 We're back, and now we're going to talk about the second exam in the Windows Server Hybrid Administrator Associate Certification, which you see configuring Windows Server Hybrid Advanced Services exam. Now, that doesn't mean that this exam is harder than the first. It probably going to be a fairly equal difficulty. It's just that there's certain topics that we think that you should cover before you do the other ones. The high-level functional groups on this one are security. High availability, disaster recovery, migration, and then monitoring and troubleshooting. So, let's jump into security. Within this one, we've got secure the Windows Server Operating System. So, this has been something that has drifted in and out of Windows Server certification exams for the last 20 years as to whether or not we've actually tested you on the deep security features. So, here we're asking about exploit protection, understanding about how application control works, endpoint works, credential guard works, what smart screen does, and operating system security using group policies. The next one, what are attackers going after if they're trying to compromise your Windows Server environment? They're going after Active Directory. So, what can you do to secure Active Directory? From anything from password policies and password blocklists, which is something you can do with hybrid, read-only domain controllers, how do you actually harden a domain controller? Because one of the things that we do to be good for customers is when we ship a... And feel free to disagree because you're in the product team. When we ship Active Directory, we're trying to balance making it as secure as possible versus being as compatible for our customers as possible. And if we turned on absolutely every security feature that Active Directory had, a whole lot of customers are going to suddenly find that things didn't work. Yeah, much of their legacy applications may just stop working. So, one of the things that we're covering or will be covered by this exam is this. This is all of the extra knobs and dials that you can turn to actually make Active Directory more secure. So, it can be things like disabling NTLM is an example of shifting purely to Kerberos or how you can harden Active Directory. Understanding built-in administrative groups, delegation, and then Microsoft Defender for Identity, which is a cloud service that can actually monitor whether or not attacks are adhering against your domain controllers. Identify and remediate security issues using as your services. So, this is as your Sentinel and as your security center and how you can plug those in to a hybrid environment. How you can secure your Windows networking from Defender Firewall through to something that Ned did a blog post recently about, about using domain isolation policies, which is one of those call operating system features that a lot of organizations don't know about, where you can say, right, this machine will only talk to this other specific set of machines. Exactly. So, again, a lot of it is some of this is technology that's been there, that a certain segment of the customer base uses. But as you know, when you go out and talk to customers, sometimes you'll talk about something that to us has just been something that we've known about forever. But to them, it is... And that's why this level of certification, again, I think this really thoughtful approach, domain isolation is actually a really great example of that. It's one of those features that's really valuable, can easily protect an organization, won't impact compatibility, but greatly raises the security posture of the organization. And just a lot of people don't know. So, by putting this into the certification, I think it's really going to help a lot of organizations out in terms of protecting their resources. Because when you're studying for a certification, yes, we want you to be tested on stuff that you've actually been doing in the real world, but yes, we also want you to be aware of stuff that you might not know about. And I know this again from all the books I do, in that I get readers coming to me and going, I didn't know about that. And they didn't know about it because they hadn't had a reason to know about it. And sometimes certification is just a good reason to know about something that's always been there that you never saw before. So, how do you secure your storage? So, bit locker, recovering encrypted volumes, in disk encryption in Azure, and then how do you manage your encryption keys for your virtual machines? Next one, high availability. So, basic Windows Server failover clustering. What do you need to know about doing it on-prem? What do you need to do about it on the cloud or in a hybrid environment? So, stretch clusters, storage for failover clustering, quorum options, network adapters for failover clustering, all of these things that you need to know to make workloads highly available. Now, with this USDAC HCI, all of this is taken care of pretty much for you. But when we're looking at Windows Server, this is all of the sort of your pre-reading material of understanding the theory of what's going on, probably, managing your failover clustering. So, using cluster-aware updating, which is another one of those cool features that some people don't know about. Where you say, I want to apply these updates to these nodes, and it goes off and orchestrates the process for you. How do you recover a fail node? How do you upgrade an existing cluster? What about moving workloads between nodes, installing updates, managing failover clusters using Windows Admin Center? Well, there's a lot of people coming from older, there's a lot of people now getting, forget about 2008 for a second. There are a lot of people getting off their 2012 and 2012 R2s, and they have never had a chance to look at cluster-aware updating. They've never exercised it, and when you can actually see, guess what? We've made updating easier than ever. Boy, that's another example of a feature that can help an IT organization. It's absolutely something you want in your resume. You can say, oh, yeah, I know how to do cluster-aware updating. I know how to set this up. I know how to manage it, and it will improve uptime. It's just a valuable skill set to have in the certification. And then we come in with high availability and storage spaces direct. So clusters with storage spaces direct, upgrading storage spaces direct, networking for storage spaces direct, and configuring storage spaces direct. So we thought that that was an important enough topic to actually break it out into its own specific area. Disaster recovery. It's not protected unless you can recover it. So managing backup and recovery just for Windows Server. So this is your story about backing up locally, but also using cloud, because cloud, again, is a complete game changer for backup. And it's something we've all realized because we've gone from, oh, I need to shift my tapes off-site to, oh, actually, the cloud with infinite storage can become my eternal sand sort of a thing. So we look at Recovery Services Vault and understanding what part they play in it. Backup server and understanding what is your backup server is as a product, what it is about putting it on locally, what you are doing about backing up and managing virtual machines, both in Hyper-V and in Azure IaaS. And then disaster recovery using Azure Site Recovery. That is how to make Azure your DR site, rather than some people maintaining a facility that they never use, again, coming through and what do you do to set that up? And then Hyper-V replica. So what can you do to make your Hyper-V virtual machines replicate to another location so that if you lose one site, well, we're sitting at another and that other site could be in your own data center or it could be an Azure data center. Then migration. So migration is an important part because there's going to be some people and one of the things that sort of, when we've talked about a lot of cloud stuff in the past, it's been very much a migration first message. And what we've done, I think, is Microsoft's evolved and this is just a personal opinion, has moved, evolved towards it. Actually, it's hybrid coexistence is where people want to be. There's a couple of customers who want to pick up everything and move it to the cloud. There's many more customers who want to pick up some things and move them to the cloud but keep other things where they are and make them work in hybrid. So, again, we've got this migrate service and workload. So is there something here that you think, well, let's go in. No, I would just say when it comes to migration, I think you nailed it. There's a bunch of workloads where we are seeing a huge move in mass to Azure. Exchange is a perfect example and I've been watching this happen for some time now. Everyone's saying, why do I need to keep running Exchange on-prem? Let's move that to the cloud. Microsoft, you manage it for me. That's almost a no-brainer at this point. There's a lot of people that go, I don't need to manage my own mail. There's still a few out there but most of them are making that move. Then you have things like SQL Server where we are seeing some people move it to Azure because they want the auto management and manage instances. And there's some are saying, you know I've got some stuff that's going to stay on-prem for locality and latency to other systems in the organization and stuff like that. And then you have things like AD where people just say, I have an old AD and I want to migrate that to modern AD. I want that on Windows Server 2022 domain controllers and all of that. So I think you nailed it. There's a couple of different scenarios in here and really it looks like this certification is covering all of them and that's what makes me so happy because this certification is really nailing where a hybrid admin needs to be and what needs to be on the resume, which is look it's not all on-prem and it certainly is not all on cloud. It's this continuum and that's what we're covering here. So and that's important to understand about the role-based certification approach. It's really about what do people actually do versus what certification could have been especially in the 1990s. I remember doing a certification for a particular vendor that's not Microsoft that was literally, can you recite their product catalog? What we're not trying to do is we're not trying to get you to, a lot of these things have been in the operating system for a while and when we were going through and building this certification out, we had the debate, do we include for example, AKS, Kubernetes on Windows Server and we sort of sat there and we went, look, that would be something that we might come to in a future advanced certification in terms of people using it right now, in terms of what we can squeeze into this particular hamburger, that's probably not sitting there. So we're trying to keep it as real as possible. No, these are critical the ones you have here. So here we've got storage migration services. So this is the Ned Piles section of the certification. And I'm just going to say, I get on my Twitter feed a couple times a week, people just saying, we love the storage of migration service. It's fantastic. It's just made our life so easy. We've retired so many old file servers and we've modernized them on-prem to newer file servers and move some of it to the cloud. But it's handling it both and people love the storage migration service. So the next one is just a straight, you've got on-prem servers. How do you lift and shift them to Azure? So this is a lift and shift part of the certification. Here we've got, you've got Windows Server 2008 or you've got Windows Server 2003 that we're not going to talk about. And how do you move it to Windows Server 2022? So it's literally the how do you, you want to pick it up and you just want to update your operating system platform. The next one is IAS workloads. And we're looking at containerizing them or moving them towards your web apps. So either one of those with the workloads, if you wanted to pick it up from obviously 2008 and 2022, would be covered in the previous one. And then this one, which should have been in many exams but I don't think ever has been, which is how do you make sure that your Active Directory is running the most recent version? Because if there's a one thing that you can do to improve the security, it's upgrading your domain controllers. Awesome. So that's what we're looking at there. And the final functional area is monitoring and troubleshooting Windows Server environments. So how do you find out what's gone wrong and how do you do something about it? Not that anything would ever go wrong but give me off chance that it might. Look, things happen. That's life. Things happen and you have to be able to figure it out, figure it, solve it, troubleshoot it. That's, hey, that's part of the job. And it's also, honestly, it's that sleuthing around and solving the mystery and fixing the issue. That's part of the job. How can we make it better? This is how we do it. And it's, you know, it's what tools as a detective are you using to diagnose and find these problems? So everything from performance monitor, which is, you know, I again remember in the NT4 exam, which of the following performance counters? Hopefully, it's not going to be one of those questions, but, you know, moving up to using Windows Admin Center, moving even further and using System Insights, which is that great thing that was introduced, that was in 2019, that basically is predictive about you're going to run out of disk space in this many days. Managing your event logs, which is more than, oh, look, there's some red ones. I better look at those. But in fact, coming up with a proper event log strategy, such as event log forwarding, event log collectors, and so on and so forth. And then integrating that with Azure, which, if you think about it, where's the best place to go and put all of your telemetry up in the cloud so that you can then use cloud power to manage it. And then using diagnostics and then all of the tools that we give you in Azure for monitoring your VMs because one of the things that we also wanted to differentiate here is to say, look, there are some real benefits to running your virtual machines in our fabric. And these are all of the things that we light up for you that you could light up for yourself on-prem, but it's a whole lot of work to get all of that working, whereas you deploy a VM in Azure and then suddenly you have all of this extended functionality around the VM that helps you run them. So troubleshooting networking. What are your tools? And how do you diagnose what's going wrong with networking? How do you double troubleshoot on-prem at network connectivity? It's not working. Okay, we know the answer is it's DNS, but how do you figure out which part of DNS it is? Then we look at troubleshooting Windows Server virtual machines in Azure. And these are all of the built-in tools that you can use to troubleshoot virtual machines in Azure. Whereas if you put a VM on-prem that's not booting properly, you might be sitting there going, okay, how do I fix that? With Azure, there's actually a whole lot of built-in tools that can actually help you resolve those issues from disk encryption to extension to performance to the thing won't boot. And then troubleshooting Active Directory. So everybody's got... No one's got a perfect Active Directory instance unless they've got no users. Sorry. Oh, Orin. Orin, I just love this. I really do. As we've been walking through this whole thing, I've been sitting back listening to you as you're kind of presenting each section and then kind of diving into each what section each offers. And I feel like we have a really comprehensive view. But again, it really has this fantastic mix of, hey, here's how we do things in the on-prem world. Here's how we do things in Azure. Here's how we do things in hybrid. Here's how all of these things mix together. And by the way, while we're at it, we're going to give you kind of help you so you can figure out what the right strategy is for you. Because there are definitely going to be cases where you say, hey, you know what? If I move to Snazzure, it's going to be easy because a bunch of these diagnostics, a bunch of these things are ready made for me. There's some things that are going to stay on-prem. How can I make sure that I get the best out of that on-prem environment? Oh, and by the way, some of that stuff that's staying on-prem, how can I use Azure Monitoring to help me get the best out of what's staying on-premises in terms of troubleshooting, diagnostics, performance, and also just one last thing is, I have to remind people from time to time that we provide our own Microsoft best practices in Azure. And through Arc, we're now giving you the ability to provide those best practices on-premises as well. And so for all of these folks that we are targeting with the certification, one of the things we're trying to do is we're trying to make your job better. We're trying to give you better tools. We're trying to give you better practices. And I think that this certification really captures that. And I'm really excited about what you got to have here, Orrin. Thank you so much for just walking me through this at this level of granularity. This is awesome. So at the moment, the exams are being written by the vendors. And what's going to happen is in the November or December time frame, there will be exams for these exams. And what will happen is that that's where we've got third parties go out and write the questions. And then we come back and we look at the questions. There might be some that, you know, aren't constructed properly. There might be some that are perfect. There might be some that need to be slightly rewritten. I'm imagining, and this is not an announcement. This is Orrin speculating that we're looking at sort of a January or February time frame before these exams will become generally available. In the meantime, there is an exam, two exam certification study guides that have already been published. Now what they are is their links to Microsoft learn modules and importantly, the docs.microsoft.com articles that detail how all of this stuff works. Now later on, you'll have third parties go and generate their own exam prep materials. And maybe some of those will even be available by the time the exam goes live. But if you're interested in any of these topics, just go and look at the exam guides now because they're a link into it. That's a great suggestion. Anyway, it's been great to sort of take you through this. I've really been looking forward to bringing this to you and showing you sort of what has been accomplished. Every time I talked to anybody on the product team, they were like, you know, we need this. And I like, I know we need this because that's what I'm hearing as well. And it was a matter of it just being the right time for this now. Being the right time and the right certification. To me, it's both of these things. And that's why I'm so excited about it. And I hope everybody that's listening and watching, I hope you take Warren's guidance, get the learning path, take a look at that. What's up there now? We'll have this available soon for these certifications. But I hope you really understand what we're trying to do. We are trying to make sure that as an administrator for your certifications, that we are taking you to the next level. We want to level you up in terms of certification. So you're ready for that whole next generation of cloud administration and hybrid administration because that's what employers, that's what your bosses, that's what IT managers are looking for. They, you know, they're looking for someone that can manage this hybrid world because that's where folks are going. And we want to give you that flexibility. And I think that's really what the certification does. So thank you so much, Oran, for the time. Really appreciate it. Thank you very much. And when you take them, good luck on your exams.