This article describes the licensing options you have when you want to deploy Windows Server Virtual Machines in Azure. It’s getting complicated when you start using the Hybrid Use Benefit solution, so always contact Microsoft or your licensing supplier. Please note that I will not answer any licensing questions.
Built-in Licensing for Windows Server
This type of licensing is by-far the most easy to use but it can be an expensive solution. You deploy an Azure Virtual Machine from the Portal or PowerShell and the licensing costs are automatically included with the Virtual Machine costs. But what if you want to use your existing KMS licenses which you’ve bought with your Enterprise Agreement? Or you want to use Windows Server Standard licenses instead of Datacenter licenses?
With the new Windows 10 Fall Creators Update, Microsoft finally added a built-in NAT Switch into Hyper-V! This gives Hyper-V Virtual Machines access to the computer’s network. The new switch automatically assigns IP address to your Virtual Machines, so no need to run your own DHCP server anymore!
The switch is named “Default Switch” and cannot be changed in the Hyper-V Virtual Switch Manager:
According to the info message: “The Default Network switch automatically gives virtual machines access to the computer’s network using NAT (network address translation).”
I’m happy that Microsoft finally introduced this as it was already available in other 3rd Party solutions and a good argument why some people didn’t want to migrate to Hyper-V. Now they can! I wasn’t able to find an official statement of Microsoft on this new feature, but I’m sure it will be published soon.
What do you think of this new feature? Are you going to migrate from VMware or other solutions to Hyper-V? Let me know in the comments section!
So your Group Policy (GPO) settings do not allow you to upgrade to the Windows 10 Fall Creators Update and you have local administrative access on your machine? The registry fix from below will change this! Copy the registry fix from below and save it as fix.reg with Notepad. (Make sure you don’t save it as fix.reg.txt!) Right click on the file and click “Merge”. You should now have access to Settings -> Update & Security -> Windows Insider Program. Enroll your device in the program (with your Microsoft account!) and select “Just fixes, apps and drivers” from the dropdown – which will enroll you in the Release Preview Ring. Go to Settings -> Update & Security -> Windows Updates and select “Check online for updates from Microsoft Update”. It will take some time before the Fall Creators Update pops up here.
When the Windows Insider Settings are greyed out again after several minutes, your GPO settings were re-applied and you need to rerun the fix.reg file. Run the fix.reg file every hour or so and check again for Windows Updates. After a couple of hours you should be able to enjoy the Fall Creators Update!
On my work notebook, all drivers were correctly populated so it had to be something with my test laptop. It’s a fresh Windows 10 machine deployed by a Task Sequence – enabled with Device Guard and Credential Guard.
During the installation I’ve installed the Microsoft-Hyper-V-Hypervisor feature on Windows 10. You also need to install the Microsoft-Hyper-V-Services if you want to have those drivers installed as well.
Recently I was trying to apply a lock screen image with a GPO. I distributed the image to the C:/Windows/Web/Wallpaper directory and configured the Windows 10 GPO to that location. After running the Windows 10 Task Sequence successfully, the default lock screen image came up. I was using a large image from the client so that it still looks good on bigger screens. I’ve found out that after resizing the image back to 1080P, the image was applied successfully after locking the machine. Looks like a strange bug if you would ask me.
Recently Microsoft introduced Windows Autopilot. This is a feature where you can register your corporate devices and where users can use their internet connection to sign in with their Azure AD credentials. The device is automatically enrolled with MDM like Intune and will receive apps and policies from there. According to Microsoft’s recent blog post and instruction video, a user needs to insert their WiFi password as the device will get the configuration from MDM and is already enrolled, without having the option to change the MDM provider or enroll the device as a personal device. The device really becomes a corporate-owned device. This looks a bit like the Apple Device Enrollment Program. One of the interesting parts of that instruction video, is that it looks like OneDrive can be pre-configured from OOBE as well:
I hope that Microsoft will further expand the possibilities of this service. What I would like to see is that the device can cache/download applications and settings from Intune during the factory imaging process. This ensures that applications, policies and settings are pre-loaded on a device and don’t need to be downloaded anymore. This will dramatically decrease network bandwidth and deployment time.
Recently I replaced my workstation and that was a perfect time to rebuild my home lab. After I got green lights from my employer to install the all new Windows 10 Creators Update, I also installed Hyper-V and started to build servers in my lab. I was playing around with Shielding, Virtual TPM and SecureBoot until I found out that RemoteFX didn’t work anymore. I added the RemoteFX adapter to a VM with shielding enabled, but saw in the Hyper-V Settings menu that “0 virtual machines are currently using this GPU”. I first thought about updating my drivers, but I realized that I was playing around with some new features. After disabling Shielding for this VM, RemoteFX started to work!