Self paced exercises that walk you through deploying Windows Server in an availability set, configuring application gateway, monitoring, backup and Entra domain services.
By the end of this lab, you will be able to:
- Deploy and configure Windows Server on Azure
- Configure Windows Server on Azure for management using Windows Admin Center in the Azure portal
- Put IIS VMs hosting a web application behind an Azure Application Gateway
- Collect IIS VM telemetry in Log Analytics
- Protect IIS VMs with Azure Backup
- Configure security with Defender for Cloud and Azure Update Manager
- Configure Entra Domain Services and Domain Join a Windows Server IaaS VM
- Windows Server IaaS VMs
- Azure Application Gateway
- Azure Monitor
- Azure Backup
- Defender for Cloud
- Azure Update Manager
- Microsoft Entra Domain Services
| Name | GitHub Username |
|---|---|
| Orin Thomas | @Orin-Thomas |
- To complete this lab, you need access to an Azure subscription.
- You can use a trial subscription (or you can use your own)
To get started, navigate to the first exercise lab instructions and begin with the Introduction.
| # | Lab | Depends on |
|---|---|---|
| 1 | Deploy two IIS VMs in an availability set | — |
| 2 | Put the IIS VMs behind Azure Application Gateway (WAF_v2) | Exercise 1 |
| 3 | Collect IIS VM telemetry in Log Analytics | Exercise 1 |
| 4 | Protect the IIS VMs with Azure Backup and restore a new VM | Exercise 1 |
| 5 | Defender for Cloud + Azure Update Manager (JIT, vulnerabilities, hotpatch) | Exercise 1 (and optionally Exercise 1's WAC for the in-video remediation path) |
| 6 | Microsoft Entra Domain Services and a domain-joined VM | Independent — uses its own VNet, VM, and tenant prerequisites |
- Run Exercise 1 first — every other exercise except 6 reuses its VMs.
- Exercises 2, 3, 4, 5 can be run in any order after Exercise 1, but the cleanest experience is the numerical order above.
- Exercise 6 is independent and the most expensive (~USD $110-150/month idle for the managed domain). Run it last and complete its cleanup steps promptly if it is only a temporary lab.
These resources keep billing whether or not you use them. Read each lab's Cleanup section before walking away:
- Application Gateway WAF_v2 (Exercise 2) — billed per hour while it exists.
- Recovery Services vault with protected items (Exercise 4) — protected-instance fee plus storage; the vault itself also has a soft-delete-then-undelete dance required before you can delete it.
- Defender for Servers Plan 2 (Exercise 5) — roughly USD $15 per protected server per month, applied subscription-wide unless scoped.
- Microsoft Entra Domain Services (Exercise 6) — roughly USD $110-150 per month for the Standard SKU even when idle.
- Hotpatch on non-Azure-Edition Windows Server 2025 (Exercise 5) — separately metered when enabled via Update Manager.
- Every lab has a Customize these values before you start table. The "Video example" column is the narrator's environment; the right-hand column is the placeholder you substitute. Do not paste the video values into your own subscription.
- Code blocks containing placeholders such as
<vm1-name>require literal substitution — they are not shell variables. - Each lab's Notes and assumptions section captures behavior that has changed since the source video was recorded (for example, the Qualys → MDVM transition, DRS 2.1, or modern WAC connectivity options). Read those notes before reporting an issue.
Note: Completing this lab in your own Azure subscription will incur costs. Please review Azure pricing to understand the potential charges.
- An Azure subscription with Owner or Contributor access
- Basic understanding of Azure Portal navigation
- Familiarity with Azure virtual machines and web applications
- Get an Azure subscription: If you don't have one, sign up for a free Azure account
- Review the lab structure: Navigate to the lab instructions
- Start with the environment preparation: Follow the exercises in order, beginning with preparing your Azure environment
- Allocate time: The complete lab takes approximately 180 minutes to complete
This lab deploys several Azure resources including virtual machines, Azure Application Gateway, Azure Backup and Restore, and Log Analytics workspaces. To minimize costs:
- Complete the lab in one session when possible
- Follow the cleanup instructions at the end of Exercise 4
- Delete the resource group rg-alpha when finished
- Monitor your costs in the Azure Portal under Cost Management
If you encounter issues while working through the lab:
- Review the exercise instructions carefully
- Check the Azure documentation Documentation
- Ensure all prerequisites are met and resources are properly deployed
The contents of this repository are licensed under the Creative Commons Attribution 4.0 International License.