Check This Out! (CTO!) Guide (April 2024)
Published May 27 2024 09:16 PM 1,684 Views
Microsoft

 

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

BrandonWilson_1-1716869488395.jpeg

 

 

Title: Speaking in Ciphers and other Enigmatic tongues fresh content update!

Source: Ask the Directory Services Team

Author: Jim Tierney

Publication Date: 4/3/24

Content excerpt:

So, your company purchases this new super awesome vulnerability and compliance management software suite, and they just ran a scan on your Windows Server 2008 domain controllers and lo! The software reports back that you have weak ciphers enabled, highlighted in RED, flashing, with that "you have failed" font, and including a link to the following Microsoft documentation…

 

BrandonWilson_2-1716869516948.jpeg

 

 

Title: NTLM vs Kerberos

Source: Ask the Directory Services Team

Author: Josh Mora

Publication Date: 4/23/24

Content excerpt:

In this post, we will go through the basics of NTLM and Kerberos. We will explain using the three Ws, covering what the main differences between them are, how to identify when a protocol is being used over the other, and why one is safer than the other.

 

BrandonWilson_3-1716869527937.jpeg

 

 

Title: Coming Soon: Transition to WS2012 ESUs enabled by Azure Arc

Source: Azure Arc

Author: Aurnov Chattopadhyay

Publication Date: 4/3/24

Content excerpt:

Announced during last week’s Windows Server Summit 2024, customers will be able to transition to Azure Arc for WS2012 Extended Security Updates enabled by Azure Arc for Year 2 if they had purchased Year 1 of Extended Security Updates for Volume Licensing. This experience will ask customers to supply their Invoice Id, corresponding to WS2012 ESU purchases from Volume Licensing.

With its pay as you go flexibility as an Azure billed service and inclusion of Azure management services like Azure Update Manager and Machine Configuration at no additional cost, WS2012 ESUs enabled by Azure Arc offer financial and experience benefits to customers. This is especially critical to support customers in their journey of migrating and modernizing End of Life infrastructure to Azure.

 

BrandonWilson_4-1716869535347.jpeg

 

 

Title: Public Preview of Azure Arc Site Manager

Source: Azure Arc

Author: Nathan Parikh

Publication Date: 4/22/24

Content excerpt:

This week we are excited to announce the Public Preview of Azure Arc site manager. We designed site manager to meet the needs of customers who manage solutions on the adaptive cloud and want to view and monitor their resources according to their physical locations, such as stores, restaurants, and factories. Within site manager, customers can create Arc sites to represent their on-premises environments and see centralized monitoring information across their edge infrastructure.

 

BrandonWilson_5-1716869543167.jpeg

 

 

Title: Cloud Governance Guidance in Microsoft's Cloud Adoption Framework 

Source: Azure Architecture

Author: Stephen Sumner

Publication Date: 4/8/24

Content excerpt:

We are thrilled to announce the latest enhancement to Microsoft's Cloud Adoption Framework for Azure. We comprehensively updated our cloud governance guidance in the Govern section of the Cloud Adoption Framework (CAF). The updated governance guidance represents Microsoft's commitment to supporting your organization's cloud journey, offering a clearer, more accessible, and comprehensive path to effective cloud governance. It encompasses identity, cost, resource, data, and AI governance among other areas of governance categories.

Whether you're a startup looking to scale efficiently or a large enterprise aiming to refine your governance practices, we designed this governance guidance to meet your needs and guide you to where you need to be.

 

BrandonWilson_6-1716869555660.jpeg

 

 

Title: On Demand Capacity Reservation is now available in Azure for US Government

Source: Azure Compute

Author: Megan Pennie

Publication Date: 4/29/24

Content excerpt:

Today, we're announcing the general availability of on demand capacity reservations for Azure Virtual Machines in Azure for US Government Cloud . You can now manage and reserve capacity with guaranteed SLA for VM sizes available on Azure for US Government Cloud.

As part of our ongoing commitment to expanding our global reach and providing On Demand Capacity Reservation benefits to our customers, we have diligently worked hard for months to bring this feature to Azure for US Government Cloud.

 

BrandonWilson_7-1716869563576.jpeg

 

 

Title: Azure billing meters: What you need to know about the upcoming changes

Source: Azure Governance and Management

Author: Vahe Minasyan

Publication Date: 4/8/24

Content excerpt:

This article is to inform you of some important changes that we are making as part of our ongoing efforts to improve your Azure experience and increase pricing transparency. We are making changes to the billing meters that could affect some Azure services and resources that you may use, and we want to make sure you understand what the changes are, why we are doing them, and how they will impact your billing. 

These updates will not impact your prices, but you may notice some changes in how your Azure consumption is shown on your invoice, price sheet, API, and other Cost Management tools.

 

BrandonWilson_8-1716869571868.jpeg

 

 

Title: Perform bulk NSG rule rollout across multiple target NSGs

Source: Azure Infrastructure

Author: Sourav Bera

Publication Date: 4/22/24

Content excerpt:

Network Security Groups (NSGs) are a fundamental aspect of Azure networking, providing a layer of security to control traffic flow within virtual networks. However, managing NSG rules across multiple NSGs can be a daunting task, especially when done manually. This article introduces a powerful PowerShell script that allows you to perform bulk NSG rule rollouts across multiple target NSGs, saving you time and ensuring consistency across your network.

 

BrandonWilson_9-1716869578658.jpeg

 

 

Title: Enhancing Azure Connectivity: Sharing PaaS instance across customer tenants on Azure

Source: Azure Infrastructure

Author: Aquib Qureshi

Publication Date: 4/28/24

Content excerpt:

I’ve come across a scenario where one of my customer using Azure SQL DB wanted to share their Database with other customer who was also hosted on Azure. They were struggling to establish site-to-site connectivity so that Customer B could access Customer A’s network, enabling them to connect to the Azure SQL DB via the site-to-site tunnel. Though this can be achieved, there are better ways to connect to Azure SQL DB, or any PaaS instance for that matter, with another customer who is using Azure. This can also be used by customers who have multiple Azure AD tenants.

 

BrandonWilson_10-1716869589775.jpeg

 

 

Title: VMware HCX Troubleshooting with Azure VMware Solution

Source: Azure Migration and Modernization

Author: Rene van den Bedem

Publication Date: 4/8/24

Content excerpt:

VMware HCX is one of the Azure VMware Solution components that generates a large number of service requests from our customers. The Azure VMware Solution product group has worked to cover the most common troubleshooting considerations that you should know about when using VMware HCX with the Azure VMware Solution.

 

BrandonWilson_11-1716869597438.jpeg

 

 

Title: Microsoft Azure ExpressRoute Overview Cheat Sheet

Source: Azure Networking

Author: Gene Whitaker

Publication Date: 4/9/24

Content excerpt:

Microsoft Azure ExpressRoute lets you extend your on-premises networks into the Microsoft Cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft Cloud services, such as Microsoft Azure and Microsoft 365.

Use this ExpressRoute Overview Cheat Sheet to quickly learn and gain access to the following information: 

  • ExpressRoute Main Components
  • Key Benefits and Features
  • The Different Connectivity Models
  • Various Helpful Links
  • Diagram demonstrating ExpressRoute circuits along with features such as Global Reach and FastPath

This cheat sheet is compiled with important and most common information to learn ExpressRoute. 

 

BrandonWilson_12-1716869606128.jpeg

 

 

Title: Network traffic observability with virtual network flow logs

Source: Azure Networking

Author: HarshaCS

Publication Date: 4/24/24

Content excerpt:

Azure Network Watcher provides network monitoring and troubleshooting capabilities to increase observability and actionable insights with out-of-box health metrics & topology visualization, connectivity  monitoring, traffic monitoring and diagnostics suite. For on-premises workloads, network administrators rely on NetFlow or IPFIX to address these use cases. Virtual network flow logs are a capability of Network Watcher service to address these scenarios for Azure and hybrid networks and we are excited to announce that virtual network flow logs are now transitioning from public preview to general availability.

 

BrandonWilson_13-1716869613907.jpeg

 

 

Title: Understanding the core concept and routing of vWAN with Example

Source: Azure Networking

Author: Sourav Das

Publication Date: 4/26/24

Content excerpt:

What is virtual WAN? Azure Virtual WAN is a NAAS (networking as a service) to enable simplified global transit networking architecture that brings many networking, security, and routing functionalities together to provide a single operational interface…

 

BrandonWilson_14-1716869621656.jpeg

 

 

Title: New and improved network topology experience in Network Watcher and Azure Monitor Network Insights

Source: Azure Networking

Author: Sagar Gupta

Publication Date: 4/28/24

Content excerpt:

Azure Network Watcher provides network monitoring and troubleshooting capabilities to increase observability and actionable insights. Network Watcher supports four main scenarios: Connectivity Monitoring detects packet loss and latency, built-in health metrics and topology visualization help to locate issues, traffic monitoring tracks network communication pattern, and diagnostics suite enables troubleshooting. 

 

BrandonWilson_15-1716869629426.jpeg

 

 

Title: Apply critical update for Azure Stack HCI VMs to maintain Azure verification

Source: Azure Stack

Author: Kimberly Lam

Publication Date: 4/18/24

Content excerpt:

Azure verification for VMs on Azure Stack HCI makes it possible for Azure-exclusive benefits to work outside of the cloud and in on-premises and edge environments. These benefits include Azure Virtual Desktop for Azure Stack HCIWindows Server Datacenter: Azure EditionExtended Security Updates (ESUs) for SQL and Windows Server Virtual Machines (VMs) on Azure Stack HCI, and Azure Policy guest configuration. To keep these workloads continuing to function, periodic updates are required to maintain their security and functionality.

 

BrandonWilson_16-1716869636170.jpeg

 

 

Title: Sneak peek at new Azure edge infrastructure at Hannover Messe 2024

Source: Azure Stack

Author: Cosmos Darwin

Publication Date: 4/22/24

Content excerpt:

This week is Hannover Messe 2024, the world’s biggest industrial trade fair. Microsoft is there, including members of the Azure Stack team, showcasing how the Microsoft Cloud enables end-to-end manufacturing solutions that help securely connect people, assets, and business processes, empowering organizations to be more resilient.
Near the center of our booth, you can watch a robotic assembly line put together battery parts. The line features standard OT assets from our partner Rockwell Automation and shows how an adaptive cloud approach together with open standards like OPC UA can accelerate industrial transformation. Azure IoT Operations enabled by Azure Arc flows data from the production line into Microsoft Fabric, enabling real-time monitoring and analysis in the cloud.
And if you look closer, you may spot an exciting new infrastructure solution hosting it all…

 

BrandonWilson_17-1716869642644.jpeg

 

 

Title: Azure Virtual Desktop for Azure Stack HCI now has autoscale

Source: Azure Virtual Desktop

Author: Jessie Duan

Publication Date: 4/11/24

Content excerpt:

On February 2024, we announced the general availability of Azure Virtual Desktop for Azure Stack HCI, which extends the capabilities of the Microsoft Cloud to your datacenters and edge locations. Today, we’re happy to announce that autoscale support on Azure Virtual Desktop for Azure Stack HCI is now in public preview. With the Azure Virtual Desktop autoscale feature, organizations running virtualized desktops and apps on-premises, at the edge or in their datacenter, can optimize costs by turning off idle Azure Virtual Desktop session hosts running on Azure Stack HCI.

 

BrandonWilson_18-1716869656484.jpeg

 

 

Title: Get Azure Reservations and Savings Plans Insights with the Azure Optimization Engine

Source: Core Infrastructure and Security

Author: Helder Pinto

Publication Date: 4/1/24

Content excerpt:

Azure Reservations and Savings Plans commitments have been adopted by many customers with a predictable and steady Azure consumption to achieve considerable savings over on-demand prices. Depending on your on-demand Azure Compute consumption patterns, you may choose one over the other, or even have both working in tandem…

 

BrandonWilson_19-1716869664395.jpeg

 

 

Title: ConfigMgr: Avoiding Remote Management Point Pitfalls

Source: Core Infrastructure and Security

Author: Pavel Yurenev

Publication Date: 4/4/24

Content excerpt:

I’m Pavel Yurenev, a Support Escalation Engineer specializing in Microsoft Configuration Manager at Microsoft Customer Service & Support (CSS). As Reactive Support, we assist customers with issues arising from Microsoft software products. Unfortunately, some supported product configurations are poorly supportable.

Today, I want to discuss certain design features of Configuration Manager Management Points (MPs) and provide guidance for architects and administrators.

 

BrandonWilson_20-1716869670826.jpeg

 

 

Title: Proxies, proxies everywhere but still no Internet. Overview of the Windows Proxies

Source: Core Infrastructure and Security

Author: Will Aftring

Publication Date: 4/8/24

Content excerpt:

Howdy everyone, a quick tangent from our regularly scheduled Introduction to Network Trace Analysis series to talk about the Windows Proxy ecosystem. A Windows Proxy configuration can be a little tricky, so I wanted to add clarity for configuration methods. Scoping things a bit here I will also only be referring to 64-bit applications.  

But first, let’s explain what I mean when I say proxy…

 

BrandonWilson_21-1716869677508.jpeg

 

 

Title: Active Directory Hardening Series - Part 4 – Enforcing AES for Kerberos

Source: Core Infrastructure and Security

Author: Jerry Devore

Publication Date: 4/15/24

Content excerpt:

Hi everyone, Jerry Devore here again with another installment in my series on Active Directory hardening.  This time I want to revisit a topic I previously wrote about in September of 2020 which is enforcing AES for Kerberos.  Since I wrote that blog post a few new tips have come my way.  Before we dive in here is a quick re-cap of what was previously discussed…

 

BrandonWilson_22-1716869684055.jpeg

 

 

Title: Controlling AKS egress using an HTTP Proxy

Source: Core Infrastructure and Security

Author: Houssem Dellai

Publication Date: 4/22/24

Content excerpt:

Azure Kubernetes Service (AKS) clusters, whether deployed into a managed or custom virtual network, have certain outbound dependencies necessary to function properly. Previously, in environments requiring internet access to be routed through HTTP proxies, this was a problem. Nodes had no way of bootstrapping the configuration, environment variables, and certificates necessary to access internet services.

This feature adds HTTP proxy support to AKS clusters, exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.

Both AKS nodes and Pods will be configured to use the HTTP proxy. Here is an architecture diagram showing the different components.

 

BrandonWilson_23-1716869690585.jpeg

 

 

Title: Building Your Own Copilot for Credit Card Selection

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: 4/28/24

Content excerpt:

Have you ever found yourself lost in the maze of credit card options, navigating through countless comparison websites, unsure of the accuracy and timeliness of their information? I certainly have. Recently, I embarked on a quest to find the perfect credit card, one that rewards my spending habits with frequent flyer points. However, relying solely on popular comparison platforms left me questioning the reliability of their data, often overshadowed by biased advertisements.

But then, a beacon of hope emerged: the realization that all bank product information is accessible through a common API. With this revelation, I set out to craft my own solution – a personalized Copilot to guide me through the sea of credit card offerings.

 

BrandonWilson_24-1716869696954.jpeg

 

 

Title: Cost allocation is imperative for cloud resource optimization

Source: FinOps

Author: Antonio Ortoll

Publication Date: 4/15/24

Content excerpt:

Like most enterprises, you are probably managing your Azure resources and services centrally and need a way to distribute and “showback” or reallocate the cost of services back to the organizational units that use those services.

Sharing cloud services provides greater flexibility and scalability when they can be dynamically allocated. But as your cloud adoption grows, the quantity of billing and usage data and the speed at which it is delivered can make allocation and reporting a challenge without a strategy and a system to efficiently assign the costs of cloud resources to their specific users.

 

BrandonWilson_25-1716869703819.jpeg

 

 

Title: 7 steps for a successful Azure migration

Source: ITOps Talk

Author: Sonia Cuff

Publication Date: 4/9/24

Content excerpt:

Migrating an on-premises environment to Azure requires preparation, planning, and time. Join Microsoft MVP Gregor Reimling and learn seven key steps for a successful Azure migration.

In this video, you will learn…

 

BrandonWilson_26-1716869711233.jpeg

 

 

Title: Wired for Hybrid - What's New in Azure Networking - April 2024 edition

Source: ITOps Talk

Author: Pierre Roman

Publication Date: 4/22/24

Content excerpt:

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.

In this blog post, we’ll cover what's new with Azure Networking in April 2024.  In this blog post, we will cover the following announcements and how they can help you.

 

BrandonWilson_27-1716869718535.jpeg

 

 

Title: Dual-Region Azure VMware Solution design with Global Reach, using Secure Virtual WAN

Source: ITOps Talk

Author: Jason Medina

Publication Date: 4/24/24

Content excerpt:

This article describes the best practices for connectivity, traffic flows, and high availability of dual-region Azure VMware Solution when using Azure Secure Virtual WAN with Routing Intent and Global Reach. This article breaks down Virtual WAN with Routing Intent topology from the perspective of Azure VMware Solution private clouds, on-premises sites, and Azure native. The implementation and configuration of Secure Virtual WAN with Routing Intent are beyond the scope and are not discussed in this document.

 

BrandonWilson_28-1716869726086.jpeg

 

 

Title: Important update: Deprecation of Azure AD PowerShell and MSOnline PowerShell modules

Source: Microsoft Entra (Azure AD)

Author: Kristopher Bash

Publication Date: 4/1/24

Content excerpt:

In 2021, we described our plans to invest in Microsoft Graph PowerShell SDK as the PowerShell provider for Microsoft Entra and transition away from Azure AD and MSOnline PowerShell modules. In 2023, we announced that the deprecation of Azure AD and MSOnline PowerShell modules would occur on March 30, 2024. We’ve since made substantial progress closing remaining parity gaps in Microsoft Graph PowerShell SDK, and as of March 30, 2024, these PowerShell modules are now deprecated:

  • Azure AD PowerShell (AzureAD) 
  • Azure AD PowerShell Preview (AzureADPreview) 
  • MS Online (MSOnline) 

You should migrate your scripts to Microsoft Graph PowerShell SDK as soon as possible. Information about the retirement of these modules can be found below.

 

BrandonWilson_29-1716869733384.jpeg

 

 

Title: What's new in Microsoft Entra

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: 4/1/24

Content excerpt:

With the ever-increasing sophistication of cyber-attacks, the increasing use of cloud-based services, and the proliferation of mobile devices, it’s essential that organizations secure access for both human and non-human identities to all on-premises and cloud resources, while working continuously to improve their security posture. 

Today, we’re sharing feature release information for January – March 2024, and first quarter change announcements. We also communicate these via release notes, email, and the Microsoft Entra admin center.  

 

BrandonWilson_30-1716869739710.jpeg

 

 

Title: Introducing new and upcoming Entra Recommendations to enhance security and productivity

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: 4/2/24

Content excerpt:

Managing the myriad settings and resources within your tenant can be daunting. In an era of escalating security risks and an unprecedented global threat landscape, organizations seek trusted guidance to enhance their security posture That’s why we introduced Microsoft Entra Recommendations to diligently monitor your tenant’s status, ensuring it remains secure and healthy. Moreover, they empower you to extract maximum value from the features offered by Microsoft Entra ID. Since the launch of Microsoft Entra recommendations, thousands of customers have adopted these recommendations and resolved millions of resources.  

 

BrandonWilson_31-1716869746294.jpeg

 

 

Title: Introducing "What's New" in Microsoft Entra

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: 4/15/24

Content excerpt:

Today, I’m thrilled to announce the public preview of What’s New in Microsoft Entra. This new hub in the Microsoft Entra admin center offers you a centralized view of our roadmap and change announcements across the Microsoft Entra identity and network access portfolio. In this article, I’ll show you how admins can get the most from what’s new to stay informed about Entra product updates and actionable insights. 

 

BrandonWilson_32-1716869753260.jpeg

 

 

Title: Enforce least privilege for Entra ID company branding with the new organizational branding role 

Source: Microsoft Entra (Azure AD)

Author: James Mantu

Publication Date: 4/18/24

Content excerpt:

Im pleased to announce General Availability (GA) of the organizational branding role for Microsoft Entra ID company branding. 

This new role is part of our ongoing efforts to implement Zero Trust network access by enforcing the principle of least privilege for users when customizing their authentication user experience (UX) via Entra ID company branding. 

Previously, users wanting to configure Entra ID company branding required the Global Admin role. This role, though, has sweeping privileges beyond what’s necessary for configuring Entra ID company branding. 

 

BrandonWilson_33-1716869759705.jpeg

 

 

Title: Onboard to Azure Arc with Security in Mind

Source: Security, Compliance, and Identity

Author: Simone Oor

Publication Date: 4/17/24

Content excerpt:

Azure Arc allows certain on-premises resources, typically servers, to be managed from Azure, depending on the configuration mode selected and currently available features.

While this allows for a more integrated approach to hybrid environments, it also further blurs the administrative boundary between on-premises and cloud.

This increases the risk that a vulnerability on either side lowers the level of security across the entire plane. This article contains tips for managing this risk and approaching Arc Onboarding with security in mind.

 

BrandonWilson_34-1716869766617.jpeg

 

 

 

 

 

Previous CTO! Guides:

 

Additional resources:

1 Comment
Co-Authors
Version history
Last update:
‎May 28 2024 10:34 AM
Updated by: