Microsoft role-based certification roadmap

Microsoft has certification paths for many technical job roles. Each of these certifications consists of passing a series of exams to earn certification. Microsoft certifications are organized into three levels: Fundamental, Associate, and Expert.

Based on the competences, you can chose the path that you need to start with the certifications. Mainly you can select certification in three different levels as Fundamental, Associate and Experts.  

Once after you select the correct path then you can select the exam that you want to do for that you can refer the below road-map which was introduced by the Microsoft (February 2019)

SQL Server 2008 End of Support Deadline Approaching: July 9, 2019

If you are still using SQL 2008 or 2008 R2, then this is the high time to move in to the latest version or migrate into the Microsoft Azure cloud.

End of support means the end of security updates, which may lead to security and compliance issues and put applications and data at risk if no action is taken.

Options that available

The Information Technology owners and operators to begin planning a migration path to the latest version (SQL Server 2017) as soon as possible. If your organization cannot update before the end of support deadline (July 2019), please consider the following options to extend security updates for SQL 2008 and SQL 2008R2 for up to 3 additional years:

1: Migrate your legacy workloads to the Microsoft Azure cloud

Microsoft is offering 3 additional years of free security updates for SQL Server 2008 and 2008 R2 databases rehosted to Azure SQL Server Managed Instance (PaaS) or Azure Virtual Machines (IaaS).

This option provides:

• More time to complete your upgrade process;
• Up to 80% cost savings by moving your existing SQL Server and Windows Server licenses (leveraging Azure Hybrid Benefits) and reserving capacity;
• Security built into Azure, plus more than 70 compliance certifications.

2: Buy Extended Security updates for SQL Server 2008 and 2008R2

You purchase an Extended Security Update subscription at 75% of full SQL Server license cost per year, for up to three years after the end of support date. Eligibility requires active Software Assurance or Subscription licenses under an Enterprise Agreement.

Reference: https://www.microsoft.com/en-us/sql-server/sql-server-2008

Move Azure resources to new resource group or subscription

If you have new subscription or you want to move from Free subscription to Pay-As-You-Go Subscription then hope this steps will help you to move your services. You can use the Azure portal, Azure PowerShell, Azure CLI, or the REST API to move resources.

Here I'm using the Azure Portal to move the resources. Specially what you need to check is the list of resources that you cant move and the current list is mentioned below,

• AD Domain Services
• AD Hybrid Health Service
• Application Gateway
• Azure Database Migration
• Azure Databricks
• Azure Firewall
• Azure Migrate
• Azure NetApp Files
• Certificates - App Service Certificates can be moved, but uploaded certificates have limitations.
• Classic Applications
• Container Instances
• Container Service
• Data Box
• Dev Spaces
• Dynamics LCS
• ExpressRoute
• Kubernetes Service
• Lab Services - Classroom Labs can't be moved to a new resource group or subscription. DevTest Labs can be moved to a new resource group in the same subscription, but not across subscriptions.
• Managed Applications
• Microsoft Genomics
• Security
• Site Recovery
• StorSimple Device Manager
• Virtual Networks (classic) - see Classic deployment limitations

Below list of the services can be moved without any issues.

• Analysis Services
• API Management
• App Service apps (web apps) - see App Service limitations
• App Service Certificates - see App Service Certificate limitations
• Automation - Runbooks must exist in the same resource group as the Automation Account.
• Azure Active Directory B2C
• Azure Cache for Redis - if the Azure Cache for Redis instance is configured with a virtual network, the instance can't be moved to a different subscription. See Virtual Networks limitations.
• Azure Cosmos DB
• Azure Data Explorer
• Azure Database for MariaDB
• Azure Database for MySQL
• Azure Database for PostgreSQL
• Azure DevOps - Azure DevOps organizations with non-Microsoft extension purchases must cancel their purchases before they can move the account across subscriptions.
• Azure Maps
• Azure Monitor logs
• Azure Relay
• Azure Stack - registrations
• Batch
• BizTalk Services
• Bot Service
• CDN
• Cloud Services - see Classic deployment limitations
• Cognitive Services
• Container Registry - A container registry can't be moved when geo-replication is enabled.
• Content Moderator
• Cost Management
• Customer Insights
• Data Catalog
• Data Factory
• Data Lake Analytics
• Data Lake Store
• DNS
• Event Grid
• Event Hubs
• Front Door
• HDInsight clusters - see HDInsight limitations
• Iot Central
• IoT Hubs
• Key Vault - Key Vaults used for disk encryption can't be moved to resource groups in the same subscription or across subscriptions.
• Load Balancers - Basic SKU Load Balancer can be moved. Standard SKU Load Balancer can't be moved.
• Logic Apps
• Machine Learning - Machine Learning Studio web services can be moved to a resource group in the same subscription, but not a different subscription. Other Machine Learning resources can be moved across subscriptions.
• Managed Disks - Managed Disks in Availability Zones can't be moved to a different subscription
• Managed Identity - user-assigned
• Media Services
• Monitor - make sure moving to new subscription doesn't exceed subscription quotas
• Notification Hubs
• Operational Insights
• Operations Management
• Portal dashboards
• Power BI - both Power BI Embedded and Power BI Workspace Collection
• Public IP - Basic SKU Public IP can be moved. Standard SKU Public IP can't be moved.
• Recovery Services vault - enroll in a preview.
• SAP HANA on Azure
• Scheduler
• Search - You can't move several Search resources in different regions in one operation. Instead, move them in separate operations.
• Service Bus
• Service Fabric
• Service Fabric Mesh
• SignalR Service
• Storage - storage accounts in different regions can't be moved in the same operation. Instead, use separate operations for each region.
• Storage (classic) - see Classic deployment limitations
• Stream Analytics - Stream Analytics jobs can't be moved when in running state.
• SQL Database server - database and server must be in the same resource group. When you move a SQL server, all its databases are also moved. This behavior applies to Azure SQL Database and Azure SQL Data Warehouse databases.
• Time Series Insights
• Traffic Manager
• Virtual Machines - see Virtual Machines limitations
• Virtual Machines (classic) - see Classic deployment limitations
• Virtual Machine Scale Sets - see Virtual Machines limitations
• Virtual Networks - see Virtual Networks limitations
• VPN Gateway

To move the Service first select the service and under overview you can see the subscription and to move the subscription you can click on change.

Or else you will see the Move option on top of the service like the below picture.

Next you will see the all attached services from there you can select the services that you want to move into the new Subscription. 

But my recommendation is to move one at a time 

Once you select the correct subscription and the resource Group then click OK to proceed.

If the validation passed, means you are almost done with the moving the selected service.

Create AKS cluster

This series of blog post will be help you to understand about the migration using Azure Kubernetes Service (AKS). This article is to cover the Azure Kubernetes Cluster creation and deploying a  sample application  using local repository.
First of all you need to create the resource Group and specially need to select the correct Location for that. You can run the below command to do that

$ az group create --name myResourceGroup --location eastus

To create the AKS Cluster, you can use the below command. Node count and the  monitoring can be define there itself

$ az aks create --resource-group HemalAKS --name hemalAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys

Once this is executed, You will get the below output.

To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command.

$ az aks get-credentials --resource-group HemalAKS --name HemalAKSCluster

To check whether you connected to the cluster you can run Kubectl get Namespace  command.
If you have more than one cluster and want to check whether you are in the the collect place then you can run
$ Kubectl cluster-infor    Command and see whether you are in the the correct cluster.

I’ using a sample code provided by Microsoft and the repo location is as below,

https://github.com/Azure-Samples/azure-voting-app-redis.git

Use git to clone the sample application to your development environment:

git clone https://github.com/Azure-Samples/azure-voting-app-redis.git

Then change the directory in to the cloned directory. For that you can run

$ cd azure-voting-app-redis

Inside this directory is the application source code, a pre-created Docker compose file, and a Kubernetes manifest file. going to use those files to run this.
To create the Container Image
Here i’m using Doker and hope you have already configured the Docker in your PC. Then run,

docker-compose up -d

Then the Docker image will be created locally and you can check the Docker Image status by running

$ docker images

$ docker ps     will show you the running containers

To deploy this locally created Image into the Azure AKS cluster you can run

$ kubectl apply -f dockerise_image_name.yaml

This will deploy the Image into the created cluster and by running kubectl services or kubectl -n get services    you will be able to see the network detail of the created pod in the AKS cluster.

Next post will see how to deploy this Image in the ACR and to the deployments.

Deploy and use Azure Container Registry

Here I’ll going to create a Azure Container Register and note down the steps.
Will run though this step by step guide you to create your our Kubernetes Cluster.

First of all need to login into your Azure subscription by using below command

> az login 

Then you can create the Resource group (RG) and then create the ACR or if you have already created the RG then create the ACR on that RG is possible.
But …. If you have more than one subscription then first you need to assign the correct subscription. For that run the below command,
> az account set –subscription <Subscription ID>

To create resource group(RG) run the below command,
az group create --name HemalAKS --location eastasia

To create the Azure Container Register(ACR) use the below command.
az acr create --resource-group hemalaks --name hemalaksacr1 --sku Basic


Once that is done you  can login into the ACR by running below command.

az acr login --name <acrName>

The command returns a Login Succeeded message once completed.
Before you can push an image to your ACR registry, you must tag it with the fully qualified name of your ACR login server.
Run the following command to get the full login server name of your ACR instance.
az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table

Copy the output. This will be need to tag the image and will continue with the next post.

ERROR: A different object named clusterUser_ already exists in users

If you are getting this error message when you are trying to connect to the AKS cluster then it means you have already that session was added  there but the default session was set to the second cluster.
Error details :

z : ERROR: A different object named clusterUser_<> already exists in users

PS C:\Users\hemekanayake> az aks get-credentials --resource-group <resource-group name>
az : ERROR: A different object named clusterUser_<Cluster_Name> already exists in users

----------------------------------------------------------------------------------------
To  resolve this you can run the same command with -- overwrite-existing  command which will overwrite the existing values added there.

az aks get-credentials --resource-group <Resource_group_name> --overwrite-existing

Namespaces is forbidden : AKS dashboard error

In Kubernetes dashboard if you get the mentioned error, that means the correct permissions were not granted to for the dashboard. Once you load the dashboard you will see notifications as mentioned below.
namespaces is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list namespaces at the cluster scope

Solution

You can run the below mentioned command on the Azure CLI and create the cluster role binding. Once you run this command the cluster admin permission will be grant to the AKS dashboard.

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Hope this will help.
If you still experiencing with an issue you can write to me to get help on that.

[Solved] Azure Application Gateway Failed.

If you are getting an error saying your application gateway is not started or in failed state, then this will help you to kill your rest of the day

But there are few ways to start the App gateway rather than getting a new Gateway and connect the existing Backend Pools. I’m writing the Azure Resource explorer method which is easy to follow.

try this and if you still facing any issues let me know,

Once you into the App Gateway service you will notice that its in failed state. there isn’t any feature to start that.

Go into https://resources.azure.com

and login by using the same Azure credentials.

Then go into

Subscription > <Select the Subscription> > Providers > Resource Group > <Select the correct Resource Group> > Application Gateway > <Select the correct APP Gateway > >

You will notice that APP gateway is in failed state. There you can edit the state and then send a get command to change.

If you don’t have the permission then change the permission level to read write.

Or else go into the Action pane and click on start to enable the App Gateway.

No you can see that App Gateway status will change to updating and little later it will start and run without any issues.

Its simple like this and make sure to check the NICs attached into this. Sometime those also be in failed state. you can use the same resource Explorer to start them or change the private IP address into a another one and save. That will restart the VM and start the Network interface also.

Configure Azure Backup - using PowerShell

If you are configuring this for the first time then you need to register your Recovery Service provider with your subscription. For that you can run the below command.

Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"

You can verify that the Providers registered successfully, using the following commands

Get-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"

Create a recovery services vault

The Recovery Services vault is a Resource Manager resource, so you need to place it within a resource group. You can use an existing resource group, or create a resource group with the New-AzureRmResourceGroup cmdlet. When creating a resource group, specify the name and location for the resource group.

By default, the vault is set for Geo-Redundant storage. To further protect your data, this storage redundancy level ensures that your backup data is replicated to a secondary Azure region which is far away from the primary region.

To use this vault with the remaining steps, set the vault context with

Set-AzureRmRecoveryServicesVaultContext

Rather than creating the services one by one, you can copy paste the below mentioned Script into the PowerShell and run to create the Backup job. The details are mentioned below.

1. NameResourceGroup - Give the resource group name. you can give an existing resource group name or else create a ResourceGroup first.

2. Location - Give the correct Location name where you going to host your services. E.g. Australia East, UK South

3. VmName - Server Names .This is case Sensitive and make sure to give the VM name which you want to enable the protection.

4. NameRecoveryServicesVault – Give name for the Recovery service Vault

5. NamePolocy - Give a name for the Backup Policy

6. FriendlyName - Friendly name for the backup Container

Rest of the variables you can keep as it is and if there is any requirement to change the backup schedule you can edit that by go into the Backup policy.

You can copy paste the below scrip into the PowerShell and run to create the backup job.

PowerShell Script

----------------------------------------------------------------------------------------------------------------------

#Variables for common values

$NameResourceGroup = "AAA-Production"

$NameRecoveryServicesVault = "A123RecoveryServicesVault"

$location = "WestUS2"

$NamePolocy = "DefaultPolicy"

$vmName = "AAA-Prod-SVR1"

$FriendlyName = "AAAProdSVR1"

#Create a recovery services vaults

New-AzureRmRecoveryServicesVault `

-ResourceGroupName $NameResourceGroup `

-Name $NameResourceGroup `

-Location $location

#Create a recovery services vaults

Get-AzureRmRecoveryServicesVault `

-Name $NameRecoveryServicesVault | Set-AzureRmRecoveryServicesVaultContext

# Enable backup for an Azure VM

$policy = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name $NamePolocy

Enable-AzureRmRecoveryServicesBackupProtection `

-ResourceGroupName $NameResourceGroup `

-Name $vmName `

-Policy $policy

# Start a backup job

$backupcontainer = Get-AzureRmRecoveryServicesBackupContainer `

-ContainerType "AzureVM" `

-FriendlyName $FriendlyName

$item = Get-AzureRmRecoveryServicesBackupItem -Container $backupcontainer

-WorkloadType "AzureVM"

Backup-AzureRmRecoveryServicesBackupItem -Item $item

---------------------------------------------------------------------------------------------------------

Once this is completed, you can run Get-AzureRmRecoveryservicesBackupJob Command to check the status of the backup job.

Ps1 file can be download from here

Azure Recovery service Vault creation error New-AzureRmRecoveryServicesVault : Operation failed.

If you get an error when you are creating your Recovery service like below,

New-AzureRmRecoveryServicesVault : Operation failed.
ClientRequestId: 3f3842bd-7638-469e-a14c-46c230221d9b-2018-07-03 07:49:41Z-P
One or more errors occurred.
At line:1 char:1
+ New-AzureRmRecoveryServicesVault
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : CloseError: (:) [New-AzureRmRecoveryServicesVault], Exception
     + FullyQualifiedErrorId : Microsoft.Azure.Commands.RecoveryServices.NewAzureRmRecoveryServicesVault
 

It may be because of the wrong information which you have provided.

I have run the command in debug mode and found that the given Resource group is not created in the tenant.

Created the Resource group and then verified by running Get-AzureRmResourceGroup command.

Then check whether the location entered without any spaces.

Other thing that I want to highlight is the Resource Group. You have to enter the existing Resource group name and if the given Resource group is a new one, then create the Resource group first.

Ran the recovery service creation command again. No errors found

Fully configured virtual machine create using PowerShell Script

If you are very concern on the naming-convention of your services when you are deploying your Azure hosted VM's then you can try the below mentioned script. This is purely support for Windows Server deployment.

Here I have done some additional work and took all the services into one place where you can do the changes in the first place and then run the deployment.

Steps are listed below.

1. First login into the AzureRM using the PowerShell

Login-AzureRmAccount

Once the login is successful then you will be able to see the below information.

2. Copy paste the below mentioned script and and changed the names as you required under the Variables.

ResourceGroup    - Give the resource group name. Define the Resource Group Name/s
Location                - Give the correct location name where you going to host you services. E.g. Australia East, UK South
VmName                - Server Names                                         
SubnetName          -  Subnet Name
NamevNET             - Virtual Network name.
Namemypublicdns- Public DNS Name.
NameNetworkSecurityGroupRuleRDP  - Network Security Group Rule name. Here you can add the additional ACLs and the script is used to enable only the RDP port. Later you need to add the IP restriction.
NameNetworkSecurityGroup – Network Security Group Name.
NameVNic               - Virtual Network name.
VMSize                     - The Size of the VM. This will need to select carefully with the requirement
AddressPrefix         - The  Address prefix need to be change under Subnet configuration and the Virtual Network Section.

PowerShell Script

-----------------------------------------------------------------------------------------------------------------

# Variables for common values

$resourceGroup = "AAA-Production3"

$location = "West US 2"

$vmName = "AAA-Prod-SVR1"

$SubnetName = "AAA-PROD-SUBNET01"

$NamevNET = "AAA-PROD-VNET"

$Namepublicdns = "AAA-PROD-ADF01-IP01"

$NameNetworkSecurityGroupRuleRDP = 'Default-allow-rdp'

$NameNetworkSecurityGroup = 'AAA-SVR1-NSG'

$NameVNic = "AAA-PROD-VNIC01"

$VMSize = 'Standard_D1_v2'

# Create user object

$cred = Get-Credential -Message "Enter a username and password for the virtual machine."

# Create a resource group

New-AzureRmResourceGroup -Name $resourceGroup -Location $location

# Create a subnet configuration

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix 10.50.1.0/24

# Create a virtual network

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location $location `

-Name $NamevNET -AddressPrefix 10.50.1.0/24 -Subnet $subnetConfig

# Create a public IP address and specify a DNS name

$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location `

-Name "$Namepublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4

# Create an inbound network security group rule for port 3389

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name $NameNetworkSecurityGroupRuleRDP -Protocol Tcp `

-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `

-DestinationPortRange 3389 -Access Allow

# Create a network security group

$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `

-Name $NameNetworkSecurityGroup -SecurityRules $nsgRuleRDP

# Create a virtual network card and associate with public IP address and NSG

$nic = New-AzureRmNetworkInterface -Name $NameVNic -ResourceGroupName $resourceGroup -Location $location `

-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id

# Create a virtual machine configuration

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $VMSize | `

Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `

Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `

Add-AzureRmVMNetworkInterface -Id $nic.Id

# Create a virtual machine

New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig

----------------------------------------------------------------------------------------------------

Same script can be download here

Azure Error - This.Client.SubscriptionId' cannot be null

If you receive this error when you try to remove your existing resources from your Tenent, Then you have to check the Azure subscription status.

Error will say something like,

Remove-AzureRmResourceGroup : 'this.Client.SubscriptionId' cannot be null.
At line:1 char:1
+ Remove-AzureRmResourceGroup -name QlikSense
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : CloseError: (:) [Remove-AzureRmResourceGroup], ValidationException
     + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.RemoveAzureResourceGroupCmdlet

As I mentioned in the above this error will trigger when you try to remove the resources by using the PowerShell commands.

To verify you can run below mentioned command,

Get-AzureRmContext

If you check this in the Azure portal, you will see,

To resolve this issue you can set the Azure subscription manually by running         Select-AzureRmSubscription  command or remove the Resource groups by login into the Azure portal.

I preferred the second option as it worked for me few times.

Data Protection Resources - Microsoft cloud services

The detail about the  GDPR Mapping to Microsoft Controls can be found in this Whitepaper.

Information about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.

* Office 365 GDPR control mapping 5.24.18

* Dynamics 365 GDPR control mapping 5.24.18

* Professional Services GDPR control mapping 5.24.18

* Azure GDPR control mapping 5.24.18

* Office 365 - Audited Controls NIST 800_53A Rev 4

* Office 365 - Audited Controls ISO 27018:2014

* Office 365 - Audited Controls ISO 27001:2013

More details regarding the Pen Test and Security Assessments, Compliance guides and Audited controls can be found by clicking here.

How to add a Manage Disk into Azure VM

If you need to add a new data disk into your existing Azure server then you can follow the below steps to add a new disk into that environment.

Mainly there are two ways of doing that,

1. Create the required disk fist and then ad into the server.

2. Under the Server settings, go into the Disk and then create the required Disk from there itself.

Steps here are for first option and to create that,

1. Go into all service > search for disk.

2. Click on add and button and give a name for the disk. Then select the correct Resource group and the location.

3. Account type needs to be select as per the requirement and source can be select “None”.

- Need to be very careful with selecting the size of the Disk. The pricing details can be find here.

- Once the validation complete, click on create.

4.  Then go into Virtual Machine > Settings> Disk

And add the disk from there.

- After completing that log into the server and format and add the disc by go into the Disk Manager.

How to deploy Highly available virtual Machines in Microsoft Azure.

If you have an concern about the hosted VM availability and the reliability then you can select this option to reduce the risk which is involve with that.

This solution is is supported through the Azure Availability set and that ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware nodes in a cluster.If you are implementing this then if there is any failures with the Azure Hardware or the software then that will be impact only to the subset of the VM and the total solution will remaining without any downtime.

To configure this first you need to create your availability set and then need to add the VMs into that while crating the VMs.

There are two ways that you can create this,

* When creating the Virtual Machine under settings you can find the Availability Set selection and there itself can create.

* Create Availability Set first and then add that in to the VM while creating the Azure Virtual machine.

1. First go into the portal and search for Availability Set. Click on that.

2. Next click on ad and give the required information.

There you can see that fault domain and the update domains are listed,

Fault Domain : When you put VMs in to an availability set, Azure guarantees to spread them across Fault Domains and Update Domains. A Fault Domain (FD) is essentially a rack of servers. It consumes subsystems like network, power, cooling etc. So 2 VMs in the same availability set means Azure will provision them in to 2 different racks so that if say, the network or the power failed, only one rack would be affected.

Update Domain :  Sometimes you need to update your app, or Microsoft needs to update the host on which your VM(s) are running. Note that with IaaS VMs, Microsoft does not automatically update your VMs. You have complete control (and responsibility) over that. But say if a serious security vulnerability is identified and a patch created. It’s in Microosft’s interest to get that applied to the host underneath your VM as soon as possible. So how is that done without taking your service offline? Update Domains. It’s similar to the FD methods, only this time, instead of an accidental failure, there is a purposeful move to take down one (or more) of your servers. So to make sure your service doesn’t go offline because of an update, it will walk through your update domains one after the other.

3. Click Yes on the User Manage Disk

4. Adding Virtual machines into the Availability set

- Start creating the VM and under Settings, you can find the Availability Set.

- Click on the Availability set and the created availability set can be found there.

- Select the created availability set.

5. Same job run add the next servers also into the Availability set.

6. Go into Availability Set and verify the status

Note : The availability set can only be configured when creating a virtual machine. You must recreate the virtual machine to move it in or out of an availability set

Azure Strategy and Implementation Guide from Microsoft

Learn the building blocks of  Microsoft Azure governance. Download the Azure Strategy and Implementation guide now.

Key areas covered are,

General architectures that incorporate security, identity, and cloud design principles.

DevOps and how it fits with cloud technologies. 

Integrating, planning, and managing cloud resources. 

Microsoft Azure governance.

You can download this on http://msft.social/LSdVE9 location.

How to Start/Stop Azure VMs during off-hours

If you host your VM’s on Azure then you need to think about a ways that you can save something form the solutions that you have selected for yourself or the propose solution for the client.

Here I'm talking about large scale server list which is hosted in the Azure.

This solution provides a decentralized automation option for users who want to reduce their costs by using server less, low-cost resources. With this solution, you can:

• Schedule VMs to start and stop.
• Auto-stop VMs based on low CPU usage.
• Schedule VMs to start and stop in ascending order by using Azure Tags (not supported for classic VMs).

Prerequisites,

* VMs need to be in the same Subscription.

* These regions only supported for the time Australia Southeast, Canada Central, Central India, East US, Japan East, Southeast Asia, UK South, and West Europe.

* If you want the email notification to be setup then select Yes to deploy the SendGrid.

          ** SendGrid is a third-party service. 

Limitations with SendGrid are:

• A maximum of one SendGrid account per user per subscription.
• A maximum of two SendGrid accounts per subscription.

To deploy the solution you can follow the below steps,

1. In the Azure portal, click Create a resource.
2. In the market place page , type the keyword start/Stop and search for “Start/Stop VMs during off-hours [Preview]” resource
3. Click create.

4. then Need to ad the solution, First select the OMS Workspace. If you don't have one create a new OMS Workspace.

You can give a name for the Workspace and select the subscription if you have more,

Then Select the Resource Group and the Location(Available locations are Australia Southeast, Canada Central, Central India, East US, Japan East, Southeast Asia, UK South, and West Europe.)

5.  Add an Automation Account

Under the Add Solution page, select Automation account. If you are using a  new Log Analytics workspace, then you need create a new Automation account to be associated with it.

Select Create an Automation account, and on the Add Automation account page, provide the following:

Name : Name for the Automation account

All other options are automatically filled based on the Log Analytics Workspace selected. You can’t modify those options.

6. Add a Parameter.

Here you can set the parameters.

Specify the Target ResourceGroup Names. These are resource group names that  contain VMs to be managed by this solution. You can enter more than one name and separate each by using a comma (values are not case-sensitive). Using a wildcard is supported if you want to target VMs in all resource groups in the subscription.

Specify the VM Exclude List (string). This is the name of one or more virtual machines from the target resource group. You can enter more than one name and separate each by using a comma (values are not case-sensitive). Using a wildcard is supported.

Select a Schedule. This is a recurring date and time for starting and stopping the VMs in the target resource groups. By default, the schedule is configured to the UTC time zone. Selecting a different region is not available. To configure the schedule to your specific time zone after configuring the solution, see Modifying the startup and shutdown schedule.
To receive Email notifications from SendGrid, accept the default value of Yes and provide a valid email address.

Once click create it will take more than 5 min to complete the task. then you can see the below mentioned dashboard and after few runs you will be able to see the summary of the job which you have created.