Monthly Archives: October 2018

  • What's the Difference Between Azure AD Premium P1 vs P2?

    Azure Active Directory

    Microsoft offers its domain management software, Active Directory, as a product in Azure services which provides all the same security features as an on-premise implementation. The Azure product can be used on its own or as a hybrid implementation with an on-premise AD structure, making it a highly valuable feature of Azure.

    Azure AD is present with all kinds of virtual and cloud services since security is an important feature in Azure. Since AAD is already functional in Azure and can be extended into an existing Active Directory structure, it's important to understand the compatibility of additional versions which may already be in use. Either as a stand-alone product or an extension to the cloud, AAD is very important for organizational security, especially with integration into Office 365 and remote user sign-on.

    The variation of tools in Azure AD replaced Dirsync and Azure AD Sync so that cloud and on-premise implementations mesh with each other seamlessly. Synchronization between the two is a key component for security as is AD Connect which is another integration tool that provides development and management of services for the use of single-user identities and single sign-on access including on-premise applications, cloud-based applications and Office 365.

    With the Azure AD services, items in Active Directory are kept synchronized so that information about resource and identity security is up-to-date. Additionally, authentication methods in a wide variation are equally available in AAD including cloud authentication with Hash Synchronization, pass-through authentication and ADFS (federated authentication). Azure AD Connect Health monitors AD resources from the Azure portal for centralized management.

    The premium additions of Azure AD are important to understand as these provide enterprise level tools for organizations in need of higher security measures, especially in Azure. While subscription services like Office 365 and Azure are automatically provided in Azure AD, these premium editions include important additional features for security and resource management. The premium versions are P1 and P2 and include these additional features to those basic in Azure AD.

    • Azure AD Premium P1 - is an enterprise level edition which provides identity management for on-premise users, remote users and hybrid users accessing applications both locally and over the cloud. This edition includes support for self-service identity, access management, administration of dynamic groups including self-service group management, as well as Microsoft Identity Manager which is a suite of on-premise identity and access management tools.
    • Azure AD Premium P2 - is an edition includes all of the features of Azure AD Premium P1 with the addition of Identity Protection and Privileged Identity Management (PIM). Identity Protection provided management of conditional access to apps and critical data. PIM enhances management of privileged accounts tied to administrative access to resources.

    A deeper dive into these editions is necessary for better understanding of available features offered in each one.

    One of the important factors in using a premium edition of AAD is dynamic group administration. IT administrators can receive many security group membership requests but the use of dynamic groups in premium editions provides for management with policies. Assigning policies to user ID's means that group memberships are included based on assigned criteria and no additional requests are necessary.

    The Premium P2 tier differs from the alternate P1 tier with added Identity Protection and Privileged Identity Management (PIM) which increase security measures to meet the toughest of expectations. Azure AD Identity Protection adds improved reporting of risk events so organizations can further assess potential vulnerabilities for all identities with the function of blocking or remediating these security risks with adaptive actions. PIM provides additional information about administrative accounts which allows for higher protection and lower risk of security breaches with this level of accounts. The Privileged Identity Management package clearly identifies Azure AD Administrators, adds a just-in-time administrative access for Office 365, provides reports about administrative access history and changes to admin assignments and sends alerts about access to privileged accounts.

    Azure AD Premium P2 is especially important in environments where a shift has occurred to mobile-based applications. In these computing environments, traditional security measures such as firewalls are ineffective for the protection of a cloud domain since there is no perimeter.

    azure AD active directory p1 vs p2

    Considering the roles individuals possess in organizations coupled with mobile factors, higher levels of security for identities becomes paramount. Regular users often access data from multiple devices on a variety of networks while making decisions about storage and sharing. Organizational IT retains less and less control of how data is protected. Additionally, privileged access can be assigned based on job title and little else while working outside specific network boundaries so that security audits are much harder to achieve with SaaS-based applications and systems. Access often is retained by users even after job changes occur.

    Both of the additional functions of Privileged Identity Management and Identity Protection included in Azure AD Premium P2 perform the necessary functions to manage the changing roles present in cloud-based environments. Identity Protection alone gathers information from the internet which offers trend material for security concerns regarding vulnerabilities and role history. Based on this information remediation recommendations are provided based on user trends which can be assessed for adjustments. Risk severity calculations are obtained for determining events such as:

    • Leaked credentials
    • Sign-ons from infected devices or suspicious activity via unknown IP addresses and unfamiliar locations
    • The nature of user lock-out events

    Suspicious log-ons can be assessed and risk-based policies applied in reaction to security breaches of credentials in addition to changing bad credentials or blocking identified attacks.

    PIM creates a workflow automated for user requests for elevated access. MFA (multi-factor authentication) is required for additional privileges after which the new access will time-out within a pre-determined time. Microsoft uses the same method with customer Office 365 subscriptions.

    PIM and Identity Protection provide additional security for IT teams to manage and account for risks with improved effectiveness, making it a step up for enterprise-class customers in need of these features. The additional protection keeps Azure customers ahead of the curve for avoiding costly, damaging intrusions while managing access with less overhead.

    To learn more about Azure Active Directory Premium editions, contact our experts at - Your online source for Microsoft Azure Cloud products.

  • SQL Server 2019 - What’s New?

    sql server 2019 performance

    During the 2018 Ignite conference, Microsoft released the public preview for SQL Server 2019. There are several enhancements that have been made to SQL Server release to help transform the Microsoft data platform, and more importantly, to improve the user experience.

    Most of the improvements are linked to the relational database engine, especially since the BI stack development is no longer directly connected to the database engine release. This is more or less the same thing that happened with SQL Server 2017. In fact, there’s only one major feature being introduced, among a host of minor enhancements.

    Database Performance Enhancements

    Over the years, Microsoft has made a tradition of tweaking each release to improve performance. More often, these are seen either as updates that assist all users, while in some cases these only edge case features.

    One of the notable optimizations was introduced in SQL Server 2017. As soon as a query is executed in a database, there’s a memory threshold that’s required for operations like data sorting to be done, hence delivering the required results to the user. The engine allocates a specific amount of memory to each query depending on the statistics that the data maintains.

    For example, a query that will require 5 billion rows to be joined will certainly require more memory allocation than one that needs to join only 50 rows. There are instances where the statistics might not be correct, and as a result, this ends up in performance concerns or concurrency.

    In SQL Server 2017, Microsoft found a fix for this problem, situations where continued execution of a query automatically adjusts the processing memory required to execute the query, depending on the runtime statistics of the execution before it. While this was a good idea, there was one challenge – this would only work for queries in batch execution mode. These are queries that must use a columnscore index.

    The problem with columnscore index queries is that they are only ideal for an analytical workload, instead of transaction processing. Fast forward to SQL Server 2019, and Microsoft has made dynamic memory grants accessible for all queries.

    Moving along with batch execution mode, the feature that can process huge chunks of data, in almost 1,000 rows and allows a speedy execution of aggregate functions like standard deviation, sums and averages were only available for columnscore indexes.

    In SQL Server 2019, Microsoft has introduced batch mode over row store. Limited testing results for the early releases have been impressive, especially with test results for aggregation queries.

    One common data warehouse performance concern arises connected to distinct counts for a single item. In a database, generating a distinct list is typically very expensive, especially when dealing with values on a very large table. You can see the cost replicated in BI operations because of the need to present a report for things like the number of products that each customer buys, or the sales records for each product. In SQL Server 2019, Microsoft has added a unique feature, “approximate count distinct.” This feature makes use of statistical functions to provide near-accurate data when in use and delivers results faster.

    The adoption of persistent memory is one of the other hardware and performance benefits that Microsoft has introduced. This is an effective storage feature at the block level. It’s effective because it writes at the RAM speed.

    In the database realm, this is a special feature. This is because more often database management software is hindered based on the underlying storage speed. In SQL Server 2016, Microsoft started offering support for persistent memory (NV-DIMM) as it’s referred to at the end of the transaction log. Building on this, any writings to a database should be handled faster in subsequent releases.

    Microsoft has since extended support for these devices in the release of SQL Server 2019, especially for Optane DC NV-DIMMs and on the Windows Server 2019. With this extension, any database project can now be stored on persistent memory like normal block-based storage.

    Microsoft didn’t leave out Linux users when rolling out SQL Server. For Linux, Microsoft created a unique enhancement that allows you to map database files to the memory directly. With this, there’s no need for kernel calls to the storage stack, which is memory intensive.

    The storage engines on Linux and Microsoft might not be the same, but it’s increasingly evident that Microsoft is working towards the creation of databases that offer the best performance, by living fully in persisted RAM.


    • Always Encrypted Using Secure Enclaves

    Always Encrypted offers protection for all sensitive data both in memory and over the wire through decryption and encryption at each endpoint. This, however, creates processing challenges from time to time, including the inability to filter or perform computations. For this reason, the entire data set must be sent across before a range search, for example, can be performed.

    What is an enclave? This is a protected memory segment that handles the delegation of filtering and computations. In a Windows database, enclave security is based on virtualization. In this case, the data is encrypted in the engine and remains encrypted. However, when it’s within the enclave, it can still be decrypted or encrypted. All you need to do is add ENCLAVE_COMPUTATIONS to the master key. You can simply check the “allow enclave computations” checkbox in SSMS to make this happen.

    This allows you to encrypt data almost immediately. This is faster and more efficient than the former way of encryption which used an application or the Set-SqlColumnEncryption cmdlet, to move all the data from the database, encrypt the database and then send back all the data.

    Given this update, you can perform range searches, wildcard searches, orders and so forth. You can also perform in-place encryption within the queries without worrying about security. This is because the enclave is designed to allow decryption and encryption on the same server. Within the enclave, you can also execute an encryption key rotation.

    For many organizations that have been struggling with encryption and other data management concerns, this is a game changer. There’s still some work going on to perfect all the optimizations, especially those that are not enabled by default. To learn how to turn them on, navigate to the topic and enable rich computations.

    • Certificate Management in Configuration Manager

    Managing TLS and SSL certificates has always been a challenge for a lot of database managers. Usually, they end up performing lots of tedious work and running unique scripts simply to maintain or deploy certificates across the entire enterprise.

    In SQL Server 2019, updates have been made to SQL Server Configuration Manager. This allows you to validate and view any of the certificates of interest easily, find those that are almost expiring and synchronize the deployment of certificates in all the replicas of an Availability Group (from the primary), or all the nodes in a Failover Cluster Instance (from the active node).

    These operations should work just fine for anyone using an older version of SQL Server, especially if you run them from a SQL Server 2019 version of your SQL Server Configuration Manager.

    • Built-In Data Classification and Auditing

    For SSMS 17.5, SQL Server added the functionality for data classification within the SSMS. This enables users to identify columns that have sensitive information or those that might not conform to the compliance standards in use such as GDPR, PCI, SOC, and HIPAA.

    This wizard will then run an algorithm that identifies and reports columns that might have such challenges, but you’re still free to add some on your own. From here you can make adjustments to the suggestions, or remove some of the columns you are uncomfortable with from your list. The classifications created are then stored through extended properties. This is an SSMS report that uses similar information to show columns that have already been identified. Keep in mind that the properties might not be visible outside this report.

    A new command was created for this metadata in SQL Server 2019. The command, ADD SENSITIVITY CLASSIFICATION is also available in the Azure SQL Database. What this does is that it confers the ability to perform the same procedure as you would with the SSMS wizard. However, the information will not be stored as an extended property. Other than that, the data is audited in an XML column, data_sensitivity_information. All the information that would have been accessed during the audited event is contained here.


    • Lightweight Profiling on by Default

    This enhancement has been around for a while and experienced several tweaks down the line. It was first introduced with SQL Server 2014 as DMV sys.dm_exec_query_profiles. Their role is to help users who are running queries to collect diagnostic information on all operators involved in the query. With this information, it’s possible to determine the operators who performed the most tasks, and why. This is ideal for auditing.

    Even if a user is not using this query, they would still be able to get a glimpse into the data for whichever session they are interested in, as long as STATISTICS PROFILE or STATISTICS XML was enabled. Alternatively, this is also possible through the extended event, query_post_execution_showplan. However, the problem with this event is that it usually strains performance.

    In Management Studio 2016, functionality was added, enabling it to show real-time data movement in an execution plan according to the information from the DMV. Therefore, regarding troubleshooting, this was a very powerful tool. Plan Explorer is another option that comes in handy for replay and live capabilities when visualizing data through query duration.

    In SQL Server 2016 SP1, it was possible to allow a lightweight version of the data collection process for all the sessions. To do this, execute the extended event query_thread_profile or use the trace flag 7412. This allows you to access important information about a session of interest without necessarily having to explicitly enable anything in the session. This applies more so for anything that has a negative effect on performance.

    For SQL Server 2019, the thread profile is already enabled by design. You don’t need, therefore, to have an extended session or trace flag running in an individual query. For all concurrent sessions, you can easily look at the DMV data at any given time. This can also be turned off using the LIGHTWEIGHT_QUERY_PROFILING database scoped configuration. However, the syntax cannot work with CTP 2.0, but there are plans to have it fixed in the new release.

    • Clustered Columnstore Index Statistics Available in Clone Databases

    To clone a database in the current SQL Server models, you will only get the original statistical object from the clustered columnstore index. If there were updates made to the table after creation, these will not be affected.

    In case you use the clone to tune queries or any other performance tests that need cardinality estimates, the use cases will not be valid. The workarounds for this limitation are not very easy to remember, and they might also be very expensive.

    The updated stats are available automatically in the clone in SQL Server 2019. Therefore, you are able to test any query scenarios and find a workable plan depending on the actual statistics, without having to manually run STATS_STREAM on each table.

    • New Function to Retrieve Page Info

    For a very long time, DBCC PAGE and DBCC IND have been used to collect information on pages that make up a table, index or partition. However, these are unsupported and undocumented commands. Automating solutions on problems which need more than one page or index might be a very tedious process.

    After that, sys.dm_db_database_page_allocations was introduced. This is a dynamic management function (DMF) which returns a set that represents all pages in the object in question. The function creates a predicate pushdown issue that might prove to be a concern with larger tables. For this to collect information on one page, it will have to read the whole structure, and this can be very prohibitive.

    SQL Server has also brought a new DMF, sys.dm_db_page_info. This DMF returns all information on a given page without unnecessary overheads to the function. To use this function in the current builds, you will have to know the page number that you are looking for beforehand. This might be intentional, but it’s a performance guarantee.

    For more information on Microsoft SQL Server, or to speak to a SQL licensing expert, contact Royal Discount at 1-877-292-7712 for a free consultation.

  • How to Enable (and use) Remote Desktop on Windows 10

    remote desktop on windows 10

    Windows 10 can be configured to access your computer using Remote Desktop from a number of different devices. Allowing Remote Desktop sessions to your computer from your remote devices gives you access to files and resources from anywhere you are when away from home or the office.

    To take advantage of RD, your host computer must be connected to the Internet, turned on and configured to allow connections from other devices. Access to the computer via Remote Desktop must be granted by permission and the connections allowed through the computer's local firewall.

    Why Use RD on Your Windows 10 Computer?

    If you are physically sitting at your computer, then you do not need Remote Desktop. Accessing your computer with RD is a convenience which allows you to work on your computer from a remote location without taking your computer with you. However, there are a number of considerations in regard to using RD on your computer.

    Security is of the utmost concern when using Remote Desktop so you need to be well aware of how you are configuring access to your computer. When RD is enabled a port is opened on the local network which makes your computer accessible with specific logon and permissions rights granted. Given the security concerns, it is important to understand that RD access can rights provide permission onto your computer with full administrative power as well as other user accounts from groups given access to the computer. It is important to use strong passwords when granting access rights to your computer over Remote Desktop.

    Over a network or domain, Remote Desktop should be used in conjunction with the option for Network Level Authentication (NLA). Using NLA means that only accounts with specific Remote Desktop access within the network will be allowed to logon to computers via RD. If you are using Remote Desktop in a home environment, NLA should not be enabled.

    Allowing Access in Windows 10 from Home

    Enabling Remote Desktop means that you are allowing a direct connection to your computer which is a peer-to-peer connection. A wide range of devices can be used when making a connection with RD to your Windows 10 computer. There are two options for connecting to your computer using Remote Desktop, port forwarding and VPN (Virtual Private Network).

    Port forwarding is a process which maps the public address of your router to the address of your computer on your network. In order to implement port forwarding from your router, you will need specific instructions from your router's manufacturer.

    Using VPN, you can connect to your computer with RDS as if it is part of the virtual private network. With this method you will not use a public IP address to connect to your computer, instead you will use the VPN to establish the secure connection. Once connected to the VPN, RD can then be used to connect to your computer. There are a number of different VPN services available which you can investigate based on your specific needs.

    Remote Desktop Configuration on Your Computer

    Accessing your computer at work may be controlled by security policies established on the network. Specific groups and users may be the only ones allowed to use RD so you should check with your IT support regarding what is allowed.

    Configuring your PC for remote access requires just a few simple steps (Home editions do not include support for Remote Desktop):

    1. On the host device (the one you want to connect to), select Start and then click the Settings icon that looks like a gear.
    2. Select the System group icon and then the Remote Desktop item from the menu on the left.
    3. Use the slider switch to enable Remote Desktop. (To keep a PC awake and discoverable for connection availability you might consider turning off sleep/power-save modes.)
    4. Click Show settings to view and configure a list of other settings as necessary (most may not have direct relevance).
    5. As needed, click Select users that can remotely access this PC to add a specific user who will have access (members of the Administrators group automatically have access).
    6. Make note of the name of your PC under How to connect to this PC. You'll need this to configure the client access.

    Using the Windows Client

    1. If your remote computer or device does not have the Remote Desktop client already it can be downloaded with a quick search of the Microsoft Store.
    2. Add a computer connection to the RD client by choosing Add + and then Desktop.
    3. Enter the computer name and the account information which will be used to make the connection.
    4. Additional options are available by clicking on Show more. These options allow for specific configurations for the remote session, all of which can be saved for future use.
    5. You can also add remote resources such as Remoteapp programs, session-based desktops and virtual desktops which have been published in RDSH. Click Add + and then choose Remote resources from the Connection Center window to add these resources.
    6. Enter the feed URL already provided by an administrator and then click Find feeds.
    7. Enter the necessary credentials to subscribe to the feed.

    To edit or remove a connection, click on the overflow menu (…) for the specific desktop and choose Edit or Remove as appropriate. To remove a remote resource, also click on the overflow menu (…) for the specific desktop and choose Remove. Specific connections can also be pinned to the Start menu by using the overflow menu (…) and clicking on Pin to Start.

    Add a Remote Desktop Gateway

    In order to connect to a host computer on the network from anywhere on the Internet you can set up a Remote Desktop Gateway:

    1. In the Connection Center click on Settings.
    2. At Gateway click on + to add the gateway (a gateway can also be added when adding a connection).
    3. Enter the server name which can be an IP address, computer name or Internet domain name (port numbers can be added as well using this format Name:443, where name is the computer name, domain or address).
    4. Enter the user account information or choose "Use desktop user account" to use the same account as that for RD connections.
    5. Save the configuration.


    Remote Desktop is a convenient tool for accessing remote resources within a network or over the Internet. A Remote Desktop environment already setup on a network will provide users fast access to apps and resources important to them. Use from a home computer with the correct edition and configuration of firewall and network equipment is readily available and easy to achieve.

    To learn more about Remove Desktop usage and implementation, contact our experts at - your online source for cheap OEM, Retail & Cloud products.

  • What is Azure Active Directory?

    azure active directory

    What is Azure AD

    Active Directory is Microsoft's domain management software which controls all security functions within an organization affecting log-ins, password, accounts and security permissions to apps and data resources. Azure Active Directory is an extension for on-premises Active Directory implementations or can stand alone as a security product for Azure implementations that are not already part of a domain.

    When using any kind of virtual or cloud resources, security controls are extremely important and AAD is the foundation for providing access controls even in hybrid implementations so that an on-premise presence and a cloud presence will work together on the same AD infrastructure. This is even more important when considering use for application development and integration with Office 365 especially when used remotely.

    Microsoft provides a wide range of tools in Azure AD Connect which replaces older versions of identity integration tools such as DirSync and Azure AD Sync. With this latest version of Azure AD security and identity are synchronized when used together between the cloud and on-premise implementations. AD Connect is also an integration tool that allows for the use of single-user identities and single sign-on access (SSO) whether it's in the office, on the cloud, or using Office 365.

    Azure AD provides synchronization of user IDs, groups and other Active Directory objects so that all of these elements are present and up-to-date between the cloud and physical locations used by organizations. There are a variety of authentication methods which can be used especially in hybrid solutions. Choices can be made between such cloud authentication methods as Password Hash Synchronization or pass-through authentication and even federated authentication (AD FS). Additionally, Azure AD Connect Health allows for monitoring of Active Directory resources from a centralized location within the Azure portal.


    As with all Microsoft products, there are a variety of editions for Azure Active Directory which provide sign-on and other security and identity needs. Subscription services to Microsoft Products like Office 365 and Microsoft Azure automatically provide for Azure Active Directory ase. This free edition of Azure Active Directory allows for management of user IDs, groups and synchronization with on-premise Active Directory implementations with all available sign-on capabilities for Azure, Office 365 and a wide range of SaaS applications including Google Apps and Dropbox among a few examples.

    There are a few different addition levels of which an organization should be aware. These are Azure Active Directory Basic, Azure Active Directory Premium P1, and Azure Active Directory Premium P2

    • Azure AD Basic - This edition is centered around cloud-based implementations for application access and self-service identity management which includes group-based access management, self-service password reset and Azure AD Application Proxy.
    • Azure AD Premium P1 - this is an enterprise level edition which provides identity management for on-premise users, remote users and hybrid users accessing applications both locally and over the cloud. This edition includes support for self-service identity, access management, administration of dynamic groups including self-service group management, as well as Microsoft Identity Manager which is a suite of on-premise identity and access management tools.
    • Azure AD Premium P2 - this edition includes all of the features of Azure AD Premium P1 with the addition of Identity Protection and Privileged Identity Management (PIM). Identity Protection provides management of conditional access to apps and critical data. PIM enhances management of privileged accounts tied to administrative access and other resources.
    • Additional versions are available in a pay-as-you-go editions such as Azure AD B2C for ID and access control of public apps. Also, Azure Multi-Factor Authentication can be implemented on a per-user or per-authentication basis.

    Benefits of Azure AD

    Azure AD provides a wide range of benefits when used in both cloud-based and hybrid implementations (where on-premise and cloud resources are used together), assisting with:

    1. Single identity creation and management of all users within an entire organization while providing synchronization of users, groups and devices via Azure AD Connect.
    2. Leverage of Azure AD's reliable HA for enterprise-class cloud presence with access management solutions.
    3. Control application security access with enforced rules-based policies that stretch across cloud-based applications and on-premise resources using Multi-Factor Authentication.
    4. Reduce support interaction and increase user productivity with the Azure AD MyApps portal to engage self-service password reset as well as manage group and application access requests.
    5. With Azure AD Application Proxy, a host of pre-integrated SaaS apps allow single sign-on access to a wide range of deployed apps within an organization.

    Additional considerations regarding synchronization, authentication and health monitoring in relation to Azure AD Connect enhance the overall benefits for organizations. Synchronization links on-premise and cloud-based resources and, in conjunction with password write-back, keeps user IDs, groups and other objects, including passwords, seamlessly up-to-date. Authentication methods with hybrid identity solutions in mind, including cloud authentication features such as Password Hash Synchronization / Pass-through Authentication or federated authentication (AD FS), provide effective security solutions. Health monitoring is available in a centralized location within the Azure portal where Azure AD Connect provides viewing of all activity.

    Intended Users

    Azure AD is a cloud-based integrated Active Directory implementation which can be used at all levels within an organization just like an on-premise AD forest structure. User-classes include the following:

    • IT administrators - with Azure AD Connect, admins can provide integration to existing Windows Server AD environments so that current on-premise resources and apps can be synchronized and managed with SaaS apps provided from the cloud. With increased security solutions, an organization can provide greater single sign on access and identity management for numerous apps hosted in cloud-based SaaS environments as well as those hosted on-premise. IT admins will find improved security over cloud-hosted resources with strengthened security, managed access control, collaborative enhancements and automated user identity lifecycle for assurance that compliance and security requirements are met.
    • App Developers - key app and SQL developers will find Azure Active Directory, no matter the edition in use, includes a wide array of tools for integration with the latest identity management solutions. SSO self-service and access control management features allow developers a wider range of options for delivery of important apps.
    • Office 365, Azure, or Dynamics CRM Online customers - tenants for these cloud-based products already use Azure AD so it can be put to use immediately with user access to cloud-base apps.

    Getting Started with Azure AD

    Administrators and developers can sign-up for 30-day trials of Azure AD to learn more about usage and implementation of the product.

    For a quick start, sign onto the Azure Portal where you can access Azure AD and create a new basic-tenant. To begin, you'll need a valid license and Global Administrator access in your portal account.

    Creation of a new tenant for Azure Active Directory can be easily and quickly achieved. Here are some instructions for a fast start at building your Azure AD environment:

    1. Sign into the Azure portal using a Global administrator account as noted above in the requirements.
    2. Select Azure Active Directory from the portal dashboard.
    3. Choose create resources.
    4. Then select identity and Azure Active Directory. At this point, the create directory page will appear.
    5. Next, enter your organizational name.
    6. Then enter the organizational domain name.
    7. Lastly, choose the country or region which should already be set to United States and then select create.

    The tenant will now be created with the domain matching the entries from the organizational and domain names.

    To further manage the tenant, especially if this is for testing purposes, deletion can be completed very easily. Simply log onto the Azure portal and select Azure Active Directory and then the name of the tenant you have created where you can select to delete the directory on the tenant page. The tenant and all associated information will be deleted if you make this choice so make sure this action is taken with care.


    Azure Active Directory provides an entire organization with an impressive range of tools for internal support well as user productivity. With SSO and a variety of self-service tasks available to users, password resets and security access requests to applications and resources all can be completed without interaction with a helpdesk. Azure Active Directory also provides an extended, consistent, synchronized management apparatus into cloud-hosted resources and apps for strengthened security and delivery at improved cost.

    To learn more about Azure Active Directory, contact our experts at - your online source for cheap OEM, Retail & Cloud products.

  • How Much Does Windows Server 2016 Cost?

    windows server 2016

    Windows Server 2016 is the newest version of Microsoft's server operating system available on the market. Costs and pricing for this latest OS version has changed in some ways versus earlier versions. Let's take a look at what those changes included along with what is the same. Here are the categories of editions available:

    • Datacenter Edition for highly virtualized private and hybrid cloud environments.
    • Standard Edition for non-virtualized or lightly virtualized environments.
    • Essential for small businesses with up to 25 users and 50 devices.

    Microsoft previously released Windows Server 2012 and Windows Server 2012 R2 as well as the Windows Server 2014 and Windows Server 2014 R2 with Standard and Datacenter (Enterprise) editions. Windows Server 2016 is no different than these previous versions in regard to editions so you can expect to have two basic types of pricing.

    However, in regard to licensing there are some changes with Windows Server 2016. As with a number of other products, Microsoft has shifted from licensing based on number of processors to the number of cores for a more accurate accounting. This is a big shift from the previous editions of Windows Server and applies to both Standard and Enterprise versions.

    Additionally, with the arrival of Windows Server 2016 previous feature parity is no longer available. Earlier versions of Windows Server OS's basically included the same available features with the exclusion of VM licensing. Below is quick list of categories and further information regarding availability between the versions.

    Windows Server 2016 edition Ideal for Licensing model CAL requirements [see below] Pricing Open NL ERP (USD) [See Below]
    Datacenter [see below] Highly virtualized and software-defined datacenter environments Core-based Windows Server CAL $6,155
    Standard [see below] Low density or non-virtualized environments Core-based Windows Server CAL $882
    Essentials Small businesses with up to 25 users and 50 devices Specialty servers (server license) No CAL required $501

    The new licensing model of physical servers requires all physical cores on the server to be licensed. Microsoft requires that a minimum of eight core licenses with every physical processor loaded in the server. A minimum of 16 cores will be licensed for servers with only one processor.

    Here are some further notes of interest between Windows Server 2016 Datacenter and

    Standard editions:

    • Pricing for 16 core licenses of Windows Server 2016 for both Datacenter (Enterprise) and Standard editions will have the same price as the license which corresponded to the same editions of the Windows Server 2012 R2 version for 2 processors.
    • Licensing rights for Windows Server 2016 Standard edition only provides for all physical cores in the server to be licensed for only 2 OSE's or Hyper-V containers. In the instance of additional OSE's or Hyper-V containers, Microsoft allows for multiple licenses to be assigned to the same cores.
    • Access by users or devices to Windows Server Standard or Datacenter editions requires a Windows Server CAL. However, access to multiple licensed Windows servers is allowed for each Windows Server CAL.
    • A Windows Server CAL is retroactive to earlier Windows Server versions with regard to right to access by users or devices.
    • Additional CAL's are required for such functions as Remote Desktop services or Active Directory Rights Management services as has been the previous case with earlier Windows Server versions.

    Windows Server 2016 also has some feature differentiation:

    Feature Datacenter Standard
    Core functionality of Windows Server · ·
    OSEs / Windows Server containers with Hyper-V isolation Unlimited 2
    Windows Server containers without Hyper-V isolation Unlimited Unlimited
    Host Guardian Service · ·
    Storage features including Storage Spaces · o
    Shielded Virtual Machines · o
    Networking stack · o


    Why has Microsoft instituted its licensing changes?

    The new licensing model assists Microsoft with delivering consistency between on-premise and cloud environments for improved licensing benefits within hybrid implementations or for transitions to cloud-based computing. Customers with Software Assurance will find that the Azure Hybrid Use Benefit (AHUB) is now available to leverage for cost savings, especially when shifting Windows Server virtual machines to Azure with base compute rates.

    How are virtualization rights different with Windows Server 2016?

    Datacenter provides unlimited rights for OSE's or Hyper-V containers with minimum physical core licensing (8 cores/physical processor with a minimum of 16 cores licensed per server). Standard edition is limited to up to 2 OSE's or Hyper-V containers (unlimited Windows Server containers are included on the licensed server and additional VMs will require additional licensing for all physical cores).

    Are existing customers with Software Assurance affected by changes to the licensing model when deploying Windows Server 2016 or System Center 2016?

    Software Assurance customers can deploy Windows Server 2016 or System Center 2016 at any time.

    How does the new licensing model affect hyper-threading?

    Only physical cores on processors are considered and inventoried with consideration to core-based licensing for Windows Server 2016 or System Center 2016. Virtual cores are not considered in the licensing parameters.

    Can Windows Server 2016 support VMs running inside a VM and how are these nested virtualizations licensed?

    Unlimited virtualization is covered in the licensing model for Windows Server 2016 Datacenter. However, the Standard Edition covers no-to-low-virtualization so only two VMs are allowed in this scenario where a VM nested inside a VM would count as two VMs in the licensing model.

    When continuing a subscription for System Center Software Assurance with Azure rights to manage instances as well as for third-party cloud providers, how many cores should be licensed with this benefit if no on-premise OSE's are being managed using System Center?

    A minimum of 16 cores, which is the equivalent of System Center 2012 R2 2-processor licensing, is needed for continued Software Assurance benefits for Azure and other cloud providers.

    To learn more about Microsoft Windows Server 2016 licensing, contact our experts at - your online source for cheap OEM, Retail & Cloud products.