Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.
Read through the FAQ archives, or send him your questions via email.
Some handy tips around networking in Azure and checking for Device Guard compatibility.
----------
Q. Can I apply a NSG to a virtual network in a different region?
Dept - Azure
A. No. The NSG must reside in the same location as the virtual network to which it is being applied. The best option is to have a template to create the NSG, create in the location and then assign.
Q. How can I check if device guard will work with my system?
Dept - Windows
A. Device Guard leverages virtualization technologies to lock down operating systems to ensure only a whitelisted set of processes can execute which is protected through hardware. You may want to perform a check to see if this will work on your system and this can be done using the Device Guard Readiness Tool.
The tool can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=53337&751be11f-ede8-5a0c-058c-2ee190a24fa6=True and can check readiness and actually help enable.
Q. Can I access Windows Update vs ExpressRoute?
Dept - Azure
A. No. There is no peering type that will advertise Windows Update via ExpressRoute. If you had machines that you wanted to access patching via ExpressRoute one option could be to install a WSUS installation in Azure IaaS VMs on a virtual network which could then be connected to ExpressRoute and used for the patch sources however all the traffic would be going over the ExpressRoute connection. A more efficient option would be to also add a child WSUS server (in autonomous or replica mode) on-premises which could pull from the Azure IaaS WSUS server and then distribute to the on-premises workloads which would optimize the bandwidth.
