AzUpdate: SMB Signing, SecretManagement now GA, Windows Hybrid SSO to AzureAD and more

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Lots to cover this week on AzUpdate. News includes Ned Pyle provides clarity on SMB signing, Microsoft announced GA for SecretManagement 1.1, details on Windows Hybrid join via single sign-on to Azure Active Directory and a Windows Server storage-based Microsoft Learn Module of the week.

 

 

 

Ned Pyle Explains Configuring SMB Signing with Confidence

Many years ago, Microsoft made configuring SMB signing in Windows kind of complicated. Recently, Ned Pyle, Microsoft Principle PM on the Windows Server team shared his explanation regarding the SMB signing rules.
 
windows_server_local_group_policy_editor.jpg

 

In SMB signing, every SMB 3.1.1 message contains a signature generated using session key and Advanced Encryption Standard (AES). The entire message receives the client's hash into the signature field of the SMB2 header ensuring that a non-matching hash would signifiy a data breach and SMB would know it has been tampered with. This hash also confirms to sender and receiver that they are who they say they are, thus stopping relay attacks. Ideally, you are using Kerberos instead of NTLMv2 so that your session key starts strong. 

 

Further details can be found in Ned Pyles recent post and via the following video: 
 

 

Microsoft Announces SecretManagement 1.1 Achieves General Availablity

SecretManagement is a module available on the PowerShell Gallery that enables you to use a common set of commands to store and retrieve secrets within PowerShell scripts, regardless of where you prefer to keep your secrets safe. SecretManagement 1.1 mostly includes updates to enable users operating in Constrained Language Mode (CLM). If you’ve already got SecretManagement running in your environment, review the 1.1 preview blog prior to updating for information on how the changes might impact your or vault extensions.

 

Checkout the following SecretManagement 1.1 GA announcement post for more details.

 

End of Extended Support for Windows Server 2012 and 2012 R2 

Windows Server 2012, and 2012 R2 End of Extended support is approaching per the Lifecycle Policy: Windows Server 2012 and 2012 R2 Extended Support will end on October 10, 2023. Now Microsoft understands that Windows Server runs many business-critical applications and it may take more time for some organizations to migrate to supported versions which is why they have announced one additional year of extended security updates for Windows Server 2008 and 2008 R2 instances running on Azure.

 

Further details surrounding this anncoucement can be found here: Plan your Windows Server 2012 and 2012 R2 End of Support

 

Windows hybrid join single-sign-on to Azure Active Directory

Many organizations now use both on-premises and cloud resources, and users want to be able to log on once to access both. But with Azure Active Directory not understanding Active Directory credentials (and vice versa), how does this single sign on process work?

 

 

Sonia Cuff recently shared a Deep Dive on this topic that details the steps surrounding the hybrid join single-sign-on process. The post can be reviewed here: Deep Dive - Windows hybrid join single-sign-on to Azure Active Directory

Community Events

  • Patch and Switch - It has been a fortnight and Patch and Switch are back to share the stories they have amassed over the past two weeks.

 

MS Learn Module of the Week

Microsoft_Learn_Banner.png

 

Windows Server file servers and storage management

Learn to implement and manage Windows Server file servers and storage. Implement Storage Spaces, data deduplication, and Windows Server Storage Replica.

 

 

In this module, you will learn how to:

To get the best experience from this learning path, you should have knowledge and experience of:

  • Windows Server 2012 or Windows Server 2016.
  • Core networking technologies.

 

Learn more here: Windows Server file servers and storage management
 

 

 

Let us know in the comments below if there are any news items you would like to see covered in the next show. Be sure to catch the next AzUpdate episode and join us in the live chat.

 

AZUpdate_S03E01_windows_hybrid_azuread_smb_powershell_secret_management.png

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.