Microsoft Azure

Using the Azure Virtual Machine Optimization Assessment Tool

In this Ask the Admin, I’ll show you how to get advice on tuning and securing Active Directory, SQL, or SharePoint running on Azure virtual machines.

Managing your own infrastructure in the cloud presents challenges that not all system administrators are ready to face. But last year, Microsoft released an optimization tool that provides advice on how to back up, secure, and optimize performance for servers running in the cloud.

While such tools cannot replace experienced consultants, the Virtual Machine Optimization Assessment Tool gives a surprisingly in-depth assessment of how to configure systems to avoid common issues and should give cloud newcomers a sense of assurance that they’re following best practices.

Generating a report for Active Directory, SQL or SharePoint in the Azure Virtual Machine Optimization Assessment Tool. (Image Credit: Russell Smith)
Generating a report for Active Directory, SQL or SharePoint in the Azure Virtual Machine Optimization Assessment Tool. (Image Credit: Russell Smith)

The Assessment

The report generated by the tool contains useful advice on how to secure and protect Active Directory, SQL or SharePoint. The recommendations are based on real-world experience gained by Microsoft engineers when dealing with customer issues, and the report is divided into six key focus areas:

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

  1. Security and compliance
  2. Availability and business continuity
  3. Performance and scalability
  4. Upgrade, migration and deployment
  5. Operations and monitoring
  6. Change and configuration management

Install the Virtual Machine Optimization Assessment Tool

In this article, I’m going to focus on using the optimization tool to get advice on Active Directory. Note that when using the tool to collect and analyze information about Active Directory, it needs to be run with a user account that has read access to the target domain.

The Virtual Machine Optimization Assessment Tool can be downloaded from the Microsoft Azure website and can be installed on Windows 7 and later, and Windows Server 2008 R2 and later server operating systems. The only other requirement is the .NET Framework 4.0. Once you’ve met the prerequisites, run the installer on the domain controller (DC) you want to assess, and make sure that Launch Microsoft Azure Virtual Machine Optimization Assessment is checked, and click Close to start the tool.

Assessing a Virtual Machine Environment

The tool should have started when the installed completed, but if not, you can start it by running ExpressClient.exe in C:\Program Files (x86)\Microsoft Azure Virtual Machine Optimization Assessment.

  • On the Start screen, select Active Directory from the drop-down menu. Optionally, you can check I agree to upload my data to help improve this product.
  • Click Start Assessment.
  • On the Requirements screen, you’ll be reminded that you need network and domain access to the target environment. Click Next to continue.
  • The next part of the assessment involves answering a set of questions about your environment. Click Next to start the questionnaire and follow through the questions about security and disaster recovery (DR).
A report generated by the Azure Virtual Machine Optimization Assessment Tool. (Image Credit: Russell Smith)
A report generated by the Azure Virtual Machine Optimization Assessment Tool. (Image Credit: Russell Smith)

Once you’ve provided answers to all the questions, you’ll be taken to the Collect & Analyze tab where you’ll have to wait while the tool gathers data about Active Directory, and compiles the information, along with your answers to the previous questions, into a customized report.

  • On the Finished tab, click Save and view report, and choose a convenient location to save the Word document in the Save Report As… dialog.
  • Open the document from the saved location to view the report.

Each recommendation is given a percentage weighting. For example, if a DR issue is weighted at 10%, addressing the problem will improve your ability to recovery from a disaster by 10%.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: