Adding a Custom Domain to Office 365

Before proceeding to this topic, I would like to talk about the necessity of adding a custom domain to your Cloud ( Azure in this scenario )

By default, you have all the flexibility to choose your domain when you have On-Premise infrastructure. You install Active directory domain services, bring up a domain controller and choose a domain as per your convenience. So, all the identities which are created in that domain will carry the same domain name.

In Cloud, you will be asked to give the domain name during the registration process of Azure. For example, if you give ABC as your domain, if you create a new user as user1 in cloud, he has the extension of user1@ABC.onmicrosoft.com. Similarly User2@ABC.onmicrosoft.com and so on. It will be difficult for the organisation to have the identities as such. Instead, they can add their domain to Azure so that they can have User1@customdomain.com.  In this demo, I use a custom domain  kartikkopalle.com and a new user who is created will have the extension of user1@kartikkopalle.com


Prerequisites: 

  • A registered domain name
  • Access to O365 Portal. you can get a free Azure account from here

For this demonstration, I am using my custom domain kartikkopalle.com

Login to O365 Portal at https://login.microsoftonline.com

O365 Login page.PNG

Navigate to Domains and click on Add Domain

Domain.PNG

You will be directed to the below page. Get started

Add a new domain.PNG

Give your domain name

give domain name

Adding DNS records:

You will be shown with a TXT value. You have to go to the website, where you registered your domain and enter these values

Step by step procedure to add a TXT value : https://g.microsoftonline.com/0BX20en/949

vivek.PNG

After giving the TXT records, go back to O365 portal, select the domain and start the setup process.

21.PNG

1.PNG

Now, all the users will be prompted for an update to the new domain

2.PNG

Now you can see that the user kartik us updated from kartik@ML21.onmicrosoft.com   to kartik@kartikkopalle.com

3.PNG

Sign out and sign in with the new username

4.PNG

Now, when you create a new user in O365 portal, you will have an option to select the custom domain

user.PNG

login.PNG

Managing Office 365 Updates with SCCM 1603

Till SCCM 2012, if we have to manage the Microsoft Office updates, we have to manually download the update, create a package, distribute this package to distribution point and the application need to be shut down while applying the update.

Managing Office 365 updates is a new feature from SCCM 1511. Also, there are improvements in how we manage the updates from SCCM 1511 to SCCM 1606

Before we proceed with how we manage the updates of O365, we first have a basic understanding of O365 Client, the deployment method and the available channels as this information is needed in choosing the relevant updates.

Overview of O365 Client :

Office 365 Client is similar to other versions of Office. The programs in O365 have the same features and functionalities as other versions of Office and the applications work the same way in all the available versions.

The difference is only with respect to Licencing and deployment methods.

There are different versions of O365 Clients:

  1. Office 365 ProPlus
  2. Office 365 Business
  3. Vision Pro for Office 365
  4. Project for Office 365

I have used O365 ProPlus Client for this demonstration

Licencing:

To use Office 365 ProPlus, a user must have an Office 365 account and should be assigned to a licence .And this is the reason the client machine is to be connected to internet at least once in a month so that the user’s licence can be validated

I have used the O365 Client Trial Version which is valid for 30 days. After 30 days, office apps works with reduced functionalities

Deployment Methods:

O-365 Proplus  uses different method of installation “Click-to-Run” which is different from the traditional MSI.

The advantages of Click-to-run over MSI installation are:

  1. User can run these apps and doesn’t have to wait till the installation completes
  2. By default Click-to-run products are configured to be updated automatically
  3. Flexibility to choose among the channels ( Current, Deferred )
  4. Run different versions of Office products on the same computer
  5. Flexibility to restrict the applications during product installations

Overview of Channels :

Microsoft has changed the terminology from Branch to Channel. This is the key factor in managing the updates. Which updates are to be applied to which client depends on which channel the Client has

There are 4 different types of Channels:

  1. Current Channel : Provides the users with all the new features as soon as they are released by Microsoft
  2. First release Current Channel : Provides an earlier look of the next current Channel
  3. Deferred Channel : Provides the users with the updates few times a year
  4. First release Deferred Channel : Provides an earlier look for the next Deferred Channel

How to decide on Channels ?

It is recommended to use the Deferred Channel in production as we have time to test the new updates and upgrades through their respective First releases

Current Channel, First release of Current Channel, First release of Deferred Channel can be used by set of pilot users who want to test the features and functionalities

Check this Microsoft Technet Article  for Version and Build numbers

Managing O365 Updates with SCCM (System Center Configuration Manager) 1603:

Prerequisites :

  1. SCCM 1602 or later
  2. Windows Update Services 4.0
  3. Office 365 Client with the below min version

For Current Channel, Version should be at least  1602 (Build 6741.2017)

For First Release for Deferred Channel, Version should be at least  1602 (Build 6741.2014)

For Deferred Channel, Version should be at least  1602 (Build 6741.2048)

4.   Office Deployment Tool

Enable Configuration Manager to receive O365 Client updates:

Navigate to Administration-> Site Configuration->Sites-> Right click on the site->Configure site components->Select Software Update Point

1

Navigate to Classifications and select check updates and upgrades

2

Navigate to Products and select Office 365 Client under Office

3.PNG

Navigate to Software Library and Synchronize Software Updates

4.PNG

Enable O365 Client to receive software updates from System Center Configuration Manager:

There are two ways to enable to O365 Clients to receive the updates

  1. Office Deployment Tool . This supports only the new installations
  2. Group Policy Administrative Template. This  supports already installed O365 as well as new installations

Enabling O365 updates with Office Deployment Tool:

Download the Office  Office Deployment Tool

Extract the contents to a shared location. The extraction will have setup.exe and configuration.xml files

sccm 2012 Office 2016 deployment

Edit the .xml file as per your requirements in version and channel

You can refer the below link for changing the xml file to your requirement

Click to run installation with Office Deployment Tool xml file

Technet Article

The standard command to install the O365 client is

setup.exe /configure configuration.xml

5.png

Enabling Office 365 Client to receive updates with Group Policy with Office Admin Template:

6.PNG

  • Import Office16.admx to GPO repository ( C:\windows\PolicyDefinitions)
  • Also copy the necessary language files to GPO repository

7.PNG

  • Enable the Office 365 parameters in gpedit.msc

Enable Office 365 Client Management and channel identifier  parameters

8.PNG

Channel identifier :

“Validation” for First Release Deferred Channel

“Current” for Current Channel

“Business” for Deferred Channel

11

Checking for the O365 Updates in SCCM

O365 Client version in my client Machine is 6741.2047 which is First release for Deferred channel and it was released on June 7th 2016.

We can use this article to check the build and version information of the clients

12.PNG

Now, we can see in SCCM console that a newer update is available for the existing O365 Client under required section

13.PNG

Creating a package with O365 Update:

Select the update, right click on that and create a software update group

14.PNG

15.PNG

Select the software update group, right click and select download

16.PNG

Create a  new Software deployment Package

17.PNG

Select the Distribution Point

18.png

19.png

Check for the download progress

20.png

Deploy the software update to the collection :

Select the O365 update which is showing as required, right click and select deploy

21.PNG

Give the name to the deployment

22

Select the deployment method

31.PNG

Select the schedule for the deployment

23

Select the user experience

24

Configure alerts if required

25

Select the download settings

26

Select the option to download the package from internet

28

Select the language

29

Review the settings and download the package

30

Now login to the client machine and check for the available update

Open software Center and check for the update

32.png

Download and install the available O365 Update

33.png

Now, we see that available update is successfully installed in the client machine

34.png

Configuring Azure AD Application Proxy

Many  Organizations have their web portals and applications which are hosted on- premise and there are many methods to give access to these applications on internet

One of the traditional methods is to have a Virtual Private Network configured, which will establish a secured connection between corporate network and internet users

Azure helps us to give access to in-house portals to internet with the help of Azure Application Proxy which avoids the need of using a separate virtual private Network configuration

For this demo, I am using Azure classic portal ( https://manage.windowsazure.com )

Components for Configuring Azure Application Proxy

  1. Azure Subscription
  2. Azure Application Proxy connector ( This can be downloaded from Azure Portal )
  3. An in-house portal which can be added to Azure

Azure Subscription :

you can get a free trial subscription from https://manage.windowsazure.com

If you have any existing Azure subscription ( either through EMS or O365, login to the Azure portal with Global Admin credentials )

Configuration of Azure Application Proxy 

Navigate to Azure portal from https://manage.windowsazure.com

Azure Sign in page

Navigate to Active Directory

AD Navigation

Click on Dashboard and scroll down to the end, where you can see Application Proxy

Click on Configure

Application Proxy enable

Scroll down to Application Proxy section

By default, Application proxy is disabled. Switch to enabled

Download the connector from the url

Download APplication proxy connector

It is recommended to install the connector in Windows Server 2012 R2 Server which has access to Corporate Network as well as internet

Connector installation 1

The installation will prompt for the Azure Admin credentials

connector login

Run the Connector troubleshooter

Connector Finish

You will be prompted with a command prompt on successful installation

Cmd prompt

Go back to the azure portal ( https://manage.windowsazure.com ) and come to the section of application proxy through the dashboard

Click on Manage Connectors if you install multiple connectors for redundancy

Manage Connectors

Connector status

Adding in-house portal to Azure :

For this demo, I am using an in-house portal http://*****mysalary/, which can be accessed only through my corporate network

Url : http://*****mysalary/

kartik salary page.PNG

Now, I will add this portal in Azure and configure it, to access from internet

Access Azure portal ( https://manage.windowsazure.com )

Navigate to Active Directory and click on Applications

Applications

Click on Add button which is at the bottom of the page and select the third option which is “publish an application that will be accessible from outside your network”

Add application

Give the details of the portal

portal name

Add the users to which you want to give access to this portal and navigate to Configure section as highlighted below

configuring portal

External url is the one which will allow you to access this portal through internet as you can see it has https in the url

payroll config2.PNG

To access this portal, Navigate to https://myapps.microsoft.com and sign in with Azure credentials

This will give you the list of applications and portals for which you were given access from Azure

In our scenario, payroll proxy is the App which will allow us to access my in-house portal through internet

Myapps.PNG

I am able to login to the portal through internet and you can see the url with https://*****

payroll https.PNG

Cross Check :

If you want to cross check whether proxy is configured correctly, you can access the app in mobile phone

Download “My Apps” application from Play store which will provide the list of applications under your login

List of apps available :

My apps in mobile (1).png

As you can see, I am able to access my payroll portal through https://***  in my mobile phone

payroll proxy in mobile.png

Disaster Recovery with Microsoft ASR ( Hyper-V to Azure)

Every Organization needs a Strategy for planned and unplanned Outages to keep their workloads, apps, services, data running all the time. This strategy should really assure them to achieve the continuity of services

What is ASR : Disaster recovery Solution Provided by Microsoft Azure

Azure Portal Used for this Demo : Classic

Using Microsoft ASR ( Azure Site Recovery), one can achieve the BCDR ( Business Continuity and Disaster Recovery) in a very simple way which is far more efficient compared to the traditional disaster recovery methods

The traditional way to have a disaster recovery plan is to have a on-premise secondary site which has the equal compute and can take the work loads in case of a disaster and replicate the data between primary and secondary sites.

Advantages of having Azure Site recovery :

  1. Simple BCDR Strategy
  2. Flexibility in Replication
  3. Easy Recovery
  4. Eliminate Secondary DataCenters
  5. Integrate with existing BCDR strategies

Replication is the key in any Disaster Recovery plan and ASR does this in a very sophisticated way

What can I replicate ?

  1. On-Premises Physical Servers (Both  Hyper-V and VMWare)
  2. On-Premises VMWare Virtual Machines
  3. On-Premises Hyper-V Virtual Machines
  4. On-Premises Hyper-V Hosts in VMM Cloud

Note : We can configure only the orchestration between On-premises Linux, On-Premise Hyper-V Hosts in VMM Cloud with SAN-Storage replication.

Now, I am going to show you the configuration of Azure Site Recovery between Hyper-V Virtual Machines and Azure Cloud

Prerequisites for Azure :

  1. Azure Account
  2. Azure Storage Account
  3. Azure Site Recovery Vault
  4. Azure Virtual Network

Prerequisites for Hyper-V

  1. Server running with Windows Server 2012 R2 with Hyper-V role installed
  2. At least 2 Virtual Machines running with this Hyper-V
  3. Hyper-V host connected to internet

Note : If Hyper-V host cannot face internet, configure the proxy server which will allow the below url’s

  • *.hypervrecoverymanager.windowsazure.com
  • *.accesscontrol.windows.net
  • *.backup.windowsazure.com
  • *.blob.core.windows.net
  • *.store.core.windows.net

Step :1

Create Azure Vault

Sign into https://manage.windows azure.com with azure account

  1. Expand Dataservices -> Recovery Services and click Site recovery Vault
  2. Click create new -> Quick Create and give the details of region and subscription
  3. Click Create Vault

AzureVault

Step-2:

Create Hyper-V Site

Click on the Newly created Vault and select the highlighted pane

Dashboard

Select the recovery model as said below

select recovery site

steps for creating site

  1. Create Hyper-V Site 

click on “Create Hyper-V Site”

Create Hyper-V SiteHyper-V Site

2. Prepare Hyper-V Server  ( These steps are to be performed in Hyper-V Host )

A sample Virtual Machine, VM1 is created in Hyper-V host for this demo

Download the Provider and  registration key to Hyper-V Host

Provider 1.PNG

Browse the Vault credentials which were downloaded

Vault Settings

Finish

Come back to Azure Portal ( https://manage.windowsazure.com)

Create a Storage account 

Storage Account

Create Azure Network AccountNetwork Account

Go back to the Azure Vault and create a Protection Group 

Protection Group

Replication settings

Select the Protection Group and add Virtual Machines to the Protection Group

Add VM2

Once we add the Virtual Machine, it is replicated to Azure 

VM2 Replication Status

Synchronizing.png

Select the Virtual Machine and click on ” Test Failover”

Test Failover.png

Select the VM and review the configuration settings and change the Microsoft Azure Network to the network which we created

VM configurations

Select the Virtual Network for the failover

Failover network selection

VM Replication Status

VM replication

Disk Replication Status

Disk replicatioon

Integrating SCOM(System Center Operations Manager) with OMS(Operations Management Suite)

Introduction to Operations Management Suite :

what is OMS ? : A Cloud (SaaS) based monitoring tool provided by Microsoft

you can get OMS trial version at https://www.mms.microsoft.com/Workspace

Proactive Monitoring of IT infrastructure is very crucial to achieve the expected results.Gone are the days if something goes wrong and we are notified on that.More focus has been made on Predictive Analysis, Proactive Monitoring, Risk Assessment, Log Analytics,Trending and Forecasting.

Operations Management Suite is an IT management solution that provides realtime Operations intelligence across hybrid environments. Management Suite can collect log data from your environment and analyze it in order to help you seperate signal from the noise

We all need a  Single tool which can achieve all these below parameters:

Notification to be sent forecasting failure

An assessment To be done on complete health and best practices to be followed

A dashboard to be given with all the trending events

A complete log analytics to be given on a particular event

Every change (Software/Application/Service) To be tracked

capacity planning to be done for VM utilization and efficiency, Compute projection and storage utilization

A Single tool can be integrated to On premise datacenter and other Cloud platforms

It is just far above monitoring if a single tool can achieve all these and Microsoft names this intelligence as Operations Management Suite which is simply called as OMS. This OMS is a SaaS offering that can work on any Cloud platform

Scenarios of implementing OMS :

  1. Integrating with existing System Center Operations Manager 2012 R2 ( UR7 and Above)
  2. Installing OMS agents directly to our servers if we do not have SCOM ( System Center Operations Manager )

As most of of us rely on System Center Operations Manager as a monitoring solution for IT infrastructure, I would like to explain how we can integrate OMS to System Center Operations Manager 2012 R2.

Steps to integrate Operations Management Suite ( OMS ) with System Center Operations Manager ( SCOM ) 

Prerequisites:

  1. OMS can be integrated with SCOM 2012 R2. It cannot be integrated with previous versions of SCOM
  2. SCOM should be updated with at least UR7 ( Update Rollup 7) which has the updated Management Packs for the integration
  3. This table will help you identify the build number and UR Version
    Build Number KB Release Date Description
    7.1.10226.0 SCOM 2012 R2 RTM
    7.1.10226.1011 KB2904678 2014, January 27 SCOM 2012 R2 Update Rollup 1
    7.1.10226.1015 KB2929891 2014, April 23 SCOM 2012 R2 Update Rollup 2
    7.1.10226.1037 KB2965445 2014, July 29 SCOM 2012 R2 Update Rollup 3
    7.1.10226.1046 KB2992020 2014, October 28 SCOM 2012 R2 Update Rollup 4
    7.1.10226.1052 KB3023138 2015, February 10 SCOM 2012 R2 Update Rollup 5
    7.1.10226.1064 KB3051169 2015, April 28 SCOM 2012 R2 Update Rollup 6
    7.1.10226.1090 KB3064919 2015, August 11 SCOM 2012 R2 Update Rollup 7
    7.1.10226.1118 KB3096382 2015, October 27 SCOM 2012 R2 Update Rollup 8
  4. If you want to upgrade your SCOM environment to UR7, you can refer the below Kevins Blog: https://blogs.technet.microsoft.com/kevinholman/2015/08/17/ur7-for-scom-2012-r2-step-by-step/
  5. The SCOM Management Server should be open to internet for accessing OMS. As we all know that opening ports in Production server will be restricted by InfoSec Team, alternatively we can use a proxy server and connect to internet.
  6. Get trial subscription of OMS at https://www.mms.microsoft.com/Workspace

Integrating OMS with System Center Operations Manager

check for the version of SCOM to make sure that it is at least rolled with UR7.

UR7

Under Administration tab, you can see Operations Management Suite

Note : This tab will be visible only when you import all the management packs during the process of UR upgrade.

OMS tab.PNG

Under the Actions pane, you can see the option to Configure Operations Management Suite

Note: As I already configured OMS to SCOM, I get an option to Re-configure instead of Configure Operations Management Suite

Reconfigure OMS.PNG

This will connect to OMS portal where you have to provide your OMS login credentials.

Note : SCOM Management server should be open to internet to access OMS Portal.If you dont have account in OMS, create an account at you can get OMS trial version at https://www.mms.microsoft.com/Workspace

OMS Authentication

Create a new workspace for your OMS account by logging into OMS portal

Workspace creation 2.PNG

Connect that OMS WorkSpace to SCOM during the process of configuration

Workspace.PNG

Finish.PNG

Now we have configured OMS to connect to  SCOM where we can manage the servers through OMS console

Login to OMS portal by accessing https://www.mms.microsoft.com/Workspace 

OMS Console Console.PNG

Connected Management Group from SCOM

Management Group Connected.PNG

Solutions Available

Solutions.PNG

Add computers through SCOM console by accessing OMS connection tab

Add computer Group.PNG

Server and Management Group Connected to OMS

Server connected.PNG

Solutions Gallery

Solution Gallery.PNG

If you do not have SCOM setup, you can directly download the OMS agent and connect the servers to OMS by giving the workspace id

OMS agent can be downloaded from OMS console under Connected Sources tab

OMS Agent.PNG

Backup Workloads to Windows Azure Backup Server

Microsoft  has come up with a new component in Azure called Microsoft Azure backup Server which can backup  not only the data but also the work loads of different Applications like SQL, Exchange, Sharepoint etc

This new component Microsoft Azure backup server inherits the functionality of System Center Data protection Manager for workload backup but it neither provide protection on tape nor can integrate with System Center

Prerequisites for Installing Microsoft Azure Backup Server:

  1. The server in which Microsoft Azure backup server is to be installed should be joined to domain
  2. The server should be connected to internet
  3. The server should meet the requirements of .Net 3.5, .Net 4.0, and Windows Management Framework 4.0. (Windows Management Framework can be downloaded here)

Steps for preparing Microsoft Azure backup Server

  1. Create a backup Vault in Azure Portal
  2. Download the Vault Credentials
  3. Use Vault Credentials to authenticate with Azure Backup Service
  4. Download Microsoft Azure Backup Server
  5. Install Azure Backup Server

Methods to backup :

Disks ( D2D) Disk to Disk

Azure ( D2D2C) Disk to Disk to Cloud

Deployment Scenarios : We can deploy Azure backup Server in 

  1. An Azure Virtual Machine
  2. A Windows Virtual Machine in VMWare
  3. A Hyper-V Virtual Machine
  4. A Physical Stand Alone server.

Exceptions: 

  1. Microsoft Azure Backup server cannot be installed on a machine which has the SCDPM or SCDPM RA agent installed.
  2. Microsoft Azure Backup server cannot be installed on a machine that has Microsoft Azure Backup agent installed and registered with an Azure Backup vault.

Creating a Backup Vault  in Azure Portal :

Sign in to Azure Management Portal ( http://Manage.windowsazure.com)

1

Navigate to New > Data Services > Recovery Services > Backup Vault and choose Quick Create

1

What is the vault credential file?

The on-premises server (Windows client or Windows Server or Data Protection Manager server) needs to be authenticated with a backup vault before it can back up data to Azure. The authentication is achieved using “vault credentials”.

The vault credential is used only during the registration workflow. It is the user’s responsibility to ensure that the vault credentials file is not compromised. If it falls in the hands of any rogue-user, the vault credentials file can be used to register other machines against the same vault. However, as the backup data is encrypted using a passphrase which belongs to the customer, existing backup data cannot be compromised. To mitigate this concern, vault credentials are set to expire in 48hrs. You can download the vault credentials of a backup vault any number of times – but only the latest vault credential file is applicable during the registration workflow.

Download Vault Credentials 

  1. Sign in to Azure Management Portal
  2. Click on Recovery Services , select the backup vault created and select the cloud icon2
  3. Save the Vault Credentials in a location which is accessible by Azure Backup Server

Download Azure Backup Server:

3

4

Install the Azure Backup Server as per your infrastructure requirements

Installing a new Active Directory Forest in Azure Virtual Network

Step by Step Procedure to install a new Active Directory Forest in Microsoft Azure Portal

Technical Description:

We are all aware of implementing an Active Directory Infrastructure in On-Premise environment, and we know how to join them to the domain.

We can achieve this scenario in Microsoft Azure by following some additional steps which are different from On-premise implementation

How does this differ from On-Premise:

  1. Create a Virtual Network in Azure
  2. Create A VM in Azure Portal
  3. Set a static IP address by power shell command (Get-AzureVM -ServiceName AzureDC1 -Name AzureDC1 | Set-AzureStaticVNetIP -IPAddress <> | Update-AzureVM)
  4. Attach a Virtual Disk to newly Created VM
  5. Install Windows Server Active Directory ( This step is same as on-prem)
  6. Set DNS address on the Virtual Network properties
  7. Reset DNS server for Azure Virtual Network
  8. Create a VM and join to the domain

Considerations :

Azure network is not connected to On premise Network. For connecting Azure Network to On premise, we have to set up a Site-Site VPN in Azure portal.

  1. Creating Virtual Network in Azure Portal 

Sign in to Azure portal

1

Navigate to New-> Network services-> Virtual network-> Custom Create

2

Virtual Network Details : Enter a name for your Virtual network

Region : Choose a region which is closest

DNS and VPN : Leave DNS server blank and dont select VPN option either

Virtual Network Address Spaces :

Subnet name : Enter a name for your Subnet

Starting IP : 10.0.0.1

CIDR:/24 (256)

2. Create a VM in Azure Portal :

We have to create 2 VM’s. One VM is for AD and other VM is to join to the domain.

Navigate to New->Compute-Virtual Machine->From Gallery

4

Choose windows server 2012 Data Center image

5

Create a cloud Service and Select the virtual network which was created earlier

Map it to storage account and select the availability set if created earlier. Or else create them

6

Reserve a static IP address for VM that will run the DC role. To reserve a static IP address, download the Microsoft Web Platform Installer and install Azure PowerShell and run the Set-AzureStaticVNetIP cmdlet. For example:

‘Get-AzureVM -ServiceName AzureDC1 -Name AzureDC1 | Set-AzureStaticVNetIP -IPAddress 10.0.0.4 | Update-AzureVM

4. Attach a Virtual Disk to the Newly Created VM 

7

8

5. Install Windows Server Active Directory

This is same as we do in On-prem.  Add Active Directory Domain Services from the roles and proceed for the next steps. Be sure that the Sysvol location should be changed from default C drive to the other drive which we added before

6. Set DNS address on the Virtual Network properties 9

7.Reset DNS server for Azure Virtual Network

Reset the DNS forwarder setting on the new DC/DNS server.

  1. In Server Manager, click Tools > DNS.
  2. In DNS Manager, right-click the name of the DNS server and click Properties.
  3. On the Forwarders tab, click the IP address of the forwarder and click Edit. Select the IP address and click Delete.
  4. Click OK to close the editor and Ok again to close the DNS server properties.
  5. Restart the DC and join with Domain Credentials

8. Create a New VM and join to the domain.

Create a new VM from the gallery and select the Cloud service and Virtual Network which were created.

Go to the server manager and change the VM from workgroup to the domain. Enter the domain credentials to join the VM to the domain