Unleash your Azure CSP subscription for Cloud Management Gateway deployments

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet ‘without’ additional (on-premise) infrastructure.


Create & deploy cloud services with an associate Azure subscription.

However, there is a limitation when deploying CMG using Azure CSP subscription.

This capability does not enable support for Azure Cloud Service Providers (CSP). The CMG deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP does not support. For more information, see available Azure services in Azure CSP.

As CSP model is becoming more and more popular as Azure subscription, this scenario is a potential blocker for many customers having a CSP subscription which wants to deploy a CMG. The Microsoft product teams are aware of this situation and I’m sure they will solve this the sooner or later.

Converting your CSP subscription to an eligible Azure subscription is no option here (managed by CSP Partner). Therefore I would like to take you how to deploy a CMG while you’re on a CSP subscription. Yes it’s possible! In this blog I’ll describe what it takes to achieve this. Continue reading “Unleash your Azure CSP subscription for Cloud Management Gateway deployments”

Azure AD Premium Public Preview Features…a closer look


Microsoft is continuously improving their Azure cloud services while new features get introduced in rapid pace. In this blog I want to consider some new Azure Active Directory Premium features which are currently in public preview. ’These features are:

  • Dynamic Groups
  • Azure Application Custom Domain publishing
  • Azure Conditional Application Access

Continue reading “Azure AD Premium Public Preview Features…a closer look”

Publish NDES by Azure AD Application Proxy

This week the Azure AD Product Team did a great job by updating the Azure Application Proxy service to allow you to publish NDES using Azure Application Proxy, which is great news! Pieter Wigleven, Microsoft Technology Solution Professional on Enterprise Mobility has posted a great serie of posts on setting up certificate distribution to mobile devices. A must read!

Part 1 – First tips and tricks on how to troubleshoot and check existing ConfigMgr/SCEP/NDES infrastructures.
Part 2 – After many asks for clarity, a full guide on how to install and troubleshoot ConfigMgr/SCEP/NDES.
Part 3 – Using an additional reverse proxy in a DMZ in front of NDES. The reverse proxy of choice was Windows Server 2012 R2 with the Web Application Proxy role installed.
Part 4 – Protecting NDES with Azure AD Application Proxy


In part 4 Pieter will outlines the set up of publishing NDES by Azure Application Proxy service, a cool solution that just have been made possible!


Azure AD Application Proxy (Web Application Proxy from the Cloud) lets you publish applications, such as SharePoint sites, Outlook Web Access and other web application, inside your private network and provides secure access to users outside your network via Azure.

Azure AD Application Proxy is built on Azure and gives you a massive amount of network bandwidth and server infrastructure to have better protection against DDOS attacks and superb availability. Furthermore there is no need to open external firewall ports to your on premise network and no DMS server is required. All traffic is originated inbound. For a complete list of outbound ports take a look at this MSDN page.

Important notes:

Azure AD Application Proxy is a feature that is available only if you are using the Premium or Basic editions of Azure Active Directory. For more information, see Azure Active Directory Editions.
If you have
Enterprise Mobility Suite (EMS) licenses you are eligible of using this solution. The Azure AD Application Proxy connector only installs on a Windows Server 2012 R2 Operating system, this is also a requirement of the NDES server anyway.

Read more…

Windows Intune User Provisioning: Having a closer look

At the moment there’re several scenario’s to manage and provisioning users to Windows Intune in order to enable Enterprise Mobility Management (EMM) or simply said – managing your mobile devices. As the process of provisioning users to Windows Intune in combination with Configuration Manager 2012 R2 is not always clear I’ll provide you some insights and tips where and how to troubleshoot.


As mentioned I’ll will focus in this post on a hybrid scenario using Configuration Manager 2012 R2, Windows Intune and on-premise Active Directory where Azure Active Directory Sync (aka DirSync) is used to syncronize on-premise users to Windows Intune (Azure Active Directory).

Process Overview Windows Intune User provisioning

  1. John Doe is created in (on-premise) Active Directory
  2. John Doe is synchronized by Azure Active Directory Sync to (off-premise) Azure Active Directory
  3. John Doe is discovered by Configuration Manager 2012 R2
  4. John Doe is add to Windows Intune collection in Configuration Manager 2012 R2
  5. John Doe is synchronized by Windows Intune Connector
  6. John Doe is enabled Windows Intune user

Continue reading “Windows Intune User Provisioning: Having a closer look”

Microsoft Azure Infographics

I found some great Microsoft (Windows) Azure posters. These technical posters and infographics are excellent resources for better understanding, learning and training purpose. Zoom into details, download, or print. Most of these posters and all future posters will link to deeper technical content through the mobile tags for a more complete set of information.


The set of Microsoft Azure posters (9 in total) can be downloaded here.

Continue reading “Microsoft Azure Infographics”

Excellerate your BYOD deployment with Microsoft Enterprise Mobility Suite!

With raising the dust of TechEd 2014 North America we gained many new insights which all are in line with Microsoft’s “Mobile First – Cloud First” vision. Witnessed the presence of the Enterprise Management Suite (EMS) which came a cross to all BYOD-, Hybrid Identity- and Enterpris Mobility Management sessions.

image Continue reading “Excellerate your BYOD deployment with Microsoft Enterprise Mobility Suite!”

The Dutch Community Event: Experts Live 2013! “Call for Sessions” #sysctr


Experts Live is hèt kennisevenement rondom Microsoft Azure, System Center, Hyper-V, SQL, Windows Server en PowerShell. Dit jaar organiseert Experts Live voor de derde maal een conferentie op donderdag 28 november 2013.

Experts Live wordt georganiseerd dóór en vóór de verschillende community’s zoals Hyper-V.nu, System Center User Group, Windows Azure User Group, Dutch PowerShell User Group, PASS (SQL) en Windows Management User Group (WMUG).

Experts Live heeft zich geprofileerd als hét kennisevenement waar bekende sprekers en MVP’s zich aan hebben verbonden. Community experts zullen bezoekers in één dag volledig bijpraten over de verschillende Microsoft technologieën. Experts Live is een evenement gedreven vanuit de community; dat maakt Experts Live uniek!

De closing keynote wordt verzorgd door niemand minder dan Andre Kuipers, de voormalige astronaut.

Zelf spreken op dit evenement? Tot 11 september a.s. kun je sessie(s) indienen voor Experts Live 2013 door middel van dit formulier en moet ingestuurd zijn vóór donderdag 11 september 2013 aan organisatie@expertslive.nl.


Experts Live is the Dutch knowledge event around Windows Azure, Hyper-V, System Center, SQL Server, Windows Server and PowerShell. For the third time again Experts Live will be organized on Thursday 28 november 2013,

Experts Live is organized by and for the various communities such as Hyper-V.nu, System Center User Group, Windows Azure User Group, Dutch Powershell User Group, PASS (SQL) and Windows Management User Group (WMUG).

Experts Live has become the knowledge event where well-known speakers and MVP’s have committed themselves to. Visitors will be catched up in one day on the various Microsoft technologies by community experts . Experts Live is an event driven from the community; that makes Experts Live unique!

The closing keynote is provided by none other than Andre Kuipers, the former astronaut.

Itself speak at this event? You can submit your session(s) for Experts Live 2013 through this form and must be submitted before Thursday 11 september 2013 to organisatie@expertslive.nl.

Windows Azure Virtual Network Site-to-Site IPsec VPN with Forefront TMG 2010

Microsoft announced Windows Azure Virtual Network and Windows Azure Virtual Machines in June 2012 to provide IaaS ‘Hybrid Cloud’ functionality.

What this allows is persistent Virtual Machines (which retain the same private addresses) running in Azure that can be joined to your on-premise Active Directory using a site-to-site IPsec VPN. The Azure VMs then act like a branch network with full connectivity and you can add Domain Controllers in the Azure Virtual Network.


There some great blog posts available which guiding you through and enables cross-premises connectivity with your on-premise environment and Windows Azure. 

Enable Cross-Premises Connectivity to Windows Azure with Forefront Threat Management Gateway (TMG) 2010 source: ISAServer.org / Richard Hicks

Windows Azure Virtual Network VPN with TMG 2010 source: kloud.com.au

Technorati Tags: ,,,,,

Microsoft Assessment and Planning Toolkit 6.5 beta Now Available!

Microsoft Assessment and Planning Toolkit 6.5 beta Now Available!

The journey to the cloud is now smoother than ever with the Microsoft Assessment and Planning (MAP) Toolkit 6.5 Beta. The MAP Toolkit’s new capabilities help users to securely assess heterogeneous IT environments while enabling the evaluation of workloads for migration to Microsoft’s private and public cloud platforms. Consolidate existing server workloads using the updated Hyper-V® Cloud Fast Track capacity planning feature. The revamped Azure Migration feature in MAP 6.5 provides more in-depth analysis of the suitability of migrating on-premises applications to the Windows Azure platform. Other significant new features in MAP 6.5 include the discovery of active Windows® devices, Software Usage Tracking for Forefront® Endpoint Protection (FEP), and the discovery of Oracle instances on Itanium-based servers with HP-UX to assist in the planning of migration to SQL Server®.

Key features and benefits of MAP 6.5 Beta help you:

        Analyze your portfolio of applications for a move to the Windows Azure platform.

        Accelerate private and public cloud planning with Hyper-V Cloud Fast Track Onboarding.

        Identify migration opportunities with enhanced heterogeneous server environment inventory.

        NEW!Assess your usage of Microsoft software with the Software Usage Tracking feature.

        Discover Oracle instances on Itanium-based servers for migration to SQL Server.

To join the beta review program for Microsoft Assessment and Planning (MAP) Toolkit 6.5, visit Microsoft Connect:http://go.microsoft.com/fwlink/?LinkId=219168  





Overview of System Center Advisor #sysctr

In this blog I’d like to introduce you to System Center Advisor. What is it, what are the benefits and what’s in for me? In this post I’ll start with some background and go through the installation and configuration of System Center Advisor.

What is System Center Advisor?

System Center Advisor is an online service that analyzes installations of Microsoft SQL Server 2008 (and later versions) and Windows Server 2008 (and later versions). The System Requirements can be reviewed here. Advisor collects data from your installations, analyzes it, and generates alerts that identify potential issues (such as missing security patches) or deviations from identified best practices with regard to configuration and usage. Advisor also provides both current and historical views of the configuration of servers in your environment.

Advisor is developed by the Microsoft System Center Advisor product group in partnership with Microsoft Support engineers to ensure that the issues customers report to Microsoft are detected before they affect your environment. Advisor is regularly updated to reflect the most recent experiences of these engineers, who support customers around the world.

What does Advisor analyze?

With System Center Advisor, the following workloads are analyzed: