Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.
These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.
From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!
Title: What is a Cloud Adoption Security Review?
Source: Azure Architecture
Author: danielmamsft
Publication Date: 5/1/23
Content excerpt:
The Cloud Adoption Security Review (CASR) is aimed to self-assess an Azure landing zone (ALZ) environment that has achieved baseline security against the Secure Methodology of the Cloud Adoption Framework (CAF).
Title: Mitigating Downtime and Increasing Reliability: Strategies for Managing Complexity in the Cloud
Source: Azure Architecture
Author: Lavan Nallainathan
Publication Date: 5/3/23
Content excerpt:
This paper explores the relationship between complexity, entropy, and chaos theory in the context of cloud application design and management. Discussing the importance of understanding business needs, setting RTO and RPO objectives, conducting effective risk assessments, understanding SLA and calculating SLAs when building Cloud Native Systems and steps to help mitigate down time and increase system availability using Azure Availability Zones.
Title: Achieving Distributed High Availability: Stack HCI and AKS Hybrid
Source: Azure Architecture
Author: ianlcurtis
Publication Date: 5/17/23
Content excerpt:
Sometimes high availability is the top business priority. There are situations where even the high availability provided in the cloud by redundant systems, availability zones, and failovers isn’t enough.
I recently worked with a customer in just this situation. They needed to deliver their service with 5 9’s of availability – that’s less than 5 minutes of downtime per year – but by the nature of how we use the cloud, this is hard to achieve. The SLAs of all of the cloud services that you plug together to support your solution need to be considered in its overall availability.
Title: Increased remote storage performance with NVMe-enabled Ebsv5 VMs now generally available
Source: Azure Compute
Author: Priya Shan
Publication Date: 5/3/23
Content excerpt:
Today, we announce the general availability (GA) of the NVMe-enabled Ebsv5 VM series, with two new sizes, E96 and E112i vCPU, added to the Ebsv5 VM family. The Ebsv5 and Ebdsv5 NVMe VMs offer up to 260,000 IOPS (input/output operations per second) and 8,000MBps of remote disk storage throughput. They also include up to 672GiB of RAM and local SSD storage (maximum 3,800GiB). In addition, the smaller sizes, E48 vCPU, and E64 vCPU, will offer higher performance with NVMe at no extra cost.
Title: Cost Optimization Practices for Azure VMs – VM services
Source: Azure Compute
Author: Perry Leong
Publication Date: 5/10/23
Content excerpt:
Azure Virtual Machines are an excellent solution for hosting both new and legacy applications. However, as your services and workloads become more complex and demand increases, your costs may also rise. Azure provides a range of pricing models, services, and tools that can help you optimize the allocation of your cloud budget and get the most value for your money.
Title: Azure Monitor Baseline Alerts (Preview)
Source: Azure Governance and Management
Author: Paul Grimley
Publication Date: 5/2/23
Content excerpt:
Over the past few months, we have been working behind the scenes and with a few select customers to develop a solution to help more easily accelerate and adopt Azure Monitor as part of onboarding to Azure or Enhancing your existing Azure / ALZ investment. Working alongside the Azure Monitor product group we have identified a number of opportunities
Title: Azure Backup Reports now includes support for more workloads
Source: Azure Governance and Management
Author: Aditya Balaji
Publication Date: 5/17/23
Content excerpt:
We are happy to share that Azure Backup Reports now includes support for more workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks!
This means that you can now enable logging of backup-related metadata (such as jobs, backup items, policies, usage) for these workloads, and retain these records for a customizable duration of time depending on your compliance and audit requirements. You can then leverage the canned reporting views that are already provided via the Backup Reports solution today, and view information for protected items corresponding to these workloads.
Title: Azure portal April 2023 updates
Source: Azure Governance and Management
Author: Allison Cordle
Publication Date: 5/25/23
Content excerpt:
An overview of the updates for the Azure portal for April 2023
Title: How to identify the recommended VM for your HPC workloads
Source: Azure High Performance Computing (HPC)
Author: Jose Angel Fernandez Rodrigues
Publication Date: 5/11/23
Content excerpt:
This article presents a concise overview of the key factors to consider when selecting the appropriate SKU for your application. It outlines a systematic methodology for filtering out unsuitable VM categories, then narrowing down the options by evaluating VM families and SKUs.
Title: Introducing the Azure Linux container host for AKS
Source: Azure Infrastructure
Author: Jim Perrin
Publication Date: 5/23/23
Content excerpt:
We are excited to announce the general availability of the Azure Linux container host for Azure Kubernetes Service (AKS). The Azure Linux container host for AKS is a lightweight, secure, and reliable OS platform optimized for performance on Azure.
Title: Accelerate innovation with Red Hat on Azure- Latest Announcements from Red Hat Summit 2023
Source: Azure Infrastructure
Author: Garima Singh
Publication Date: 5/23/23
Content excerpt:
Microsoft continues to strengthen its partnership with Red Hat as a “platinum” sponsor at Red Hat Summit to engage customers on future proofing their businesses with more license flexibility, closer joint engineering, and better joint support. Jeremy Winter, Corporate Vice President, Azure Cloud Native from Microsoft will deliver the keynote on Day 1 on the topic of ‘Innovation doesn’t rely on your IT budget’. This will showcase Microsoft’s advancements in open innovation and how the Red Hat on Azure product portfolio helps businesses innovate without significant investment.
Title: Migrate Kubernetes workloads running on VM’s using Azure Migrate – Planning & Execution
Source: Azure Migration and Modernization
Author: Sandeep G
Publication Date: 5/7/23
Content excerpt:
This article explains the steps carried out in doing a lift and shift migration of Kubernetes workloads running on virtual machines (from any location – On-premise or Third-party cloud provider) to Azure public region. This migration was tested at a customer side, where they had specific requirements to migrate the Kubernetes workloads as is by retaining their IP addresses.
Title: Plan the migration of your SQL Server deployments with Azure SQL assessment in Azure Migrate (GA)
Source: Azure Migration and Modernization
Author: Shikher Saluja
Publication Date: 5/16/23
Content excerpt:
Today we are announcing that SQL Server discovery and Azure SQL assessment in Azure Migrate are now Generally Available (GA).
Title: Logging and Metrics Enhancements to Azure Firewall now in Preview
Source: Azure Network Security
Author: Shabaz Shaik
Publication Date: 5/12/23
Content excerpt:
Azure Firewall is a cloud-native network firewall security service that provides threat protection for your cloud workloads running in Azure. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall sits between the end user and the application server, processing critical application traffic and enforcing security policies on this traffic. In case of any latency or disconnection to the application, the firewall acts as a great point to look at this traffic and troubleshoot the root cause. Azure Firewall now offers new logging and metric enhancements designed to increase visibility and provide more insights into the traffic processed by the firewall.
Title: Protect Office365 and Windows365 with Azure Firewall
Source: Azure Network Security
Author: Yuval Perry
Publication Date: 5/18/23
Content excerpt:
Office 365 customers are looking for the best cloud connectivity experience at scale to achieve end-to-end connectivity through the most optimized route possible. Traffic from the organization’s network to the required Office 365 endpoints should be managed and secured, which could be a time-consuming ongoing task. With the recent announcement of Azure Firewall integration with Office 365, you can now easily manage this traffic and leverage the firewall’s security features to secure it.
Title: Azure Firewall NAT Behaviors
Source: Azure Network Security
Author: David Frazee
Publication Date: 5/19/23
Content excerpt:
The Azure Firewall is a cloud-native and intelligent network firewall security service that can be integrated into many different use cases. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability that provides both east-west and north-south traffic inspection. Depending on how traffic will flow through the Azure Firewall, there are expected NAT behaviors. NAT, or Network Address Translation, is a method of remapping an IP address into another by modifying network address information in the IP header of packets. When traffic passes through an Azure Firewall, the firewall can perform NAT to translate the source or destination IP addresses and ports of the packets. The specific NAT behavior will depend on the firewall’s configuration and the type of NAT being used. In this blog, we cover what behaviors to expect when traffic flows for inbound traffic, through DNAT rules, and for outbound traffic through the Network, and Application rules of the Azure Firewall.
Title: Registration and Arc extension improvements in Azure Stack HCI
Source: Azure Stack
Author: Arpita Duppala
Publication Date: 5/8/23
Content excerpt:
Previously, Azure Stack HCI registration required two Resource Groups, one for the cluster resource and another for Arc for server resources. However, now you can register both the Azure Stack HCI cluster and Arc for Server resources in the same Resource Group by passing the existing Resource Group information.
Title: How to attach an additional network interface to the Azure Stack HCI VM using SDN
Source: Azure Stack
Author: vaibhavkale
Publication Date: 5/10/23
Content excerpt:
Azure Stack HCI is a hyperconverged infrastructure (HCI) cluster solution consists of windows servers (Hyper-V), Storage Spaces Direct, and Azure-inspired SDN. All clustered servers share common configurations and resources by leveraging the Windows Server Failover Clustering feature. A Windows Failover Cluster consists of multiple windows servers running in a cluster to provide high availability i.e. If one server node goes down, then another node takes over. We can create multiple windows/Linux VMs on the failover cluster. In this blog, we have provided steps to attach a new network interface to an existing VM running on the failover cluster with static MAC and valid static IP address (from the given VNet/subnet pool).
Title: Announcing the General Availability of Azure Monitor HCI Insights
Source: Azure Stack
Author: Saniya Islam
Publication Date: 5/16/23
Content excerpt:
The new, enhanced Azure Monitor HCI Insights uses the new improved Azure Monitor Agent and Data Collection Rule. These rules specify the event logs and performance counters that need to be collected and stores it in a Log Analytics workspace. Once the logs are collected, HCI Insights uses Azure Monitor Workbooks to provide deeper insights on the health, performance and usage of the cluster.
Title: Announcing the Public Preview of Azure Site Recovery with Azure Stack HCI
Source: Azure Stack
Author: Shijo Joy
Publication Date: 5/17/23
Content excerpt:
In October 2021 we announced the support of Azure Site Recovery to protect virtual machines (VM) workloads on Azure Stack HCI. Based on customer feedback, we have improved the ASR agent deployment experience and now we are excited to announce the Public Preview of the new ASR agent deployment experience as an Arc extension.
Title: How to Save 70% on File Data Costs
Source: Azure Storage
Author: Karl Rautenstrauch
Publication Date: 5/1/23
Content excerpt:
In the first post in this series we reviewed the high costs of file data storage and the need to take action in the face of growing unstructured data volumes and shrinking enterprise IT budgets. In the second post we reviewed data storage tiering options and the benefits of transparent file tiering with Komprise Intelligent Tiering for Azure. In this final post we’ll review a storage tiering TCO comparison.
Title: Azure Container Storage in Public Preview
Source: Azure Storage
Author: Yuemin Lu
Publication Date: 5/15/23
Content excerpt:
Azure Container Storage introduces — a grouping of storage resources presented as a single, unified storage resource for your AKS cluster. Storage Pool provides an abstracted storage layer on multiple options including ephemeral disk, Azure Disk, and Elastic SAN, enabling you to leverage the storage that best aligns with your workload needs
Title: Azure Storage updating some default security settings on new accounts - Aug 2023
Source: Azure Storage
Author: Nandita Chakraborti
Publication Date: 5/17/23
Content excerpt:
Beginning August 2023, Azure storage will begin phased roll out of changes that disables anonymous access and cross tenant replication for all new storage accounts by default, to align with best practices for security and reduce the risk of data exfiltration. Existing storage accounts will not be impacted by this change. This change will be made to all Azure clouds.
Title: Public Preview: Azure Files geo-redundancy for standard large file shares
Source: Azure Storage
Author: Jeff Patterson
Publication Date: 5/24/23
Content excerpt:
We’re excited to announce Azure Files geo-redundancy for large file shares is now in public preview for standard SMB file shares.
Azure Files has supported large file shares for several years, which not only provides file share capacity up to 100TiB but improved IO operations per second (IOPS) and throughput as well. Large file shares are widely adopted by customers using locally redundant storage (LRS) and zone-redundant storage (ZRS) but has not been available for geo-redundant storage (GRS) and geo-zone redundant storage (GZRS) until now.
Title: Announcing the public preview of Azure Virtual Desktop Custom Image Templates
Source: Azure Virtual Desktop
Author: Tom Hickling
Publication Date: 5/9/23
Content excerpt:
Today I am pleased to announce the public preview of a new feature in Azure Virtual Desktop called Custom image templates.
Custom image templates allows admins to build a custom “golden image” with the added capability to include Azure Virtual Desktop built-in customizations as well as your own customization scripts to install other applications or set of configurations.
Title: Continuing improvement to Windows Server Containers and the upcoming changes
Source: Containers
Author: Akarsh Mishra
Publication Date: 5/9/23
Content excerpt:
Earlier this year, we announced our concerted effort to reduce the size of Windows Server Container images, and we were delighted with the feedback we received. Today, we are taking a step further to deliver even more improvements based on that feedback as part of the May 2023 release and share our plans for the coming months.
Title: Kubernetes External DNS for Azure DNS & AKS
Source: Core Infrastructure and Security
Author: Houssem Dellai
Publication Date: 5/1/23
Content excerpt:
After deploying an application and its services into a Kubernetes cluster, a question rises on the surface, how to access it with a custom domain name ? A simple solution would be to create an A record that points the domain name into the service IP address. This could be done manually, so it will be too hard to scale as you add many services. And this could be fully automated by using External DNS! This tutorial describes how to manage custom domain names in Azure DNS using External DNS in AKS.
Title: Azure Policy Recommended Practices
Source: Core Infrastructure and Security
Author: Heinrich Gantenbein
Publication Date: 5/4/23
Content excerpt:
Azure Policy has multiple uses including general governance, monitoring setup, security, and compliance. It should not be used to deal with items better handled with role-based access control (RBAC). The following rules codify this:
Note: Many professionals use security and compliance interchangeably. Security encompasses much more than some checkboxes on a compliance spreadsheet; however, complying with Microsoft Cloud Security Benchmark and NIST-880-53 are a decent baseline for enforcing security aspects with Azure Policy.
Title: How to Allocate Azure Monitor Logs Ingestion Costs by Resource Tag
Source: Core Infrastructure and Security
Author: Helder Pinto
Publication Date: 5/8/23
Content excerpt:
Azure Monitor Logs, also known as Log Analytics, is a fundamental tool for monitoring and reporting on your Azure, multi-cloud, and hybrid resources. It supports such a vast array of Microsoft cloud services that it has become one of the most used Azure services for all sorts of customers. Consequently, Azure Monitor Logs has also become an important cost driver for many Azure customers and being able to allocate or split those costs across the right cost centers in the organization is a pressing need most customers have. This is especially relevant for customers who centralize as much as possible their Log Analytics workspaces, following Microsoft’s recommended best practices. The question this article answers is: how can we sort out which logs belong to which cost center in a simple manner? My colleague @Bruno Gabrielli recently described the logic behind cost allocation by subscription, resource group or resource. What I am going to describe next is how to do it based on the resource tags.
Title: Azure Savings Dashboard
Source: Core Infrastructure and Security
Author: Saira Shaik
Publication Date: 5/9/23
Content excerpt:
I have created this dashboard to display the savings made due to the purchase of Reservations or Savings Plans or by signing the agreement with Microsoft to get Azure Commitment Discounts (ACD).
This dashboard is helpful for Customers who:
Title: Azure Cost Management Dashboard
Source: Core Infrastructure and Security
Author: Saira Shaik
Publication Date: 5/14/23
Content excerpt:
This Dashboard helps customers to understand the billing details, including monthly bill, monthly usage cost, and monthly purchase cost, along with the number of units each Service consumed and the respective cost by Services running on On Demand or Reservations or Savings Plan with the Top 5 drivers contributing to the cost. These drivers are the Top 5 Subscription Names, Top 5 Instance Types, and Top 5 Locations. Customers can view details of any Service monthly and daily insights of usage and respective cost with a granular level of drill down to Resource Name.
Title: Build Reports Faster with Azure Resource Graph - Microsoft Community Hub
Source: Core Infrastructure and Security
Author: Felipe Binotto
Publication Date: 5/15/23
Content excerpt:
If you are hands-on with Azure operations, I’m sure at some point you have been asked to provide some type of report containing information about your Azure environment.
In the past, the only way to provide this information was to programmatically iterate through all your subscriptions and retrieve the data, subscription by subscription.
Throughout this article I will provide a couple examples on how you would accomplish that task in the traditional way compared to using the Azure Resource Graph. Moreover, I will provide the time it takes to accomplish each task using the Measure-Command cmdlet.
Title: Unified Update Platform with ConfigMgr – Questions from the Field
Source: Core Infrastructure and SecuritySource: Core Infrastructure and Security
Author: Stefan Röll
Publication Date: 5/19/23
Content excerpt:
Hello everyone! I´m Stefan Röll, Cloud Solution Architect at Microsoft Germany for Intune and Microsoft Configuration Manager. In the past weeks, I got a lot of questions from customers around the recently released Unified Update Platform (UUP). In this Blog I want to cover some of them.
Title: Mastering AKS Troubleshooting #1: Resolving Connectivity and DNS Failures
Source: Core Infrastructure and Security
Author: Joji Varghese
Publication Date: 5/19/23
Content excerpt:
This blog post marks the beginning of a three-part series, that originated from an intensive one-day bootcamp focused on advanced AKS networking triage and troubleshooting scenarios. It offers a practical approach to diagnosing and resolving common AKS networking issues, aiming to equip readers with quick troubleshooting skills for their AKS environment.
Each post walks through a set of scenarios that simulate typical issues. Detailed setup instructions will be provided to build a functional environment. Faults will then be introduced that causes the setup to malfunction. Hints will be provided on how to triage and troubleshoot these issues using common tools such as kubectl, nslookup, and tcpdump. Each scenario concludes with fixes for the issues faced and explanation of the steps taken to resolve the problem.
Title: Mastering AKS Troubleshooting #2: VNet cross-connectivity and Port resolution
Source: Core Infrastructure and Security
Author: Joji Varghese
Publication Date: 5/23/23
Content excerpt:
This post is the second in a three-part series on troubleshooting common networking issues with Azure Kubernetes (AKS), a managed container orchestration service. Scenarios in this post were the result of an intensive one-day bootcamp specifically targeting advanced AKS networking triage and troubleshooting scenarios. It offers comprehensive guidance on how to set up a fully functional environment and presents various fault scenarios that participants can troubleshoot using familiar tools.
The previous post addressed connectivity and DNS issues. This article specifically covers endpoint connectivity issues across virtual networks and port configuration problems for services and pods.
Title: Mastering AKS Troubleshooting #3: Kernel view and AKS Observability
Source: Core Infrastructure and Security
Author: Joji Varghese
Publication Date: 5/26/23
Content excerpt:
This blog post concludes the three part series that addresses common networking problems that may occur while working with Azure Kubernetes Service (AKS). Although AKS is a managed container orchestration service, issues can still arise, requiring troubleshooting.
The earlier blog post covered endpoint connectivity issues across virtual networks and port configuration problems with services and their associated pods. This article focusses on solving issues using Linux toolsets to get a kernel view of the Kubernetes layout and using Container Insights to view logging and diagnostics to take remedial actions.
Title: Cloud Management Gateway - Inbound Rule for Port 8443
Source: Source: Core Infrastructure and Security
Author: Nandan Sheth
Publication Date: 5/29/23
Content excerpt:
Hello! My name is Nandan Sheth, and I am a part of Microsoft’s Customer Success Unit based out of Dublin, Ireland. I have been helping customers set up the Cloud Management Gateway for a few years now, but recently an organization with 40000+ users asked me a question that I haven’t given much thought to. When you set up the Cloud Management Gateway using a Virtual Machine Scale Set, one of the resources created in Azure is the Network Security Group. The Network Security Group has an inbound rule for port 8443.
Why is this rule created and what is it needed for?
Title: Tidying Up URLs: Removing Trailing Slashes in Azure Static Web Apps
Source: Core Infrastructure and Security
Author: Werner Rall
Publication Date: 5/31/23
Content excerpt:
In the ever-evolving digital landscape, the importance of clean, well-structured URLs cannot be overstated. A well-crafted URL not only improves user experience, but it also boosts your website's SEO ranking. One common issue web developers and content creators face is the presence of trailing slashes in their URLs, which can lead to duplicate content issues and negatively impact search engine performance.
In this blog post, we'll share a practical solution based on a recent customer engagement, where we helped them create a file that effectively removes trailing slashes from their URLs. Through step-by-step guidance, you'll learn how to implement this solution on your own website, ensuring a seamless browsing experience for your users and maintaining your site's SEO health. Whether you're a seasoned developer or a beginner, our easy-to-follow tutorial will empower you to take control of your website's URL structure and elevate your online presence.
Title: Multi Hub and Spoke Topology using Azure Firewalls
Source: FastTrack for Azure
Author: Mauricio Rojas Martinez
Publication Date: 5/2/23
Content excerpt:
This article describes a simple Inter Hub and Spoke topology and walks through its implementation.
Title: Achieving High Availability with Azure SQL Server on VM: Choosing the Best Solution for Your Needs
Source: FastTrack for Azure
Author: Assaf Fraenkel
Publication Date: 5/8/23
Content excerpt:
Achieving high availability is crucial for businesses that rely on their SQL Server databases. With SQL Server on Azure virtual machines, there are two popular deployment architectures to consider: SQL Server Always-On Availability Groups (AG) and SQL Server Always-On Failover Clustering (FCI). However, choosing the right solution for your specific scenario requires careful consideration of various factors. In this article, we will provide a comprehensive guide to help you decide which approach to use, especially when deployed in the Azure environment.
Title: Define and implement permissions, roles and scopes with Azure Active Directory in SaaS solution
Source: FastTrack for Azure
Author: Irina Kostina
Publication Date: 5/9/23
Content excerpt:
This article covers 3 main concepts related to authentification & authorization, which can be used by SaaS providers. It will cover Application Roles functionality, Delegated & Application permissions, and Scopes functionality.
Title: How to Perform Manual Failover of an Azure SQL Database
Source: FastTrack for Azure
Author: Assaf Fraenkel
Publication Date: 5/17/23
Content excerpt:
Introduction: If you're managing an Azure SQL database and encounter an issue where the database becomes unresponsive, you must find a solution that will help you restore the service. In this article you will learn how to perform a manual failover to restore service as part of the task to identify the root cause of the problem even though the server is unresponsive.
Title: Deploy and run a Azure OpenAI/ChatGPT application on AKS
Source: FastTrack for Azure
Author: Paolo Salvatori
Publication Date: 5/30/23
Content excerpt:
This article shows how to deploy an Azure Kubernetes Service(AKS) cluster and Azure OpenAI Service and how to deploy a Python chatbot that authenticates against Azure OpenAI using Azure AD workload identity and calls the Chat Completion API of a ChatGPT model.
Title: New Microsoft Entra Features Now Available
Source: Microsoft Entra (Azure AD)
Author: Shobhit Sahay
Publication Date: 5/1/23
Content excerpt:
Microsoft has recently introduced a range of new security tools and features for their Entra product family, aimed at helping organizations to improve their security posture. With the ever-increasing sophistication of cyber-attacks and the increasing use of cloud-based services and the proliferation of mobile devices, it is essential that organizations have effective tools in place to manage their scope of security.
Title: Azure AD Certificate-Based Authentication (CBA) on Mobile now Generally Available!
Source: Microsoft Entra (Azure AD)
Author: Alex Simons
Publication Date: 5/4/23
Content excerpt:
At Ignite 2022, we announced the general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity. Now, we’re thrilled to announce the general availability of Azure AD CBA support on mobile.
Title: Modernizing Authentication Management
Source: Microsoft Entra (Azure AD)
Author: Alex Weinert
Publication Date: 5/9/23
Content excerpt:
We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert.
The General Availability of Converged Authentication Methods allows all methods used for authentication and password reset to be centrally managed and with more control, providing the ability to target groups of users.
Title: Public Preview: Token Protection for Sign-In Sessions
Source: Microsoft Entra (Azure AD)
Author: Paul Garner
Publication Date: 5/10/23
Content excerpt:
At the recent Microsoft Secure event, we announced a new feature called Token Protection for sign-in sessions. This is the first in a series of Microsoft Entra features designed to combat token theft and replay attacks.
Title: GA: System-preferred multifactor authentication
Source: Microsoft Entra (Azure AD)
Author: Alex Weinert
Publication Date: 5/16/23
Content excerpt:
In previous blogs, we've emphasized the importance of multifactor authentication (MFA). Today, organizations and end users are using various authentication methods, providing varying levels of security. Users often choose less secure MFA methods, despite having access to more secure options due to a range of factors such as convenience, lack of awareness, or technical limitations.
Title: Microsoft Entra External ID public preview: Developer-centric platform
Source: Microsoft Entra (Azure AD)
Author: Levent Besik
Publication Date: 5/24/23
Content excerpt:
Today, we’re excited to announce new developer-centric capabilities for customer and partner identity experiences in our next generation customer identity and access management (CIAM) solution - Microsoft Entra External ID, and a next milestone in making our Microsoft Entra Verified ID solution easy to integrate into any application with Microsoft Entra Verified ID SDK.
Title: Tenant Restriction v2 is now Public Preview!
Source: Microsoft Entra (Azure AD)
Author: Robin Goldstein and Vimala Ranganathan
Publication Date: 5/25/23
Content excerpt:
With TRv2, you can enable safe and productive cross-company collaboration while containing data exfiltration risk. Tenant restriction settings enable you to control what external tenants your users can access from your devices or network using externally issued identities and provide granular access control on a per org, user, group, and application basis.
Tenant restriction is a much-awaited expansion of the previously released cross-tenant access settings for external collaboration. Together these provide the most granular control over your cross-company security and collaboration policies.
Title: Announcing General Availability of Authenticator Lite (in Outlook) - Microsoft Community Hub
Source: Microsoft Entra (Azure AD)
Author: Alex Weinert
Publication Date: 5/26/23
Content excerpt:
Last month, Authenticator Lite (in Outlook) moved to public preview, bringing the security and reliability of Microsoft Authenticator to an app users already have on their phones. Today we’re excited to announce that Authenticator Lite (in Outlook) is now generally available!
Title: Cross-Tenant Synchronization for seamless application access is now generally available!
Source: Microsoft Entra (Azure AD)
Author: Joseph Dadzie
Publication Date: 5/30/23
Content excerpt:
In the past, many of you spent significant time and money building custom scripts to provision accounts across tenants and enable cross-tenant collaboration. Since we launched public preview of cross-tenant sync in January, many of you quickly switched to the out of the box functionality and saved your companies both time and money. It’s amazing to hear how easy it has been to deploy cross-tenant synchronization!
Title: Microsoft Enterprise SSO for Apple Devices Is Now Available for Everyone
Source: Microsoft Entra (Azure AD)
Author: Alex Simons
Publication Date: 5/31/23
Content excerpt:
Today I’m excited to announce the General Availability of the Microsoft Enterprise SSO plug-in for Apple devices. This product provides single sign-on (SSO) for Azure Active Directory (Azure AD), now a part of Microsoft Entra, accounts on macOS, iOS, and iPadOS across all applications that support Apple's enterprise single sign-on feature. This includes older applications your organization depends on that don’t use the latest libraries or protocols and may not have access to the latest Microsoft Entra features.
Title: Conditional Access authentication strength is now Generally Available!
Source: Microsoft Entra (Azure AD)
Author: Alex Weinert
Publication Date: 5/31/23
Content excerpt:
Greetings! I’m thrilled to announce that Conditional Access authentication strength is now generally available. This powerful feature allows organizations to choose the right authentication method requirements for specific scenarios, making it easier than ever for organizations to move towards more secure, modern, and strong authentication.
Title: How to provide feedback on Windows LAPS
Source: Windows IT Pro
Author: Jay Simmons
Publication Date: 5/3/23
Content excerpt:
Like you, we are excited that Windows LAPS is now available! This new solution gives you the ability to easily manage and back up passwords for local administrator accounts on your Azure Active Directory-joined or Active Directory-joined devices. Password encryption and history, Directory Services Restore Mode (DSRM) password backups, emulation mode, and automatic rotation—all these new capabilities can now be yours!
But we'd love to keep working with you to continue to improve Windows LAPS. So, let's hear your ideas and feedback.
Title: Confidential VMs on Azure
Source: Windows OS Platform
Author: Caroline Perez-Vargas
Publication Date: 5/31/23
Content excerpt:
In this blog we’ll describe the Confidential VM model and share how Microsoft built the Confidential VM capabilities by leveraging confidential hardware platforms (we refer to the hardware platform as the combination of the hardware and architecture specific firmware/software supplied by the hardware vendor). We will give an overview of our goals and our design approach and then explain how we took steps to enable confidential VMs to protect their memory, as well as to provide them secure emulated devices such as a TPM, to protect their execution state and their firmware, and lastly to allow them to verify their environment through remote attestation.
Previous CTO! Guides:
Additional resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.