Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Check This Out! (CTO!) Guide (February 2023)
Published Mar 03 2023 12:29 PM 14.6K Views
Microsoft

 

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. 

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

BrandonWilson_8-1677874258290.jpeg

 

Title: No more limits: simpler server onboarding for large deployments

Source: Azure Arc

Author: Ryan Willis

Publication Date: February 3, 2023

Content excerpt:

Starting today, there's no limit to the number of Azure Arc-enabled servers you can add to a resource group! We listened to your feedback and understood that the previous limit of 5,000 servers per resource group didn't always align with your existing organizational schemes for hybrid and multicloud servers. 

 

BrandonWilson_9-1677874316392.jpeg

 

Title: Codename Project Bose: Calculate Azure Cost of an Enterprise by cost centers, divisions, projects

Source: Azure Architecture

Author: Pranab Paul

Publication Date: February 13, 2023

Content excerpt:

While working on various customer and partner facing roles, I felt the necessity of a simple and flexible solution to align Azure Cost to the customer’s organizational structure. “Project Bose” is a fully operational prototype derived from the same thought process. This is a side project I am working on during my leisure time. I found various customers derived similar solutions in-house, and there are ISV solutions as well. But there are a few fundamental differences between “Project Bose” and all the other solutions I found. “Project Bose” has a flexible backend and hence any changes in organizational structure can easily be implemented on it without disruption. It is also independent of using Resource Tags, which gives it the opportunity to remain non-vulnerable to erroneous values injected intentionally or non-intentionally by IT-Ops.

 

BrandonWilson_10-1677874331128.jpeg

 

Title: Optimize Azure Kubernetes Service Node Cost by Combining OnDemand And Spot VMs

Source: Azure Architecture

Author: Prakash P

Publication Date: February 24, 2023

Content excerpt:

While it's possible to run the Kubernetes nodes either in on-demand or spot node pools separately, we can optimize the application cost without compromising the reliability by placing the pods unevenly on spot and OnDemand VMs using the topology spread constraints. With baseline amount of pods deployed in OnDemand node pool offering reliability, we can scale on spot node pool based on the load at a lower cost.

 

BrandonWilson_11-1677874339262.jpeg

 

Title: Azure Automation Run As accounts retiring on 30 September 2023

Source: Azure Governance and Management

Author: Nikita Bajaj

Publication Date: February 16, 2023

Content excerpt:

On 30 September 2023, Azure Automation will retire Run As accounts, and completely move to Managed identities. All runbook executions using Run As accounts, including Classic Run As accounts would not be supported after this date. Moreover, starting 1 April 2023, creation of new Run As accounts in Azure Automation will not be possible. Renewing of certificates for existing RunAs accounts would be possible only till the end of support.

To ensure you are using a supported authentication method, you must migrate all your runbooks to Managed Identities.

 

BrandonWilson_12-1677874345003.jpeg

 

Title: Azure portal January 2023 updates

Source: Azure Governance and Management

Author: Allison Cordle

Publication Date: February 24, 2023

Content excerpt:

Virtual Machines > Virtual Machine Scale Sets

Virtual Machines > Virtual Machine Scale Sets

Intune

Let's look at each of these updates in greater detail.

 

BrandonWilson_13-1677874350153.jpeg

 

Title: Unleash your infrastructure aptitude with our skilling programs

Source: Azure Infrastructure

Author: Lanna Teh

Publication Date: February 21, 2023

Content excerpt:

The technical nature of cloud infrastructure involves components such as virtualization, software as a service (SaaS), storage systems, networking technologies, databases, serverless computing services, and more. As these technologies continue to evolve and become more integrated, it’s increasingly important for companies to understand how they work in order to maximize the potential benefits. 

 

BrandonWilson_14-1677874354720.jpeg

 

Title: Azure VMware Solution - February 2023 - What's New Update

Source: Azure Migration and Modernization

Author: Amy Colyer

Publication Date: February 8, 2023

Content excerpt:

We are thrilled to announce the February 2023 updates for Azure VMware Solution. A variety of new and highly anticipated features such as Customer Managed Key, Azure NetApp Files and Stretched Clusters are now available.  Read on to explore more.  

Azure VMware Solution is a VMware validated first party Azure service from Microsoft that provides private clouds containing VMware vSphere clusters built from dedicated bare-metal Azure infrastructure. It enables customers to leverage their existing investments in VMware skills and tools, allowing them to focus on developing and running their VMware-based workloads on Azure. 

 

BrandonWilson_15-1677874366149.jpeg

 

Title: Deploy Arc for Azure VMware Solution Simply Using PowerShell

Source: Azure Migration and Modernization

Author: Trevor Davis

Publication Date: February 10, 2023

Content excerpt:

What is Arc for Azure VMware Solution? Simply put, it exposes your Azure VMware Solution resources (VMs, networks, datastores, etc.) to the Azure portal.

 Using Arc for Azure VMware Solution, those resources can be managed via the Azure portal, even though they are within your vSphere cluster running in an Azure datacenter. Even better, there is no cost to deploy Arc for Azure VMware Solution.

 

BrandonWilson_16-1677874371545.jpeg

 

Title: New Azure DDoS Solution for Microsoft Sentinel

Source: Azure Network Security

Author: Saleem Bseeu and Amir Dahan

Publication Date: February 2, 2023

Content excerpt:

Cybercriminals demonstrate increasingly sophisticated tactics using DDoS attacks as multi-purpose tool. While DDoS attacks are commonly used to take down critical systems, applications, and infrastructure, they also serve adversaries for extortion and political or ideological motives. The crown jewel is using DDoS attacks as a smokescreen to conceal data breaches while the attention is directed to the attack. By overwhelming the targeted website or application with a large amount of traffic, the attackers can exploit vulnerabilities and steal sensitive information.

 

BrandonWilson_17-1677874376347.jpeg

 

Title: Common causes of SSL/TLS connection issues and solutions

Source: Azure PaaS

Author: Jason Cao

Publication Date: February 1, 2023

Content excerpt:

In the TLS connection common causes and troubleshooting guide (microsoft.com) and TLS connection common causes and troubleshooting guide (microsoft.com), the mechanism of establishing SSL/TLS and tools to troubleshoot SSL/TLS connection were introduced. In this article, I would like to introduce 3 common issues that may occur when establishing SSL/TLS connection and corresponding solutions for windows, Linux, .NET and Java. 

 

BrandonWilson_18-1677874381500.jpeg

 

Title: Protect Your Data in Azure to Be Ready to Recover

Source: Azure Storage

Author: vmiss33

Publication Date: February 13, 2023

Content excerpt:

We have heard a lot of buzz about the cloud of the last several years as more and more organizations begin to move existing workloads to the cloud, or deploy new ones there.  One thing that can sometimes be overlooked is data protection in the cloud.

 

BrandonWilson_19-1677874386194.jpeg

 

Title: Azure HPC Cache Updates: New Caching Option, Discounted Pricing, and More!

Source: Azure Storage

Author: Kiana Harris

Publication Date: February 21, 2023

Content excerpt:

We’re excited to announce the preview of Azure HPC Cache Premium Read-Write. This next generation of premium caching for high-performance computing workloads is designed to provide high-bandwidth and low-latency access to files. Azure compute clients are provided with read and write performance like what they would experience from a local NVMe drive.

 

BrandonWilson_20-1677874391310.jpeg

 

Title: Cost Optimization options for unattached Azure Managed Disks

Source: Azure Storage

Author: Ali Jafry

Publication Date: February 24, 2023

Content excerpt:

Users often find themselves in a situation where they have managed disks in one or more subscriptions that are no longer attached to a Virtual Machine (VM). These disks may have been attached to a VM in the past that has now either been deleted, or these disks were detached from the VM for some other reason. The user would continue to pay for these unattached disks, whether they need them or not.

 

BrandonWilson_21-1677874396248.jpeg

 

Title: Reducing the size of Windows Server Container Images – Part 2

Source: Containers

Author: Akarsh Mishra

Publication Date: February 14, 2023

Content excerpt:

Previously we announced our first major step in reducing the size of the Windows Server Container images by ~40%. Today, we are pleased to announce our next step in this direction by making our delta layers 60-80% smaller while reducing total image size by about 40% as part of the February 2023 release.

 

BrandonWilson_22-1677874401684.jpeg

 

Title: NetDevOps on Azure

Source: Core Infrastructure and Security

Author: Andre Pereira

Publication Date: February 1, 2023

Content excerpt:

With every company, across every industry, digitally transforming, tons of modern applications are built at an unprecedented pace and speed, and all rely on the underlying network infrastructure.

Networking enables application components to communicate with each other, its dependencies, other applications (usually through APIs) and its consumers.

To gain abstraction and velocity, more and more organizations are moving from traditional datacentre networks into cloud networks, adopting a wide variety of cloud networking services. NetDevOps comes to the rescue, as an agile approach to help you accelerate your Azure networking deployments and operations.

But before delving into this approach, let’s briefly describe what is in its genesis – DevOps - and understand some of its benefits.

 

BrandonWilson_23-1677874407642.jpeg

 

Title: How to Manage Microsoft Defender Policies with Intune on Non-Managed Devices

Source: Core Infrastructure and Security

Author: Atil Gurcan

Publication Date: February 3, 2023

Content excerpt:

From the endpoint security management architecture perspective, this scenario fulfills the gap of managing endpoint security features on unmanaged devices. For Intune managed devices, either cloud-only or co-management scenarios provided the endpoint security management capabilities. Also, Intune and Configuration Manager integration provided similar management capabilities for on-prem (ConfigMgr) managed devices.

Finally, security configuration enforcement integration between MDE and Intune helps security teams to use the same admin interface – Intune console – to deploy Security policies to the devices that are enrolled to MDE only.

 

BrandonWilson_24-1677874415566.jpeg

 

Title: ConfigMgr Collection Evaluation Analysis The Easy Way

Source: Core Infrastructure and Security

Author: Jonas Ohmsen

Publication Date: February 6, 2023

Content excerpt:

About a year ago multiple customers asked me to analyze their collection evaluation process. Mostly to see if there is anything we could optimize and to speed up the evaluation process overall.

In the past I used CEViewer, some SQL queries and the total evaluation time as my tools to analyze the process. But since CEViewer was and is no longer supported, I was looking for a different approach.

While the individual evaluation times and the evaluation-queue information in the ConfigMgr console are helpful, I was looking for a method to analyze the evaluation process over a longer period.

The best thing to see historical evaluation information is the data written to CollEval.log.

So, I sat down and wrote a slightly overengineered PowerShell script to make the information from CollEval.log more readable.

Even though the topic is not new anymore, I thought I would share the script and explain a bit what you can do and see with it.

 

BrandonWilson_25-1677874421494.jpeg

 

Title: Introduction to Network Trace Analysis 3: TCP Performance

Source: Core Infrastructure and Security

Author: Will Aftring

Publication Date: February 8, 2023

Content excerpt:

Hello everyone, we are back with TCP performance. If you are reading this post I am going to assume you have read the previous postIntroduction to Network Trace Analysis 2: Jumping into TCP Connectivity

There are a ton of caveats and “yes but…”s when these things are considered in the context of virtualization and offloading. I’ll save that can of worms for another post

So let’s get going. 

 

BrandonWilson_26-1677874430356.jpeg

 

Title: What is an Azure Load Balancer?

Source: Core Infrastructure and Security

Author: Cary Roys

Publication Date: February 13, 2023

Content excerpt:

A lot of folks who are new to Azure assume that load balancers in Azure are logically equivalent to load balancers in their on-premises data centers.  These load balancers are typically a device (sometimes a VM) which functions as a special-purpose router, using some method of determining if the back-end machines are healthy, and some load distribution algorithm.  The traffic actually traverses the device, meaning hitting the performance limits of the load balancer could lead to failing requests. 

 

BrandonWilson_27-1677874449827.jpeg

 

Title: Sorry, OneDrive can’t add your folder right now

Source: Core Infrastructure and Security

Author: Dave Guenthner

Publication Date: February 15, 2023

Content excerpt:

The customer observed that the OneDrive client failed to start with the following notification, “Sorry, OneDrive can’t add your folder right now,” which delivered diminished user experience and overall W365 value proposition. While the user could access their OneDrive data from the browser, they were unable to synchronize content to local machine.  

 

BrandonWilson_28-1677874453846.jpeg

 

Title: Accessing Microsoft Graph Data with Powershell

Source: Core Infrastructure and Security

Author: Mike Resnick (CSA)

Publication Date: February 16, 2023

Content excerpt:

Hi Mike Resnick here, as Azure AD Graph and Azure AD powershell modules heading for a well deserved retirement, I’m fielding a lot of similar “How to “questions around Azure based process automation and Microsoft Graph. 

Based on these conversations and automations I helped create for our clients, I put together a list of methods accessing Microsoft Graph with a brief description of each and where to use them. 

 

BrandonWilson_29-1677874459149.jpeg

 

Title: Monitoring Storage Replication - Part 1

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: February 17, 2023

Content excerpt:

We all know how frustrating it can be to receive a call about a storage account not replicating or being unable to fail over. To help prevent this from happening, I am going to show you how to monitor the replication of your storage accounts. Keep in mind that replication logs are not available as part of the storage account's diagnostic settings.

 

BrandonWilson_30-1677874464221.jpeg

 

Title: Reporting on Storage Account Access Tier Statistics

Source: Core Infrastructure and Security

Author: Anthony Watherston

Publication Date: February 22, 2023

Content excerpt:

I have a customer with some very large storage accounts – of course as the size of an account gets larger so does the cost. Customers can use Blob Lifecycle Management rules to control when blobs are moved to a lower tier (hot -> cool -> archive), but they can also use blob inventory rules to analyze the blobs contained in that storage account. Each blob has an access tier property which denotes which type of storage that blob is present in. This post helps to automate the retrieval of those details and publish it into a Log Analytics workspace for analysis and reporting.

 

BrandonWilson_31-1677874469655.jpeg

 

Title: Group Policy Analytics Framework

Source: Core Infrastructure and Security

Author: Bindusar Kushwaha

Publication Date: February 22, 2023

Content excerpt:

If we talk about pre-covid times, people were working in offices, data was monitored\controlled using proxy servers and firewalls etc in place. End users were keeping files using roaming profile or folder redirection. File sharing was allowed over SMB. Authentication and authorization were there using Kerberos in Active Directory. In some organizations, USB Stick\Hard Disk was not allowed in office or might be the USB port itself was blocked and such configurations were endless.

And then COVID-19 came, halting all our day-to-day activities. 

This unprecedented situation pushed users along with IT Admins to start working from home forcing administrators to change their way of managing organizational devices. 

Earlier, users, devices and data were limited to office premises, in a controlled environment. Work from home scenario brought everything onto the open internet. Moreover, admins still need to manage users, devices, and data. 

 

BrandonWilson_32-1677874479198.jpeg

 

Title: The Nightmare of Validating Certificate Requests

Source: Core Infrastructure and Security

Author: Dagmar Heidecker

Publication Date: February 26, 2023

Content excerpt:

At CRSP we help customers to recover from different types of cyber security incidents. This means that we help more or less with wherever help is needed (from hardening AD and AAD, to restoring Exchange). However, there are some things which are crucial to not getting re-compromised and therefore we don't let our customers come online without: Securing and hardening Active Directory and all kinds of Azure resources.

During the last 1.5 years some papers and articles drew attention to risky misconfiguration of Active Directory Certificate Services (ADCS)  and its potential for Active Directory (and Azure) dominance. Therefore, an essential part of our Compromise Recovery engagements deals with introducing unpopular measures like using PAWs (Privileged Access Workstations) or stopping unverified enrollment of certificates allowing custom subjects. The latter involves reviewing certificate template configuration and security settings in Active Directory. Please note that certificate templates are not the only aspect of securing ADCS, but the one we want to focus on in this article.

 

BrandonWilson_33-1677874486769.jpeg

 

Title: Integrating Azure Front Door WAF with Azure Container Apps

Source: FastTrack for Azure

Author: Chris Bellee

Publication Date: February 1, 2023

Content excerpt:

Many customers require Web Applications & APIs to only be accessible via a private IP address with a Web Application Firewall on the internet edge, to protect from common exploits and vulnerabilities. Azure Front Door provides global routing and WAF capabilities to satisfy this requirement.

 

BrandonWilson_34-1677874496098.jpeg

 

Title: Azure Container Deployment Options

Source: FastTrack for Azure

Author: Faisal Mustafa

Publication Date: February 9, 2023

Content excerpt:

The main scope of this blog is to evaluate and understand the capabilities and limitations of Azure container services to help you choose the optimal platform for your container deployments. The container services in scope for this blog are App Service Web App for Containers, Azure Container Instances (ACI), Azure Container Apps (ACA), and Azure Kubernetes Service (AKS). The blog also elaborates on use cases that map well to respective container services and important details learned while evaluating a container service for customer projects/workloads, such as ACA versus AKS.

 

BrandonWilson_35-1677874501021.jpeg

 

Title: The Best Defense is a Good Offense: Security Tips for Azure Machine Learning Solutions

Source: FastTrack for Azure

Author: Kate Baroni

Publication Date: February 21, 2023

Content excerpt:

As cyberattacks grow more sophisticated and cloud solutions more complex, how does an engineering team prioritize security? A good offense. 

The tips shared in this article are grounded on the three guiding principles at the core of the Zero Trust security model.

 

BrandonWilson_36-1677874505463.jpeg

 

Title: Expanding support for Attack surface reduction rules with Microsoft Intune

Source: Intune Customer Success

Author: Laura Arrizza

Publication Date: February 6, 2023

Content excerpt:

In May 2022, Security Settings Management for Microsoft Defender for Endpoint became generally available. This empowers security teams to configure devices with their desired Antivirus, Endpoint detection and response (EDR), and Firewall settings directly from the Microsoft Intune admin center, without the need for a full device enrollment.

We are expanding our coverage to include settings within the Attack surface reduction (ASR) rules security template with these capabilities.

 

BrandonWilson_37-1677874510727.jpeg

 

Title: Azure Policies for Automating Azure Governance - Automating Policies

Source: ITOps Talk

Author: Amy Colyer

Publication Date: February 2, 2023

Content excerpt:

In my earlier Azure Policy post, I covered issues and concerns organizations may face and how many built in Azure policies can address these problems.  Now we are going to take it a step further and discuss how to enforce policies and automate their creation.  Policies applied at the top level will be inherited by all of the child levels. It is recommended to put best practice policies that cover the entire organization at the Management Group level, and more specific application team policies at the Resource Group level. Try to find a good balance here to ensure you are meeting the policy statements you have defined while also allowing you to easily change policy as required to meet application team requirements as long as they still adhere to core policy rules.

 

BrandonWilson_38-1677874516090.jpeg

 

Title: Wired for Hybrid - Episode 3 - What's New in Azure Networking - February 2023 Edition

Source: ITOps Talk

Author: Pierre Roman

Publication Date: February 15, 2023

Content excerpt:

Azure Networking is the foundation of your infrastructure in Azure. So, we’re happy to bring you a monthly update on What’s new in Azure Networking.

 

BrandonWilson_39-1677874521189.jpeg

 

Title: Automate provisioning and governance of your on-premises applications

Source: Microsoft Entra (Azure AD)

Author: Joseph Dadzie

Publication Date: February 8, 2023

Content excerpt:

I’m excited to announce the general availability of provisioning to on-premises applications using Microsoft Entra Identity Governance. You can now automate provisioning and manage the lifecycle of users in on-premises applications, without requiring any custom code.    

 

BrandonWilson_40-1677874525918.jpeg

 

Title: Collaborate securely across organizational boundaries and Microsoft clouds

Source: Microsoft Entra (Azure AD)

Author: Robin Goldstein

Publication Date: February 23, 2023

Content excerpt:

Today I’m super excited to announce that the capability to collaborate across Microsoft clouds is generally available! This means there’s now support for Azure Active Directory (Azure AD) B2B collaboration across the following Microsoft clouds: 

  • Azure Commercial and Azure Government clouds 
  • Azure Commercial and Azure China clouds (operated by 21Vianet)

 

BrandonWilson_41-1677874531847.jpeg

 

Title: What’s new in Microsoft Intune - 2302 (February) edition

Source: Microsoft Intune

Author: Ramya Chitrakar

Publication Date: February 24, 2023

Content excerpt:

In the February Microsoft Intune service release (2302), we're providing integration, troubleshooting, and reporting to help IT admins improve user experiences. We're introducing an exciting integration between Intune and ServiceNow. This is a big step towards enabling helpdesk admins tasked with troubleshooting endpoint issues. We've also just released a major overhaul in reporting for devices without a compliance policy.

 

BrandonWilson_42-1677874537028.jpeg

 

Title: The New Microsoft Security Customer Connection Program (CCP)

Source: Security, Compliance, and Identity

Author: Kristina Quick

Publication Date: February 3, 2023

Content excerpt:

The security community is constantly growing, changing, and learning from each other in order to better position the world against cyber security threats. 

For years, Microsoft has driven a customer-obsessed development process by hosting two private communities for end-users of Microsoft security products: the Microsoft Cloud Security Private Community and the Microsoft 365 Defender Customer Connection Program. Under a strict confidentiality framework, our engineering teams get direct community feedback and insights for our roadmap plans, new user experience designs, private preview features, and more.

Today, we are happy to announce that these two communities have now come together under one team – The Microsoft Security Customer Connection Program.

 

BrandonWilson_43-1677874543085.jpeg

 

Title: IT pros: join us every month for Windows Office Hours!

Source: Windows IT Pro

Author: Heather Poulsen

Publication Date: February 15, 2023

Content excerpt:

To support your efforts to deliver and deploy updates to the Windows devices being used by remote, onsite, and hybrid workers across your organization, and manage those devices effectively, we are continuing our series of weekly "office hours" for IT professionals here on Tech Community.

 

BrandonWilson_44-1677874548291.jpeg

 

Title: Skilling snack: From on premises to the cloud

Source: Windows IT Pro

Author: Danny Guillory

Publication Date: February 16, 2023

Content excerpt:

How skilled are you in migration from on premises to the cloud? Whether you've experienced this process in your company, prepare to do so soon, or have inherited cloud or hybrid environments, welcome to the table!

 

BrandonWilson_45-1677874552804.jpeg

 

Title: Skilling snack: Intro to Azure Active Directory

Source: Windows IT Pro

Author: Dave Davies

Publication Date: February 23, 2023

Content excerpt:

Passwords. PINs. Windows Hello. Passwordless authentication. Azure Active Directory (Azure AD) is the solution to all your organizational authentication needs, whether exclusively in the cloud or in hybrid environments. Brush up on the types of modern device identity, ways cloud-first devices authenticate to existing resources, tips to approach an Azure AD deployment, and how modern management brings insights to hybrid Azure AD devices. Today’s selection of resources, learning modules, and videos feeds a variety of needs and preferences.

 

 

BrandonWilson_46-1677874561263.jpeg

 

 

 

Previous CTO! Guides:

 

Additional resources:

 

1 Comment
Co-Authors
Version history
Last update:
‎Mar 03 2023 12:29 PM
Updated by: