Check This Out! (CTO!) Guide (May 2023)

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

 

Microsoft-logo-flag only.JPG

 

Title: What is a Cloud Adoption Security Review?

Source: Azure Architecture

Author: danielmamsft

Publication Date: 5/1/23

Content excerpt:

The Cloud Adoption Security Review (CASR) is aimed to self-assess an Azure landing zone (ALZ) environment that has achieved baseline security against the Secure Methodology of the Cloud Adoption Framework (CAF).

 

Microsoft-logo-flag only.JPG

 

 

Title: Mitigating Downtime and Increasing Reliability: Strategies for Managing Complexity in the Cloud

Source: Azure Architecture

Author: Lavan Nallainathan

Publication Date: 5/3/23

Content excerpt:

This paper explores the relationship between complexity, entropy, and chaos theory in the context of cloud application design and management. Discussing the importance of understanding business needs, setting RTO and RPO objectives, conducting effective risk assessments, understanding SLA and calculating SLAs when building Cloud Native Systems and steps to help mitigate down time and increase system availability using Azure Availability Zones.

 

Microsoft-logo-flag only.JPG

 

 

Title: Achieving Distributed High Availability: Stack HCI and AKS Hybrid

Source: Azure Architecture

Author: ianlcurtis

Publication Date: 5/17/23

Content excerpt:

Sometimes high availability is the top business priority. There are situations where even the high availability provided in the cloud by redundant systems, availability zones, and failovers isn’t enough.

I recently worked with a customer in just this situation. They needed to deliver their service with 5 9’s of availability – that’s less than 5 minutes of downtime per year – but by the nature of how we use the cloud, this is hard to achieve. The SLAs of all of the cloud services that you plug together to support your solution need to be considered in its overall availability.

 

Microsoft-logo-flag only.JPG

 

 

Title: Increased remote storage performance with NVMe-enabled Ebsv5 VMs now generally available

Source: Azure Compute

Author: Priya Shan

Publication Date: 5/3/23

Content excerpt:

Today, we announce the general availability (GA) of the NVMe-enabled Ebsv5 VM series,  with two new sizes, E96 and E112i vCPU, added to the Ebsv5 VM family. The Ebsv5 and Ebdsv5 NVMe VMs offer up to 260,000 IOPS (input/output operations per second) and 8,000MBps of remote disk storage throughput. They also include up to 672GiB of RAM and local SSD storage (maximum 3,800GiB). In addition, the smaller sizes, E48 vCPU, and E64 vCPU, will offer higher performance with NVMe at no extra cost.

 

Microsoft-logo-flag only.JPG

 

 

Title: Cost Optimization Practices for Azure VMs – VM services

Source: Azure Compute

Author: Perry Leong

Publication Date: 5/10/23

Content excerpt:

Azure Virtual Machines are an excellent solution for hosting both new and legacy applications. However, as your services and workloads become more complex and demand increases, your costs may also rise. Azure provides a range of pricing models, services, and tools that can help you optimize the allocation of your cloud budget and get the most value for your money.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Monitor Baseline Alerts (Preview)

Source: Azure Governance and Management

Author: Paul Grimley

Publication Date: 5/2/23

Content excerpt:

Over the past few months, we have been working behind the scenes and with a few select customers to develop a solution to help more easily accelerate and adopt Azure Monitor as part of onboarding to Azure or Enhancing your existing Azure / ALZ investment. Working alongside the Azure Monitor product group we have identified a number of opportunities

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Backup Reports now includes support for more workloads

Source: Azure Governance and Management

Author: Aditya Balaji

Publication Date: 5/17/23

Content excerpt:

We are happy to share that Azure Backup Reports now includes support for more workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks!

This means that you can now enable logging of backup-related metadata (such as jobs, backup items, policies, usage) for these workloads, and retain these records for a customizable duration of time depending on your compliance and audit requirements. You can then leverage the canned reporting views that are already provided via the Backup Reports solution today, and view information for protected items corresponding to these workloads.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure portal April 2023 updates

Source: Azure Governance and Management

Author: Allison Cordle

Publication Date: 5/25/23

Content excerpt:

An overview of the updates for the Azure portal for April 2023

 

Microsoft-logo-flag only.JPG

 

 

Title: How to identify the recommended VM for your HPC workloads

Source: Azure High Performance Computing (HPC)

Author: Jose Angel Fernandez Rodrigues

Publication Date: 5/11/23

Content excerpt:

This article presents a concise overview of the key factors to consider when selecting the appropriate SKU for your application. It outlines a systematic methodology for filtering out unsuitable VM categories, then narrowing down the options by evaluating VM families and SKUs.

 

Microsoft-logo-flag only.JPG

 

 

Title: Introducing the Azure Linux container host for AKS

Source: Azure Infrastructure

Author: Jim Perrin

Publication Date: 5/23/23

Content excerpt:

We are excited to announce the general availability of the Azure Linux container host for Azure Kubernetes Service (AKS). The Azure Linux container host for AKS is a lightweight, secure, and reliable OS platform optimized for performance on Azure.

 

Microsoft-logo-flag only.JPG

 

 

Title: Accelerate innovation with Red Hat on Azure- Latest Announcements from Red Hat Summit 2023

Source: Azure Infrastructure

Author: Garima Singh

Publication Date: 5/23/23

Content excerpt:

Microsoft continues to strengthen its partnership with Red Hat as a “platinum” sponsor at Red Hat Summit to engage customers on future proofing their businesses with more license flexibility, closer joint engineering, and better joint support. Jeremy Winter, Corporate Vice President, Azure Cloud Native from Microsoft will deliver the keynote on Day 1 on the topic of ‘Innovation doesn’t rely on your IT budget’. This will showcase Microsoft’s advancements in open innovation and how the Red Hat on Azure product portfolio helps businesses innovate without significant investment.

 

Microsoft-logo-flag only.JPG

 

 

Title: Migrate Kubernetes workloads running on VM’s using Azure Migrate – Planning & Execution

Source: Azure Migration and Modernization

Author: Sandeep G

Publication Date: 5/7/23

Content excerpt:

This article explains the steps carried out in doing a lift and shift migration of Kubernetes workloads running on virtual machines (from any location – On-premise or Third-party cloud provider) to Azure public region. This migration was tested at a customer side, where they had specific requirements to migrate the Kubernetes workloads as is by retaining their IP addresses.

 

Microsoft-logo-flag only.JPG

 

 

Title: Plan the migration of your SQL Server deployments with Azure SQL assessment in Azure Migrate (GA)

Source: Azure Migration and Modernization

Author: Shikher Saluja

Publication Date: 5/16/23

Content excerpt:

Today we are announcing that SQL Server discovery and Azure SQL assessment in Azure Migrate are now Generally Available (GA).

 

Microsoft-logo-flag only.JPG

 

 

Title: Logging and Metrics Enhancements to Azure Firewall now in Preview

Source: Azure Network Security

Author: Shabaz Shaik

Publication Date: 5/12/23

Content excerpt:

Azure Firewall is a cloud-native network firewall security service that provides threat protection for your cloud workloads running in Azure. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall sits between the end user and the application server, processing critical application traffic and enforcing security policies on this traffic. In case of any latency or disconnection to the application, the firewall acts as a great point to look at this traffic and troubleshoot the root cause. Azure Firewall now offers new logging and metric enhancements designed to increase visibility and provide more insights into the traffic processed by the firewall. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Protect Office365 and Windows365 with Azure Firewall

Source: Azure Network Security

Author: Yuval Perry

Publication Date: 5/18/23

Content excerpt:

Office 365 customers are looking for the best cloud connectivity experience at scale to achieve end-to-end connectivity through the most optimized route possible. Traffic from the organization’s network to the required Office 365 endpoints should be managed and secured, which could be a time-consuming ongoing task. With the recent announcement of Azure Firewall integration with Office 365, you can now easily manage this traffic and leverage the firewall’s security features to secure it.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Firewall NAT Behaviors

Source: Azure Network Security

Author: David Frazee

Publication Date: 5/19/23

Content excerpt:

The Azure Firewall is a cloud-native and intelligent network firewall security service that can be integrated into many different use cases. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability that provides both east-west and north-south traffic inspection. Depending on how traffic will flow through the Azure Firewall, there are expected NAT behaviors. NAT, or Network Address Translation, is a method of remapping an IP address into another by modifying network address information in the IP header of packets. When traffic passes through an Azure Firewall, the firewall can perform NAT to translate the source or destination IP addresses and ports of the packets. The specific NAT behavior will depend on the firewall’s configuration and the type of NAT being used. In this blog, we cover what behaviors to expect when traffic flows for inbound traffic, through DNAT rules, and for outbound traffic through the Network, and Application rules of the Azure Firewall.

 

Microsoft-logo-flag only.JPG

 

 

Title: Registration and Arc extension improvements in Azure Stack HCI

Source: Azure Stack

Author: Arpita Duppala

Publication Date: 5/8/23

Content excerpt:

Previously, Azure Stack HCI registration required two Resource Groups, one for the cluster resource and another for Arc for server resources. However, now you can register both the Azure Stack HCI cluster and Arc for Server resources in the same Resource Group by passing the existing Resource Group information.

 

Microsoft-logo-flag only.JPG

 

 

Title: How to attach an additional network interface to the Azure Stack HCI VM using SDN

Source: Azure Stack

Author: vaibhavkale

Publication Date: 5/10/23

Content excerpt:

Azure Stack HCI is a hyperconverged infrastructure (HCI) cluster solution consists of windows servers (Hyper-V), Storage Spaces Direct, and Azure-inspired SDN. All clustered servers share common configurations and resources by leveraging the Windows Server Failover Clustering feature. A Windows Failover Cluster consists of multiple windows servers running in a cluster to provide high availability i.e. If one server node goes down, then another node takes over. We can create multiple windows/Linux VMs on the failover cluster. In this blog, we have provided steps to attach a new network interface to an existing VM running on the failover cluster with static MAC and valid static IP address (from the given VNet/subnet pool).

 

Microsoft-logo-flag only.JPG

 

 

Title: Announcing the General Availability of Azure Monitor HCI Insights

Source: Azure Stack

Author: Saniya Islam

Publication Date: 5/16/23

Content excerpt:

The new, enhancedAzure Monitor HCI Insights uses the new improved Azure Monitor Agent and Data Collection Rule. These rules specify the event logs and performance counters that need to be collected and stores it in a Log Analytics workspace. Once the logs are collected, HCI Insights uses Azure Monitor Workbooks to provide deeper insights on the health, performance and usage of the cluster. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Announcing the Public Preview of Azure Site Recovery with Azure Stack HCI

Source: Azure Stack

Author: Shijo Joy

Publication Date: 5/17/23

Content excerpt:

In October 2021 we announced the support of Azure Site Recovery to protect virtual machines (VM) workloads on Azure Stack HCI. Based on customer feedback, we have improved the ASR agent deployment experience and now we are excited to announce the Public Preview of the new ASR agent deployment experience as an Arc extension. 

 

Microsoft-logo-flag only.JPG

 

 

Title: How to Save 70% on File Data Costs

Source: Azure Storage

Author: Karl Rautenstrauch

Publication Date: 5/1/23

Content excerpt:

In the first post in this series we reviewed the high costs of file data storage and the need to take action in the face of growing unstructured data volumes and shrinking enterprise IT budgets. In the second post we reviewed data storage tiering options and the benefits of transparent file tiering with Komprise Intelligent Tiering for Azure. In this final post we’ll review a storage tiering TCO comparison.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Container Storage in Public Preview

Source: Azure Storage

Author: Yuemin Lu

Publication Date: 5/15/23

Content excerpt:

Azure Container Storage introduces — a grouping of storage resources presented as a single, unified storage resource for your AKS cluster. Storage Pool provides an abstracted storage layer on multiple options including ephemeral disk, Azure Disk, and Elastic SAN, enabling you to leverage the storage that best aligns with your workload needs

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Storage updating some default security settings on new accounts - Aug 2023

Source: Azure Storage

Author: Nandita Chakraborti

Publication Date: 5/17/23

Content excerpt:

Beginning August 2023, Azure storage will begin phased roll out of changes that disables anonymous access and cross tenant replication for all new storage accounts by default, to align with best practices for security and reduce the risk of data exfiltration. Existing storage accounts will not be impacted by this change. This change will be made to all Azure clouds. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Public Preview: Azure Files geo-redundancy for standard large file shares

Source: Azure Storage

Author: Jeff Patterson

Publication Date: 5/24/23

Content excerpt:

We’re excited to announce Azure Files geo-redundancy for large file shares is now in public preview for standard SMB file shares.

Azure Files has supported large file shares for several years, which not only provides file share capacity up to 100TiB but improved IO operations per second (IOPS) and throughput as well. Large file shares are widely adopted by customers using locally redundant storage (LRS) and zone-redundant storage (ZRS) but has not been available for geo-redundant storage (GRS) and geo-zone redundant storage (GZRS) until now.

 

Microsoft-logo-flag only.JPG

 

 

Title: Announcing the public preview of Azure Virtual Desktop Custom Image Templates

Source: Azure Virtual Desktop

Author: Tom Hickling

Publication Date: 5/9/23

Content excerpt:

Today I am pleased to announce the public preview of a new feature in Azure Virtual Desktop called Custom image templates.

Custom image templates allows admins to build a custom “golden image” with the added capability to include Azure Virtual Desktop built-in customizations as well as your own customization scripts to install other applications or set of configurations.

 

Microsoft-logo-flag only.JPG

 

 

Title: Continuing improvement to Windows Server Containers and the upcoming changes

Source: Containers

Author: Akarsh Mishra

Publication Date: 5/9/23

Content excerpt:

Earlier this year, we announced our concerted effort to reduce the size of Windows Server Container images, and we were delighted with the feedback we received. Today, we are taking a step further to deliver even more improvements based on that feedback as part of the May 2023 release and share our plans for the coming months.

 

Microsoft-logo-flag only.JPG

 

 

Title: Kubernetes External DNS for Azure DNS & AKS

Source: Core Infrastructure and Security

Author: Houssem Dellai

Publication Date: 5/1/23

Content excerpt:

After deploying an application and its services into a Kubernetes cluster, a question rises on the surface, how to access it with a custom domain name ? A simple solution would be to create an A record that points the domain name into the service IP address. This could be done manually, so it will be too hard to scale as you add many services. And this could be fully automated by using External DNS! This tutorial describes how to manage custom domain names in Azure DNS using External DNS in AKS.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Policy Recommended Practices

Source: Core Infrastructure and Security

Author: Heinrich Gantenbein

Publication Date: 5/4/23

Content excerpt:

Azure Policy has multiple uses including general governance, monitoring setup, security, and compliance. It should not be used to deal with items better handled with role-based access control (RBAC). The following rules codify this:

  • Prohibit anybody and any service from doing something: Azure Policy.
  • Prohibit specific users and service principals from doing something: RBAC.

Note: Many professionals use security and compliance interchangeably. Security encompasses much more than some checkboxes on a compliance spreadsheet; however, complying with Microsoft Cloud Security Benchmark and NIST-880-53 are a decent baseline for enforcing security aspects with Azure Policy.

 

Microsoft-logo-flag only.JPG

 

 

Title: How to Allocate Azure Monitor Logs Ingestion Costs by Resource Tag

Source: Core Infrastructure and Security

Author: Helder Pinto

Publication Date: 5/8/23

Content excerpt:

Azure Monitor Logs, also known as Log Analytics, is a fundamental tool for monitoring and reporting on your Azure, multi-cloud, and hybrid resources. It supports such a vast array of Microsoft cloud services that it has become one of the most used Azure services for all sorts of customers. Consequently, Azure Monitor Logs has also become an important cost driver for many Azure customers and being able to allocate or split those costs across the right cost centers in the organization is a pressing need most customers have. This is especially relevant for customers who centralize as much as possible their Log Analytics workspaces, following Microsoft’s recommended best practices. The question this article answers is: how can we sort out which logs belong to which cost center in a simple manner? My colleague @Bruno Gabrielli recently described the logic behind cost allocation by subscription, resource group or resource. What I am going to describe next is how to do it based on the resource tags.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Savings Dashboard

Source: Core Infrastructure and Security

Author: Saira Shaik

Publication Date: 5/9/23

Content excerpt:

I have created this dashboard to display the savings made due to the purchase of Reservations or Savings Plans or by signing the agreement with Microsoft to get Azure Commitment Discounts (ACD).
This dashboard is helpful for Customers who:

  • Purchased Reservations or
  • Purchased Savings Plan or
  • Signed Monthly Azure Consumption Commitment (MACC) and got a special discounted price.

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure Cost Management Dashboard

Source: Core Infrastructure and Security

Author: Saira Shaik

Publication Date: 5/14/23

Content excerpt:

This Dashboard helps customers to understand the billing details, including monthly bill, monthly usage cost, and monthly purchase cost, along with the number of units each Service consumed and the respective cost by Services running on On Demand or Reservations or Savings Plan with the Top 5 drivers contributing to the cost. These drivers are the Top 5 Subscription Names, Top 5 Instance Types, and Top 5 Locations. Customers can view details of any Service monthly and daily insights of usage and respective cost with a granular level of drill down to Resource Name.

 

Microsoft-logo-flag only.JPG

 

 

Title: Build Reports Faster with Azure Resource Graph - Microsoft Community Hub

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: 5/15/23

Content excerpt:

If you are hands-on with Azure operations, I’m sure at some point you have been asked to provide some type of report containing information about your Azure environment.

In the past, the only way to provide this information was to programmatically iterate through all your subscriptions and retrieve the data, subscription by subscription.

Throughout this article I will provide a couple examples on how you would accomplish that task in the traditional way compared to using the Azure Resource Graph. Moreover, I will provide the time it takes to accomplish each task using the Measure-Command cmdlet.

 

Microsoft-logo-flag only.JPG

 

 

Title: Unified Update Platform with ConfigMgr – Questions from the Field

Source: Core Infrastructure and SecuritySource: Core Infrastructure and Security 

Author: Stefan Röll

Publication Date: 5/19/23

Content excerpt:

Hello everyone! I´m Stefan Röll, Cloud Solution Architect at Microsoft Germany for Intune and Microsoft Configuration Manager. In the past weeks, I got a lot of questions from customers around the recently released Unified Update Platform (UUP). In this Blog I want to cover some of them.

 

Microsoft-logo-flag only.JPG

 

 

Title: Mastering AKS Troubleshooting #1: Resolving Connectivity and DNS Failures

Source: Core Infrastructure and Security

Author: Joji Varghese

Publication Date: 5/19/23

Content excerpt:

This blog post marks the beginning of a three-part series, that originated from an intensive one-day bootcamp focused on advanced AKS networking triage and troubleshooting scenarios. It offers a practical approach to diagnosing and resolving common AKS networking issues, aiming to equip readers with quick troubleshooting skills for their AKS environment.

Each post walks through a set of scenarios that simulate typical issues. Detailed setup instructions will be provided to build a functional environment. Faults will then be introduced that causes the setup to malfunction. Hints will be provided on how to triage and troubleshoot these issues using common tools such as kubectl, nslookup, and tcpdump. Each scenario concludes with fixes for the issues faced and explanation of the steps taken to resolve the problem. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Mastering AKS Troubleshooting #2: VNet cross-connectivity and Port resolution

Source: Core Infrastructure and Security

Author: Joji Varghese

Publication Date: 5/23/23

Content excerpt:

This post is the second in a three-part series on troubleshooting common networking issues with Azure Kubernetes (AKS), a managed container orchestration service. Scenarios in this post were the result of an intensive one-day bootcamp specifically targeting advanced AKS networking triage and troubleshooting scenarios. It offers comprehensive guidance on how to set up a fully functional environment and presents various fault scenarios that participants can troubleshoot using familiar tools.

The previous post addressed connectivity and DNS issues. This article specifically covers endpoint connectivity issues across virtual networks and port configuration problems for services and pods.

 

Microsoft-logo-flag only.JPG

 

 

Title: Mastering AKS Troubleshooting #3: Kernel view and AKS Observability

Source: Core Infrastructure and Security

Author: Joji Varghese

Publication Date: 5/26/23

Content excerpt:

This blog post concludes the three part series that addresses common networking problems that may occur while working with Azure Kubernetes Service (AKS). Although AKS is a managed container orchestration service, issues can still arise, requiring troubleshooting.

The earlier blog post covered endpoint connectivity issues across virtual networks and port configuration problems with services and their associated pods. This article focusses on solving issues using Linux toolsets to get a kernel view of the Kubernetes layout and using Container Insights to view logging and diagnostics to take remedial actions.

 

Microsoft-logo-flag only.JPG

 

 

Title: Cloud Management Gateway - Inbound Rule for Port 8443

Source: Source: Core Infrastructure and Security

Author: Nandan Sheth

Publication Date: 5/29/23

Content excerpt:

Hello! My name is Nandan Sheth, and I am a part of Microsoft’s Customer Success Unit based out of Dublin, Ireland. I have been helping customers set up the Cloud Management Gateway for a few years now, but recently an organization with 40000+ users asked me a question that I haven’t given much thought to. When you set up the Cloud Management Gateway using a Virtual Machine Scale Set, one of the resources created in Azure is the Network Security Group. The Network Security Group has an inbound rule for port 8443.

Why is this rule created and what is it needed for?

 

Microsoft-logo-flag only.JPG

 

 

Title: Tidying Up URLs: Removing Trailing Slashes in Azure Static Web Apps

Source: Core Infrastructure and Security

Author: Werner Rall

Publication Date: 5/31/23

Content excerpt:

In the ever-evolving digital landscape, the importance of clean, well-structured URLs cannot be overstated. A well-crafted URL not only improves user experience, but it also boosts your website's SEO ranking. One common issue web developers and content creators face is the presence of trailing slashes in their URLs, which can lead to duplicate content issues and negatively impact search engine performance. 

In this blog post, we'll share a practical solution based on a recent customer engagement, where we helped them create a file that effectively removes trailing slashes from their URLs. Through step-by-step guidance, you'll learn how to implement this solution on your own website, ensuring a seamless browsing experience for your users and maintaining your site's SEO health. Whether you're a seasoned developer or a beginner, our easy-to-follow tutorial will empower you to take control of your website's URL structure and elevate your online presence.

 

Microsoft-logo-flag only.JPG

 

 

Title: Multi Hub and Spoke Topology using Azure Firewalls

Source: FastTrack for Azure

Author: Mauricio Rojas Martinez

Publication Date: 5/2/23

Content excerpt:

This article describes a simple Inter Hub and Spoke topology and walks through its implementation.  

 

Microsoft-logo-flag only.JPG

 

 

Title: Achieving High Availability with Azure SQL Server on VM: Choosing the Best Solution for Your Needs

Source: FastTrack for Azure

Author: Assaf Fraenkel

Publication Date: 5/8/23

Content excerpt:

Achieving high availability is crucial for businesses that rely on their SQL Server databases. With SQL Server on Azure virtual machines, there are two popular deployment architectures  to consider: SQL Server Always-On Availability Groups (AG) and SQL Server Always-On Failover Clustering (FCI). However, choosing the right solution for your specific scenario requires careful consideration of various factors. In this article, we will provide a comprehensive guide to help you decide which approach to use, especially when deployed in the Azure environment.

 

Microsoft-logo-flag only.JPG

 

 

Title: Define and implement permissions, roles and scopes with Azure Active Directory in SaaS solution

Source: FastTrack for Azure

Author: Irina Kostina

Publication Date: 5/9/23

Content excerpt:

This article covers 3 main concepts related to authentification & authorization, which can be used by SaaS providers. It will cover Application Roles functionality, Delegated & Application permissions, and Scopes functionality.

 

Microsoft-logo-flag only.JPG

 

 

Title: How to Perform Manual Failover of an Azure SQL Database

Source: FastTrack for Azure

Author: Assaf Fraenkel

Publication Date: 5/17/23

Content excerpt:

Introduction: If you're managing an Azure SQL database and encounter an issue where the database becomes unresponsive, you must find a solution that will help you restore the service. In this article you will learn how to perform a manual failover to restore service as part of the task to identify the root cause of the problem even though the server is unresponsive.

 

Microsoft-logo-flag only.JPG

 

 

Title: Deploy and run a Azure OpenAI/ChatGPT application on AKS

Source: FastTrack for Azure

Author: Paolo Salvatori

Publication Date: 5/30/23

Content excerpt:

This article shows how to deploy an Azure Kubernetes Service(AKS) cluster and Azure OpenAI Service and how to deploy a Python chatbot that authenticates against Azure OpenAI using Azure AD workload identity and calls the Chat Completion API of a ChatGPT model.

 

Microsoft-logo-flag only.JPG

 

 

Title: New Microsoft Entra Features Now Available

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: 5/1/23

Content excerpt:

Microsoft has recently introduced a range of new security tools and features for their Entra product family, aimed at helping organizations to improve their security posture. With the ever-increasing sophistication of cyber-attacks and the increasing use of cloud-based services and the proliferation of mobile devices, it is essential that organizations have effective tools in place to manage their scope of security. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Azure AD Certificate-Based Authentication (CBA) on Mobile now Generally Available!

Source: Microsoft Entra (Azure AD)

Author: Alex Simons

Publication Date: 5/4/23

Content excerpt:

At Ignite 2022, we announced the general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment toExecutive Order 14028,Improving the Nation’s Cybersecurity. Now, were thrilled to announce the general availability of Azure AD CBA support on mobile.

 

Microsoft-logo-flag only.JPG

 

 

Title: Modernizing Authentication Management

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: 5/9/23

Content excerpt:

We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert. 

The General Availability of Converged Authentication Methods allows all methods used for authentication and password reset to be centrally managed and with more control, providing the ability to target groups of users.  

 

Microsoft-logo-flag only.JPG

 

 

Title: Public Preview: Token Protection for Sign-In Sessions

Source: Microsoft Entra (Azure AD)

Author: Paul Garner

Publication Date: 5/10/23

Content excerpt:

At the recent Microsoft Secure event, we announced a new feature called Token Protection for sign-in sessions. This is the first in a series of Microsoft Entra features designed to combat token theft and replay attacks. 

 

Microsoft-logo-flag only.JPG

 

 

Title: GA: System-preferred multifactor authentication

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: 5/16/23

Content excerpt:

In previous blogs, we've emphasized the importance of multifactor authentication (MFA). Today, organizations and end users are using various authentication methodsproviding varying levels of security. Users often choose less secure MFA methods, despite having access to more secure options due to a range of factors such as convenience, lack of awareness, or technical limitations.

 

Microsoft-logo-flag only.JPG

 

 

Title: Microsoft Entra External ID​ public preview: Developer-centric platform

Source: Microsoft Entra (Azure AD)

Author: Levent Besik

Publication Date: 5/24/23

Content excerpt:

Today, we’re excited to announce new developer-centric capabilities for customer and partner identity experiences in our next generation customer identity and access management (CIAM) solution - Microsoft Entra External ID, and a next milestone in making our Microsoft Entra Verified ID solution easy to integrate into any application with Microsoft Entra Verified ID SDK. 

 

Microsoft-logo-flag only.JPG

 

 

Title: Tenant Restriction v2 is now Public Preview!

Source: Microsoft Entra (Azure AD)

Author: Robin Goldstein and Vimala Ranganathan

Publication Date: 5/25/23

Content excerpt:

With TRv2, you can enable safe and productive cross-company collaboration while containing data exfiltration risk. Tenant restriction settings enable you to control what external tenants your users can access from your devices or network using externally issued identities and provide granular access control on a per org, user, group, and application basis.   

Tenant restriction is a much-awaited expansion of the previously releasedcross-tenant access settings for external collaboration. Together these provide the most granular control over your cross-company security and collaboration policies.

 

Microsoft-logo-flag only.JPG

 

 

Title: Announcing General Availability of Authenticator Lite (in Outlook) - Microsoft Community Hub

Source: Microsoft Entra (Azure AD) 

Author: Alex Weinert

Publication Date: 5/26/23

Content excerpt:

Last month, Authenticator Lite (in Outlook) moved to public preview, bringing the security and reliability of Microsoft Authenticator to an app users already have on their phones. Today we’re excited to announce that Authenticator Lite (in Outlook) is now generally available! 

 

Microsoft-logo-flag only.JPG

 

 

Title: Cross-Tenant Synchronization for seamless application access is now generally available!

Source: Microsoft Entra (Azure AD)

Author: Joseph Dadzie

Publication Date: 5/30/23

Content excerpt:

In the past, many of you spent significant time and money building custom scripts to provision accounts across tenants and enable cross-tenant collaboration. Since we launched public preview of cross-tenant sync in January, many of you quickly switched to the out of the box functionality and saved your companies both time and money. It’s amazing to hear how easy it has been to deploy cross-tenant synchronization!

 

Microsoft-logo-flag only.JPG

 

 

Title: Microsoft Enterprise SSO for Apple Devices Is Now Available for Everyone

Source: Microsoft Entra (Azure AD)

Author: Alex Simons

Publication Date: 5/31/23

Content excerpt:

Today I’m excited to announce the General Availability of the Microsoft Enterprise SSO plug-in for Apple devices. This product provides single sign-on (SSO) for Azure Active Directory (Azure AD), now a part of Microsoft Entra, accounts on macOS, iOS, and iPadOS across all applications that support Apple's enterprise single sign-on feature. This includes older applications your organization depends on that don’t use the latest libraries or protocols and may not have access to the latest Microsoft Entra features.  

 

Microsoft-logo-flag only.JPG

 

 

Title: Conditional Access authentication strength is now Generally Available!

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: 5/31/23

Content excerpt:

Greetings! I’m thrilled to announce that Conditional Access authentication strength is now generally available. This powerful feature allows organizations to choose the right authentication method requirements for specific scenarios, making it easier than ever for organizations to move towards more secure, modern, and strong authentication.

 

Microsoft-logo-flag only.JPG

 

 

Title: How to provide feedback on Windows LAPS

Source: Windows IT Pro

Author: Jay Simmons

Publication Date: 5/3/23

Content excerpt:

Like you, we are excited that Windows LAPS is now available! This new solution gives you the ability to easily manage and back up passwords for local administrator accounts on your Azure Active Directory-joined or Active Directory-joined devices. Password encryption and history, Directory Services Restore Mode (DSRM) password backups, emulation mode, and automatic rotation—all these new capabilities can now be yours!

But we'd love to keep working with you to continue to improve Windows LAPS. So, let's hear your ideas and feedback.

 

Microsoft-logo-flag only.JPG

 

 

Title: Confidential VMs on Azure

Source: Windows OS Platform

Author: Caroline Perez-Vargas

Publication Date: 5/31/23

Content excerpt:

In this blog we’ll describe the Confidential VM model and share how Microsoft built the Confidential VM capabilities by leveraging confidential hardware platforms (we refer to the hardware platform as the combination of the hardware and architecture specific firmware/software supplied by the hardware vendor). We will give an overview of our goals and our design approach and then explain how we took steps to enable confidential VMs to protect their memory, as well as to provide them secure emulated devices such as a TPM, to protect their execution state and their firmware, and lastly to allow them to verify their environment through remote attestation.

 

Microsoft-logo-flag only.JPG

 

 

 

Previous CTO! Guides:

 

Additional resources:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.