Overview

This course teaches IT Professionals how to manage core Windows Server workloads and services using on-premises, hybrid, and cloud technologies. The course teaches IT Professionals how to implement and manage on-premises and hybrid solutions such as identity, management, compute, networking, and storage in a Windows Server hybrid environment.

Audience Profile

This four-day course is intended for Windows Server Hybrid Administrators who have experience working with Windows Server and want to extend the capabilities of their on-premises environments by combining on-premises and hybrid technologies. Windows Server Hybrid Administrators implement and manage on-premises and hybrid solutions such as identity, management, compute, networking, and storage in a Windows Server hybrid environment.

Syllabus

Learn about the fundamentals of Active Directory Domain Services (AD DS) in Windows Server, including forests, domains, sites, domain controllers, organizational units (OUs), users, and groups.

Learning Objectives
  • Describe AD DS.
  • Describe users, groups, and computers.
  • Identify and describe AD DS forests and domains.
  • Describe OUs.
  • Manage objects and their properties in AD DS.

Learn about essential AD DS domain controllers management and maintenance tasks, including their deployment, backup and recovery, and schema management. Find out about design considerations for optimal number, roles, and location of domain controllers.

Learning Objectives
  • Deploy AD DS domain controllers.
  • Maintain AD DS domain controllers.
  • Describe the AD DS global catalog role and its placement considerations.
  • Describe AD DS operations master roles, their placement considerations, and their management tasks.
  • Describe AD DS schema and its management tasks.

Learn to implement Group Policy Objects (GPOs) in Active Directory Domain Services (AD DS) in Windows Server 2019.

Learning Objectives
  • Describe GPOs.
  • Describe GPO scope and inheritance.
  • Describe domain-based GPOs.
  • Create and configure GPOs.
  • Explain GPO storage.
  • Describe administrative templates and the Central Store.

Learn about advanced AD DS administration tasks, including creating trust relationships, implementing Enhanced Security Administrative Environment (ESAE) forests, monitoring and troubleshooting AD DS replication, and creating custom AD DS partitions.

Learning Objectives
  • Identify the purpose, types, and the process of creating trust relationships.
  • Describe the purpose and the process of implementing ESAE forests.
  • Monitor and troubleshoot AD DS replication.
  • Identify the purpose and the process of creating custom AD DS partitions.

In this module, learn to configure an Azure environment so that Windows IaaS workloads requiring Active Directory are supported. Also learn to integrate on-premises Active Directory Domain Services (AD DS) environment into Azure.

Learning Objectives
  • Select a Microsoft Entra integration model.
  • Plan for Microsoft Entra integration.
  • Prepare on-premises AD DS for directory synchronization.
  • Install and configure directory synchronization using Microsoft Entra Connect.
  • Implement Seamless Single Sign-on (SSO).
  • Enable Microsoft Entra login for an Azure Windows virtual machine (VM).
  • Describe Microsoft Entra Domain Services.
  • Implement and configure Microsoft Entra Domain Services.
  • Manage Windows Server in a Microsoft Entra Domain Services instance.
  • Join a Windows Server VM to a managed domain.

You learn to design and implement network security solutions such as Azure DDoS, Network Security Groups, Azure Firewall, and Web Application Firewall.

Learning Objectives
  • Get network security recommendations with Microsoft Defender for Cloud
  • Deploy Azure DDoS Protection by using the Azure portal
  • Design and implement network security groups (NSGs)
  • Design and implement Azure Firewall
  • Design and implement a web application firewall (WAF) on Azure Front Door

In this module, you learn how to extend an existing Active Directory environment into Azure by placing IaaS VMs configured as domain controllers onto a specially configured Azure virtual network (VNet) subnet.

Learning Objectives
  • Select an option to implement directory and identity services by using Active Directory Domain Services (AD DS) in Azure.
  • Deploy and configure AD DS domain controllers in Azure VMs.
  • Install a replica AD DS domain controller in an Azure VM.
  • Install a new AD DS forest on an Azure VNet.

Understand the principle of least privilege, know when to use privileged access workstations, and be able to identify built-in privileged accounts.

Learning Objectives
  • Explain least privilege administrative models.
  • Implement delegated privilege.
  • Describe privileged access workstations.
  • Describe jump servers.

Select the most appropriate Windows Server administration tool for a given situation and learn how to use that tool.

Learning Objectives
  • Describe Windows Admin Center.
  • Describe how to use Remote Server Administration Tools (RSAT) to manage servers.
  • Describe Server Manager.
  • Describe how to use Windows PowerShell to manage servers.
  • Explain how to use Windows PowerShell to remotely administer a server.

Learn to perform post-installation configuration of Windows Server by using several methods and tools.

Learning Objectives
  • Explain post-installation configuration and describe the available post-installation configuration tools.
  • Use Sconfig to configure Windows Server.
  • Describe Desired State Configuration (DSC) and explain how to use it to configure Windows Server.
  • Use Windows Admin Center to perform post-installation configuration.
  • Implement answer files to complete the configuration.

You're able to use suitable tools and techniques to manage Windows IaaS VMs remotely. You'll also be able to restrict administrative connections to those VMs.

Learning Objectives
  • Select appropriate remote administration tools.
  • Secure management connections to Azure IaaS VMs running Windows Server with Azure Bastion.
  • Configure JIT VM access.

You learn to describe Azure Arc, implement Azure Arc with on-premises server instances, deploy Azure policies with Azure Arc, and use role-based access control (RBAC) to restrict access to Log Analytics data.

Learning Objectives
  • Describe Azure Arc.
  • Explain how to onboard on-premises Windows Server instances in Azure Arc.
  • Connect hybrid machines to Azure from the Azure portal.
  • Use Azure Arc to manage devices.
  • Restrict access using RBAC.

Streamline administration of Windows Server environments with Just Enough Administration (JEA). Limit privileged operations to a set of specified PowerShell cmdlets, parameters and variables, and limit which users can connect to JEA endpoints.

Learning Objectives
  • Explain the concept of Just Enough Administration (JEA)
  • Define role group capabilities and session configurations for a JEA session
  • Create and connect to a JEA endpoint

Learn about virtualization and the Microsoft Hyper-V role with Windows Server. Learn about best practices for preparing Hyper-V hosts, in addition to Hyper-V networking features and implementing nested virtualization.

Learning Objectives
  • Describe the functionality and features of Hyper-V on Windows Server.
  • Install Hyper-V on Windows Server.
  • Describe the options for managing Hyper-V virtual machines (VMs) on Windows Server.
  • Describe networking features and functionality in Hyper-V on Windows Server.
  • Create virtual switches (vSwitches) for use with Hyper-V.
  • Describe using nested virtualization in Hyper-V.

Learn about configuring and managing Hyper-V virtual machines in Windows Server.

Learning Objectives
  • Describe settings, configuration, and generation versions available for VMs in Windows Server.
  • Identify virtual hard disk (VHD) formats and types.
  • Create and configure a VM.
  • Determine storage options for VMs.
  • Describe shared VHDs and VHD Sets.
  • Describe host and guest clustering with shared VHDs.

Learn about securing Hyper-V workloads in Windows Server, installing and configuring the Host Guardian Service (HGS), the attestation modes available with the HGS, and the creation and deployment of shielded virtual machines (VMs).

Learning Objectives
  • Describe the features and functionality of the HGS in Windows Server.
  • Describe the attestation options available with the HGS.
  • Describe shielded VMs, their creation, and their deployment.

You're able to describe Azure compute and storage in relation to Azure VMs, and deploy Azure VMs by using the Azure portal, Azure CLI, or templates.

Learning Objectives
  • Describe Azure compute.
  • Describe Azure storage.
  • Deploy Azure VMs.
  • Create a VM from the Azure portal.
  • Create a VM from Azure Cloud Shell.
  • Deploy Azure VMs by using templates.
  • Describe additional management optimization options

Learn to create new VMs from generalized images and use Azure Image Builder templates to create and manage images in Azure.

Learning Objectives
  • Create a generalized image.
  • Create a new VM from a generalized image.
  • Create a managed image of a generalized VM in Azure.
  • Create a VM from a managed image.
  • Describe Azure Image Builder.
  • Use Azure Image Builder to create a Windows image.

Learn how to deploy Desired State Configuration (DSC) extensions, implement those extensions to remediate noncompliant servers, and use custom script extension.

Learning Objectives
  • Describe Azure Automation.
  • Implement Azure Automation with DSC.
  • Remediate noncompliant servers.
  • Describe custom script extension.
  • Configure a VM by using DSC extensions.

Learn about Windows Server and Hyper-V containers, associated isolation modes, running containers, and preparing the Windows Server host for running containerized workloads. Learn about Docker, preparing Windows Server for running container workloads, and managing containers.

Learning Objectives
  • Describe containers and how they work.
  • Explain the difference between containers and virtual machines (VMs).
  • Describe the difference between process isolation and Hyper-V isolation modes.
  • Describe Docker and how it's used to manage Windows containers.
  • Identify the container-based images available from the Microsoft Container Registry.
  • Understand the process for running a Windows container.
  • Explain how to manage containers using Windows Admin Center (WAC).

Learn about Kubernetes, containers, container orchestration, and Kubernetes orchestration in Windows Server. Also learn the process for deploying a Kubernetes cluster on Windows and describe how to use Azure Arc for Kubernetes.

Learning Objectives
  • Describe container orchestration.
  • Describe Kubernetes.
  • Describe how to create a Kubernetes cluster.
  • Describe Azure Arc for Kubernetes.

In this module, learn to configure DNS for Windows Server IaaS VMs, choose the appropriate DNS solution for your organization's needs, and run a DNS server in a Windows Server Azure IaaS VM.

Learning Objectives
  • Implement DNS in Azure
  • Describe DNS options for Azure IaaS VMs
  • Implement split-horizon DNS in Azure
  • Troubleshoot DNS in Azure
  • Create and configure an Azure DNS zone

In this module, you'll learn how to manage Microsoft Azure virtual networks (VNets) and IP address configuration for Windows Server infrastructure as a service (IaaS) virtual machines (VM)s.

Learning Objectives
  • Implement an Azure virtual network
  • Implement IP Address Allocation in Azure
  • Assign and manage IP addresses
  • Configure a private IP address for an Azure virtual machine
  • Create a virtual machine with a static IP address
  • Implement IaaS VM IP routing
  • Implement IPv6 for Windows IaaS Virtual Machines

Learn about the core functionality of the Windows Server File Server role, and how to configure and manage that core functionality.

Learning Objectives
  • Describe the Windows Server file system.
  • Describe the benefits and use of File Server Resource Manager.
  • Describe SMB and its security considerations.
  • Manage SMB configuration.
  • Describe Volume Shadow Copy Service.

Learn about the core functionality, benefits, use cases, and implementation of Storage Spaces and Storage Spaces Direct in Windows Server.

Learning Objectives
  • Describe the architecture and components of Storage Spaces.
  • Describe the functionality, benefits, and use cases of Storage Spaces.
  • Implement Storage Spaces.
  • Describe the functionality, components, and use cases of Storage Spaces Direct.
  • Implement Storage Spaces Direct.

Learn about the core functionality, benefits, use cases, and implementation of Data Deduplication in Windows Server.

Learning Objectives
  • Describe the architecture, components, and Data Deduplication functionality, components, and use cases of Data Deduplication.
  • Describe the use cases and interoperability of Data Deduplication.
  • Implement Data Deduplication.
  • Manage and maintain Data Deduplication.

Learn about the core functionality, benefits, use cases, and implementation of Internet Small Computer Systems Interface (iSCSI) in Windows Server 2019.

Learning Objectives
  • Describe iSCSI functionality, components, and use cases.
  • Describe the considerations for implementing iSCSI.
  • Implement iSCSI.
  • Describe implementing high-availability iSCSI configurations.

Learn about the core functionality, benefits, use cases, and implementation of Storage Replica in Windows Server.

Learning Objectives
  • Describe the functionality and components of Storage Replica.
  • Describe the prerequisites for implementing Storage Replica.
  • Implement Storage Replica.

In this module, learn to deploy Azure File Sync, migrate from DFS, and use Storage Migration Services to migrate file servers to Azure.

Learning Objectives
  • Describe Azure Files.
  • Configure Azure Files.
  • Configure connectivity to Azure Files.
  • Describe Azure File Sync.
  • Implement Azure File Sync.
  • Deploy Azure File Sync.
  • Manage cloud tiering.
  • Migrate from DFSR to Azure File Sync.