Check This Out! (CTO!) Guide (October 2022)

Posted by

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

Microsoft-logo-flag only.JPG

 

Title: Announcing Landing Zone Accelerator for Azure Arc-enabled SQL Managed Instance

Source: Azure Arc

Author: Lior Kamrat

Publication Date: October 12, 2022

Content excerpt:

With both Azure Arc-enabled servers and Kubernetes Landing Zone Accelerators already generally available, today we're launching the Azure Arc-enabled SQL Managed Instance landing zone accelerator within the Azure Cloud Adoption Framework.

The new solution provides hybrid and Multicloud scenarios within the Azure Cloud Adoption Framework, a proven set of guidance designed by subject matter experts across Microsoft to help customers create and implement the business and technology strategies necessary to succeed in the cloud as well as a way to automate a fully deployed Azure Arc-enabled SQL Managed Instance environment, making implementation faster.

 

Microsoft-logo-flag only.JPG

 

Title: New Hybrid Deployment Options for AKS Clusters From Cloud to Edge, Enabled by Azure Arc Title

Source: Azure Arc

Author: Abhilasha Agarwala

Publication Date: October 12, 2022

Content excerpt:

Since announcing the availability of Azure Kubernetes Service (AKS) on Azure Stack HCI and AKS on Windows Server, we’ve seen customers run their containerized workloads on AKS clusters in datacenters, retail stores, factories and even ships.
Today, we’re excited to introduce new features for at-scale AKS hybrid cluster life cycle management and the opportunity to utilize existing on-premises investments and help reduce costs that often come with modernization efforts. We’re also introducing a new AKS hybrid deployment option so you can run lightweight managed AKS on small, remote edge devices.
At 
Microsoft Ignite 2022, we’re announcing new features and hybrid deployment options from cloud to edge, enabled by Azure Arc, for AKS clusters running in your datacenter, branch offices, and edge locations.

 

Microsoft-logo-flag only.JPG

 

Title: Active Directory Connector (ADC) for Arc-Enabled SQL Managed Instance Is Now Generally Available!

Source: Azure Arc

Author: Mikhail Almeida

Publication Date: October 13, 2022

Content excerpt:

Azure Arc-enabled data services support Active Directory (AD) for Identity and Access Management (IAM). The Arc-enabled SQL Managed Instance uses an existing on-premises Active Directory (AD) domain for authentication.

To facilitate this, Azure Arc-enabled data services introduce a new Kubernetes-native Custom Resource Definition (CRD) called Active Directory Connector. It provides Azure Arc-enabled SQL Managed Instances running on the same data controller the ability to perform Active Directory authentication.

 

Microsoft-logo-flag only.JPG

 

Title: Consistently Upgrade Your Server TLS Protocol Using Azure Arc and Automanage Machine Configuration

Source: Azure Arc

Author: aurnovcy

Publication Date: October 27, 2022

Content excerpt:

The need to upgrade server TLS protocols is clear given the security vulnerabilities identified with TLS versions 1.0 and 1.1 Notable cryptographic threats impacting these previous TLS versions include BEAST, POODLE, and HEARTBLEED. As of 2020, TLS versions 1.0 and 1.1 are no longer supported. TLS 1.2 is required to maintain secure connections and offers higher performance on top of improved reliability.

Using Azure Automanage Machine Configuration, you can configure your secure communications protocol across servers running both within and beyond Azure. Through Azure Arc-enabled servers, you can extend Azure Policies to deploy and audit configurations in-guest through Azure Automanage Machine Configuration to non-Azure infrastructure. This is because the Connected Machine agent, powering Arc-enabled servers, has a built-in Machine Configuration component.

 

Microsoft-logo-flag only.JPG

 

Title: Announcing Sustainability Guidance in the Azure Well-Architected Framework

Source: Azure Architecture

Author: Tobias Zimmergren

Publication Date: October 12, 2022

Content excerpt:

Increasingly, customers are asking questions related to sustainability and energy efficiency, such as: ‘Is our application efficient?’ ‘Are we utilizing the allocated resources fully, and are these optimized enough?’ By efficiency, the expectation might be energy efficiency, hardware efficiency, or efficient use of any other consumed resource. These questions highlight the growing importance of sustainability in cloud optimization, from reducing carbon emissions and energy utilization to refactoring for agility at a lower cost.  

As part of Microsoft’s ongoing commitment to promote sustainable development and low-carbon business practices globally, we’ve recently released sustainability guidance within the Azure Well-Architected Framework (WAF) designed to help you optimize cloud workloads for green IT.

 

Microsoft-logo-flag only.JPG

 

Title: Setup Hybrid Joined AVD Single Sign-On

Source: Azure Architecture

Author: Mei Liu

Publication Date: October 10, 2022

Content excerpt:

Azure virtual desktop SSO allows us to skip the session host credential prompt and automatically sign the AVD users when connecting to the VMs. Without SSO, the AVD client will prompt end users for their session host credentials for every connection.

Single sign-on is available on AVD session hosts using the following operating systems:

 

Microsoft-logo-flag only.JPG

 

Title: Optimize and Maximize Cloud Investment with Azure Savings Plan for Compute

Source: Azure Compute

Author: Kyle Ikeda

Publication Date: October 12, 2022

Content excerpt:

As a cloud provider, we are committed to helping our customers get the most value out of their cloud investment through a comprehensive set of pricing models, offers and benefits that adapt to customer’s unique needs. Today, we are announcing Azure savings plan for compute. With this new pricing offer, customers will have an easy and flexible way to save up to 65%* on compute costs, compared to pay-as-you-go pricing, in addition to existing offers in market including Azure Hybrid Benefit and Reservations.

 

Microsoft-logo-flag only.JPG

 

Title: New Regions and Managed Identity Support for Azure Container Instances with Azure Virtual Networks

Source: Azure Compute

Author: MacKenzie Olson

Publication Date: October 5, 2022

Content excerpt:

With this update, Azure Container Instances customers can now: 

  • Deploy container groups in an Azure Virtual Network in nearly every supported commercial ACI region with a maximum resource request of 4vCPU and 16GB  
  • Use Managed Identity to store and access credentials for container groups running in an Azure Virtual Network  
  • Connect securely to critical network-protected resources such as Azure Container Registry (ACR) and Azure Key Vault (AKV) using Trusted Services authentication 

 

Microsoft-logo-flag only.JPG

 

Title: General Availability: Simplified Disaster Recovery for VMware Machines Using Azure Site Recovery

Source: Azure Compute

Author: Sharmistha Rai

Publication Date: October 9, 2022

Content excerpt:

Today we’re officially announcing the general availability of a simpler, more reliable, and modernized way to protect your VMware virtual machines using Azure Site Recovery, for recovering quickly from disasters. We are now offering these enhancements:

  • Stateless ASR replication appliance
  • Automatic upgrades for ASR replication appliance and mobility agent
  • Easier scale management
  • High availability for appliances

 

Microsoft-logo-flag only.JPG

 

Title: Now in Preview – Spot Priority Mix for Azure Virtual Machine Scale Sets

Source: Azure Compute

Author: Rajeesh Ramachandran

Publication Date: October 12, 2022

Content excerpt:

Today we are announcing the preview of Spot priority mix for Azure Virtual Machine Scale Sets (VMSS) with flexible orchestration. This new capability allows you to create and expand a VM (virtual machine) scale set containing both Spot VMs and standard VMs. You will now have the flexibility to run a mix of standard and Spot VMs for VMSS deployments, and easily achieve a balance between availability and lower infrastructure costs based on your workload requirements.

 

Microsoft-logo-flag only.JPG

 

Title: Create Emergency Access Accounts for Azure AD and Use Log Analytics to Monitor Sign-ins from Them

Source: Core Infrastructure and Security

Author: Michael Hildebrand

Publication Date: October 31, 2022

Content excerpt:

Hopefully, you have monitoring and alerting for sign ins by your elevated/sensitive/admin IDs – likely via a SIEM.  This should include the break-glass IDs, obviously. 

However, you might consider a simple Azure Monitor/Alert for these BG accounts, too.  In my example here, every 5 minutes, a query runs against my Azure AD Sign in log data (that is streaming into a Log Analytics Workspace), trolling for attempted sign in events from the specified IDs.

 

Microsoft-logo-flag only.JPG

 

Title: Estimating Azure Diagnostics Cost

Source: Core Infrastructure and Security

Author: Helder Pinto

Publication Date: October 24, 2022

Content excerpt:

There are many good reasons to enable Azure Diagnostics on your Azure PaaS resources, for example, auditing who has been accessing a Key Vault, troubleshooting failed requests to a Storage Account, doing a forensics analysis to a compromised Azure SQL Server, etc. Azure resource logging is recommended as part of the Operational Excellence and Security pillars of the Well Architected Framework. Furthermore, you’ll also increase your Azure Secure Score, as enabling auditing and logging is one of the assessed controls of your security posture.

 

Microsoft-logo-flag only.JPG

 

Title: Introduction to Network Trace Analysis 2: Jumping into TCP Connectivity

Source: Core Infrastructure and Security

Author: Will Aftring

Publication Date: October 17, 2022

Content excerpt:

Howdy everyone, I hope you're hungry we have a feast of information we will be going through today. Our topic will be the transmission control protocol (TCP) and what you need to know. 

Now TCP is a monster so to keep this post from being too long, I'll save TCP performance for another day. 

Why is this important? 

You may be wondering why I am dedicating a full post to a single protocol, well it's really very simple. All your favorite applications and protocols use TCP! 

  • HTTP 
  • SMB 
  • Windows Communication Foundation 
  • And many more! 

 

Microsoft-logo-flag only.JPG

 

Title: Internet of PowerShell

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: October 9, 2022

Content excerpt:

I’m excited to write this post because I bumped into this nice little app which connects to an IoT Hub and lets us run scripts on-premises or in the cloud from anywhere in the world without any requirement for inbound ports.

The credits go to @Scott Holden (AUSTRALIA)  who wrote the app (I’m also borrowing his app name as the title of this post) and @Marc Kean who told me about it. I have forked his project for this demonstration, but you can find the original project HERE.

I have recently used its functionality as part of a Start/Stop VM solution based on Automation Account. The customer was using SCOM on-premises and had the requirement to put the server in maintenance mode before the server could be stopped. The Automation Account can’t access on-premises resources and I would have to use a Hybrid Worker; however, this is much cooler and simpler.

I won’t get in the details around SCOM, but I will demonstrate how you can set it up and run the script from anywhere with a simple call to the IoT Hub.

 

Microsoft-logo-flag only.JPG

 

Title: Azure Enterprise Policy as Code – Azure Landing Zones Integration

Source: Core Infrastructure and Security

Author: Anthony Watherston

Publication Date: October 3, 2022

Content excerpt:

Welcome to Part 2 in a series about using the Enterprise Policy as Code project to deploy and manage Azure Policy in your environment. This article covers integration with Azure Landing Zones and how to integrate the policies applied in that solution with this code.

 

Microsoft-logo-flag only.JPG

 

Title: Announcing General Availability of Support for Azure Availability Zones in the Host Pool Deployment

Source: Azure Virtual Desktop

Author: Tom Hickling

Publication Date: October 10, 2022

Content excerpt:

I am pleased to announce that you can now automatically distribute your session hosts across any number of availability zones. This enables you to take full advantage of the built-in Azure resiliency options from within the same deployment process.

This has been a feature request from many of our customers, and I'm pleased to announce the host pool deployment process has been improved so it now supports deploying into up to three availability zones in Azure regions that support them. 

 

Microsoft-logo-flag only.JPG

 

Title: Azure Premium SSD v2 Disk Storage: General Availability

Source: Azure Storage

Author: Aung Oo

Publication Date: October 12, 2022

Content excerpt:

We are excited to announce the general availability (GA) of Premium SSD v2, the next generation of Microsoft Azure Premium SSD Disk Storage that offers the most advanced general purpose block storage solution with the best price-performance. Premium SSD v2 offers sub-millisecond disk latencies for demanding IO-intensive workloads at a low-cost. Customers can use that to improve the price-performance of a broad range of enterprise production workloads such as—SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers.

 

Microsoft-logo-flag only.JPG

 

Title: Workload Deployment Shouldn’t Be Different On Cloud & On-Premises Infrastructure

Source: Azure Stack

Author: Kilol Surjan

Publication Date: October 12, 2022

Content excerpt:

A hybrid strategy in IT infrastructure shouldn’t be cumbersome for your application team. The fact that your IT needs to span across cloud and on-premises infrastructure shouldn’t mean that your app owners have 2X more work in order to provision & manage their applications.

In Azure, we believe that the concepts of provisioning & managing a workload should be the same no matter where it is being deployed. The tools should not change whether you are managing your workload in Azure public cloud or on Azure Stack HCI in your datacenter or edge location. And that is why we are introducing Azure Resource Manager (ARM) templates for end-to-end automated deployment of your workloads.

 

Microsoft-logo-flag only.JPG

 

Title: Retrieve Cloud Service Extended Support detail via PowerShell

Source: Azure PaaS

Author: Jerry Zhang

Publication Date: October 12, 2022

Content excerpt:

This blog is mainly about how to retrieve the CSES configuration via PowerShell and REST API. It will cover the following sections: 

  • PowerShell command to get the CSES configuration
  • PowerShell to send out REST API request to get the CSES configuration 
  • Sample to retrieve OS Family, OS Version and any other data 

 

Microsoft-logo-flag only.JPG

 

Title: Deployment Failure of Private Endpoint Via Managed Application or ARM Template

Source: Azure PaaS

Author: Mo Shi

Publication Date: October 17, 2022

Content excerpt:

The purpose of this blog is to share the one of the failure scenarios that users may encounter during the deployment of Private Endpoint via Managed Application or ARM template.

Symptom:

In complete mode (Deployment modes - Azure Resource Manager | Microsoft Learn), the resources in resource group that are not specified in the template will be deleted by Resource Manager. However, during the deployment of Private Endpoint, the Network Interface (NIC) is being generated automatically as a separate resource with random given name so this means that this NIC cannot be defined in the template. As a result, the NIC is not defined in the ARM template will be deleted in the complete mode of deployment, while this action will be blocked because the Private Endpoint is currently referencing this NIC.

 

Microsoft-logo-flag only.JPG

 

Title: Azure DDoS Standard Protection Now Supports APIM in VNET Integration

Source: Azure Network Security

Author: Saleem Bseeu

Publication Date: October 4, 2022

Content excerpt:

Azure DDoS Protection Standard provides enhanced DDoS mitigation features to defend against volumetric and protocol DDoS attacks, such as Adaptive real time tuning, always-on traffic monitoring, Azure DDoS Rapid Response support, cost protection telemetry, monitoring, and alerting.

DDoS protection standard currently supports Public IPs in ARM based VNets such as Load Balancers, Bastion, Azure Firewall and Application Gateway. Now you can also protect your public IPs attached to VNet integrated Azure API Management (APIM) instances with Azure DDoS Protection Standard.

 

Microsoft-logo-flag only.JPG

 

Title: Public Preview: Immutable Vaults with Azure Backup

Source: Azure Governance and Management

Author: Utsav Raghuvanshi

Publication Date: October 26, 2022

Content excerpt:

Azure Backup recently launched the public preview of immutable vaults that can help you protect your backup data better against ransomware attacks and other malicious actors. Immutable vaults protect your backups by blocking any operations that could lead to loss of recovery points if misused. Further, you can lock the immutability setting to make it irreversible, which can prevent malicious actors from disabling immutability and deleting backups.

Immutability is supported for Recovery Services vaults as well as Backup vaults.

 

Microsoft-logo-flag only.JPG

 

Title: Azure Portal September 2022 Updates

Source: Azure Governance and Management

Author: Allison Cordle

Publication Date: October 25, 2022

Content excerpt:

The update for this month in the Azure portal includes updates to Azure Service Bus. 

 

Messaging Services > Service Bus

Messaging Services > Service Bus

Messaging Services > Service Bus

Intune

 

Microsoft-logo-flag only.JPG

 

Title: Generally Available: Simplify Management and Operations with Azure Automanage Machine Best Practices

Source: Azure Governance and Management

Author: Akanksha Agrawal

Publication Date: October 12, 2022

Content excerpt:

We are thrilled to announce that Azure Automanage Machine Best Practices is now generally available for Azure VMs and Arc-enabled servers!

Azure Automanage machine best practices is a consolidated management solution that simplifies daily server management through effortless automation by handling the initial setup and configuration of Azure best practice services such as Azure Monitor, Backup, Microsoft Defender, Update Management, etc. Automanage continuously monitors machines across their entire lifecycle automatically bringing them back into conformance should they drift from the desired state.

 

Microsoft-logo-flag only.JPG

 

Title: Azure Policy Announces Enhancements for Gradual Rollout, Custom Evaluations & Kubernetes Policy!

Source: Azure Governance and Management

Author: Neha Kulkarni

Publication Date: October 12, 2022

Content excerpt:

Azure Policy is excited to roll out some new features & additional support for the features you've gotten to know and love. These features provide enhancements to roll out your policies in a safe & secure manner, easily exempt or apply policy evaluation to certain resources at-scale, create policies for your Kubernetes clusters, as well as, for the first time, reflect your custom attestation scenarios in Azure Policy! 

 

Microsoft-logo-flag only.JPG

 

Title: Upgrading Your Server and Client TLS Protocol Just Got Easier Using Automanage Machine Configuration

Source: Azure Governance and Management

Author: Jodi Boone

Publication Date: October 12, 2022

Content excerpt:

Ensuring secure communication protocols across server environments has been a clear requirement for IT admins, operators, and developers for the past two decades. What wasn’t clear was how to set a desired communication protocol and maintain this at scale, until now.

To prevent bad actors from accessing or disrupting sensitive data as it moves through the internet, we have relied on various cryptographic protocols over the years, namely Secure Socket Layers (SSL) and Transport Layer Security (TLS). As weaknesses were discovered, new versions of SSL and then TLS were created and although technologies have evolved, so have the tactics of hackers and other cyber criminals.

 

Microsoft-logo-flag only.JPG

 

Title: Deliver Organizational Messages with Windows 11 and Microsoft Intune

Source: Windows IT Pro

Author: Jesse Stein

Publication Date: October 12, 2022

Content excerpt:

Based on ongoing conversations with IT admins, Microsoft recognized that global organizations that adopted hybrid work needed better tools to onboard, connect, and engage their users.

We developed organizational messages for Windows 11. It is configurable through Microsoft Intune to provide IT admins the ability to reach people within their organization with key messages that are delivered natively on Windows 11. IT admins identified onboarding and information updates as the main areas of opportunity for user engagement. As a result, we have enabled organizational messages delivery from IT admins natively in Windows 11 in the Get Started app to support user onboarding and in the taskbar and Windows notifications to support information updates. Admins use these messages to help users ramp up in new roles, learn about their organization, stay informed of new updates, and schedule requisite trainings.

 

Microsoft-logo-flag only.JPG

 

Title: Windows Hello for Business Hybrid Cloud Kerberos Trust is Now Available!

Source: Windows IT Pro

Author: Sayali Kale

Publication Date: October 12, 2022

Content excerpt:

We are excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model that enables a passwordless sign-in experience. With this new model, we've made Windows Hello for Business much easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI) and Azure Active Directory (Azure AD) Connect synchronization wait times.

 

Microsoft-logo-flag only.JPG

 

Title: DCOM Authentication Hardening: What You Need To Know

Source: Windows IT Pro

Author: David Zhu

Publication Date: October 19, 2022

Content excerpt:

Hardening represents a means of investigating and reducing the number of systems across your organization with potential weaknesses, and then taking steps to securing them from malicious actors and their increasingly creative cyberthreats. Hardening has been applied across the industry to servers, software applications, operating systems, databases, networks, projects, repositories, services, policies, platforms, and more.

In this article, we'll explore how we're hardening Distributed Component Object Model (DCOM).

 

Microsoft-logo-flag only.JPG

 

Title: Create an Azure Kubernetes Service (AKS) Cluster with API Server VNET Integration Using Bicep

Source: FastTrack for Azure

Author: Paolo Salvatori

Publication Date: October 4, 2022

Content excerpt:

This article shows how to deploy an Azure Kubernetes Service (AKS) cluster with API Server VNET Integration. AKS clusters with API Server VNET integration provide a series of advantages, for example, they can have public network access or private cluster mode enabled or disabled without redeploying the cluster. You can find the companion code in this GitHub repo.

 

Microsoft-logo-flag only.JPG

 

Title: App Service Hybrid Connections: Is It Fast Enough?

Source: FastTrack for Azure

Author: Andre Dewes

Publication Date: October 4, 2022

Content excerpt:

App Service Hybrid connection offers a quick and uncomplicated way to reach your on-premises services in scenarios where there aren't other networking solutions like VPN or ExpressRoute available. Normally, you don't even need to open any firewall ports in your on-premises environments because it only requires outbound HTTP connection over port 443 towards Azure to work. Behind the scenes, it is a TCP relay proxy over websockets. It only works to reach services that run on TCP protocols and not UDP. 

Therefore, it might be a good fit if you are planning to migrate your application(s) to Azure App Service but this app has dependencies to on-premises databases or APIs and your networking team is not yet ready to set up a VPN/ExpressRoute connection between these environments. The migration work can be unblocked using Hybrid connections towards these external dependencies with no code changes within your app.

 

Microsoft-logo-flag only.JPG

 

Title: Use Azure AD Workload Identity for Kubernetes with a User-Assigned Managed Identity

Source: FastTrack for Azure

Author: Paolo Salvatori

Publication Date: October 17, 2022

Content excerpt:

This article and the companion Azure code sample show how to use Azure AD workload identity for Kubernetes in a .NET Standard application running on Azure Kubernetes Service. It leverages the public preview capability of Azure AD workload identity federation and a user-assigned managed identity.

 

Microsoft-logo-flag only.JPG

 

Title: Microsoft Expands Device Management for Android

Source: Endpoint Management

Author: Priya Ravichandran

Publication Date: October 5, 2022

Content excerpt:

Microsoft is pleased to announce the ability to manage and protect data on corporate devices that run on Android Open Source Project (AOSP) is generally available with Microsoft Intune as a part of Microsoft Endpoint Manager.

 

Microsoft-logo-flag only.JPG

 

Title: Reduce Your Overall TCO with a New Microsoft Intune Plan

Source: Endpoint Management

Author: Dilip Radhakrishnan

Publication Date: October 12, 2022

Content excerpt:

We are pleased to announce that Microsoft will launch a new suite of advanced endpoint management solutions in March 2023 together in one, cost-effective plan. This new plan will help you go further in simplifying endpoint management, protecting your hybrid workforce, and delivering better user experiences across your organization.

 

Microsoft-logo-flag only.JPG

 

Title: Introducing the Microsoft Intune Product Family

Source: Endpoint Management

Author: Michael Wallent

Publication Date: October 12, 2022

Content excerpt:

Today, we're announcing that Microsoft Intune will be the name of the growing product family for all things endpoint management at Microsoft. We are committed to continued investment in the core of Intune with enhancements to the features, performance, and Microsoft 365 integration you expect from us. Another critical part of our vision is building our suite of advanced endpoint management solutions in the cloud, all under the Intune product family. Configuration Manager will remain a key part of that family – and we will continue to meet you where you are with co-management capabilities that help you migrate workloads to the cloud. The name Microsoft Endpoint Manager will no longer be used. Going forward, we'll refer to cloud management as Microsoft Intune and on-premises management as Microsoft Configuration Manager.

 

Microsoft-logo-flag only.JPG

 

Title: PowerShell 7 – Latest Features, Roadmap and a Chat with the PowerShell Product Group

Source: ITOps Talk

Author: April Edwards

Publication Date: October 17, 2022

Content excerpt:

Many of us use PowerShell every day and we each use various versions in our personal and corporate environments. PowerShell 7 has some awesome features that many of us don’t even know about. Thomas Maurer and I took some time to speak to the PowerShell Team to find out all about PowerShell 7. We were joined by Jason HelmickMichael Greene, Damian Caro, Danny Maertens, and Stephen Bucher...all of whom taught us so much in this video.

 

Microsoft-logo-flag only.JPG

 

Title: Protect Your Environment Against Hybrid Identity Attacks

Source: Microsoft 365 Defender

Author: Eran Nachshon

Publication Date: October 10, 2022

Content excerpt:

Most organizations are on a path to fully migrating to a cloud-based identity and access management (IAM) solution like Azure Active Directory (Azure AD). Platforms like Azure AD are more scalable, more secure, and support the latest methods of user authentication when accessing organizational resources and applications. However, transitioning from on-premises IAM solutions takes time - and while customers embark on that journey, Microsoft offers cloud-powered protections for those on-premises resources to ensure that they’re best protected against the latest identity-targeted threats. 

Microsoft 365 Defender provides comprehensive protection for identities across the Microsoft identity stack. Within that, Defender for Identity supports hybrid identity configurations via an Active Directory Federation Services sensor, to protect the AD FS infrastructure and alert security teams to AD FS-based threats. This enables Microsoft to protect environments where AD FS is in use, as Defender for Identity goes beyond just relying on the authentication happening on the domain controller, and instead collects additional context and data directly from AD FS.

 

Microsoft-logo-flag only.JPG

 

Title: Announcing Microsoft Cloud Security Benchmark (Public Preview)

Source: Microsoft Defender for Cloud

Author: Jim Cheng

Publication Date: October 13, 2022

Content excerpt:

Today, we are announcing the successor of the Azure Security Benchmark - the Microsoft cloud security benchmark. The Microsoft cloud security benchmark (MCSB) v1 is an expanded and enhanced version from Azure Security Benchmark v3 with a new layer of multicloud security guidance. Currently, a full set of security guidance for Amazon Web Services has been developed for all security domains in the Benchmark. In addition, you can now monitor the MCSB controls across Azure and AWS using Microsoft Defender for Cloud. Similar to Azure, MCSB monitoring is enabled by default in MDC for AWS environments, with GCP coverage coming soon.

 

Microsoft-logo-flag only.JPG

 

Title: Announcing a New Azure AD, Part of Microsoft Entra, Region in Japan

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: October 13, 2022

Content excerpt:

Today we're delighted to announce that starting in October 2022, Microsoft customers in Japan can access Azure Active Directory (Azure AD), part of Microsoft Entra, features through our infrastructure in Japan. This replaces the system where the Azure AD data of customers based out of Japan was stored in other global regions. With over 500 million monthly active users, 500,000 customers, and 45 billion daily authentications, Azure AD enables organizations and individuals across the globe to achieve more by addressing their key security and privacy requirements. Microsoft’s Identity and Access Management solutions powered by a Zero Trust framework provide a secure platform for businesses and individuals alike to accomplish their goals. 

 

Microsoft-logo-flag only.JPG

 

Title: Public Preview: Conditional Access Filters for Apps

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: October 26, 2022

Content excerpt:

Today we’re excited to announce the public preview of filters for apps! Filters for apps provides a new way to manage Conditional Access (CA) assignment for apps and workload identities at scale.  

 

Protecting all apps is key to achieving a Zero Trust security posture. Currently, policies explicitly list apps. With filters for apps, admins can tag applications with custom security attributes and apply Conditional Access policies based on those tags, rather than individually selecting apps. With this approach there is no limit on the number of apps covered, and new apps you add with the attributes are automatically included in the policies! Attribute assignment builds on top of custom security attributes, delivering attribute customization and a rich delegation model. 

 

Microsoft-logo-flag only.JPG

 

Title: Apply Zero Trust Principles to Authentication Session Management with Continuous Access Evaluation

Source: Security, Compliance, and Identity

Author: Anna Barhudarian

Publication Date: October 3, 2022

Content excerpt:

Today we’re sharing our thoughts around managing and securing cloud authentication sessions. In the past, “authentication session management” referred to static updates to the session duration. That approach no longer provides adequate security for modern usage patterns where a user’s context changes multiple times after the initial authentication. This can occur due to moving between locations, a need to collaborate inside and outside of an organization or multi-device scenarios. 

So how can we secure authentication sessions without affecting user experience and productivity? Or how do Zero Trust principles apply to authentication sessions? These are the questions we asked as we embarked on a journey to modernize session management. 

 

Microsoft-logo-flag only.JPG

 

 

Previous CTO! Guides:

 

Additional resources:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.