as well. Make sure you specify demovm2 as the server name in step 9.

Exercise 2: Configuring the Load Balancer

Task 1- Creating a Load Balanced Set 1. Click on the demovm1 virtual machine that was created earlier.

2. Click on the ENDPOINTS tab.

3. Click on ADD button at the bottom of the page.

4. Select ADD A STAND-ALONE ENDPOINT and click the next arrow.

5. In the next screen select HTTP under name field drop down menu.

6. Check the check box for CREATE A LOAD-BALANCED SET. Then click on the right arrow button to continue to next screen.

7. Specify LBHTTP for the LOAD-BALANCED SET NAME, select HTTP in the PROBE PROTOCOL dropdown and in the PROBE PATH field specify /iisstart.htm. Click the check mark to continue.

8. Wait until the update is complete before proceeding. 9. Within the Microsoft Azure Management Portal open the demovm2 configuration and click

ENDPOINTS.

10. Click ADD to launch the add endpoint wizard.

11. In the Add ENDPOINT screen, select the radio button option ADD AN ENDPOINT TO AN EXISTING LOAD-BALANCED SET. Select as LBHTTP load balancer. Then click on the arrow mark at the bottom right corner to continue.

12. Specify HTTP in the NAME field and click the check mark to complete the endpoint addition.

13. Wait until the update is complete before proceeding.

Exercise 3: Verify Load Balancing

Task 1- Verify Load Balancing1. Select demovm1 virtual machine and click on the dashboard.

2. Scroll down and copy the cloud services DNS NAME URL under quick glance section.

3. Click on new tab in internet explorer and paste the URL in the address bar.

4. This will serve up the modified content from iisstart.htm. Note the server name (could be demovm1 or demovm2).

5. Now keep pressing the F5 button in your browser until you see the server name change to the second server in the load balanced set.

Task 2- View Web Logs to See the Load Balancer HTTP Probes

1. Select the demovm2 virtual machine that was created earlier.

2. Click on the connect button at the bottom and when prompted login with the demouser and demo@pass1 credentials.

3. Launch Windows Explorer and browse to the path C:\inetpub\logs\LogFiles\W3SVC1\. Open up the web log file in notepad by double clicking the file.

4. You can see the requests from the Microsoft Azure Load Balancer by finding the requests with the user agent Load+Balancer+Agent. Note the response code is HTTP 200.

5. Close the log file by closing notepad.

6. To see what happens when the probe encounters a response code other than HTTP 200 delete the iisstart.htm file by navigating to C:\Inetpub\wwwroot, right click on the file and click delete.

7. Wait for the load balancer to detect the file specified in the health probe is gone (1-2 minutes) then re-open the log file in C:\inetpub\logs\LogFiles\W3SVC1. You should see HTTP 404s status to the load balancer probe check.

8. Go back to your browser session and refresh the page multiple times using the F5 button. You should only see demovm1 is now in the load balanced set.

9. Open recycle bin and Restore the deleted iisstart.htm.

10. Wait for 1-2 minutes and refresh the page again (it may take multiple times). You should see that demovm2 is back in the load balanced set.

Lab 3:

In this lab, you learned how to configure load balanced HTTP endpoints. You will also have learned how to configure an HTTP Health Probe and to use the IIS Web Logs to troubleshoot the Microsoft Azure HTTP Load Balancer probe.

Lab 4: Configuring Access Control Lists

Exercise 1: Secure Remote Desktop Access Only to the Local Network

Task 1– Save the .RDP file for demovm2 and Validate Connectivity1. Select the demovm2 virtual machine that was created earlier.

2. Click on the connect button at the bottom.

3. Click the arrow by the Save button and click Save as.

4. In the Save as dialog box select desktop in the left pane and click save.

5. Double click on the demovm2.rdp. If you are prompted for credentials this validates that a connection can occur (do not complete the login).

6. Switch to the Microsoft Azure Management Portal and select the demovm1 virtual machine.

7. Click on the connect button at the bottom and fully login with the demouser and demo@pass1 credentials.

8. Copy the demovm2.rdp file from your local desktop and paste it in the desktop of demovm1 over the remote desktop session (CTRL-C local then CTRL-V in Remote Desktop).

9. From within demovm1 double click on the demovm2.rdp. If you are prompted for credentials this shows that you have connectivity to demovm2 from demovm1 (do not complete the login).

Task 2– Enable an Access Control List

1. Open the Virtual Machine dashboard for demovm1 and copy the PUBLIC VIRTUAL IP (VIP) ADDRESS.

2. Open the endpoint configuration for demovm2.

3. Click on ENDPOINTS.

4. Select Remote Desktop endpoint.

5. In the bottom of the page click on MANAGE ACL button.

6. Specify the following properties in the Specify ACL details for the Remote Desktop endpoint screen. The IP address should be the VIP you copied earlier.

a. Rule – Order 1i. Description: Allow Local Access

ii. ACTION: Permitiii. Remote Subnet: 23.99.83.189/32

Note: By default, a Permit rule will deny access to all IPs not specified in the remote subnet and the public IP for the virtual machines (VIP).

7. Press the check mark at the bottom of the screen and wait for the update to complete before proceeding.

Task 3– Validate the Access Control List

1. Double click the demovm2.rdp file from your local desktop to validate that you can no longer connect.

2. From within demovm1 double click the demovm2.rdp file. At this point if the access control list was applied successfully you should be able to connect directly since you are coming from the allowed IP address in the access control list.

Lab 4: Summary

In this lab, you should have learned how to use access control lists to limit access to a public endpoint on a Microsoft Azure Virtual Machine.

Lab 5: Configuring Point-to-Site

Exercise 1: Create a Virtual Network

Task 1 – Create a Virtual Network 1. Launch a browser and navigate to https://manage.windowsazure.com.

2. Click on the NEW, NETWORK SERVICES, VIRTUAL NETWORK, CUSTOM CREATE

3. Specify ppe-vnet as the name of the virtual network and select the region you are working closest to and click the next arrow to continue.

4. Accept the defaults on the DNS Servers and VPN Connectivity page and click the next arrow to continue.

5. Change the STARTING IP to 10.0.16.0 and CIDR /24. Then press the checkmark to create the virtual network.

Exercise 2: Deploy a Virtual Machine into the Virtual Network

Task 1 – Deploy a Virtual Machine into the Virtual Network1. Click on NEW, COMPUTE, VIRTUAL MACHINE, FROM GALLERY


2. Select Windows Server 2012 R2 Datacenter

3. Specify the name of the virtual machine and a username and password.

4. Specify a unique name for the CLOUD SERVICE DNS NAME and for the REGION/AFFINITY GROUP/VIRTUAL NETWORK specify the virtual network created in the first exercise.

5. Click the next arrow and on the last page click the check mark to create the virtual machine.

Exercise 3: Configure Point-To-Site Connectivity for the Virtual Network

Task 1 – Enable Point-To-Site Connectivity 1. Click on NETWORKS on the left of the screen.

2. Click on the PPE-VNET network.3. Click on the CONFIGURE tab at the top.4. Click the Configure pont-to-site connectivity check mark.

5. Click the SAVE button at the bottom of the screen.

6. When prompted to continue, click YES.

Task 2 – Create a Network Gateway1. Click on the DASHBOARD tab at the top of the screen. Notice the message about the gateway

not being created. This is necessary for point-to-site connectivity to function.

2. Click on the CREATE GATEWAY button at the bottom of the screen.

This will take a few minutes to create so proceed to the next task while this is working.

Task 3 – Create a Virtual Network Authentication Certificate1. Start a command prompt on your local machine and change directories to the following path.

CD C:\PPEContent\makecert

2. Execute the following command to create a self-signed root certificate.

makecert -sky exchange -r -n "CN=PPEP2SRoot" -pe -a sha1 -len 2048 -ss My .\PPEP2SRoot.cer

3. Execute the following command to create a self-signed client certificate using the previously created root certificate.

makecert.exe -n "CN=PPEP2SClient" -pe -sky exchange -m 96 -ss My -in "PPEP2SRoot" -is my -a sha1

4. Launch certmgr.msc by typing <Windows Key + R> and type certmgr.msc then press <enter>.

5. Select Personal -> Certificates and scroll down until you see a certificate Issued By PPEP2SClient.

6. Export the PPEP2SClient certificate.

a. Right-click on the PPEP2SClient certificate and select All Tasks -> Export.b. Click Next on the first dialogc. Select Yes, export the private key and click Next.d. Accept the default selection of Personal Information Exchange – PKCS #12 (.PFX) and

click Next.e. Click the checkbox next to Password and enter a password. Click Next.f. For the folder and path enter C:\PPEContent. Click Next.g. Click Finish.h. Click OK on the dialog indicating the export was successful.i. Close MMC.

Task 4 – Upload Client Authentication Certificate to Microsoft Azure1. Upload the root authority certificate to Microsoft Azure.

a. Open the Microsoft Azure Management Portal.b. Click on NETWORKS on the left navigation.c. Click on the PPE-VNET network you created previously.d. Click on the CERTIFICATES tab at the top of the screen.

e. Click the UPLOAD A ROOT CERTIFICATE link.f. In the browser dialog, navigate to the location of the PPEP2SRoot.cer file and select it.

This file should be in this folder:

C:\PPEContent

g. Click he check mark to upload the certificate.

Exercise 3: Configure Client Machine to Connect to Virtual Network

Task 1 – Install client certificate (.PFX) to authenticate to the Virtual Network1. Open Windows Explorer and navigate to the C:\PPEContent folder.2. Right-click on the PPEP2SClient.pfx certificate file and select Install PFX.3. Accept all defaults when stepping through the certificate import wizard and enter the password

when prompted. The password is the password you entered when you exported the certificate from your certificate store.

4. When prompted to install the certificate, select Yes.

5. Click the OK button on the dialog indicating the import was successful.

Task 2 – Install the Client VPN Package1. In the Microsoft Azure Management Portal, click on the DASHBOARD tab for the virtual

network.

2. Install the Client VPN Package by clicking on the appropriate option in the quick glance section.

3. When prompted to run or save the package, select Save to save the file to your C:\PPEContent folder.

4. You will see a warning message because the package is not signed. You can ignore this message for the purposes of this lab. However, for future client machines you want to connect to his network, you may want to sign this file using your organization’s signing service or sign it yourself using SignTool.

5. Open Windows Explorer and navigate to %UserProfile%\Downloads. a. Right-click on the .exe and select Properties -> Unblock.

b. Click OK.c. Double-click on the .EXE to install the Client VPN Package. When prompted to install

select Yes.

Exercise 3: Connect to the Virtual Machine using Point-To-Site VPN Connectivity

Task 1 – Get IP Address of Virtual Machine in the Virtual Network1. In the Microsoft Azure Management Portal, click on the DASHBOARD tab for your Virtual

Network.2. In the resources section, locate the IP ADDRESS of the virtual machine you created in the

previous lab. Make a note of this IP Adress.

Task 2 – Connect to Virtual Network through the VPN Client1. Click on the Internet Connection icon in the system tray (right side of your task bar).

2. Select the PPE-VNET client connection and click the Connect button.

3. When the VPN Client opens, click on the Connect button.

4. Click the Continue button to elevate Connect Manager’s privileges.

5. (Optional) Go back to the Microsoft Azure Management Portal and you can see the DASHBOARD updated to show 1 Client connection.

Task 3 – Connect to Virtual Machine using Internal IP Address1. Press <Windows Key + R>, type mstsc and press <Enter>.

2. Type in the IP Address for the virtual machine that you noted in the previous step and click the Connect buton.

3. Login with the credentials you provided when you created the virtual machine.

4. Click the Yes button on the Remote Desktop Connection warning dialog.

You are now connect to the Virtual Machine using the VPN Client and its internal IP Address.

Task 4 – Remove Public Endpoints for Virtual Machine1. In the Microsoft Azure Management Portal, click on VIRTUAL MACHINES on the left navigation.

2. Click on the Virtual Machine that is in the PPE-VNET Virtual Network.

3. Click on the ENDPOINTS tab at the top of the screen.

These public endpoints are no longer needed now that you have point-to-site connectivity to the virtual network this machine is in.

4. Click on the PowerShell endpoint to select it and then click the DELETE button at the bottom of the screen.

5. Click on the Remote Desktop endpoint to select it and then click the DELETE button at the bottom of the screen.

Lab 5: Summary

In this lab you learned how to configure point-to-site connectivity for a virtual network and then use the VPN Client to connect to the Virtual Network. You learned what is required to authenticate clients to the virtual network. Finally, you observed that the default public endpoints are not necessary when point-to-site connectivity is configured for your network.

Lab 6: Create and Configure an Azure Active Directory

Overview

In this lab, you will learn how to create an Azure Active Directory and associate it with your Azure Subscription. Next, you will create users as regular users in the directory as well as global administrators in the directory. Signed in as a global administrator, you will create a security group and added users to the group.

Objectives

This demo will walk you through how to:

Create a Microsoft Azure Active Directory using the Azure Management Portal

Associate the Active Directory with your Azure subscription

Add Users to the Active Directory

Show Capabilities of the Global Administrator Role

Show Capabilities of the User Role

Estimated time to complete this lab: 15 Minutes

Exercise 1: Create an Azure Active Directory using the Microsoft Azure Management Portal

Task 1 – Login to the Azure Management Portal 1. Launch a browser and navigate to https://manage.windowsazure.com. When prompted,

sign-in with your credentials to access your Azure Subscription.


Note: You may need to launch an "in-private" session in your browser if you have multiple Windows Accounts.

Task 2 – Create a new Active Directory1. In the Windows Azure Management Portal, select +NEW -> APP SERVICES -> ACTIVE

DIRECTORY -> DIRECTORY -> CUSTOM CREATE. 2. In the Add directory window specify the new directory settings.

a. Set Directory to Create new directory.b. Set Name to a name of PPE Labs AD.c. Set Domain Name to a globally unique name of your choice.d. Set Country to your country.

Task 3 - Associate the Active Directory with your Azure subscription1. Now that your Active Directory for your organization exists, the next thing you need to do is

associate this directory with the Windows Azure subscription. What this means is that when you login to the Azure Management Portal for this subscription, you will be doing so in the realm of your new Active Directory.

2. Click on SETTINGS on the left of the screen.

3. Click on SUBSCRIPTIONS at the top of the screen.

4. Highlight your Windows Azure Subscription and click on the EDIT DIRECTORY button at the bottom of the screen.

5. Select the new Active Directory you created in the previous task.

6. Click the right arrow to go to the next screen.

7. Click the check mark to save the change.

8. The Windows Azure Management Portal will reload as result of this change. Notice the change in the URL with respect to the realm. It will show the new Active Directory as the realm in the URL.

Exercise 2: Add Users to Active Directory

Task 1 – Add a Global Administrator to the Active Directory1. In the Azure Management Portal, click on the ACTIVE DIRECTORY link on the left of the

screen.

2. Click on the name of the directory you created previously.3. Click on the USERS tab at the top of the screen.

4. At the bottom of the screen, click the ADD USER link to add a new user.

5. In the Add User window specify the new user settings.a. Set Type of User to New user in your organization.b. Set User Name to a name of johndoe.

6. In the user profile window, specify properties for this user as a Global Administrator.a. Set FIRST NAME to John.b. Set LAST NAME to Doe.c. Set DISPLAY NAME to John Doe (Global Admin).

d. Set ROLE to Global Administrator.e. Set Alternate Email Address to an email address of your choices. Recommend using

the Microsoft Account email address for the subscription. That is, the Account Administrator.

f. Click the right arrow to continue

7. In the Get temporary password window, click the green create button to generate a temporary password for the user.

8. In the New Password field, click the Copy icon to copy the password to your clipboard. Save this to notepad along with the user name for this user. You will need this information shortly.

9. Click the check mark button to create the user in the directory.

This user will be able to administer the active directory only. This user will not be able to login to the Windows Azure Management Portal or provision services in the Subscription (Virtual Machines, Networks, etc.) because this user is not a Co-Administrator for the Microsoft Azure Subscription.

Task 2 – Add a User to the Active Directory1. Repeat Task 1 to add a user as Jane Smith.

a. Set USER NAME to janesmith.b. Set ROLE to User.

This user is a user in the directory right now. This user cannot administer the Active Directory nor can this user login to the Azure Management Portal and provision services.

Task 3 – Add a Co-Administrator for the Microsoft Azure Subscription1. Click on the SETTINGS link on the left of the screen.2. Click on the ADMINISTRATORS tab at the top of the screen.3. Click on the ADD button at the bottom of the screen.4. Enter the email address for John Doe. When you do this, the portal will verify the user

name and show a green check mark. Notice that the user account is an Organizational Account, identified by the organizational account icon (the badge) next to the user.

5. Click on the check box next to the Azure Subscription.6. Click the check mark to add the user as a Co-Administrator of the Azure Subscription.

This user, now being a Co-Administrator for the Azure Subscription, will be able to login to the portal and provision services on the Subscription. This user is also a Global Administrator so this user can also administer the Active Directory.

7. Sign-out of the Azure Management Portal.

Exercise 3: Create a Security Group and add Users to the Group

Task 1 – Sign-in to the Azure Management Portal as the Global Administrator1. Sign-in to the portal at https://manage.windowsazure.com as the John Doe user. Since this

is the first time to sign-in as this user, you will need to enter the temporary password (copy from notepad).

2. Enter the temporary password and then provide a new permanent password as demo@pass1. Press the submit button.


3. Click through the new user tour dialogs for user John Doe. In the Azure Management Portal, you will see user John Doe signed-in as an Organizational User in the upper-right corner of the screen.

Task 2 – Create a Security Group1. Click on ACTIVE DIRECTORY on the left navigation.

2. Click on the PPE Labs AD directory name.

3. Click the ADD GROUP button at the bottom of the screen.

a. Set the NAME to Help Desk.

b. Set the DESCRIPTION to Users staffing the help desk.

c. Click the checkmark button to create the group.

Task 3 – Add a User to the Security Group1. Click on the Help Desk group.

2. Click on the ADD MEMBERS link at the bottom of the screen.

3. Click on Jane Smith, which will result in Jane Smith appearing in the SELECTED section and then click the checkmark button.

4. Jane Smith is now a member of the Help Desk security group.

Exercise 4: Sign-in to the Azure Management Portal as a User

1. From the Internet Explorer main menu, select Tools -> InPrivate Browsing.

2. In the new browser window, sign-in to the portal at https://manage.windowsazure.com as the Jane Smithr. Since this is the first time to sign-in as this user, you will need to enter the temporary password (copy from notepad).


3. Enter the temporary password and then provide a new permanent password as demo@pass1. Press the submit button.

4. As the portal starts to load, you will get a message indicating that there were no subscriptions found for the Jane Smith user. This is expected. Recall, Jane Smith is not a Co-Administrator on the Azure Subscription. Therefore, Jane is not able to sign-in to the Azure Portal and provision services.

5. Close the Internet Explorer window that is in InPrivate Browsing mode.

Lab 6: Summary

In this lab, you learned how to create an Azure Active Directory and associate it with your Azure Subscription. You then learned how to create users as regular users in the directory as well as global administrators in the directory. Signed in as a global administrator, you created a security group and added users to the group. Finally, you observed that users that are not co-administrators on the Azure subscription are not able to sign-in to the Azure Management Portal.

Lab 7: Application Access

Overview

In this lab, you will learn how to add a Software-as-a-Service (SaaS) application for Password-based Single Sign-on to your Azure Active Directory. The SaaS Application you will configure will be Microsoft OneDrive. After adding the application to your Azure Active Directory, you will then learn how to assign user access to the application. Finally, you will sign-in to the Access Panel as a user of the directory to see and launch the Microsoft OneDrive application.

Objectives


Add a SaaS application (Microsoft OneDrive) from the Azure Application Gallery to your Azure Active Directory

Configure the application for Password-based Single Sign-On

Assign permissions for users to access the application

Use the Access Panel to see and launch the application

Prerequisites

1. This hands-on-lab assumes you already completed the Azure AD Introduction lab.2. A Microsoft Account.


Exercise 1: Add a SaaS Application from the Azure Application Gallery to your Azure Active Directory

Task 1 – Add the Microsoft OneDrive Application 1. Launch a browser and navigate to https://manage.windowsazure.com.

2. Sign-in as the John Doe user.

3. Click on the ACTIVE DIRECTORY tab

4. Click on the PPE Labs AD directory.

5. Click on the APPLICATIONS link at the top of your screen.

6. Click on the ADD button at the bottom of the screen.

7. Click on the option to Add an application from the gallery.


8. In the Application Gallery, search for “OneDrive”. Click on Microsoft OneDrive and then click the checkmark button.

Task 2 – Assign user access to the Microsoft OneDrive application1. Click on the green Assign users button.

2. Click on the user Jane Smith.

3. Click the ASSIGN button at the bottom of the screen.

4. In the Assign Users window, click the checkmark button. Do not check the checkbox to enter Microsoft OneDrive credentials on behalf of the user.

Task 3 – Use the Access Panel to see and launch Microsoft OneDrive1. At the Internet Explorer main menu, select File -> New session to open a new browser session.

2. In the new browser session, navigate to http://myapps.microsoft.com.

3. Sign-in as Jane Smith.

a. Username: janesmith@<yourdirectory>.onmicrosoft.com

b. Password: demo@pass1

http://myapps.microsoft.com/

4. In the Access Panel, click on the Microsoft OneDrive Application.

5. The first time you launch this application for this user (on your computer), you will be prompted to install software. Click the green Install Now button.

6. After installing the Access Panel extension, restart the browser and navigate back to the Access Panel http://myapps.microsoft.com.

7. Click on the Microsoft OneDrive application. Since this is the first time you are accessing Microsoft OneDrive as Jane Smith, you are challenged to enter your personal credentials to your personal OneDrive. Enter your Microsoft Account credentials.


8. Your OneDrive will open in the browser.

In the future, when you launch Microsoft OneDrive from the Access Panel as the Jane Smith user, you will not be challenged for credentials. Azure AD has securely stored your credentials and will authenticate you automatically for your OneDrive account.

Lab 7:

In this lab, you learned how to add the Microsoft OneDrive application to your Azure Active Directory. You configured the application for Password-based Single Sign-On and then assigned user access to the application. Finally, you used the Access Panel to see and launch the application when signed in as a user in the Azure Active Directory.

Lab 8: Multi-Factor Authentication

Overview

In this lab, you will learn how to create and configure a multi-factor authentication provider in Microsoft Azure and how to enable multi-factor authentication for users in your Azure Active Directory.

Objectives

This lab will show how to:

Create a multi-factor authentication provider using the Azure Management Portal.

Enable multi-factor authentication for users in your Azure Active Directory.

Prerequisites

3. This hands-on-lab assumes you already completed the Application Access-Password-Based lab.


Exercise 1: Create a Multi-Factor Authentication Provider

Task 1 – Sign-in to Azure Management Portal 1. Launch a browser and navigate to https://manage.windowsazure.com. 2. Sign-in as the John Doe user.

a. Username: johndoe@<yourdirectory>.onmicrosoft.comb. Password: demo@pass1


Task 2 – Create a Multi-Factor Authentication Provider1. Click on +NEW -> APP SERVICES -> ACTIVE DIRECTORY -> MULTI-FACTOR AUTHENTICATION ->

QUICK CREATE.a. Set the NAME to PPE Labs.b. Set USAGE MODEL to Per Enabled User.c. Set DIRECTORY to PPE Labs AD.d. Click the CREATE link in the bottom-right corner.

Exercise 2: Mange Multi-Factor Authentication for a User in the Active Directory

Task 1 – Enable Multi-Factor Authentication for User1. Click on the ACTIVE DIRECTORY section on the left of your screen.2. Click on PPE Labs AD in the NAME column.3. Click on the USERS tab at the top of the screen.4. Highlight (don’t click on) the Jane Smith user and click on the MANAGE MULTI-FACTOR AUTH

button at the bottom of the screen.

5. Change the View to Sign-in allowed users.

6. Click on the check box next to Jane Smith.7. Click on the Enable link for the user.

8. Click on the enable multi-factor auth button in the dialog window.

9. Click on the close button.10. The Jane Smith user will now show Enabled in the Mult-Factor Auth Status column.

Task 2 – Setup Additional Security Verification for User1. At the Internet Explorer main menu, select Tools -> InPrivate Browsing.2. In the new InPrivate Browsing windo, sign-in to the Access Panel at

http://myapps.microsoft.com as Jane Smith.a. Username: janesmith@<yourdirectory>.onmicrosoft.comb. Password: demo@pass1

3. Point out the message about needing to verify the account and then click on the Set it up now button.


4. In the additional security verification screen, provide the contact method details.

a. Set the first field to Mobile phone.

b. Specify your country code and cell phone number.

c. Set Mode to Send me a code by text message.

d. Click on the next button.

5. Click on the verify now button.

6. Retrieve the verification code from the text message sent to your phone.

7. Enter the verification code in step 2 and click on the verify button.

8. Click the next button.

9. Click on the I don’t use this account with these apps button.

10. To finish signing in to the Access Panel, you will be challenged again to enter another security code that will be sent to your phone. As soon as you get the security code, enter it in the sign-in screen. After successfully authenticating, you will be directed to the Access Panel.

11. Close the InPrivate Browsing browser window.

Exercise 3: View Multi-Factor Authentication Report

Task 1 – Run a Multi-Factor Authentication Report1. In the Azure Management Portal, sign-in as the John Doe user if you’re not already.2. Click on ACTIVE DIRECTORY on the left of the screen.3. Click on MULTI-FACTOR AUTH PROVIDERS at the top of the screen.

4. Click on the MANAGE button at the bottom of the screen.5. Click on the VIEW A REPORT link.

6. Click on Summary.

7. Keep the defaults values and click on the Run button.

Task 2 – View a Multi-Factor Authentication Report1. Click on the Queued link on the left of the screen.

2. Click on the View link for the report you ran in the previous exercise.

3. You should see the two authentications for user Jane Smith.

4. (optional) Run a detailed report to see the details for each user that are available.

Lab 8: Summary

In this lab, you learned how to create and configure a multi-factor authentication provider in Microsoft Azure. You also saw how to enable multi-factor authentication for users in your Azure Active Directory and you learned how to run a multi-factor authentication usage report.

Lab 9: Websites with a SQL Backend

Overview

In this lab, you will learn how to create and configure a SQL Server virtual machine and then create a Microsoft Azure Website using the gallery experience to connect to it.

Objectives


Create a SQL Server Virtual Machine

Create a Microsoft Azure Website from the Gallery

Establish a connection to the SQL Server using public endpoints.

System requirements





Exercise 1: Configure the Database

Task 1 – Create a SQL Server Virtual Machine1. Click the NEW button at the bottom left of the management portal.

2. Click COMPUTE, VIRTUAL MACHINE and then FROM GALLERY

3. Select SQL SERVER on the image gallery options below MICROSOFT. Once selected choose SQL Server 2012 SP1 Enterprise (Windows Server 2012) from the options and click the Arrow to continue.

4. Enter the configuration for the virtual machine.

a. VIRTUAL MACHINE NAME: this is the computer name. This value must be unique within the same cloud service. Specify OrchardSQL.

b. SIZE: the virtual machine size. Specify Small.

c. NEW USER NAME: the local administrator account (cannot be administrator). Specify: demouser and a strong password.

5. On the next screen, specify a unique name for your cloud service, the data center location and storage account that you created as part of the setup. .

6. On the endpoint configuration page select the drop down and select MSSQL for the endpoint to allow traffic on 1433.

7. Click the Checkmark at the bottom of the screen to complete the virtual machine creation.

8. Connect to the virtual machine by clicking the CONNECT button on the toolbar and logging in with the credentials specified during creation.

9. Using Server Manager Enable SQL Server connectivity through the firewall by using and clicking on in Tools, Windows Firewall with Advanced Security.

10. Select the Inbound Rule Node, right click and click New Rule

https://github.com/WindowsAzure-TrainingKit/HOL-ConnectingApplications/blob/master/Images/Creating-an-Inbound-Rule.png?raw=true

11. In the new rule wizard select Port and click next.

12. In the Protocols and Ports dialog, specify 1433 for the local ports.

13. Accept the default settings for remaining screens except the last one. Name the rule SQLServerRule and complete the wizard.

https://github.com/WindowsAzure-TrainingKit/HOL-ConnectingApplications/blob/master/Images/new-inbound-rule-type.png?raw=true

https://github.com/WindowsAzure-TrainingKit/HOL-ConnectingApplications/blob/master/Images/inbound-rules-local-port.png?raw=true

https://github.com/WindowsAzure-TrainingKit/HOL-ConnectingApplications/blob/master/Images/new-inbound-rule.png?raw=true

Task 2 – Create Orchard Database1. Launch SQL Management Studio by clicking to the far left bottom corner of the screen to

bring up the Windows 8 UI. Type SQL and the search will automatically find the link to click.

2. Once started click Connect to login to the SQL Server

3. Right click the server name and click Properties.

4. Click on Security and Change Server Authentication to SQL Server and Windows Authentication mode.

5. Press OK to continue.

6. Right click on the server and choose Restart to have the settings take effect.

7. Right click Databases and click New Database.

8. Name the new database OrchardDB and press OK to create the database.

9. Next create a new user for the SQL Server by expanding Security and right clicking on Logins then choose New Login.

10. Create the login

a. Change the login type to SQL Server Authentication

b. Specify the user name and password: demouser and use the same password you specified creating the virtual machine.

c. Specify OrchardDB as the default database.

d. Uncheck Enforce Password Policy

11. Add the user to the Orchard Database by expanding OrchardDB, Security and right clicking on users and clicking New User.

12. Enter demouser for the user name and demouser for the login name.

13. Then select Membership and check db_owner.

Exercise 2: Create a Microsoft Azure Website using Orchard CMS

Task 1 – Create the Orchard Website1. Open the Azure Management Portal and click COMPUTE, WEB SITE, FROM GALLERY

2. On the left select CMS, Orchard CMS and click the next arrow.

3. Enter a unique name for the website and select the region you are working in. Then click the checkbox to create the website.

4. Open the dashboard of the newly created site. On the right side of the page under quick glance copy the SITE URL and open it in a new tab in your browser.

5. Configure the Orchard Site. Specify a name for the site, demouser for the user name and the password you have been using up to this point. Ensure you change the dropdown to Use an existing SQL Server, SQL Express Database.

.

6. Specify the connection string.

Retrieve the cloud service of your SQL Server by opening the dashboard of the SQL virtual machine and noting the DNS name.

Use the example below the textbox to populate the values.

Here is a full example:

Data Source=orchardsqlsvc.cloudapp.net;Initial Catalog=OrchardDb;Persist Security Info=True;User ID=demouser;Password=demo@pass1

7. Press Finish Setup to Complete

Lab 9: Summary

In this hands on lab you learned how to configure SQL Server in a Microsoft Azure Virtual Machine and allow connectivity from a Microsoft Azure Website.

azure ppe lab guide (print out)

Documents

virtual network36task

virtual network31exercise

virtual network38task

virtual network32task

virtual machine41lab

virtual network31task

virtual network34task

virtual network32exercise