B
BrandonWilson
Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.
These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.
From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!
Title: Empowering Disaster Recovery for Azure VMs with Azure Site Recovery and Terraform
Source: Azure Architecture
Author: Freddy Ayala
Publication Date: 8/1/2023
Content excerpt:
Azure provides comprehensive backup and disaster recovery solutions that are easy to use, secure, scalable, and budget-friendly. They can also be seamlessly integrated with existing on-premises data protection setups.
In this article, we'll explore a practical demonstration of implementing Virtual Machine Disaster Recovery using Azure Site Recovery VM Replication through Terraform. This approach ensures the continuity of your business apps and workloads during unexpected outages, replicating your virtual machines from one location to another in a straightforward manner.
Title: Azure OpenAI Private Endpoints: Connecting Across VNET’s
Source: Azure Architecture
Author: Freddy Dubon
Publication Date: 8/30/2023
Content excerpt:
Azure OpenAI Private Endpoints emerge as a pivotal solution within the Azure ecosystem. These endpoints play a vital role in fortifying the connection between your Azure resources and OpenAI services, ensuring that data transmission remains shielded from public internet exposure. By establishing a private link, Azure OpenAI Private Endpoints provide a secure and efficient channel for transmitting data between your infrastructure and the OpenAI service, mitigating potential security vulnerabilities associated with traditional public endpoints. This blog post takes you on a comprehensive journey, unraveling the intricate processes involved in setting up, configuring, and optimizing Azure OpenAI Private Endpoints, while shedding light on their indispensable role in safeguarding sensitive data in today's interconnected digital landscape.
Title: Understanding your Azure savings plan recommendations
Source: Azure Compute
Author: Ariya Khamvongsa
Publication Date: 8/11/2023
Content excerpt:
Learn how you can save money with the Azure saving plan recommendations. with your host Thomas Maurer and Azure savings plan expert Obinna Nwokolo.
Title: Introducing new compute throttling policies
Source: Azure Compute
Author: Kanika S
Publication Date: 8/23/2023
Content excerpt:
Microsoft Azure Compute is pleased to announce the introduction of new throttling policies for compute API requests. These throttling policies are designed to reduce the throttling experienced by customers on Azure Virtual Machine and Virtual Machine Scale Set API requests.
Title: Azure Budgets and Azure OpenAI Cost Management
Source: Azure Governance and Management
Author: Shishir Garde
Publication Date: 8/21/2023
Content excerpt:
Azure OpenAI is a cloud-based service that allows you to access and use large-scale, generative AI models, such as GPT-4 and Dall-E, for various applications involving language, code, reasoning, and image generation. Azure OpenAI Service provides enterprise-grade security and reliability for your AI workloads.
Title: Introducing New Performance Tiers for Azure Managed Lustre: Enhancing HPC Workloads
Source: Azure High Performance Computing (HPC)
Author: Brian Lepore
Publication Date: 8/16/2023
Content excerpt:
In the realm of high-performance computing (HPC) and AI workloads, the need for agile and powerful storage solutions cannot be overstated. Azure Managed Lustre (AMLFS) has emerged as a game-changing solution, providing managed, pay-as-you-go file systems optimized for these data-intensive tasks. Building upon the success of its General Availability (GA) launch last month and in direct response to customer feedback that we received during our Preview period, we’re excited to unveil two new performance tiers for AMLFS, designed to cater to the diverse array of customer needs. This blog post explores the specifics of these new tiers and how they embody a customer-centric approach to innovation.
Title: Ramp up with me on HPC...Understanding virtual machines, CPUs, and GPUs
Source: Azure High Performance Computing (HPC)
Author: Rachel Pruitt
Publication Date: 8/31/2023
Content excerpt:
There are a lot of different products you need to successfully complete a high-performance computing (HPC) workload. You’ll hear several terms regularly, like virtual machines, CPUs, GPUs, compute power, and compute constrained. While these are really important to talk about in high performance computing, they were difficult concepts for me to grasp. Personally, I am a visual learner and I struggle with theoretical concepts that I can’t just physically see. So, I’ll do my best to both explain the concepts, and show you the hardware so you can visualize what they are.
Since I work for Microsoft and am more familiar with the cloud, my focus will remain there. However, it’s important to remember that many companies keep their datacenters on premises or are working in a hybrid model. While I’ll keep to the focus of cloud computing here, each model is used for very specific reasons and each have their own benefits.
Title: Azure DNS Private Resolver topologies
Source: Azure Networking
Author: Stephane Eyskens
Publication Date: 8/11/2023
Content excerpt:
Before diving into Azure DNS Private Resolver (ADPR), let's go back in time a little bit, to understand its value. Before ADPR, companies that had to deal with hybrid DNS resolution, had to host custom DNS servers in Azure. They were mostly hosting at least a pair of DNS servers, or extending their Infoblox (or similar technology) in the Cloud. The reason why this had to be tackled that way was due to the fact that DNS zones in Azure could not be used as forwarders (still today), and Azure DNS itself is only reachable from within an Azure Virtual Network.
Title: New Threat Detections for Azure WAF
Source: Azure Network Security
Author: Shabaz Shaik
Publication Date: 8/7/2023
Content excerpt:
Web applications face frequent malicious attacks that exploit well-known vulnerabilities, such as Code Injection and Path Traversal Attacks. These attacks are hard to prevent in the application code, as they require constant maintenance, patching, and monitoring at multiple levels of the application architecture. A WAF solution can provide faster and centralized security by patching a known vulnerability for all web applications, rather than securing each one individually. Azure Web Application Firewall (WAF) is a cloud-native service that protects web apps from common web-hacking techniques. It can be deployed quickly to gain full visibility into the web application traffic and block malicious web attacks.
By integrating Azure WAF with Microsoft Sentinel (Cloud Native SIEM solution), you can automate the detection and response to threats/incidents/alerts and save time, and effort, on updating the WAF policy. This blog will show you how to build Analytic rules/detections in Sentinel for attacks such as Code Injection.
Title: Azure Firewall: New Monitoring and Logging Updates
Source: Azure Network Security
Author: Suren Jamiyanaa, Eliran Azulai, Yuval Pery
Publication Date: 8/14/2023
Content excerpt:
With the Azure Firewall Resource Health check, you can now view the health status of your Azure Firewall and address service problems that may affect your Azure Firewall resource. Resource Health allows IT teams to receive proactive notifications regarding potential health degradations and recommended mitigation actions for each health event type. For instance, you can determine if the firewall is running as expected with an "Available" status or if there was downtime due to platform events with an "Unavailable" status.
Title: Maximizing Effectiveness: Best Practices for Azure DDoS Protection and Application Resilience
Source: Azure Network Security
Author: Avery Kim
Publication Date: 8/30/2023
Content excerpt:
Azure DDoS Protection is constantly innovating to protect customers from ever-changing DDoS attacks. As attacks become more sophisticated, it is important to keep your applications up to date with industry best practices to ensure maximum effectiveness when using Azure DDoS Protection. Below are architectural and design decisions you can make to ensure your resources are resilient to DDoS attacks.
Title: Azure Firewall: New Features and Region Availability
Source: Azure Network Security
Author: Suren Jamiyanaa, Eliran Azulai, Gopikrishna Kannan, Mark Gakman
Publication Date: 8/31/2023
Content excerpt:
Azure Firewall offers advanced features to optimize your network traffic routing. By default, Azure Firewall operates in a transparent proxy mode, where traffic is routed through the firewall using a user-defined route (UDR) configuration. This mode ensures that the firewall intercepts the traffic inline and forwards it to its intended destination.
In addition to the default mode, Azure Firewall now supports Explicit proxy mode on the outbound path. With this mode enabled, you have the option to configure a proxy setting directly on the sending application, such as a web browser, with Azure Firewall acting as the designated proxy. This configuration allows traffic from the sending application to be directed to the private IP address of the firewall, facilitating direct egress from the firewall without the need for a UDR.
Title: Azure Elastic SAN updates: Private Endpoints & Shared Volumes
Source: Azure Storage
Author: Adarsh Venkataraman
Publication Date: 8/16/2023
Content excerpt:
As we approach general availability of Azure Elastic SAN, we continue improving the service and adding features based on your feedback. Today, we are releasing private endpoint support and volume sharing support via SCSI (Small Computer System Interface) Persistent Reservation.
Azure Elastic SAN is the industry’s first fully managed storage area network (SAN) offering in the cloud. Combining on-premises SAN-like capabilities with the benefits of being a cloud-native service, it offers a scalable, cost-effective, high-performance, and reliable storage solution for your needs – regardless of whether you are migrating your on-premises SAN to the cloud or creating your application in the cloud.
Title: Azure Storage Mover can now migrate your SMB shares to Azure file shares
Source: Azure Storage
Author: dafalkne
Publication Date: 8/17/2023
Content excerpt:
On April 17, 2023, we announced the general availability of Azure Storage Mover , which is a fully managed, hybrid migration service that makes migrating files and folders into Azure a breeze. This service will be continuously enhanced with a richer feature set.
Title: Quick create Azure Front Door endpoints for Azure Storage accounts
Source: Azure Storage
Author: Scott Hoag
Publication Date: 8/24/2023
Content excerpt:
Today we announced a new, simplified integration for creating and managing Azure Front Door profiles for your Azure Storage accounts. Azure Front Door accelerates the global delivery of static content from Azure Storage blobs and enables a secure and scalable architecture. Static content delivery is useful for many different use cases, including website hosting and file delivery. Moreover, by having Azure Front Door cache your blob storage content you will not only be lowering edge to client delivery latency at a global level, but also adding an additional layer of security with Front Door’s integrated DDoS and WAF protection.
Title: Do I Need VPN Connectivity for Windows Hello for Business Registration
Source: Core Infrastructure and Security
Author: Zoheb Shaikh
Publication Date: 8/7/2023
Content excerpt:
Hello everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with the Microsoft Mission Critical team (SfMC). Today I’ll share an interesting discussion about Windows Hello and the need for VPN/Connectivity with Domain Controllers.
Recently I was interacting with an SfMC customer and was told that many users fail to register to Windows Hello for Business (WHFB) unless they connect to VPN or the Office network. The critical question that came my way was how to get your users to register with the least possible hassle, and if we can help here.
Title: Use PowerShell to Remediate Non-Compliant Policy Definitions - Microsoft Community Hub
Source: Core Infrastructure and Security
Author: Bas van Bennekom
Publication Date: 8/9/2023
Content excerpt:
There are multiple use cases for Policy Definitions with the DeployIfNotExists effect. These types of Policy Definitions conduct a deployment when their existence condition is not met. For instance, when the Diagnostic Settings of a Storage Account is not configured, and it should be according to the existence condition, a deployment is conducted to remediate this situation. Unfortunately, deployments might fail due to changes in the environment such as the removal of a Role Assignment, which was required for a successful deployment.
Title: Move Backups In Recovery Service Vault From LRS/GRS To ZRS While Preserving The Data
Source: Core Infrastructure and Security
Author: Andrew Coughlin
Publication Date: 8/14/2023
Content excerpt:
Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure Infrastructure. I have frequently received questions from customers about how to move their virtual machines from an LRS/GRS recovery services vault to a recovery services vault that supports ZRS. As a reminder we have three options for storage replication for recovery services vaults...
Title: Move Backups In Recovery Service Vault From LRS/GRS To ZRS While Not Preserving The Data
Source: Core Infrastructure and Security
Author: Andrew Coughlin
Publication Date: 8/17/2023
Content excerpt:
Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure Infrastructure. I have frequently received questions from customers about how to move their virtual machines from an LRS/GRS recovery services vault to a recovery services vault that supports ZRS. As a reminder we have three options for storage replication for recovery services vaults...
Title: MDE Device Control – Leveraging Reusable Settings in Intune
Source: Core Infrastructure and Security
Author: Jorge Miguel Ferreira
Publication Date: 8/21/2023
Content excerpt:
Hello everybody! We are Jorge Miguel Ferreira and Sebastian Werner and we’re consultants at Microsoft. This blog post will show you how to set up Microsoft Defender for Endpoint (MDE) Device Control Removable Storage Access Control.
There are many ways of configuring this feature, such as GPOs, custom OMA-URIs and Intune, specifically using the new reusable settings feature in the Attack Surface Reduction (ASR) rules. This blog post will focus on the new ASR rules in Intune.
Note: this is not about controlling device installation. In this blog, we’ll only cover removable storage access control.
Title: Using Automation Runbook Webhooks To Alert on Databricks Status Updates
Source: Core Infrastructure and Security
Author: Joji Varghese
Publication Date: 8/28/2023
Content excerpt:
This guide walks you through the process of setting up and utilizing webhooks to receive Databricks status alerts, process them using Azure Automation Runbook, and trigger notifications to administrators about the status event.
Title: Introducing the Azure Business Continuity Guide
Source: FastTrack for Azure
Author: Saul Dolgin
Publication Date: 8/24/2023
Content excerpt:
The Azure Business Continuity Guide provides a comprehensive set of recommendations to help customers define what BCDR looks like for their applications. Often a customer will ask us for help with their business continuity and disaster recovery plans. Sometimes, the customer simply needs a structured approach to protect one application in Microsoft Azure. In other cases, they have a portfolio of many applications in a hybrid environment that might never have had a good solution to protect everything with a single BCDR framework. In addition, Microsoft Azure offers a variety of services and features to help customers achieve high availability, disaster recovery, and backup for their applications and data. However, planning and implementing a solid strategy can be challenging, especially for complex environments.
That's why we created the Azure Business Continuity Guide. Today, we are pleased to make this guide available to all customers who are adopting BCDR solutions at any point in their journey. Let's take a tour!
Title: Step-by-Step Guide to Azure AD PIM for Groups
Source: ITOps Talk
Author: Dishan Francis
Publication Date: 8/1/2023
Content excerpt:
Azure AD Privileged Identity Management (PIM) offers organizations a comprehensive solution for managing, monitoring, and auditing access to their Azure resources. Among its key functionalities, Azure AD PIM allows the implementation of just-in-time (JIT) access to both Azure AD and Azure resources. Sometime ago Microsoft released preview feature that enable the usage of Azure AD PIM for Azure AD role-assignable groups.
Since then, this feature has been fully released (General Availability) with some noteworthy enhancements. Previously, utilizing Azure AD PIM with groups required them to be Azure AD role-assignable groups. However, the functionality has now been extended to encompass any Azure AD security group and any Microsoft 365 group, irrespective of whether they are role-assignable groups or not. In this blog post, I will be providing a demonstration of how to enable Azure AD PIM for an Azure AD security group.
Title: Wired for Hybrid - What's New in Azure Networking - July 2023 Edition
Source: ITOps Talk
Author: Pierre Roman
Publication Date: 8/11/2023
Content excerpt:
Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.
In this blog post, we’ll cover what's new with Azure Networking in June 2023. In this blog post, we will cover the following announcements and how they can help you.
Title: Conditional Access for Protected Actions is Now Generally Available!
Source: Microsoft Entra (Azure AD)
Author: Nitika Gupta
Publication Date: 8/8/2023
Content excerpt:
I’m delighted to announce the general availability of Conditional Access for Protected Actions! This powerful feature empowers organizations to safeguard critical administrative operations with Conditional Access policies.
Protected actions refer to high-stakes operations that carry significant risk, such as altering conditional access policies, adding credentials to an application, or changing federation trust settings. These actions, if executed by a malicious actor, can severely compromise your organization's security posture.
Title: Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution
Source: Microsoft Entra (Azure AD)
Author: Ashish Jain
Publication Date: 8/28/2023
Content excerpt:
On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft Entra Private Access.
Previous CTO! Guides:
Additional resources:
Continue reading...
These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.
From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!
Title: Empowering Disaster Recovery for Azure VMs with Azure Site Recovery and Terraform
Source: Azure Architecture
Author: Freddy Ayala
Publication Date: 8/1/2023
Content excerpt:
Azure provides comprehensive backup and disaster recovery solutions that are easy to use, secure, scalable, and budget-friendly. They can also be seamlessly integrated with existing on-premises data protection setups.
In this article, we'll explore a practical demonstration of implementing Virtual Machine Disaster Recovery using Azure Site Recovery VM Replication through Terraform. This approach ensures the continuity of your business apps and workloads during unexpected outages, replicating your virtual machines from one location to another in a straightforward manner.
Title: Azure OpenAI Private Endpoints: Connecting Across VNET’s
Source: Azure Architecture
Author: Freddy Dubon
Publication Date: 8/30/2023
Content excerpt:
Azure OpenAI Private Endpoints emerge as a pivotal solution within the Azure ecosystem. These endpoints play a vital role in fortifying the connection between your Azure resources and OpenAI services, ensuring that data transmission remains shielded from public internet exposure. By establishing a private link, Azure OpenAI Private Endpoints provide a secure and efficient channel for transmitting data between your infrastructure and the OpenAI service, mitigating potential security vulnerabilities associated with traditional public endpoints. This blog post takes you on a comprehensive journey, unraveling the intricate processes involved in setting up, configuring, and optimizing Azure OpenAI Private Endpoints, while shedding light on their indispensable role in safeguarding sensitive data in today's interconnected digital landscape.
Title: Understanding your Azure savings plan recommendations
Source: Azure Compute
Author: Ariya Khamvongsa
Publication Date: 8/11/2023
Content excerpt:
Learn how you can save money with the Azure saving plan recommendations. with your host Thomas Maurer and Azure savings plan expert Obinna Nwokolo.
Title: Introducing new compute throttling policies
Source: Azure Compute
Author: Kanika S
Publication Date: 8/23/2023
Content excerpt:
Microsoft Azure Compute is pleased to announce the introduction of new throttling policies for compute API requests. These throttling policies are designed to reduce the throttling experienced by customers on Azure Virtual Machine and Virtual Machine Scale Set API requests.
Title: Azure Budgets and Azure OpenAI Cost Management
Source: Azure Governance and Management
Author: Shishir Garde
Publication Date: 8/21/2023
Content excerpt:
Azure OpenAI is a cloud-based service that allows you to access and use large-scale, generative AI models, such as GPT-4 and Dall-E, for various applications involving language, code, reasoning, and image generation. Azure OpenAI Service provides enterprise-grade security and reliability for your AI workloads.
Title: Introducing New Performance Tiers for Azure Managed Lustre: Enhancing HPC Workloads
Source: Azure High Performance Computing (HPC)
Author: Brian Lepore
Publication Date: 8/16/2023
Content excerpt:
In the realm of high-performance computing (HPC) and AI workloads, the need for agile and powerful storage solutions cannot be overstated. Azure Managed Lustre (AMLFS) has emerged as a game-changing solution, providing managed, pay-as-you-go file systems optimized for these data-intensive tasks. Building upon the success of its General Availability (GA) launch last month and in direct response to customer feedback that we received during our Preview period, we’re excited to unveil two new performance tiers for AMLFS, designed to cater to the diverse array of customer needs. This blog post explores the specifics of these new tiers and how they embody a customer-centric approach to innovation.
Title: Ramp up with me on HPC...Understanding virtual machines, CPUs, and GPUs
Source: Azure High Performance Computing (HPC)
Author: Rachel Pruitt
Publication Date: 8/31/2023
Content excerpt:
There are a lot of different products you need to successfully complete a high-performance computing (HPC) workload. You’ll hear several terms regularly, like virtual machines, CPUs, GPUs, compute power, and compute constrained. While these are really important to talk about in high performance computing, they were difficult concepts for me to grasp. Personally, I am a visual learner and I struggle with theoretical concepts that I can’t just physically see. So, I’ll do my best to both explain the concepts, and show you the hardware so you can visualize what they are.
Since I work for Microsoft and am more familiar with the cloud, my focus will remain there. However, it’s important to remember that many companies keep their datacenters on premises or are working in a hybrid model. While I’ll keep to the focus of cloud computing here, each model is used for very specific reasons and each have their own benefits.
Title: Azure DNS Private Resolver topologies
Source: Azure Networking
Author: Stephane Eyskens
Publication Date: 8/11/2023
Content excerpt:
Before diving into Azure DNS Private Resolver (ADPR), let's go back in time a little bit, to understand its value. Before ADPR, companies that had to deal with hybrid DNS resolution, had to host custom DNS servers in Azure. They were mostly hosting at least a pair of DNS servers, or extending their Infoblox (or similar technology) in the Cloud. The reason why this had to be tackled that way was due to the fact that DNS zones in Azure could not be used as forwarders (still today), and Azure DNS itself is only reachable from within an Azure Virtual Network.
Title: New Threat Detections for Azure WAF
Source: Azure Network Security
Author: Shabaz Shaik
Publication Date: 8/7/2023
Content excerpt:
Web applications face frequent malicious attacks that exploit well-known vulnerabilities, such as Code Injection and Path Traversal Attacks. These attacks are hard to prevent in the application code, as they require constant maintenance, patching, and monitoring at multiple levels of the application architecture. A WAF solution can provide faster and centralized security by patching a known vulnerability for all web applications, rather than securing each one individually. Azure Web Application Firewall (WAF) is a cloud-native service that protects web apps from common web-hacking techniques. It can be deployed quickly to gain full visibility into the web application traffic and block malicious web attacks.
By integrating Azure WAF with Microsoft Sentinel (Cloud Native SIEM solution), you can automate the detection and response to threats/incidents/alerts and save time, and effort, on updating the WAF policy. This blog will show you how to build Analytic rules/detections in Sentinel for attacks such as Code Injection.
Title: Azure Firewall: New Monitoring and Logging Updates
Source: Azure Network Security
Author: Suren Jamiyanaa, Eliran Azulai, Yuval Pery
Publication Date: 8/14/2023
Content excerpt:
With the Azure Firewall Resource Health check, you can now view the health status of your Azure Firewall and address service problems that may affect your Azure Firewall resource. Resource Health allows IT teams to receive proactive notifications regarding potential health degradations and recommended mitigation actions for each health event type. For instance, you can determine if the firewall is running as expected with an "Available" status or if there was downtime due to platform events with an "Unavailable" status.
Title: Maximizing Effectiveness: Best Practices for Azure DDoS Protection and Application Resilience
Source: Azure Network Security
Author: Avery Kim
Publication Date: 8/30/2023
Content excerpt:
Azure DDoS Protection is constantly innovating to protect customers from ever-changing DDoS attacks. As attacks become more sophisticated, it is important to keep your applications up to date with industry best practices to ensure maximum effectiveness when using Azure DDoS Protection. Below are architectural and design decisions you can make to ensure your resources are resilient to DDoS attacks.
Title: Azure Firewall: New Features and Region Availability
Source: Azure Network Security
Author: Suren Jamiyanaa, Eliran Azulai, Gopikrishna Kannan, Mark Gakman
Publication Date: 8/31/2023
Content excerpt:
Azure Firewall offers advanced features to optimize your network traffic routing. By default, Azure Firewall operates in a transparent proxy mode, where traffic is routed through the firewall using a user-defined route (UDR) configuration. This mode ensures that the firewall intercepts the traffic inline and forwards it to its intended destination.
In addition to the default mode, Azure Firewall now supports Explicit proxy mode on the outbound path. With this mode enabled, you have the option to configure a proxy setting directly on the sending application, such as a web browser, with Azure Firewall acting as the designated proxy. This configuration allows traffic from the sending application to be directed to the private IP address of the firewall, facilitating direct egress from the firewall without the need for a UDR.
Title: Azure Elastic SAN updates: Private Endpoints & Shared Volumes
Source: Azure Storage
Author: Adarsh Venkataraman
Publication Date: 8/16/2023
Content excerpt:
As we approach general availability of Azure Elastic SAN, we continue improving the service and adding features based on your feedback. Today, we are releasing private endpoint support and volume sharing support via SCSI (Small Computer System Interface) Persistent Reservation.
Azure Elastic SAN is the industry’s first fully managed storage area network (SAN) offering in the cloud. Combining on-premises SAN-like capabilities with the benefits of being a cloud-native service, it offers a scalable, cost-effective, high-performance, and reliable storage solution for your needs – regardless of whether you are migrating your on-premises SAN to the cloud or creating your application in the cloud.
Title: Azure Storage Mover can now migrate your SMB shares to Azure file shares
Source: Azure Storage
Author: dafalkne
Publication Date: 8/17/2023
Content excerpt:
On April 17, 2023, we announced the general availability of Azure Storage Mover , which is a fully managed, hybrid migration service that makes migrating files and folders into Azure a breeze. This service will be continuously enhanced with a richer feature set.
Title: Quick create Azure Front Door endpoints for Azure Storage accounts
Source: Azure Storage
Author: Scott Hoag
Publication Date: 8/24/2023
Content excerpt:
Today we announced a new, simplified integration for creating and managing Azure Front Door profiles for your Azure Storage accounts. Azure Front Door accelerates the global delivery of static content from Azure Storage blobs and enables a secure and scalable architecture. Static content delivery is useful for many different use cases, including website hosting and file delivery. Moreover, by having Azure Front Door cache your blob storage content you will not only be lowering edge to client delivery latency at a global level, but also adding an additional layer of security with Front Door’s integrated DDoS and WAF protection.
Title: Do I Need VPN Connectivity for Windows Hello for Business Registration
Source: Core Infrastructure and Security
Author: Zoheb Shaikh
Publication Date: 8/7/2023
Content excerpt:
Hello everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with the Microsoft Mission Critical team (SfMC). Today I’ll share an interesting discussion about Windows Hello and the need for VPN/Connectivity with Domain Controllers.
Recently I was interacting with an SfMC customer and was told that many users fail to register to Windows Hello for Business (WHFB) unless they connect to VPN or the Office network. The critical question that came my way was how to get your users to register with the least possible hassle, and if we can help here.
Title: Use PowerShell to Remediate Non-Compliant Policy Definitions - Microsoft Community Hub
Source: Core Infrastructure and Security
Author: Bas van Bennekom
Publication Date: 8/9/2023
Content excerpt:
There are multiple use cases for Policy Definitions with the DeployIfNotExists effect. These types of Policy Definitions conduct a deployment when their existence condition is not met. For instance, when the Diagnostic Settings of a Storage Account is not configured, and it should be according to the existence condition, a deployment is conducted to remediate this situation. Unfortunately, deployments might fail due to changes in the environment such as the removal of a Role Assignment, which was required for a successful deployment.
Title: Move Backups In Recovery Service Vault From LRS/GRS To ZRS While Preserving The Data
Source: Core Infrastructure and Security
Author: Andrew Coughlin
Publication Date: 8/14/2023
Content excerpt:
Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure Infrastructure. I have frequently received questions from customers about how to move their virtual machines from an LRS/GRS recovery services vault to a recovery services vault that supports ZRS. As a reminder we have three options for storage replication for recovery services vaults...
Title: Move Backups In Recovery Service Vault From LRS/GRS To ZRS While Not Preserving The Data
Source: Core Infrastructure and Security
Author: Andrew Coughlin
Publication Date: 8/17/2023
Content excerpt:
Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure Infrastructure. I have frequently received questions from customers about how to move their virtual machines from an LRS/GRS recovery services vault to a recovery services vault that supports ZRS. As a reminder we have three options for storage replication for recovery services vaults...
Title: MDE Device Control – Leveraging Reusable Settings in Intune
Source: Core Infrastructure and Security
Author: Jorge Miguel Ferreira
Publication Date: 8/21/2023
Content excerpt:
Hello everybody! We are Jorge Miguel Ferreira and Sebastian Werner and we’re consultants at Microsoft. This blog post will show you how to set up Microsoft Defender for Endpoint (MDE) Device Control Removable Storage Access Control.
There are many ways of configuring this feature, such as GPOs, custom OMA-URIs and Intune, specifically using the new reusable settings feature in the Attack Surface Reduction (ASR) rules. This blog post will focus on the new ASR rules in Intune.
Note: this is not about controlling device installation. In this blog, we’ll only cover removable storage access control.
Title: Using Automation Runbook Webhooks To Alert on Databricks Status Updates
Source: Core Infrastructure and Security
Author: Joji Varghese
Publication Date: 8/28/2023
Content excerpt:
This guide walks you through the process of setting up and utilizing webhooks to receive Databricks status alerts, process them using Azure Automation Runbook, and trigger notifications to administrators about the status event.
Title: Introducing the Azure Business Continuity Guide
Source: FastTrack for Azure
Author: Saul Dolgin
Publication Date: 8/24/2023
Content excerpt:
The Azure Business Continuity Guide provides a comprehensive set of recommendations to help customers define what BCDR looks like for their applications. Often a customer will ask us for help with their business continuity and disaster recovery plans. Sometimes, the customer simply needs a structured approach to protect one application in Microsoft Azure. In other cases, they have a portfolio of many applications in a hybrid environment that might never have had a good solution to protect everything with a single BCDR framework. In addition, Microsoft Azure offers a variety of services and features to help customers achieve high availability, disaster recovery, and backup for their applications and data. However, planning and implementing a solid strategy can be challenging, especially for complex environments.
That's why we created the Azure Business Continuity Guide. Today, we are pleased to make this guide available to all customers who are adopting BCDR solutions at any point in their journey. Let's take a tour!
Title: Step-by-Step Guide to Azure AD PIM for Groups
Source: ITOps Talk
Author: Dishan Francis
Publication Date: 8/1/2023
Content excerpt:
Azure AD Privileged Identity Management (PIM) offers organizations a comprehensive solution for managing, monitoring, and auditing access to their Azure resources. Among its key functionalities, Azure AD PIM allows the implementation of just-in-time (JIT) access to both Azure AD and Azure resources. Sometime ago Microsoft released preview feature that enable the usage of Azure AD PIM for Azure AD role-assignable groups.
Since then, this feature has been fully released (General Availability) with some noteworthy enhancements. Previously, utilizing Azure AD PIM with groups required them to be Azure AD role-assignable groups. However, the functionality has now been extended to encompass any Azure AD security group and any Microsoft 365 group, irrespective of whether they are role-assignable groups or not. In this blog post, I will be providing a demonstration of how to enable Azure AD PIM for an Azure AD security group.
Title: Wired for Hybrid - What's New in Azure Networking - July 2023 Edition
Source: ITOps Talk
Author: Pierre Roman
Publication Date: 8/11/2023
Content excerpt:
Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.
In this blog post, we’ll cover what's new with Azure Networking in June 2023. In this blog post, we will cover the following announcements and how they can help you.
- Azure’s cross-region Load Balancer
- Updated default TLS policy for Azure Application Gateway
- Always Serve for Azure Traffic Manager
- Azure Virtual Network encryption
Title: Conditional Access for Protected Actions is Now Generally Available!
Source: Microsoft Entra (Azure AD)
Author: Nitika Gupta
Publication Date: 8/8/2023
Content excerpt:
I’m delighted to announce the general availability of Conditional Access for Protected Actions! This powerful feature empowers organizations to safeguard critical administrative operations with Conditional Access policies.
Protected actions refer to high-stakes operations that carry significant risk, such as altering conditional access policies, adding credentials to an application, or changing federation trust settings. These actions, if executed by a malicious actor, can severely compromise your organization's security posture.
Title: Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution
Source: Microsoft Entra (Azure AD)
Author: Ashish Jain
Publication Date: 8/28/2023
Content excerpt:
On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft Entra Private Access.
Previous CTO! Guides:
Additional resources:
- Azure documentation
- Azure pricing calculator (VERY handy!)
- Microsoft Azure Well-Architected Framework
- Microsoft Cloud Adoption Framework
- Windows Server documentation
- Windows client documentation for IT Pros
- PowerShell documentation
- Core Infrastructure and Security blog
- Microsoft Tech Community blogs
- Microsoft technical documentation (Microsoft Docs)
- Sysinternals blog
- Microsoft Learn
- Microsoft Support (Knowledge Base)
- Microsoft Archived Content (MSDN/TechNet blogs, MSDN Magazine, MSDN Newsletter, TechNet Newsletter)
Continue reading...