High Resolution Azure Governance Icons

Had a handful of folks reaching out looking for the link from Twitter. Get it below



By request, this zip file contains five high resolution SVG icons for Azure Governance components, listed below.

  • blueprint.svg
  • governance.svg
  • management-groups.svg
  • policy.svg
  • resource-graph.svg

I suspect these icons will appear in some future release of the icons and stencils from Microsoft, but this will provide an easily accessible source in the interim.

Markdown Syntax Cheat Sheet

Updating this reference to point to the new location of my markdown notes I keep for self-reference. If you document your work in markdown, you may find this useful. Find it at “Markdown Syntax Cheat Sheet”.

While you’re here, you may want to check out my “Favorite VS Code Extensions”, which includes several markdown related addons for VS Code.

My favorite extensions for VS Code

Visual Studio Code

I wanted to share a few cool addons I’ve found over the last few months, and keep a written record for myself. Below is a list of a few of my favorite addons for VS Code. I’m working with Azure, Shell script, Docker, Kubernetes, and PowerShell.

I’ll refresh this list over time. Feel free to mention your favorites in the comments on this post.

  • Beautify. Beautify javascriptJSONCSSSass, and HTML formatting in VS Code.
  • Bash Beautify. This is one I just started using that pretties up formatting in your shell scripts. Liking it so far.
  • Clipboard History. Keep a history of your copied items and re-paste if needed. Can be handy when you’re writing scripts with repetitive chunks of code.
  • Docker. Adds syntax highlighting, commands, hover tips, and linting for Dockerfile and docker-compose files.
  • Great VS Code Icons. Provides visual aid in left navigation pane displaying icon based on file type.
  • Kubernetes. Provides a number of functions for more easily developing, deploying, and testing your Kubernetes applications
  • Markdown All in One. This one adds some awesome keyboard shortcuts, further accelerating markdown authoring.
  • Markdown PDF. Exports markdown to a PDF file. Handy when you want to share your docs in a friendly format for less technical folks.
  • Markdown Preview Enhanced. From the Unversity of Illinois, this makes previewing your markdown in VSCode, streamlining your documentation efforts.
  • Markdownlint. Ensures your markdown is consistent with standards.
  • PowerShell. A must to make VS Code your PowerShell ISE.
  • Shellcheck. This adds error checking. This extension actually lints as you type by default! The developer behind this extension is frequently updating source in his repo on Github.

Create a bootable Windows Server 2016 USB drive (step-by-step)

These procedures were written and tested using Windows Server 2016 February 2018 build, but should work on any version of Windows Server or Windows Desktop version 8 or above. I did this quickly for a new Intel NUC Core i7 I bought as a local software development workstation.

Step 1: Download Windows media

If you do not have the ISO, you will need to download first.  You can get a copy from your MSDN subscription or a trial from the Microsoft Evaluation Center.

Right click the ISO and select MOUNT from the context menu, which will assign a drive letter to the mounted ISO.

Step 2: Prepare USB Drive

Put in the USB Thumb drive in an open slot and make note of the drive letter and the size of the disk.  In my case it is E: and 8 gb  Grab an 8GB USB drive (at least) as the Windows binaries will require around 5.6gb.

You need to run the following commands elevated Windows command prompt. Run as Administrator and accept the elevation request.

IMPORTANT: The following commands will completely wipe out the disk you select without warning, so make sure you select the right one.  I strongly recommend you have a good backup before running.  I also recommend you disconnect all other external USB storage to avoid mistakes.

Next, you will run Diskpart to prepare the USB drive for the OS. The question mark below should be replaced with the disk number of the USB drive. Commands you need to run are shown in blue.

Start by opening a Windows command prompt as Administrator and run the following commands.


list disk


select disk 2

list disk

When you run list disk again, the drive you selected should be prefaced with an asterisk (*), as pictured below.


WARNING : The next command you type is the one that wipes all the content from the USB drive


create partition primary

list partition


select partition 1


format fs=ntfs quick label=”WS2016”


Now you’re back to a Windows command prompt.

Next, we need to copy the boot sector.  You should still be at the command prompt.

If you have not yet mounted your Windows 2016 ISO, find it, right click and select Mount.

Replace the f: below with your mounted ISO drive letter.


cd boot

Now you’ll run the bootsect utility, replacing e: with the drive letter of your USB drive. Bootsect is a native Windows command line utility used to update the partition boot sector code responsible for loading and running the bootloader.

bootsect /nt60 e:

From the above command, you’ll see output roughly as pictured below:


Step 3: Copy the Windows 2016 binaries to the USB drive

Now we just need to copy files… (You should still be in the DOS window)

Run the xCopy command to copy all files… replace F: with drive letter of your mounted ISO, and E: with drive letter of your USB drive.

xcopy F:\*.* E:\ /E /H /F

WARNING: The copy of the install.wim file can take a LONG time, and will vary based on the performance of your USB drive. It’s about a 5.6 GB file.

When the copy is finished, you now have a bootable USB drive that works just like a Windows Server 2016 DVD.

NOTE: You will likely have to reconfigure your workstation, server, or VM BIOS to boot from the USB device. Putting the USB first in the boot order will typically work best.

Now you have a bootable USB drive with the Windows Server 2016 binaries you can use to install the version of your choice.

FIX: Cannot boot VM from ISO to install OS

Just sharing a quick fix for an issue you may encounter when working in secure environments.

The issue

I encountered a Hyper-V VM in the lab today that would not boot from an Ubuntu ISO image. No matter what I did, the VM went straight to attempting PXE boot (even with network boot at bottom of boot order list).

The fix

Then, I noticed in the VM Settings, the Enable Secure Boot option was checked. This feature (available only on gen 2, UEFI VMs) prevents unauthorized code from running at boot time…which includes random ISOs mounted to the VM.


Uncheck the ‘Enable Secure Boot’ option, and the VM will boot from the ISO as expected.

Read more about Secure Boot at https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/

How to enable hibernation on a Guarded Host running Windows 10 Fall Creators Update

The Guarded Host feature (pictured below) allows us to run shielded VMs on Hyper-V with remote attestation. While uncommon on Windows 10, it can come up both in lab testing and developer scenarios in ultra-secure environments. In this case, a user noticed hibernation was disabled once the Guarded Host feature was enabled.  What’s more, it would not come back through changing the normal settings.

I assume this may not have been true on previous versions of Windows 10, as in this case, Guarded Host was in use for some time on previous Wndows 10 builds.

Figure 1. Guarded Host setting in Windows Feature dialogue

The fix
It turns out there is a setting in the registry that appears to be added when you enable the Guarded Host feature is installed. Find the registry key:


Then, find the value GuardedHost, which will be set to 1 by default.

Change this value to 0 (the number zero) and reboot.

After reboot, hibernation will again be available.


HOW-TO: Wireshark-friendly network packet capture with Azure Network Watcher

Earlier this year, Microsoft released a preview of the Azure Network Watcher. It includes a number of network analysis and troubleshooting features, but the packet capture is the one I get the most questions about. The packet capture is fed into a .cap file, of the standard format used with popular network capture tools, such as Wireshark.

In addition to enabling the Network Watcher VM extension, we need to enable Network Watcher in each Azure region where we have resources we need to monitor. If you highlight the subscription, we can enable in all Azure regions in one click.


Then, we select Network Watcher and click the +Add button.


When we configure the packet capture settings, we can configure several options, including source and target machine, as well as the length of time of the capture.

Note: I like the option to store the capture file in a storage account for central storage, but we can also select the File option to store the capture on the target VM.


By clicking the +Add filter option, we can configure many of the same types of filters we could with popular capture tools, including ports, addresses and protocols, and take a capture.


Once the capture is complete, we can click on the cap file to proceed with download.


…which requires we then click a Download link.


Then, we can open in the tool of our choice, such as Wireshark.


While we can start captures manually, we can also start captures programmatically, such as through Azure Functions.

FAQ: How can I track Windows 10 Azure AD Device Registrations?

This question came up twice for me this week, and the answer is not obvious if you’ve not gone looking for this info before.

You can actually track your Windows device registrations in two places:

One option is through searching your Azure AD Audit logs and filtering on Device Registration.


Another is the Azure AD Power BI Dashboard, which received an updated in late June that includes a couple of new reports that include info on registered devices.

Early chapter preview of ‘Inside OMS’ version 2

There have been many inquiries into if the band would be getting back together for a second version of the very popular “Inside the Microsoft Operations Management Suite“. Version 2 is 16 chapters of the latest and greatest of Microsoft OMS…and it’s coming soon.

  • When? I am happy to report we are well into the authoring process and looking to release version 2 around the end of April 2017.
  • Cost? As with the first release, we will deliver a book well worth paying for…except it will again be free!

While we are only a little over a month from completion, we wanted to take a moment to give you  a sneak peak at a couple of the chapters of what is to come.

The “Inside OMS” Team

I am also happy to introduce that the entire author team are all back for v2:

  • Tao Yang, MVP
  • Stanislav Zhelyazkov, MVP
  • Anders Bengtsson, Principal PFE
  • Pete Zerger, CISSP, MVP

OMS has grown considerably since our first release, and to ensure we meet our quality bar as quickly as possible, we are joined by four technical reviewers and an editor! Joining us in the tech reviewer role are some very talented folks, including:

  • Damian Flynn, MVP
  • Kevin Greene, MVP
  • Lee Berg, MVP
  • Steve Buchannan, MVP

Early Chapter Preview

To hold you over until the final release, we are going to share three chapters early…one at a time. Your first taste is a major update, driven by awesome Aussie, Tao Yang. Below, you will find a draft preview of:

Chapter 6: Extending OMS Using Log Search

This chapter covers key topics within OMS Log Analytics, including:

  • Saved Searches
  • OMS Computer Groups
  • Custom Fields
  • Custom Logs
  • Power BI

I’ve reviewed it myself, and I know you will appreciate the more than 70 pages of in-depth guidance in this chapter alone!

Get the preview. You can download the preview release of chapter 6 HERE.

Two more preview chapters will be coming your way in the next week(ish). Stay tuned!

Enable modern authentication for Exchange Online via PowerShell

Modern authentication is disabled in Exchange Online in Office 365  by default. However, you are quite likely to want modern authentication, because modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication, and third-party SAML identity providers.

You can enable modern authentication in Exchange Online via PowerShell. However, I found the article explaining how to enable modern authentication for Exchange Online is missing some detail regarding how to connect to Exchange Online.

For reference, below is a sample script for connecting to Exchange Online

# Capture your credentials to a credential object 
$UserCredential = Get-Credential

# Establish a remote connection to EO in your O365 tenant
$Session = New-PSSession -ConfigurationName Microsoft.Exchange `
-ConnectionUri https://outlook.office365.com/powershell-liveid/ `
-Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

# Check if modern auth is in place already 
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
# If modern auth setting is false, then enable it
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

# Check again to ensure it comes back as "True"
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

Questions or comments? Use the comments section below.