Security groups are a way to collect user accounts, computer accounts, and other groups into manageable units.
Windows Server supports group scoping. The scope of a group determines both the range of a group’s abilities or permissions and the group membership. There are four group scopes.
The primary purpose of Azure Automation is automating repetitive and long-running tasks, both in Azure and for on-premises servers.
The Domain Name System (DNS) is responsible for translating (resolving) a service name to an IP address. Azure DNS provides DNS hosting, resolution, and load balancing for your applications using the Microsoft Azure infrastructure.
Azure File Sync allows you to extend your on-premises file shares into Azure. It works with your existing on-premises file shares to expand your storage capacity and provide redundancy in the cloud.
You need to understand some terms to use Azure File Sync.
Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
The following table describes how Azure Firewall manages the various configured rules to filter inbound and outbound traffic.
Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
Azure Policy helps to enforce organizational standards and to assess compliance at-scale.
The Azure Relay service enables you to securely expose services that run in your corporate network to the public cloud. You can do so without opening a port on your firewall, or making intrusive changes to your corporate network infrastructure.
Claude is a next generation AI assistant built by Anthropic and trained to be safe, accurate, and secure to help you do your best work.
A device identity is an object in Microsoft Entra ID. This device object is similar to users, groups, or applications. A device identity gives administrators information they can use when making access or configuration decisions.
DNS forwarding rulesets enable you to specify one or more custom DNS servers to answer queries for specific DNS namespaces. The individual rules in a ruleset determine how these DNS names are resolved. Rulesets can also be linked one or more virtual networks, enabling resources in the VNets to use the forwarding rules that you configure.
A ruleset can't be linked to a virtual network in another region.
Microsoft Entra application proxy provides secure remote access to on-premises web applications.
Microsoft Entra Domain Services provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.
Exploit protection is a feature in Windows that helps protect against malware by using various mitigation techniques to prevent exploits from being successful. It can be configured for the operating system by default or customized for individual applications.
Certain domain and enterprise-wide operations aren't well suited to multi-master updates. In these situations, the operations must be done on a single domain controller in the domain or in the forest. Having a single-master owner defines a well-known target for critical operations, and prevents possible conflicts or latency created by multi-master updates. It means that the relevant FSMO role owner must be online, discoverable, and available on the network by computers that must perform FSMO-dependent operations.
Hub and spoke is a networking model for efficiently managing common communication or security requirements. It also helps avoid Azure subscription limitations.
Azure supports two types of hub-and-spoke design. The first type supports communication, shared resources, and centralized security policy. The second type is based on Azure Virtual WAN. This type is for large-scale branch-to-branch and branch-to-Azure communications.
The Network Connectivity Status Indicator (NCSI) is a feature that helps to provide a visual display of the current network connection status.
The following table lists the Operation Master roles, and their placement in Active Directory.
PingFederate is an enterprise federation server that enables user authentication and single sign-on. It serves as a global authentication authority that allows customers, employees, and partners to securely access all the applications they need from any device.
A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules.
SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet.
Split DNS, also known as split-horizon DNS, uses the same DNS domain name for both internet and internal domain-member resources.
Storage Spaces is a technology in Windows and Windows Server and is conceptually similar to redundant array of independent disks (RAID), implemented in software. You can use Storage Spaces to group three or more drives into a storage pool and then use capacity from that pool to create Storage Spaces.
Storage Spaces Direct is a feature of Azure Stack HCI and Windows Server that enables you to cluster servers with internal storage into a software-defined storage solution.
The Resilient File System (ReFS) is Microsoft's newest file system, designed to maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption. It seeks to address an expanding set of storage scenarios and establish a foundation for future innovations.
A trust relationship (also called a trust) is a logical relationship established between domains to allow authentication and authorization to shared resources.
If you have VMs created with an earlier version of Hyper-V, some features that are introduced and available on a newer Hyper-V host operating system (OS) might not work with those VMs. it's important to understand which OS versions support which VM configuration versions.
Windows Admin Center is a locally-deployed, browser-based management tool set that lets you manage your Windows Clients, Servers, and Clusters without needing to connect to the cloud.