🔥Save money, protect your infrastructure and optimise operations with Microsoft solutions - collection of guides and latest updates released in May 2023🔥
Title: Preview of SAN URI for Certificate Strong Mapping for KB5014754
Source: Ask the Directory Services Team
Content excerpt:
KB5014754, released in May 2022, introduced changes to Active Directory Kerberos Key Distribution (KDC) behavior on Windows Server 2008 and later when validating certificates during certificate-based authentication. These changes were made to address elevation of privilege related vulnerabilities leveraging certificate spoofing.
Title: Azure Arc enabled servers and Azure Automanage Integration
Source: Azure Arc
Content excerpt:
Tired of manually onboarding and configuring Azure services for your Arc-enabled servers? With Azure Automanage Machine Best Practices, you can point, click, set, and forget to extend Azure security, monitoring, and governance services to servers anywhere.
Title: April release of Arc data services
Source: Azure Arc
Content excerpt:
As many of you may know, we have a monthly release coinciding with the patch Tuesday. So, our April release went out on the 12th.
The release includes updates for both Azure extension for SQL Server as well as Arc data services. Here's a quick rundown of some features that shipped in each of these services.
Title: HPC, High Performance Computing, Azure, AI, AI Infrastructure, Infrastructure
Source: Azure High Performance Computing (HPC)
Content excerpt:
High performance computing is the use of advanced systems and techniques to solve complex computational problems, that require significant processing power and memory. The beauty of HPC is using parallel processing and supercomputers to perform these calculations at incredibly high speeds. Typically, each workload is split into tasks, and these tasks are all performed in parallel where possible to complete them faster.
Title: Monitor and troubleshoot Azure & hybrid networks with Azure Network Monitoring
Source: Azure Networking
Content excerpt:
Azure Network Watcher and Network Insights portfolio encompasses an entire suite of tools to visualize, monitor, diagnose, and troubleshoot network issues across Azure and Hybrid cloud environments.
The suite enables customers to observe health across resources and networks with comprehensive wide coverage, through a guided and intuitive drilled down experience with Network Insights.
Title: Monitor Object Replication Azure Blob Storage
Source: Azure PaaS
Content excerpt:
Object replication asynchronously copies block blobs between a source storage account and a destination account. Because block blob data is replicated asynchronously, the source account and destination account are not immediately in sync. There's currently no SLA on how long it takes to replicate data to the destination account. In some cases, you might need to check the replication status, in this article we will go over the different methods that you can use to check and monitor the object replication status for the storage account.
Title: How to capture underlying outbound traffic from Cloud Service Web Role to other servers
Source: Azure PaaS
Content excerpt:
It’s common that a part of the data of a web page is saved in another service such as storage account or SQL server. When the website is hosted on Azure Cloud Service, when we visit the page, the w3wp process of IIS component will need to send out a request to the target remote server to read the needed data.
But when the Cloud Service fails to read the data from the remote server and developer wants to troubleshoot this issue, it will be difficult as by default users are unable to track the outbound traffic from Cloud Service to these remote servers.
Title: The True Cost of Traditional File Storage
Source: Azure Storage
Content excerpt:
We’ve reached a tipping point when it comes to storing and managing unstructured data. With a focus on lowering costs and optimizing cloud spend, this series of posts will cover 3 top of mind topics for enterprise IT teams today
Title: Leverage the Cloud to Cut File Data Costs: Comparison of Alternatives
Source: Azure Storage
Content excerpt:
In our previous post, we reviewed unstructured data growth and the high costs associated with file data storage. Since 80% of file data is cold, meaning infrequently accessed, and cost-effective tiers such as Azure Blob are 1/10th to 1/100th the cost of file storage, it is easy to see why businesses and public sector organizations want to use cold data tiering to reduce file storage costs. Here is a breakdown of Azure Blob Archive costs compared to higher performance on-premises and cloud file storage options.
Title: Announcing Image Signing for Windows Containers
Source: Containers
Content excerpt:
Containers have become popular for application development and deployment due to their portability and flexibility. As more and more apps choose containerization as a means of app modernization, it is important to secure container images ensuring they remain safe from image tampering or modification.
Today we published Windows container images signed by notation, and they are now available in Microsoft Artifact Registry
Title: Customer Offerings: Well-Architected Cost Optimization Implementation
Source: Core Infrastructure and Security
Content excerpt:
This offering can be considered as a continuation/”part 2” of sorts for the Well-Architected Cost Optimization Assessment, where the goal is to help you implement some of the findings relating to Azure Reservations, Azure Savings Plans, Azure Hybrid Benefits, along with cleaning up some of that cloud waste sitting around.
Title: Modernizing Endpoints - Installing CM Client on AADJ Device
Source: Core Infrastructure and Security
Content excerpt:
In this blog we will discuss a specific use case that I came across while working with a Community College. The college wanted to simplify their Windows provisioning. They had a lot of apps built in their ConfigMgr environment. This is when we took advantage of the co-management capability offered by Windows Autopilot in connecting a pure Azure AD joined PC with ConfigMgr without using Cloud Management Gateway (CMG) or Hybrid Domain Join.
Title: Bitlocker Is Not Resuming After Reboot Count Has Been Reached
Source: Core Infrastructure and Security
Content excerpt:
BitLocker is a feature in Windows 10/11 that encrypts your device’s hard drive to protect your data from unauthorized access. However, there are some scenarios where you may need to suspend BitLocker temporarily, such as when you update your BIOS or firmware using a vendor’s update utility. When you suspend BitLocker, you can specify how many times your device can restart before BitLocker resumes encryption. This is called the reboot count parameter.
Title: Azure Monitor: Use Dynamic Thresholds in Log Alerts
Source: Core Infrastructure and Security
Content excerpt:
In this new blog post I am going to explain how to use dynamic threshold in log alerts. Think for a second, that you need to create an alert that must, at the same time, apply to more than one resource and react to different thresholds.
Title: Azure Monitor: Logs Ingestion API Tips & Tricks
Source: Core Infrastructure and Security
Content excerpt:
Today I am going to share with you an interesting experience in configuring the Logs ingestion using the new API in Azure Monitor in a data collection rule created using ARM templates.
Title: Reporting on Azure AD Password Protection
Source: Core Infrastructure and Security
Content excerpt:
Hi everyone! It's been a long time, but Graeme Bray here with you to talk about an Azure Monitor workbook you can deploy in your environment to help you report on your Azure AD Password Protection. You are running AAD Password Protection, right? If you have Azure AD P1 or P2 for your users, you're licensed for it, and it extends the exact same password protection from Azure AD to your on-premises environment. That's great, because if a user tries to reset their password via Azure AD or via Active Directory, they have the same password requirements.
Title: Using Microsoft Intune for Local Administrator Password Management
Source: Core Infrastructure and Security
Content excerpt:
As you may have heard; Windows LAPS feature is released to Public Preview in the last week of April. It has support for two main scenarios for backing up local administrator password such as storing passwords in Azure AD and Windows Server AD. It also has interoperability with legacy LAPS solution. This article on the other hand; will focus on native cloud deployment for Windows 10/11 clients that does not have legacy LAPS client installed, managed through Intune and either Hybrid Azure AD Joined or Azure AD Joined.
Title: Configure Azure Application Gateway Private Link
Source: FastTrack for Azure
Content excerpt:
Private Link for Application Gateway allows you to connect workloads over a private connection spanning across VNets and subscriptions. When configured, a private endpoint will be placed into a defined virtual network's subnet, providing a private IP address for clients looking to communicate with the gateway.
Title: New settings in Microsoft Intune to enhance Windows Defender Firewall management
Source: Intune Customer Success
Content excerpt:
We're pleased to highlight some of the new additions made to the Microsoft Intune admin center to configure settings related to Windows Defender Firewall. Admins can take advantage of these capabilities to enhance security and ease Defender Firewall management. The properties come directly from the Firewall configuration service provider (CSP) and apply to the Windows platform.
Title: gMSA sample application for Windows containers
Source: ITOps Talk
Content excerpt:
Recently I talked to a customer about their deployment of gMSA on Azure Kubernetes Service (AKS). This customer was having trouble when trying to run their deployment on AK, and the goal was to identify where the issue was. While discussing with the customer, it occurred to me that sometimes it’s hard to say if the issue is with the configuration of the underlying Kubernetes environment, or if it’s an issue with the application the customer was trying to deploy. To that end, I created a containerized sample app to test if the gMSA config is working or not.
Title: Quick Wins to Strengthen Your Azure AD Security
Source: Microsoft Entra (Azure AD)
Content excerpt:
While talking about identities, Azure Active Directory (Azure AD), part of the Microsoft Entra product family, is a critical identity system leveraged by most of the organizations and it serves a single point for authentication and authorization of users against applications, resources and much more. It’s at the heart of an organization's zero trust strategy.
In this blog we discuss some Quick Wins to reduce the attack surface of Azure AD. From a technician's standpoint, these tasks are immediate and require minimal testing to get them rolled out in production.
Title: Entra Identity Governance with Entra Verified ID – Higher Fidelity Access Rights + Faster Onboarding
Source: Microsoft Entra (Azure AD)
Content excerpt:
I’m excited to announce the integration of Entra Identity Governance Entitlement Management with a very cool technology we recently introduced, Microsoft Entra Verified ID!
If you think about what you need to onboard new users including employees, contractors, partners, or other business guests, it often includes verifying identity information and credentials. This process can be tedious and time-consuming, requiring users to fill out redundant online forms or paperwork, ultimately delaying hiring timelines and ramp-up periods.
Kudos to Brandon Wilson, SR CSA-E @Microsoft for compiling these links.