Jump to content

Check This Out! (CTO!) Guide (May 2024)


Recommended Posts

Guest BrandonWilson
Posted

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

 

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.

 

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

 

 

mediumvv2px400.jpg.37974daf1ac046276b394d06325b9404.jpg

 

 

 

 

 

Title: Looking to optimize and manage your cloud resources? Join our Azure optimization skills challenge!

 

Source: Azure Architecture

 

Author: Megan Pennie

 

Publication Date: 5/3/24

 

Content excerpt:

 

Businesses have committed to the cloud for its scalability, agility, and security. Without optimization, however, this flexibility can lead to unmanaged sprawl. Continuous improvement and careful management through all phases of your cloud journey help you to avoid unexpected costs and inefficient resource allocation while improving security and reliability. Strategic optimization delivers the resiliency to efficiently and securely handle fluctuating workloads with ease, ensuring you manage your environment for optimal performance.

 

That’s why we’re thrilled to bring you our Azure Optimization Cloud Skills Challenge, a curated collection of learning resources and guidance on optimization tools and best practices from Microsoft that can help your business can thrive in the cloud. This track helps you build cloud resiliency, create reliable and secure workloads, manage cloud spend, and modernize to innovate.

 

 

 

mediumvv2px400.jpg.db2251bf5edf73f590bcd47828731e2d.jpg

 

 

 

 

 

Title: Armchair Architects: POC to Prod Must-haves

 

Source: Azure Architecture

 

Author: Ariya Khamvongsa

 

Publication Date: 5/6/24

 

Content excerpt:

 

Our host, David Blank-Edelman and our armchair architects Uli Homann and Eric Charran will be discussing how to transition from proof-of-concept (POC) to production (Prod) for AI solutions. It’s one thing to have a POC but what factors should solution architects be mindful of when taking that POC and moving into a real-world production environment?

 

Below are some key considerations to keep in mind…

 

 

 

mediumvv2px400.jpg.c9384d46c2b7326ceabec635dcc263ad.jpg

 

 

 

 

 

Title: Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor

 

Source: Azure Compute

 

Author: Stefanie Lemon

 

Publication Date: 5/21/24

 

Content excerpt:

 

Today, Microsoft is announcing the preview of the new Azure Virtual Machines (VMs) featuring the Azure Cobalt 100 Arm-based processor. The Cobalt 100 processor is based on the Neoverse N-series (N2) Arm CPU design, which is optimized for the performance of scale out cloud-based applications. The preview includes the general purpose (Dpsv6-series and Dplsv6-series) and memory optimized (Epsv6-series) VM series.

 

 

 

mediumvv2px400.jpg.45e21cab578f0920e1548bee04a45b19.jpg

 

 

 

 

 

Title: Announcing the Public Preview of Azure Compute Fleet

 

Source: Azure Compute

 

Author: Rajeesh Ramachandran

 

Publication Date: 5/21/24

 

Content excerpt:

 

Today we are announcing the public preview of Azure Compute Fleet, a new service that allows you to manage and deploy thousands of virtual machines (across a mix of SKU’s, VM type, Availability Zones, and pricing models) with a single API call.

 

 

 

mediumvv2px400.jpg.d727a7996476962bc19de4a010bbe883.jpg

 

 

 

 

 

Title: Cost Optimization for General Purpose VMs using Hibernation now Generally Available

 

Source: Azure Compute

 

Author: Ankit Jain

 

Publication Date: 5/28/24

 

Content excerpt:

 

During Microsoft Ignite 2023, we previewed the ability to hibernate VMs, making it easier for customers to save Compute costs. Hibernating a VM deallocates the machine while persisting the VM’s in-memory state. While the VM is hibernated, customers don’t pay for the Compute costs associated with the VM and only pay for storage and networking resources associated with the VM. Customers can later start back these VMs when needed and all their apps and processes that were previously running simply resume from their last state.

 

Today we are excited to announce that hibernation for general-purpose VMs is now generally available. In addition, customers can now use hibernation with new VM deployments as well as their existing VMs and save more costs.

 

 

 

mediumvv2px400.jpg.6bded722481b6eca0942678354931fc8.jpg

 

 

 

 

 

Title: Announcing the Public Preview of Standby Pools for Virtual Machine Scale Sets

 

Source: Azure Compute

 

Author: Rajeesh Ramachandran

 

Publication Date: 5/28/24

 

Content excerpt:

 

We recently announced the public preview of Standby Pools for Virtual Machine Scale Sets with Flexible Orchestration. Standby Pools is a new service that enables you to increase your scaling performance by creating a pool of pre-provisioned virtual machines from which your scale can pull from when scaling out.

 

Standby pools reduce the time to scale out by performing various initialization steps such as installing applications/ software or loading substantial amounts of data. These initialization steps are performed on the virtual machines in the standby pool before to being moved into the scale set.

 

 

mediumvv2px400.jpg.91a2474e90b811d4bed332ef7452b383.jpg

 

 

 

 

 

Title: Preview: Introducing Reporting Capabilities for Azure Site Recovery

 

Source: Azure Governance and Management

 

Author: Nandini Bajaj

 

Publication Date: 5/21/24

 

Content excerpt:

 

As a Backup and Disaster Recovery Admin, one of your key roles is to obtain insights on data that spans a long time. Similar to Azure Backup, Azure Site Recovery provides a reporting solution that uses Azure Monitor logs and Azure workbooks. These resources will help you get rich insights on your estate protected with Site Recovery.

 

 

 

mediumvv2px400.jpg.66cb0135fed2bfc6d06e288ce29f63c0.jpg

 

 

 

 

 

Title: Monitor effectively using Azure Monitor for Azure Site Recovery

 

Source: Azure Governance and Management

 

Author: Nandini Bajaj

 

Publication Date: 5/22/24

 

Content excerpt:

 

As a Backup and Site Recovery Admin, one of your key roles is to be on top of all critical incidents and ensure timely resolution from an outage. Azure Site Recovery now offers an improved alerting solution for Azure Site Recovery on Azure Monitor. This includes default alerts via Azure Monitor, which will enable you to have consistent experience for alert management across different Azure services.

 

 

 

mediumvv2px400.jpg.38ada68d383ecbda39a3808c50578300.jpg

 

 

 

 

 

Title: What’s new across Azure Governance services, Microsoft Build 2024

 

Source: Azure Governance and Management

 

Author: Jodi Boone

 

Publication Date: 5/23/24

 

Content excerpt:

 

Over the last six months there have been exciting new releases across Governance services to help you continue to manage your Azure environment with increased speed and control. We are spotlighting the public preview and general availability of highly anticipated policy features, recently released Azure Resource Graph Copilot capabilities, and some sneak peaks into what is coming soon. Stay tuned to explore what AI means for your at-scale cloud management scenarios, and make sure to check us out on X for other updates, @AzureGovernance.

 

 

 

mediumvv2px400.jpg.9b55630c3388b75ec1e0fa187c46914c.jpg

 

 

 

 

 

Title: Centralized private resolver architecture implementation using Azure private DNS resolver

 

Source: Azure Infrastructure

 

Author: Sanjeev Kumar

 

Publication Date: 5/6/24

 

Content excerpt:

 

This article walks you through the steps to setup a centralized architecture to resolve DNS names, including private DNS zones across your Azure network and on-premises DNS using an Azure DNS private Resolver in a hub and spoke VNet topology.

 

 

 

mediumvv2px400.jpg.13e8e9f3db011f1e7b16b183ff081917.jpg

 

 

 

 

 

Title: How to Use Azure Virtual Network Manager's UDR Management Feature

 

Source: Azure Networking

 

Author: Andrea Michael

 

Publication Date: 5/2/24

 

Content excerpt:

 

Azure Virtual Network Manager (AVNM) is a highly scalable and available network management solution that allows customers to simplify and scale their networks in Azure.

 

Learn more about AVNM in our public documentation.

 

 

mediumvv2px400.jpg.ff8d60e206d1b060f0eab2d13328a4fd.jpg

 

 

 

 

 

Title: Revolutionizing hyperscale application delivery and security: The New Azure Front Door edge platform

 

Source: Azure Networking

 

Author: Varun Chawla

 

Publication Date: 5/8/24

 

Content excerpt:

 

In this introductory blog to the new Azure Front Door next generation platform, we will go over the motivations, design choices and learnings from this undertaking which helped us successfully achieve massive gains in scalability, security and resiliency.

 

 

 

mediumvv2px400.jpg.7ccd3385c4d2bf4b725d01d22f785f15.jpg

 

 

 

 

 

Title: Secure Access to Your Azure Virtual Machines for Free with Bastion Developer

 

Source: Azure Networking

 

Author: Isabelle Morris

 

Publication Date: 5/20/24

 

Content excerpt:

 

As Microsoft Azure continues to evolve to accommodate its expanding user community, we are pleased to release a groundbreaking offering in response to developer feedback and demands: the new Bastion Developer SKU of Azure Bastion. Now generally available in 6 public regions, this service will revolutionize connectivity for developers by delivering secure and seamless access to Azure Virtual Machines—at no extra cost. In this article, we'll delve into what Azure Bastion Developer entails, the issues it tackles, and why it represents an essential solution for secure access by default.

 

 

 

mediumvv2px400.jpg.e197106ef67ef4bc03dd51c5a4730edb.jpg

 

 

 

 

 

Title: Customization controls for connectivity between Virtual Networks over ExpressRoute

 

Source: Azure Networking

 

Author: Adam Stuart

 

Publication Date: 5/22/24

 

Content excerpt:

 

Recently we added new customer configurable toggles for ExpressRoute Virtual Network Gateways and Virtual WAN Hubs, allowing customers to control the behaviour of routing across their ExpressRoute circuits for resources within Azure. These changes make it easier for customers to correctly use the Microsoft Global Network for connectivity between Virtual Networks, ensuring they obtain the lowest possible latency, highest network bandwidth and most resilient network paths.

 

 

 

mediumvv2px400.jpg.7b205cb5480c63a6b0fc29ea411e1b82.jpg

 

 

 

 

 

Title: Introducing Azure Load Balancer health event logs

 

Source: Azure Networking

 

Author: Annie Fang

 

Publication Date: 5/29/24

 

Content excerpt:

 

We’re thrilled to announce that Azure Load Balancer now supports health event logs! These new logs are published to the Azure Monitor resource log category LoadBalancerHealthEvent and are intended to help you monitor and troubleshoot your load balancer resources.

 

As part of this public preview, you can now receive the following 5 health event types when the associated conditions are met. These health event types are targeted to address the top issues that could affect your load balancer’s health and availability…

 

 

 

mediumvv2px400.jpg.5aeddd7bca10a32b10638ff6011e3e65.jpg

 

 

 

 

 

Title: Using Admin State to Control Your Azure Load Balancer Backend Instances

 

Source: Azure Networking

 

Author: Chidozie Buruzie

 

Publication Date: 5/30/24

 

Content excerpt:

 

Today, Azure Load Balancer distributes incoming traffic across healthy backend pool instances. It accomplishes this by using health probes to send periodic requests to the instances and check for valid responses. Results from the health probe then determine which instances can receive new or continued connections and which ones cannot.

 

 

 

mediumvv2px400.jpg.475e309c3bce6d5de79bb1d340e00bed.jpg

 

 

 

 

 

Title: Organizing rule collections and rule collection groups in Azure Firewall Policy

 

Source: Azure Network Security

 

Author: Beatriz Silveira

 

Publication Date: 5/15/24

 

Content excerpt:

 

Firewall Policy is the recommended method to manage Azure Firewall security and operational configurations. When using Firewall Policy, any rules must be part of a rule collection and rule collection group. Rule collections are sets of rules that share the same priority and action, and can be of type DNAT, Network, or Application. Rule collection groups are containers for rule collections of any type and are processed first by Azure Firewall based on priority.

 

 

 

mediumvv2px400.jpg.e09627d27f984d2049407113c45f7ea8.jpg

 

 

 

 

 

Title: Loop DDoS Threats: Azure’s Strategy for Cybersecurity Defense

 

Source: Azure Network Security

 

Author: Amir Dahan; Syed Pasha

 

Publication Date: 5/16/24

 

Content excerpt:

 

In the realm of cybersecurity, Distributed Denial-of-Service (DDoS) attacks are a significant concern. The recent holiday season has unveiled a complex and evolving threat landscape, marked by sophisticated tactics and diversification. From botnet delivery via misconfigured Docker API endpoints to the NKAbuse malware's exploitation of blockchain technology for DDoS attacks, the tactics and scale of these attacks have shown significant sophistication and diversification.

 

 

 

mediumvv2px400.jpg.6f4bc6879e44172aea169b83312ebc8d.jpg

 

 

 

 

 

Title: Azure WAF integration in Copilot for Security- Protect web applications using Gen AI

 

Source: Azure Network Security

 

Author: Sowmya Mahadevaiah

 

Publication Date: 5/21/24

 

Content excerpt:

 

Today, we are launching the public preview of Azure Web Application Firewall (WAF) integration in Microsoft Copilot for Security. Azure WAF capabilities available in the standalone Copilot for Security experience are: Get Top Rules Triggered, Get Top Blocks By IP, Get SQLi Blocks By WAF, and Get XSS Blocks By WAF.

 

 

 

mediumvv2px400.jpg.15c38b0fe97d78774f26d00790199892.jpg

 

 

 

 

 

Title: Azure Firewall integration in Microsoft Copilot for Security

 

Source: Azure Network Security

 

Author: Abhinav Sriram

 

Publication Date: 5/21/24

 

Content excerpt:

 

Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. In this blog we will be focusing on the newly announced Azure Firewall integration in Copilot for Security.

 

 

 

mediumvv2px400.jpg.bd0c0c112ad6320845f5c176d9c7fb06.jpg

 

 

 

 

 

Title: Faster server onboarding and disaster recovery with Azure File Sync (Public Preview)

 

Source: Azure Storage

 

Author: 1Nataraj

 

Publication Date: 5/20/24

 

Content excerpt:

 

We are excited to announce the public preview of faster server onboarding and disaster recovery. This will significantly accelerate customer onramp and scaling with Azure File Sync for hybrid access as well as disaster recovery. With this update (v18), we are expediting the time taken for a newly provisioned server endpoint ready to use.

 

 

 

mediumvv2px400.jpg.691c91f9090f5376fac831f5938dfa54.jpg

 

 

 

 

 

Title: Enhancing Azure Files resilience and performance

 

Source: Azure Storage

 

Author: 1Nataraj

 

Publication Date: 5/20/24

 

Content excerpt:

 

Azure Files provides the best-in-class fully managed file share solution in the cloud. We are excited to showcase several new capabilities, some already launched and others upcoming, all aimed at enhancing your application reliability and performance, when using Azure Files.

 

 

 

mediumvv2px400.jpg.4edb57b4cdcd3edbed0f2cff6adc0ba1.jpg

 

 

 

 

 

Title: Curated resiliency recommendations for Azure Virtual Desktop

 

Source: Azure Virtual Desktop

 

Author: Tom Hickling

 

Publication Date: 5/29/24

 

Content excerpt:

 

The Azure Proactive Resiliency Library (APRL) is a collection of best practices, recommendations, and scripts that help you improve the resiliency of your Azure Virtual Desktop environment. Incorporating the contributions of multiple subject matter experts around the globe, including Microsoft FastTrack and senior cloud solution architects, the library offers proven guidance based on thousands of hours helping organizations deploy Azure Virtual Desktop in complex environments.

 

 

 

mediumvv2px400.jpg.559157357bc24bb79c000d07dcbe041d.jpg

 

 

 

 

 

Title: Hibernation support now available for Azure Virtual Desktop

 

Source: Azure Virtual Desktop

 

Author: Jessie Duan

 

Publication Date: 5/30/24

 

Content excerpt:

 

Today we are happy to announce the general availability of hibernation support in Azure Virtual Desktop. Explore additional capabilities that make it easier to save compute costs for your idle resources.

 

 

mediumvv2px400.jpg.d9b7de20adc0504d73489941ded6adc0.jpg

 

 

 

 

 

Title: Revisiting Enterprise Policy as Code v10

 

Source: Core Infrastructure and Security

 

Author: Heinrich Gantenbein

 

Publication Date: 5/1/24

 

Content excerpt:

 

As EPAC has reached version 10, it is time to revisit Enterprise Policy as Code (EPAC for short) to give you an update from the original post (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-policy-as-c...) published on September 12th, 2022.

 

The maintainers of the OSS project EPAC work daily with Microsoft’s customers implementing Azure governance and security in general and more specifically Policy implementation via EPAC. EPAC was born out of the need to manage Policy at scale, while dramatically reducing the cost of implementation with traditional Infrastructure as Code (IaC) tools, such as ARM, Bicep, and Terraform. Those tools are great for IaC in general; however, their lack the knowledge of dependencies between definitions, assignments, exemptions, and role assignments and the simplifications to Policy Assignments and Policy Exemptions. EPAC understands the dependencies and will sequence the deployment correctly.

 

 

 

mediumvv2px400.jpg.825564a88ab2229eed4353572a0343d3.jpg

 

 

 

 

 

Title: Microsoft will require MFA for all Azure users

 

Source: Core Infrastructure and Security

 

Author: Erin Chapple (CVP – Azure Core)

 

Publication Date: 5/14/24

 

Content excerpt:

 

This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA). Establishing this security baseline at the tenant level puts in place additional security to protect your cloud investments and company.

 

 

 

mediumvv2px400.jpg.731abd0cb4e25de90e73a1056aca5263.jpg

 

 

 

 

 

Title: Enable Zero Touch Enrollment of MDE on macOS devices managed by Microsoft Intune

 

Source: Core Infrastructure and Security

 

Author: Arnab Mitra

 

Publication Date: 5/17/24

 

Content excerpt:

 

Microsoft Defender for Endpoint (MDE) is a unified endpoint security platform that helps protect your organization from advanced threats. MDE provides threat detection, investigation, and response capabilities across Windows, Linux, Android, and macOS devices.

 

To deploy MDE on macOS devices, you need to install the MDE agent and enroll the devices to the MDE service. You can use Microsoft Intune, a cloud-based device management service, to automate the installation and enrollment process. This blog post explains how to use Intune to achieve zero touch enrollment of MDE on macOS devices.

 

 

 

mediumvv2px400.jpg.eada5f2af2ff20345b7ae6f5e0b1947b.jpg

 

 

 

 

 

Title: Optimizing Cloud Management: Leveraging Azure Update Manager with Pre and Post Events

 

Source: Core Infrastructure and Security

 

Author: Werner Rall

 

Publication Date: 5/20/24

 

Content excerpt:

 

As Azure Update Manager becomes the go-to solution for patching Azure VMs, it’s crucial to integrate efficient pre and post tasks to enhance reliability and control. This blog outlines a systematic approach to setting up these tasks, starting with initiating specific VMs based on their tags, and creating snapshots of the OS disk before updates. This preemptive measure ensures that if updates cause issues, restoring the system is straightforward and quick. Additional tasks will be integrated as needed to adapt to evolving requirements.

 

 

 

mediumvv2px400.jpg.ee321d6ecd1293961d0601ad28e19561.jpg

 

 

 

 

 

Title: Microsoft Entra ID Tenant Starters Guide: Understanding Identity Management and Licensing

 

Source: Core Infrastructure and Security

 

Author: Gregor Wohlfarter

 

Publication Date: 5/29/24

 

Content excerpt:

 

Microsoft Entra ID Tenant is a cloud-based identity and access management service that helps you manage your organization's users, devices, applications, and resources. It is a powerful and flexible solution that enables you to securely connect your employees, customers, and partners to the digital resources they need, while protecting your organization from unauthorized access and identity threats. In this guide, you will learn the basics of Microsoft Entra ID Tenant, how to access and use it, how to manage licenses for different Microsoft products and services, and how to address some common challenges and scenarios related to identity management and licensing.

 

 

 

mediumvv2px400.jpg.67934a6a778d89e80ade7bef024f3f98.jpg

 

 

 

 

 

Title: Addressing Common Entra ID Protection Deployment and Maintenance Issues

 

Source: Core Infrastructure and Security

 

Author: Chad Cox

 

Publication Date: 5/30/24

 

Content excerpt:

 

Entra ID tenants face threats from bad actors who use password spray attacks, multifactor spamming, and social phishing campaigns. Many organizations do not prioritize protecting Entra ID because they worry about affecting their end users. One straightforward way to protect Entra ID is to use risk based conditional access policies that combine conditional access policies with the risk signals from Entra ID Protection. In this blog, I will discuss some of the mistakes that we see organizations make that cause delays in the deployment and leave their tenants insecure. This blog will answer questions about Entra ID tenants using third party identity providers to authenticate, reducing false positives, minimizing user impact, and migrating from the old identity protection policies.

 

 

 

mediumvv2px400.jpg.3f1153c6f63c21b069a332846b680cf7.jpg

 

 

 

 

 

Title: How to enable IPv6 to IPv4 communication in Azure

 

Source: FastTrack for Azure

 

Author: brsteph

 

Publication Date: 5/6/24

 

Content excerpt:

 

As organizations begin to convert new and existing IPv4 workloads to IPv6, they will need to manage communications between these different IP versions. This article provides an overview of three common Azure workload scenarios organizations need to plan for, and how to execute by leveraging the dual-stack nature of Azure networks.

 

 

 

mediumvv2px400.jpg.f8cab186bc0f08e74bfeed159be76b4c.jpg

 

 

 

 

 

Title: Virtual Network Flow Logs Recipes - Microsoft Community Hub

 

Source: FastTrack for Azure

 

Author: Jose Moreno

 

Publication Date: 5/8/24

 

Content excerpt:

 

You might have heard about the General Availability of Virtual Network Flow Logs in Azure, and even read the announcement blog post. When writing that post with Harsha CS I had the chance to play a bit with VNet Flow Logs and Traffic Analytics, and I would like to share some of the learnings.

 

 

 

mediumvv2px400.jpg.90789ddfeee21036f14c5874f5342fc1.jpg

 

 

 

 

 

Title: How to choose the right reserved instance in Azure

 

Source: FinOps

 

Author: Gregor Wohlfarter

 

Publication Date: 5/7/24

 

Content excerpt:

 

A reserved instance is a way to prepay for a certain amount of compute usage in Azure for a fixed period of time (either one or three years [1]), at a discount. By doing so, you can save up to 72% compared to the pay-as-you-go (PAYG) price, depending on the type and size of the instance. Reserved instances are ideal for workloads that have predictable and consistent usage patterns, such as production environments, databases, or web servers.

 

While Reserved Instances offer a cost-effective solution for consistent workloads, it's important to understand the flexibility and limitations they present. Currently, you can cancel reservations with no penalty fee, subject to a cap of $50,000 per 12-month period. However, there might be an upcoming 12% cancellation fee for canceling reservations [2]. Additionally, virtual machine reservations are not limited to a single product; Instance Size Flexibility allows you to apply your reservation to any virtual machine within the same flexibility group, enhancing adaptability to changing needs [3]. However, this flexibility is exclusive to VM instances.

 

 

 

mediumvv2px400.jpg.846985538c5bca7b6f6f74e4fc6b33cd.jpg

 

 

 

 

 

Title: Unlock savings potential with Azure Advisor's Cost Optimization workbook

 

Source: FinOps

 

Author: Arthur Clares

 

Publication Date: 5/15/24

 

Content excerpt:

 

The Azure Cost Optimization workbook is a powerful tool that helps you monitor and optimize your Azure costs. It provides you with a comprehensive overview of your Azure environment and offers actionable insights and recommendations based on the Well-Architected Framework Cost Optimization pillar.

 

 

 

mediumvv2px400.jpg.5dc46205f1f916fb53a1addc64ef5965.jpg

 

 

 

 

 

Title: How to enforce usage of Privileged Access Workstations for Admins

 

Source: Security, Compliance, and Identity

 

Author: Sascha Windrath

 

Publication Date: 5/3/24

 

Content excerpt:

 

You probably already came across the challenge to make sure that administrators using a highly privileged administrative role in Entra ID or an Azure RBAC role which allows control over sensitive resources should be only allowed if administrators use a dedicated administrative workstation. At Microsoft we call those devices Privileged Access Workstations (PAW). PAWs are highly restricted and protected devices with the single purpose to secure and protect the admin’s credentials following Zero Trust and Clean Source Principle. Now, the issue is that Admins could either employ that device or simply ignore it and use their office computers instead, which seems to be much more convenient. The same applies for the attackers, because admins not using a PAW makes their life much easier as they would have a direct attack path at hand. This is not what you want! (This article assumes you already have implemented a PAW for cloud services management.)

 

 

 

mediumvv2px400.jpg.ed6f6d2b0f03059aea53fe43e689d96c.jpg

 

 

 

 

 

Title: Respond to trending threats and adopt zero-trust with Exposure Management

 

Source: Security, Compliance, and Identity

 

Author: Brjann Brekkan

 

Publication Date: 5/6/24

 

Content excerpt:

 

In today’s rapidly evolving threat landscape, organizations face a daunting challenge: managing their security posture effectively. With an ever-expanding attack surface, including cloud services, endpoints, apps, increasing use of SaaS applications and different types of accounts and identities, it has become more important than ever to implement proactive processes to prevent threats. As cyber threats become more sophisticated, organizations must stay ahead of the curve. The ability to implement processes to identify, assess, and remediate exposures is essential for maintaining a robust security posture.

 

 

 

mediumvv2px400.jpg.87da2a48f3c4ca3b357f975f7c8ab9cd.jpg

 

 

 

 

 

Title: Completing DFSR SYSVOL migration of domains that use Entra ID passwordless SSO

 

Source: Storage at Microsoft

 

Author: Ned Pyle

 

Publication Date: 5/13/24

 

Content excerpt:

 

Heya folks, Ned here again. A customer recently reached out to me in the comments section of the well-worn Streamlined Migration of FRS to DFSR SYSVOL article, asking about a problem he was seeing with a single DC that wouldn't complete the process. Today I'll explain how to fix the issue introduced by a very modern authentication add-on.

 

 

 

mediumvv2px400.jpg.68fd9f1706ab01e916c19881b7c9ebc2.jpg

 

 

 

 

 

Title: Accessing a third-party NAS with SMB in Windows 11 24H2 may fail

 

Source: Storage at Microsoft

 

Author: Ned Pyle

 

Publication Date: 5/29/24

 

Content excerpt:

 

Heya folks, Ned here again. With the publication of Windows 11 24H2 Release Preview, customers are trying out the new OS prior to general availability. If you were in the Windows Insider Canary or Dev release program for the past few years, nothing I'm about to share is new. But if you weren't and you're now having issues mapping a drive to your third-party network attached storage (NAS) devices using SMB, this article is for you.

 

 

 

mediumvv2px400.jpg.439ff1ab406e42d5dde88853d10bec74.jpg

 

 

 

 

 

Title: Skilling snack: Advanced network security

 

Source: Windows IT Pro

 

Author: Navi Beesetti

 

Publication Date: 5/16/24

 

Content excerpt:

 

Ready for another dive into network security? By now, you should already be familiar with the basics, courtesy of our previous skilling snack, Network security basics for endpoints. Network security is too broad and important of a topic to cover in a single snack, and it's always improving! So, we've compiled a second serving of more advanced network security skilling to help you give your organization the worry-free environment it deserves.

 

 

 

mediumvv2px400.jpg.874fefb7bb2a9bf4a872e3834874b90b.jpg

 

 

 

 

 

Title: VBScript deprecation: Timelines and next steps

 

Source: Windows IT Pro

 

Author: Naveen Shankar Chilla

 

Publication Date: 5/22/24

 

Content excerpt:

 

Scripting options for web development and task automation are modernizing. To provide you with the most modern and efficient options, we are replacing VBScript with more advanced alternatives such as JavaScript and PowerShell. Find out what VBScript deprecation means for you and how you can get ready.

 

 

 

mediumvv2px400.jpg.48f15fe952b051a82b5f9bc2fa9cf13f.jpg

 

 

 

 

 

Title: Evolving Copilot in Windows for your workforce

 

Source: Windows IT Pro

 

Author: Harjit Dhaliwal

 

Publication Date: 5/22/24

 

Content excerpt:

 

This week, we introduced the Copilot+ PC in addition to updating Microsoft Copilot in Windows, your everyday AI companion. By changing Copilot in Windows, we're addressing one of the top pieces of feedback we have received from commercial organizations, which is to provide a more flexible, app-like experience. In this blog, we'll share some of the updates we've made to AI in Windows and how we're providing choice and control for commercial organizations and the IT professionals that support them.

 

 

 

mediumvv2px400.jpg.048542641546c75cfd16eb07561a6634.jpg

 

 

 

 

 

Title: Run untrusted content safely with Windows Sandbox

 

Source: Windows OS Platform

 

Author: Kavya Nagalakunta

 

Publication Date: 5/14/24

 

Content excerpt:

 

As a developer, your work often involves experimenting with various libraries, frameworks, tools and sometimes testing unknown files or executables. But let's face it – accessing unfamiliar files or repos can sometimes feel like tiptoeing through a minefield. You do not know if they are safe or potential malware. What if I told you there's a way to explore new files without risking your host OS!

 

Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation from the host OS. Think of it as your digital playground – a safe, isolated environment where you can test and debug apps, explore unknown files, or experiment with tools without risking your host OS. A Windows Sandbox is disposable. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.

 

 

 

mediumvv2px400.jpg.b32282be68b43ff4d4776589fa71079e.jpg

 

 

 

 

 

 

 

 

 

Previous CTO! Guides:

 

 

 

 

Additional resources:

 

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...