This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .
Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.
These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.
From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!
Title: Looking to optimize and manage your cloud resources? Join our Azure optimization skills challenge!
Source: Azure Architecture
Author: Megan Pennie
Publication Date: 5/3/24
Content excerpt:
Businesses have committed to the cloud for its scalability, agility, and security. Without optimization, however, this flexibility can lead to unmanaged sprawl. Continuous improvement and careful management through all phases of your cloud journey help you to avoid unexpected costs and inefficient resource allocation while improving security and reliability. Strategic optimization delivers the resiliency to efficiently and securely handle fluctuating workloads with ease, ensuring you manage your environment for optimal performance.
That’s why we’re thrilled to bring you our Azure Optimization Cloud Skills Challenge, a curated collection of learning resources and guidance on optimization tools and best practices from Microsoft that can help your business can thrive in the cloud. This track helps you build cloud resiliency, create reliable and secure workloads, manage cloud spend, and modernize to innovate.
Title: Armchair Architects: POC to Prod Must-haves
Source: Azure Architecture
Author: Ariya Khamvongsa
Publication Date: 5/6/24
Content excerpt:
Our host, David Blank-Edelman and our armchair architects Uli Homann and Eric Charran will be discussing how to transition from proof-of-concept (POC) to production (Prod) for AI solutions. It’s one thing to have a POC but what factors should solution architects be mindful of when taking that POC and moving into a real-world production environment?
Below are some key considerations to keep in mind…
Title: Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor
Source: Azure Compute
Author: Stefanie Lemon
Publication Date: 5/21/24
Content excerpt:
Today, Microsoft is announcing the preview of the new Azure Virtual Machines (VMs) featuring the Azure Cobalt 100 Arm-based processor. The Cobalt 100 processor is based on the Neoverse N-series (N2) Arm CPU design, which is optimized for the performance of scale out cloud-based applications. The preview includes the general purpose (Dpsv6-series and Dplsv6-series) and memory optimized (Epsv6-series) VM series.
Title: Announcing the Public Preview of Azure Compute Fleet
Source: Azure Compute
Author: Rajeesh Ramachandran
Publication Date: 5/21/24
Content excerpt:
Today we are announcing the public preview of Azure Compute Fleet, a new service that allows you to manage and deploy thousands of virtual machines (across a mix of SKU’s, VM type, Availability Zones, and pricing models) with a single API call.
Title: Cost Optimization for General Purpose VMs using Hibernation now Generally Available
Source: Azure Compute
Author: Ankit Jain
Publication Date: 5/28/24
Content excerpt:
During Microsoft Ignite 2023, we previewed the ability to hibernate VMs, making it easier for customers to save Compute costs. Hibernating a VM deallocates the machine while persisting the VM’s in-memory state. While the VM is hibernated, customers don’t pay for the Compute costs associated with the VM and only pay for storage and networking resources associated with the VM. Customers can later start back these VMs when needed and all their apps and processes that were previously running simply resume from their last state.
Today we are excited to announce that hibernation for general-purpose VMs is now generally available. In addition, customers can now use hibernation with new VM deployments as well as their existing VMs and save more costs.
Title: Announcing the Public Preview of Standby Pools for Virtual Machine Scale Sets
Source: Azure Compute
Author: Rajeesh Ramachandran
Publication Date: 5/28/24
Content excerpt:
We recently announced the public preview of Standby Pools for Virtual Machine Scale Sets with Flexible Orchestration. Standby Pools is a new service that enables you to increase your scaling performance by creating a pool of pre-provisioned virtual machines from which your scale can pull from when scaling out.
Standby pools reduce the time to scale out by performing various initialization steps such as installing applications/ software or loading substantial amounts of data. These initialization steps are performed on the virtual machines in the standby pool before to being moved into the scale set.
Title: Preview: Introducing Reporting Capabilities for Azure Site Recovery
Source: Azure Governance and Management
Author: Nandini Bajaj
Publication Date: 5/21/24
Content excerpt:
As a Backup and Disaster Recovery Admin, one of your key roles is to obtain insights on data that spans a long time. Similar to Azure Backup, Azure Site Recovery provides a reporting solution that uses Azure Monitor logs and Azure workbooks. These resources will help you get rich insights on your estate protected with Site Recovery.
Title: Monitor effectively using Azure Monitor for Azure Site Recovery
Source: Azure Governance and Management
Author: Nandini Bajaj
Publication Date: 5/22/24
Content excerpt:
As a Backup and Site Recovery Admin, one of your key roles is to be on top of all critical incidents and ensure timely resolution from an outage. Azure Site Recovery now offers an improved alerting solution for Azure Site Recovery on Azure Monitor. This includes default alerts via Azure Monitor, which will enable you to have consistent experience for alert management across different Azure services.
Title: What’s new across Azure Governance services, Microsoft Build 2024
Source: Azure Governance and Management
Author: Jodi Boone
Publication Date: 5/23/24
Content excerpt:
Over the last six months there have been exciting new releases across Governance services to help you continue to manage your Azure environment with increased speed and control. We are spotlighting the public preview and general availability of highly anticipated policy features, recently released Azure Resource Graph Copilot capabilities, and some sneak peaks into what is coming soon. Stay tuned to explore what AI means for your at-scale cloud management scenarios, and make sure to check us out on X for other updates, @AzureGovernance.
Title: Centralized private resolver architecture implementation using Azure private DNS resolver
Source: Azure Infrastructure
Author: Sanjeev Kumar
Publication Date: 5/6/24
Content excerpt:
This article walks you through the steps to setup a centralized architecture to resolve DNS names, including private DNS zones across your Azure network and on-premises DNS using an Azure DNS private Resolver in a hub and spoke VNet topology.
Title: How to Use Azure Virtual Network Manager's UDR Management Feature
Source: Azure Networking
Author: Andrea Michael
Publication Date: 5/2/24
Content excerpt:
Azure Virtual Network Manager (AVNM) is a highly scalable and available network management solution that allows customers to simplify and scale their networks in Azure.
Learn more about AVNM in our public documentation.
Title: Revolutionizing hyperscale application delivery and security: The New Azure Front Door edge platform
Source: Azure Networking
Author: Varun Chawla
Publication Date: 5/8/24
Content excerpt:
In this introductory blog to the new Azure Front Door next generation platform, we will go over the motivations, design choices and learnings from this undertaking which helped us successfully achieve massive gains in scalability, security and resiliency.
Title: Secure Access to Your Azure Virtual Machines for Free with Bastion Developer
Source: Azure Networking
Author: Isabelle Morris
Publication Date: 5/20/24
Content excerpt:
As Microsoft Azure continues to evolve to accommodate its expanding user community, we are pleased to release a groundbreaking offering in response to developer feedback and demands: the new Bastion Developer SKU of Azure Bastion. Now generally available in 6 public regions, this service will revolutionize connectivity for developers by delivering secure and seamless access to Azure Virtual Machines—at no extra cost. In this article, we'll delve into what Azure Bastion Developer entails, the issues it tackles, and why it represents an essential solution for secure access by default.
Title: Customization controls for connectivity between Virtual Networks over ExpressRoute
Source: Azure Networking
Author: Adam Stuart
Publication Date: 5/22/24
Content excerpt:
Recently we added new customer configurable toggles for ExpressRoute Virtual Network Gateways and Virtual WAN Hubs, allowing customers to control the behaviour of routing across their ExpressRoute circuits for resources within Azure. These changes make it easier for customers to correctly use the Microsoft Global Network for connectivity between Virtual Networks, ensuring they obtain the lowest possible latency, highest network bandwidth and most resilient network paths.
Title: Introducing Azure Load Balancer health event logs
Source: Azure Networking
Author: Annie Fang
Publication Date: 5/29/24
Content excerpt:
We’re thrilled to announce that Azure Load Balancer now supports health event logs! These new logs are published to the Azure Monitor resource log category LoadBalancerHealthEvent and are intended to help you monitor and troubleshoot your load balancer resources.
As part of this public preview, you can now receive the following 5 health event types when the associated conditions are met. These health event types are targeted to address the top issues that could affect your load balancer’s health and availability…
Title: Using Admin State to Control Your Azure Load Balancer Backend Instances
Source: Azure Networking
Author: Chidozie Buruzie
Publication Date: 5/30/24
Content excerpt:
Today, Azure Load Balancer distributes incoming traffic across healthy backend pool instances. It accomplishes this by using health probes to send periodic requests to the instances and check for valid responses. Results from the health probe then determine which instances can receive new or continued connections and which ones cannot.
Title: Organizing rule collections and rule collection groups in Azure Firewall Policy
Source: Azure Network Security
Author: Beatriz Silveira
Publication Date: 5/15/24
Content excerpt:
Firewall Policy is the recommended method to manage Azure Firewall security and operational configurations. When using Firewall Policy, any rules must be part of a rule collection and rule collection group. Rule collections are sets of rules that share the same priority and action, and can be of type DNAT, Network, or Application. Rule collection groups are containers for rule collections of any type and are processed first by Azure Firewall based on priority.
Title: Loop DDoS Threats: Azure’s Strategy for Cybersecurity Defense
Source: Azure Network Security
Author: Amir Dahan; Syed Pasha
Publication Date: 5/16/24
Content excerpt:
In the realm of cybersecurity, Distributed Denial-of-Service (DDoS) attacks are a significant concern. The recent holiday season has unveiled a complex and evolving threat landscape, marked by sophisticated tactics and diversification. From botnet delivery via misconfigured Docker API endpoints to the NKAbuse malware's exploitation of blockchain technology for DDoS attacks, the tactics and scale of these attacks have shown significant sophistication and diversification.
Title: Azure WAF integration in Copilot for Security- Protect web applications using Gen AI
Source: Azure Network Security
Author: Sowmya Mahadevaiah
Publication Date: 5/21/24
Content excerpt:
Today, we are launching the public preview of Azure Web Application Firewall (WAF) integration in Microsoft Copilot for Security. Azure WAF capabilities available in the standalone Copilot for Security experience are: Get Top Rules Triggered, Get Top Blocks By IP, Get SQLi Blocks By WAF, and Get XSS Blocks By WAF.
Title: Azure Firewall integration in Microsoft Copilot for Security
Source: Azure Network Security
Author: Abhinav Sriram
Publication Date: 5/21/24
Content excerpt:
Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. In this blog we will be focusing on the newly announced Azure Firewall integration in Copilot for Security.
Title: Faster server onboarding and disaster recovery with Azure File Sync (Public Preview)
Source: Azure Storage
Author: 1Nataraj
Publication Date: 5/20/24
Content excerpt:
We are excited to announce the public preview of faster server onboarding and disaster recovery. This will significantly accelerate customer onramp and scaling with Azure File Sync for hybrid access as well as disaster recovery. With this update (v18), we are expediting the time taken for a newly provisioned server endpoint ready to use.
Title: Enhancing Azure Files resilience and performance
Source: Azure Storage
Author: 1Nataraj
Publication Date: 5/20/24
Content excerpt:
Azure Files provides the best-in-class fully managed file share solution in the cloud. We are excited to showcase several new capabilities, some already launched and others upcoming, all aimed at enhancing your application reliability and performance, when using Azure Files.
Title: Curated resiliency recommendations for Azure Virtual Desktop
Source: Azure Virtual Desktop
Author: Tom Hickling
Publication Date: 5/29/24
Content excerpt:
The Azure Proactive Resiliency Library (APRL) is a collection of best practices, recommendations, and scripts that help you improve the resiliency of your Azure Virtual Desktop environment. Incorporating the contributions of multiple subject matter experts around the globe, including Microsoft FastTrack and senior cloud solution architects, the library offers proven guidance based on thousands of hours helping organizations deploy Azure Virtual Desktop in complex environments.
Title: Hibernation support now available for Azure Virtual Desktop
Source: Azure Virtual Desktop
Author: Jessie Duan
Publication Date: 5/30/24
Content excerpt:
Today we are happy to announce the general availability of hibernation support in Azure Virtual Desktop. Explore additional capabilities that make it easier to save compute costs for your idle resources.
Title: Revisiting Enterprise Policy as Code v10
Source: Core Infrastructure and Security
Author: Heinrich Gantenbein
Publication Date: 5/1/24
Content excerpt:
As EPAC has reached version 10, it is time to revisit Enterprise Policy as Code (EPAC for short) to give you an update from the original post (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-policy-as-c...) published on September 12th, 2022.
The maintainers of the OSS project EPAC work daily with Microsoft’s customers implementing Azure governance and security in general and more specifically Policy implementation via EPAC. EPAC was born out of the need to manage Policy at scale, while dramatically reducing the cost of implementation with traditional Infrastructure as Code (IaC) tools, such as ARM, Bicep, and Terraform. Those tools are great for IaC in general; however, their lack the knowledge of dependencies between definitions, assignments, exemptions, and role assignments and the simplifications to Policy Assignments and Policy Exemptions. EPAC understands the dependencies and will sequence the deployment correctly.
Title: Microsoft will require MFA for all Azure users
Source: Core Infrastructure and Security
Author: Erin Chapple (CVP – Azure Core)
Publication Date: 5/14/24
Content excerpt:
This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA). Establishing this security baseline at the tenant level puts in place additional security to protect your cloud investments and company.
Title: Enable Zero Touch Enrollment of MDE on macOS devices managed by Microsoft Intune
Source: Core Infrastructure and Security
Author: Arnab Mitra
Publication Date: 5/17/24
Content excerpt:
Microsoft Defender for Endpoint (MDE) is a unified endpoint security platform that helps protect your organization from advanced threats. MDE provides threat detection, investigation, and response capabilities across Windows, Linux, Android, and macOS devices.
To deploy MDE on macOS devices, you need to install the MDE agent and enroll the devices to the MDE service. You can use Microsoft Intune, a cloud-based device management service, to automate the installation and enrollment process. This blog post explains how to use Intune to achieve zero touch enrollment of MDE on macOS devices.
Title: Optimizing Cloud Management: Leveraging Azure Update Manager with Pre and Post Events
Source: Core Infrastructure and Security
Author: Werner Rall
Publication Date: 5/20/24
Content excerpt:
As Azure Update Manager becomes the go-to solution for patching Azure VMs, it’s crucial to integrate efficient pre and post tasks to enhance reliability and control. This blog outlines a systematic approach to setting up these tasks, starting with initiating specific VMs based on their tags, and creating snapshots of the OS disk before updates. This preemptive measure ensures that if updates cause issues, restoring the system is straightforward and quick. Additional tasks will be integrated as needed to adapt to evolving requirements.
Title: Microsoft Entra ID Tenant Starters Guide: Understanding Identity Management and Licensing
Source: Core Infrastructure and Security
Author: Gregor Wohlfarter
Publication Date: 5/29/24
Content excerpt:
Microsoft Entra ID Tenant is a cloud-based identity and access management service that helps you manage your organization's users, devices, applications, and resources. It is a powerful and flexible solution that enables you to securely connect your employees, customers, and partners to the digital resources they need, while protecting your organization from unauthorized access and identity threats. In this guide, you will learn the basics of Microsoft Entra ID Tenant, how to access and use it, how to manage licenses for different Microsoft products and services, and how to address some common challenges and scenarios related to identity management and licensing.
Title: Addressing Common Entra ID Protection Deployment and Maintenance Issues
Source: Core Infrastructure and Security
Author: Chad Cox
Publication Date: 5/30/24
Content excerpt:
Entra ID tenants face threats from bad actors who use password spray attacks, multifactor spamming, and social phishing campaigns. Many organizations do not prioritize protecting Entra ID because they worry about affecting their end users. One straightforward way to protect Entra ID is to use risk based conditional access policies that combine conditional access policies with the risk signals from Entra ID Protection. In this blog, I will discuss some of the mistakes that we see organizations make that cause delays in the deployment and leave their tenants insecure. This blog will answer questions about Entra ID tenants using third party identity providers to authenticate, reducing false positives, minimizing user impact, and migrating from the old identity protection policies.
Title: How to enable IPv6 to IPv4 communication in Azure
Source: FastTrack for Azure
Author: brsteph
Publication Date: 5/6/24
Content excerpt:
As organizations begin to convert new and existing IPv4 workloads to IPv6, they will need to manage communications between these different IP versions. This article provides an overview of three common Azure workload scenarios organizations need to plan for, and how to execute by leveraging the dual-stack nature of Azure networks.
Title: Virtual Network Flow Logs Recipes - Microsoft Community Hub
Source: FastTrack for Azure
Author: Jose Moreno
Publication Date: 5/8/24
Content excerpt:
You might have heard about the General Availability of Virtual Network Flow Logs in Azure, and even read the announcement blog post. When writing that post with Harsha CS I had the chance to play a bit with VNet Flow Logs and Traffic Analytics, and I would like to share some of the learnings.
Title: How to choose the right reserved instance in Azure
Source: FinOps
Author: Gregor Wohlfarter
Publication Date: 5/7/24
Content excerpt:
A reserved instance is a way to prepay for a certain amount of compute usage in Azure for a fixed period of time (either one or three years [1]), at a discount. By doing so, you can save up to 72% compared to the pay-as-you-go (PAYG) price, depending on the type and size of the instance. Reserved instances are ideal for workloads that have predictable and consistent usage patterns, such as production environments, databases, or web servers.
While Reserved Instances offer a cost-effective solution for consistent workloads, it's important to understand the flexibility and limitations they present. Currently, you can cancel reservations with no penalty fee, subject to a cap of $50,000 per 12-month period. However, there might be an upcoming 12% cancellation fee for canceling reservations [2]. Additionally, virtual machine reservations are not limited to a single product; Instance Size Flexibility allows you to apply your reservation to any virtual machine within the same flexibility group, enhancing adaptability to changing needs [3]. However, this flexibility is exclusive to VM instances.
Title: Unlock savings potential with Azure Advisor's Cost Optimization workbook
Source: FinOps
Author: Arthur Clares
Publication Date: 5/15/24
Content excerpt:
The Azure Cost Optimization workbook is a powerful tool that helps you monitor and optimize your Azure costs. It provides you with a comprehensive overview of your Azure environment and offers actionable insights and recommendations based on the Well-Architected Framework Cost Optimization pillar.
Title: How to enforce usage of Privileged Access Workstations for Admins
Source: Security, Compliance, and Identity
Author: Sascha Windrath
Publication Date: 5/3/24
Content excerpt:
You probably already came across the challenge to make sure that administrators using a highly privileged administrative role in Entra ID or an Azure RBAC role which allows control over sensitive resources should be only allowed if administrators use a dedicated administrative workstation. At Microsoft we call those devices Privileged Access Workstations (PAW). PAWs are highly restricted and protected devices with the single purpose to secure and protect the admin’s credentials following Zero Trust and Clean Source Principle. Now, the issue is that Admins could either employ that device or simply ignore it and use their office computers instead, which seems to be much more convenient. The same applies for the attackers, because admins not using a PAW makes their life much easier as they would have a direct attack path at hand. This is not what you want! (This article assumes you already have implemented a PAW for cloud services management.)
Title: Respond to trending threats and adopt zero-trust with Exposure Management
Source: Security, Compliance, and Identity
Author: Brjann Brekkan
Publication Date: 5/6/24
Content excerpt:
In today’s rapidly evolving threat landscape, organizations face a daunting challenge: managing their security posture effectively. With an ever-expanding attack surface, including cloud services, endpoints, apps, increasing use of SaaS applications and different types of accounts and identities, it has become more important than ever to implement proactive processes to prevent threats. As cyber threats become more sophisticated, organizations must stay ahead of the curve. The ability to implement processes to identify, assess, and remediate exposures is essential for maintaining a robust security posture.
Title: Completing DFSR SYSVOL migration of domains that use Entra ID passwordless SSO
Source: Storage at Microsoft
Author: Ned Pyle
Publication Date: 5/13/24
Content excerpt:
Heya folks, Ned here again. A customer recently reached out to me in the comments section of the well-worn Streamlined Migration of FRS to DFSR SYSVOL article, asking about a problem he was seeing with a single DC that wouldn't complete the process. Today I'll explain how to fix the issue introduced by a very modern authentication add-on.
Title: Accessing a third-party NAS with SMB in Windows 11 24H2 may fail
Source: Storage at Microsoft
Author: Ned Pyle
Publication Date: 5/29/24
Content excerpt:
Heya folks, Ned here again. With the publication of Windows 11 24H2 Release Preview, customers are trying out the new OS prior to general availability. If you were in the Windows Insider Canary or Dev release program for the past few years, nothing I'm about to share is new. But if you weren't and you're now having issues mapping a drive to your third-party network attached storage (NAS) devices using SMB, this article is for you.
Title: Skilling snack: Advanced network security
Source: Windows IT Pro
Author: Navi Beesetti
Publication Date: 5/16/24
Content excerpt:
Ready for another dive into network security? By now, you should already be familiar with the basics, courtesy of our previous skilling snack, Network security basics for endpoints. Network security is too broad and important of a topic to cover in a single snack, and it's always improving! So, we've compiled a second serving of more advanced network security skilling to help you give your organization the worry-free environment it deserves.
Title: VBScript deprecation: Timelines and next steps
Source: Windows IT Pro
Author: Naveen Shankar Chilla
Publication Date: 5/22/24
Content excerpt:
Scripting options for web development and task automation are modernizing. To provide you with the most modern and efficient options, we are replacing VBScript with more advanced alternatives such as JavaScript and PowerShell. Find out what VBScript deprecation means for you and how you can get ready.
Title: Evolving Copilot in Windows for your workforce
Source: Windows IT Pro
Author: Harjit Dhaliwal
Publication Date: 5/22/24
Content excerpt:
This week, we introduced the Copilot+ PC in addition to updating Microsoft Copilot in Windows, your everyday AI companion. By changing Copilot in Windows, we're addressing one of the top pieces of feedback we have received from commercial organizations, which is to provide a more flexible, app-like experience. In this blog, we'll share some of the updates we've made to AI in Windows and how we're providing choice and control for commercial organizations and the IT professionals that support them.
Title: Run untrusted content safely with Windows Sandbox
Source: Windows OS Platform
Author: Kavya Nagalakunta
Publication Date: 5/14/24
Content excerpt:
As a developer, your work often involves experimenting with various libraries, frameworks, tools and sometimes testing unknown files or executables. But let's face it – accessing unfamiliar files or repos can sometimes feel like tiptoeing through a minefield. You do not know if they are safe or potential malware. What if I told you there's a way to explore new files without risking your host OS!
Windows Sandbox (WSB) provides a lightweight desktop environment to safely run applications in isolation from the host OS. Think of it as your digital playground – a safe, isolated environment where you can test and debug apps, explore unknown files, or experiment with tools without risking your host OS. A Windows Sandbox is disposable. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.
Previous CTO! Guides:
Additional resources:
- Azure documentation
- Azure pricing calculator (VERY handy!)
- Microsoft Azure Well-Architected Framework
- Microsoft Cloud Adoption Framework
- Windows Server documentation
- Windows client documentation for IT Pros
- PowerShell documentation
- Core Infrastructure and Security blog
- Microsoft Tech Community blogs
- Microsoft technical documentation (Microsoft Docs)
- Sysinternals blog
- Microsoft Learn
- Microsoft Support (Knowledge Base)
- Microsoft Archived Content (MSDN/TechNet blogs, MSDN Magazine, MSDN Newsletter, TechNet Newsletter)