Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Check This Out! (CTO!) Guide (November 2022)
Published Dec 01 2022 03:39 PM 3,923 Views
Microsoft

 

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure App Service announces more ways to save on compute costs

Source: Apps on Azure

Author: Mayunk Jain

Publication Date: November 1, 2022

Content excerpt:

Think about your last web app development cycle—how much did your compute usage vary over time, and how did that impact your budget? When modernizing your apps, we know that compute usage can fluctuate and you want flexible compute pricing that can accommodate both planned and unplanned changes.

Azure App Service provides you with the best solutions to rapidly build, deploy, and manage secure apps at scale. If you’re running dynamic workloads, you will be excited to hear that Azure App Service users on our most popular service plans can save on select compute services through Azure savings plan for compute.

 

 

Microsoft-logo-flag only.JPG

 

Title: Introducing more ways to deploy Azure Container Apps

Source: Apps on Azure

Author: Anthony Chu

Publication Date: November 17, 2022

Content excerpt:

Azure Container Apps is a fully managed serverless container service for building and deploying modern apps at scale. Today, we’re introducing new preview features to make it even easier to build and deploy container apps: 

  • A new GitHub action to build and deploy container apps
  • A new Azure Pipelines task to build and deploy container apps
  • Build container images without a Dockerfile

These features are currently in public preview. Try them out and let us know what you think! 

 

 

Microsoft-logo-flag only.JPG

 

Title: 3 reasons to optimize your workloads with Azure Advisor

Source: Azure Architecture

Author: Antonio Ortoll

Publication Date: November 10, 2022

Content excerpt:

As macro-economic uncertainty grows in today’s economy so do expectations to accelerate growth, drive revenue higher, and compete beyond the status quo. Early October, Azure launched a campaign to address this unprecedented situation by empowering businesses to “Do More with Less”. The campaign focuses on three value elements – migrating and saving, optimizing existing cloud investments, and reinvesting to drive growth. Read more about each of these topics here. All three highlight the importance of cost optimization in one way or another. Azure Advisor is at the front and center of making some of these objectives a reality. However, you may wonder how this product may help your business in this journey. If you are sitting nodding as you read this last sentence, you are in the right place. These are the three reasons why you need to start optimizing with Azure Advisor. 

 

 

Microsoft-logo-flag only.JPG

 

Title: Why you need a Cloud Adoption Framework (CAF), and probably a WAF too!

Source: Azure Architecture

Author: Stephen Thair

Publication Date: November 7, 2022

Content excerpt:

What are the Microsoft Cloud Adoption Framework for Azure (CAF) and the Microsoft Azure Well-Architected Framework (WAF)? Both are best practice guidance around how to transform your organization to be cloud-centric (CAF) and how to build and manage cloud-hosted applications securely, cost-effectively, etc. (WAF).

But why are they important, and why should you, and your organization, use them on your cloud transformation journey?

 

 

Microsoft-logo-flag only.JPG

 

Title: Automated Key Rotation Generally Available on Azure Key Vault Managed HSM

Source: Azure Confidential Computing

Author: Nicholas Kondamudi

Publication Date: November 8, 2022

Content excerpt:

We are excited to announce the General Availability of automated key rotation in Azure Key Vault Managed HSM. The feature allows you to set up an auto-rotation policy that automatically generates a new key version of the customer-managed key (CMK) stored in the HSM at a specified frequency.

 

 

Microsoft-logo-flag only.JPG

 

Title: The top 5 reasons why backup and recovery in the cloud goes wrong and how to avoid them

Source: Azure Governance and Management

Author: Harshitha Putta

Publication Date: November 16, 2022

Content excerpt:

If you have experience running workloads both in the cloud and on-premises, you will know that failures can occur for a variety of reasons. You will also know that in some cases the best thing to do is to restore your workload from an existing backup to meet your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements. 
Many organizations have implemented processes to regularly create backups of their workloads, but - in a majority of the cases - we only see the recovery plan that is associated with these backups in action, when problems occur.

 

 

Microsoft-logo-flag only.JPG

 

Title: General Availability: Azure Automation Hybrid Runbook Worker Extension

Source: Azure Governance and Management

Author: Nikita Bajaj

Publication Date: November 28, 2022

Content excerpt:

Infrastructure is increasingly becoming more complex as organizations operate across multiple cloud and on-premises environments. Businesses are looking for a secure and reliable management services that can consistently manage this hybrid estate. Azure Automation provides a unified platform for execution of customer provided scripts to manage Azure, Arc-enabled and multi-cloud workloads. User Hybrid Worker enables execution of these scripts directly on the machines for managing guest workloads or as a gateway to environments that are not accessible from Azure. Azure Automation announces General Availability of User Hybrid Worker extension, that is based on Virtual Machine extensions framework and provides a seamless and integrated installation experience.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure portal October 2022 updates

Source: Azure Governance and Management

Author: Allison Cordle

Publication Date: November 30, 2022

Content excerpt:

Mobile > Azure Active Directory

Azure Kubernetes Service > Fleet Management

Databases > SQL servers

Mobile > Virtual Machines and Network Security Groups

Intune

 Let’s look at each of these updates in greater detail.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure VMware Solution Availability Design Considerations

Source: Azure Migration and Modernization

Author: rvandenbedem

Publication Date: November 28, 2022

Content excerpt:

A global enterprise wants to migrate thousands of VMware vSphere virtual machines (VMs) to Microsoft Azure as part of their application modernization strategy. Their first step is to exit their on-premises data centers and rapidly relocate their legacy application VMs to the Azure VMware Solution as a staging area for the first phase of their modernization strategy. What should the Azure VMware Solution look like?

Azure VMware Solution is a VMware validated first party Azure service from Microsoft that provides private clouds containing VMware vSphere clusters built from dedicated bare-metal Azure infrastructure. It enables customers to leverage their existing investments in VMware skills and tools, allowing them to focus on developing and running their VMware-based workloads on Azure.

In this post, I will introduce the typical customer workload availability requirements, describe the Azure VMware Solution architectural components, and describe the availability design considerations for Azure VMware Solution private clouds.

 

 

Microsoft-logo-flag only.JPG

 

Title: Exclude Public IP addresses in Azure DDOS network protection

Source: Azure Network Security

Author: Tobi Otolorin

Publication Date: November 14, 2022

Content excerpt:

Azure DDOS network protection provides security for services deployed in virtual networks against volumetric attacks by way of always-on traffic monitoring and adaptive real time tuning. This may be achieved by applying DDOS protection plans to the different virtual networks in the different architectural tiers such as the Hub and Spoke networkWindows N-tier and Paas Web App architectures.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure Firewall Basic SKU is now Available in Public Preview

Source: Azure Network Security

Author: Gustavo Modena

Publication Date: November 16, 2022

Content excerpt:

Microsoft has recently released in public preview the new Azure Firewall Basic SKU as announced on October 4, 2022. 

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all their traffic flows with essential capabilities at scale.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure DDoS IP Protection is Now Available in Public Preview

Source: Azure Network Security

Author: Saleem Bseeu

Publication Date: November 21, 2022

Content excerpt:

IP Protection is a new SKU for Azure DDoS Protection that is designed with SMBs in mind and delivers enterprise-grade, and cost-effective DDoS protection. You can defend against L3/L4 DDoS attacks with always-on monitoring and adaptive tuning that ensure your application is always protected. With IP Protection, you now have the flexibility to enable protection on a single public IP. Azure DDoS Protection integrates seamlessly with other Azure services for real-time alerts, metrics, and insights to strengthen your security posture.

 

 

Microsoft-logo-flag only.JPG

 

Title: How to enable IPv4+IPv6 dual-stack feature on Service Fabric cluster

Source: Azure PaaS

Author: Jerry Zhang

Publication Date: November 1, 2022

Content excerpt:

As the IPv4 addresses are already exhausted, more and more service providers and website hosts start using the IPv6 address on their server. Although the IPv6 is a new version of IPv4, their packet headers and address format are completely different. Due to this reason, users can consider IPv6 as a different protocol from IPv4.

In order to be able to communicate with a server with IPv6 protocol only, we’ll need to enable the IPv6 protocol on Service Fabric cluster and its related resources. This blog will mainly talk about how to enable this feature on Service Fabric cluster by ARM template.

 

 

Microsoft-logo-flag only.JPG

 

Title: How Azure Backup Soft Delete protects from Accidental deletes, Malicious and Ransomware threats

Source: Azure Storage

Author: Srinath Vasireddy

Publication Date: November 24, 2022

Content excerpt:

Azure Backup’s Soft Delete provides protection of backup data against accidental, malicious, or human-operated ransomware attacks deleting. It is enabled by default on newly created vaults.  With Soft Delete enabled, the deleted backup data is retained for 14 additional days to recover with no data loss. The additional 14 days of retention for backup data in the "soft delete" state don't incur any cost to you. If you need to ensure that your Soft Delete should not be disabled, then you can further strengthen your backup security posture by turning Always-on setting making it irreversible.

 

 

Microsoft-logo-flag only.JPG

 

Title: How Azure Backup Immutability help you protect against Ransomware threats

Source: Azure Storage

Author: Srinath Vasireddy

Publication Date: November 24, 2022

Content excerpt:

Ransomware attacks deliberately encrypt or erase data and systems to force your organization to pay money to attackers. These attacks target not just your data, but even your backups. The best way to prevent falling victim to ransomware is to implement preventive measures and have tools that protect your backup data - one such feature is Immutable Vault. 

Immutable Vault  (currently in preview) can help you protect your backup data by blocking any operations that could lead to loss of existing recovery points. Enabling this property helps you ensure that recovery points once created cannot be deleted before their intended expiry. While this helps prevent data loss, you would not be able to perform certain operations on this vault and its protected items.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure Monitor: Calculating Chargeback to Split Monitoring Costs Across Projects

Source: Core Infrastructure and Security

Author: Bruno Gabrielli

Publication Date: November 9, 2022

Content excerpt:

During my customers visits the very question I get is: I am using Azure Monitor to monitor my workloads; how can I split monitoring costs across projects?

Given the question, the answer is not too difficult but may vary depending on the architecture and the monitoring targets which are part of the scenario.

To better explain, chargeback, this is what we are talking about, can be easily done when all the resources are Azure resources and monitoring data is sent to specific separate workspaces. In this situation all you have to do is to use either Cost Analysis or Usage and Estimated Costs.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure Monitor: Check and Assess Log Analytics Workspace, Application Insights and Dedicated Cluster

Source: Core Infrastructure and Security

Author: Bruno Gabrielli

Publication Date: November 10, 2022

Content excerpt:

How many times have you found yourself in a situation in which plenty of Log Analytics Workspaces and Application insights were installed over time and you lost control?

Moreover, how can you make sure that you are eligible for an Azure Monitor Log Dedicated Cluster instance to enforce data security using Azure Monitor customer-managed key (CMK) and to save money? Unfortunately, you need to do queries and math’s to get the full picture. This was true until today.

Collecting needs from several customers, I created a workbook that allows you to retain control over your monitoring infrastructure.

 

 

Microsoft-logo-flag only.JPG

 

Title: Flexible and Simple Solution to Start and Stop VMs

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: November 14, 2022

Content excerpt:

This post will be about a solution I recently deployed to a customer to Start/Stop VMs on a schedule. You may be asking yourself why we need another solution if two official solutions are already available for the same purpose. The answer is straightforward – the solution I propose is simple and flexible and, in my opinion, the existing solutions are not.

 

 

Microsoft-logo-flag only.JPG

 

Title: How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch?

Source: Core Infrastructure and Security

Author: Paul Harrison

Publication Date: November 18, 2022

Content excerpt:

Q: How can I determine if objects in my AD environment are impacted by the November 8th 2022 patch?

A: Use a couple of queries I wrote specifically for that purpose.

November 8th, 2022 brought us a patch that caused some clients extra headaches because when the patch is installed on Domain Controllers Kerberos authentication can break for AD objects. If you want details about the problem patches or the out of band patch to replace the problem patches check the links below. Now that a non-breaking patch has been released this extra investigation isn’t necessary but may help you develop useful techniques for the future. This is how I helped clients immediately investigate if their environments would be impacted by the patch by using a little PowerShell.

 

 

Microsoft-logo-flag only.JPG

 

Title: Learning Op: Migrate Away From ADFS to Azure AD

Source: Core Infrastructure and Security

Author: Brandon Wilson

Publication Date: November 18, 2022

Content excerpt:

Brandon Wilson here today with a short post just to give our readers a heads up on an excellent learning opportunity that we thought it might be helpful for many of you.

Since there is already content out there, I won’t be going into depth on this, other than to say it will cost you a couple of hours, for a couple of days, and we anticipate the time will be well spent! Go forth and learn (and then pass the knowledge around)! The below content summary will take you to the page to see upcoming workshop dates/times, as well as provide you with the registration link.

 

 

Microsoft-logo-flag only.JPG

 

Title: Private Endpoint DNS Resolution with Azure Private Resolver for Multi-Region

Source: Core Infrastructure and Security

Author: Andrew Coughlin

Publication Date: November 21, 2022

Content excerpt:

I frequently get asked questions about how to set up private endpoints from my customers that have presence in multi regions.  In this blog I will talk about how to set up DNS resolution for a multi-site with a blob container within a storage account with private endpoints.

 

 

Microsoft-logo-flag only.JPG

 

Title: Moving a Windows 365 Cloud PC From One DC Region to Another - MS Hosted Network

Source: Core Infrastructure and Security

Author: Atil Gurcan

Publication Date: November 24, 2022

Content excerpt:

From time to time, your employees may need to relocate from a location to another. Or more often, a new Microsoft Datacenter might pop on a location that is nearer to your employees. Those are some of the examples when you need to move your Windows 365 Cloud PC from one Microsoft Datacenter to another. In this blog post, we will take a look at the steps required to move your Cloud PC workload in a Microsoft Hosted Network configuration.

 

 

Microsoft-logo-flag only.JPG

 

Title: Customer Offerings: Well-Architected Cost Optimization Assessment

Source: Core Infrastructure and Security

Author: Brandon Wilson 

Publication Date: November 27, 2022

Content excerpt:

Hi everyone! Brandon Wilson (Cloud Solution Architect/Engineer) here to talk to you a little bit about a customer offering we have known as the Well-Architected Cost Optimization Assessment. I must admit, being a father of 6 children, I tend to gravitate towards cost savings where I can, so as a result, the Well-Architected cost pillar just fits the bill for me (no pun intended...or maybe there is). First, we’ll touch a little bit on the Azure Well Architected Framework (WAF), and then go over what we cover in one of the cost optimization assessments.

 

 

Microsoft-logo-flag only.JPG

 

Title: Multiple Front Ends for the Same Scaleset

Source: FastTrack for Azure

Author: Michael C. Bazarewsky

Publication Date: November 10, 2022

Content excerpt:

I recently had a customer that was looking to consolidate two public services, with two public identities, on a single VM Scale Set while keeping distinct front-end IPs, allowing for cost efficiency on Azure resources while still giving front-end flexibility.

This post gets into some of the details of the implementation.

 

 

Microsoft-logo-flag only.JPG

 

Title: Securing PaaS services with virtual networks and restricting public access

Source: FastTrack for Azure

Author: Laura Ghimpeteanu

Publication Date: November 23, 2022

Content excerpt:

This article describes simple steps to secure your application by isolating the PaaS services with virtual networks and making sure the communication between them is private.

It also addresses:

  1. How to protect your web application from known exploits and vulnerabilities
  2. How to securely build and deploy inside a virtual network.

 

Only network related concepts are covered, all the best practices to secure your PaaS deployments being available here.

 

 

Microsoft-logo-flag only.JPG

 

Title: AKS Container Insights logging level and associated costs

Source: FastTrack for Azure

Author: Orestis Meikopoulos

Publication Date: November 25, 2022

Content excerpt:

When migrating your services to AKS, you could potentially run into an issue, which has to do with logging levels and the volume of data that is being sent to Container Insights. This is especially true when you need to run hundreds or even thousands of pods, as AKS clusters are pretty chatty and generate a ton of logs. You may notice a massive volume of metrics being pushed from the containers running inside the pods into container insights (mostly CPU and Memory metrics). By default, these are collected every minute for every container.

 

 

Microsoft-logo-flag only.JPG

 

Title: Azure Kubernetes Service: RBAC options in practice

Source: FastTrack for Azure

Author: Andre Dewes

Publication Date: November 30, 2022

Content excerpt:

When you are building an AKS cluster for your team, one of the first questions you need to ask is: how are you going to manage access to the different groups or people? How to have something simple to manage but still secure?

 

 

Microsoft-logo-flag only.JPG

 

Title: Embrace and Secure Multicloud with Entra Permissions Management

Source: Microsoft Entra (Azure AD)

Author: Sue Bohn

Publication Date: November 7, 2022

Content excerpt:

Today, we’ve seen the majority of organizations embrace a multicloud deployment strategy for their applications and workloads in the cloud. Consequently, the number of high-risk cloud permissions has exponentially multiplied, which expands the cloud attack surface. Security leaders and practitioners are faced with the significant task of reducing complexity in cloud environments while enforcing the principle of least privilege and managing countless human and workload identities. As a result, a new category of identity and access management solutions has emerged: Cloud Infrastructure Entitlement Management (CIEM). Entra Permissions Management, Microsoft’s CIEM solution, allows organizations to discover, remediate, and monitor identities and permissions by enforcing the principle of least privilege across multicloud environments. Entra Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions across AWS, Azure, and GCP from a single pane of glass.

 

 

Microsoft-logo-flag only.JPG

 

Title: Utilizing Zero Trust architecture principles for External Identities

Source: Microsoft Entra (Azure AD)

Author: Robin Goldstein

Publication Date: November 15, 2022

Content excerpt:

As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles: 

  • Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. 
  • Use least privileged access: Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity. 
  • Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses. 

Collaboration across organizations is a necessity for the successful operation of any business. Therefore, zero trust architecture effort will not be complete without encompassing external users. Azure AD External Identities already has many features that support zero trust principles to collaborate externally in a secure, flexible, and scalable manner. Below, let’s explore how these different capabilities help to implement each of the above-discussed zero trust principles.

 

 

Microsoft-logo-flag only.JPG

 

Title: Microsoft Entra Workload Identities now generally available

Source: Microsoft Entra (Azure AD)

Author: Ilana Smith

Publication Date: November 28, 2022

Content excerpt:

As the growth of cloud continues, more workloads are moving to the cloud and new enterprise software solutions are being deployed natively in the cloud. This has resulted in massive growth in identities for workloads and an explosion of access permissions associated with these identities to sensitive data and resources. Organizations and security providers have been focused on human identity security so that access control or security capabilities to manage these emerging identities are limited. This is putting increased pressure on identity security professionals.

Zero Trust is all about ensuring that everyone (and everything) is continuously authenticated and authorized. As new entities like workloads enter organizations’ environments, those entities have to be factored into the Zero Trust strategy. This is why we’ve expanded the identity types we support into workloads as part of our mission to support everyone and everything.

 

 

Microsoft-logo-flag only.JPG

 

Title: Microsoft Entra Change Announcements – November 2022 Train

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: November 30, 2022

Content excerpt:

Our change management announcements cover all changes across Microsoft Entra where we communicate product retirement news biannually and breaking/feature change announcements quarterly. In between these announcements, you will see specific blog posts for new product and feature launches. For example, since our Sept Change Announcements Blog, we launched the general availability of a new region in Japan.

Today, we're sharing our November train for feature and breaking changes. We also communicate these changes on release notes and via email. We also continue to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center.

 

 

Microsoft-logo-flag only.JPG

 

Title: What’s new in Microsoft Intune – 2211 (November) edition

Source: Microsoft Intune

Author: Ramya Chitrakar

Publication Date: November 17, 2022

Content excerpt:

The Microsoft Intune November (2211) service release includes a new opportunity for user engagement, giving IT admins the ability to deliver key messages natively on Windows 11. Additionally, I know security is top of mind for customers, so we're adding an extra security option designed for admins to strengthen their security posture as part of their management solution. I hope you appreciate these enhancements as deployment wraps up for the month.

 

 

Microsoft-logo-flag only.JPG

 

Title: Introducing Network HUD for Azure Stack HCI

Source: Networking

Author: Dan Cuomo

Publication Date: November 15, 2022

Content excerpt:

We’re excited to announce the release of Network HUD - A new feature that proactively identifies and remediates operational networking issues on Azure Stack HCI. Network HUD is available in the November update for both 21H2 and 22H2 Azure Stack HCI subscribers!

 

 

Microsoft-logo-flag only.JPG

 

Title: Network HUD: November 2022 content update has arrived!

Source: Networking

Author: Dan Cuomo

Publication Date: November 15, 2022

Content excerpt:

In our first article we introduced Network HUD as a new feature that proactively identifies and remediates operational networking issues on Azure Stack HCI. We also discussed Network HUD’s unique on-premises cloud-service model which enables us to bring new features and capabilities (more than just bug fixes) rapidly through what we call, “content updates.”

Well, it’s official. The November content update has arrived! So, in this article, we’ll dive into the new capabilities that Network HUD gains with the November content update.

 

 

Microsoft-logo-flag only.JPG

 

Title: Attestation: A necessity for Zero Trust

Source: Security, Compliance, and Identity

Author: Prakhar Srivastava

Publication Date: November 3, 2022

Content excerpt:

Ensuring that a platform is healthy and trustworthy is a fundamental vertical in today’s zero trust approach, and this has become one of the key focus areas of recent times. Pre-OS boot continues to remain a prime target for adversaries, which we have seen attacks due to supply chain trust brittleness. Firmware remains critical to any platform provider and often with minimal view and control. These programs control the flow of execution before the operating system takes control and can be used to bypass Anti-virus, monitoring, Host intrusion prevention systems, etc. In the recent Microsoft-commissioned study showing how attacks against firmware are outpacing investments targeted at stopping them, the August 2022 Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years.

 

 

Microsoft-logo-flag only.JPG

 

Title: Service & repair for Surface devices

Source: Surface IT Pro

Author: John Kaiser

Publication Date: November 2, 2022

Content excerpt:

Thoughtfully designed with premium craftsmanship and high-quality hardware, the latest Surface devices are easier to repair and maintain, with more replaceable components and flexible choices in service.

Microsoft continues to innovate its serviceable designs to get the most out of Surface devices. Commercial customers can choose how to service their devices to solve issues quickly and minimize device downtime, whether through customer self-repair, trusted Microsoft in-region repair, or a growing Authorized Service Provider (ASP) network. For documentation about service options and replaceable components across all Surface devices, see Surface for Business service and repair.

 

 

Microsoft-logo-flag only.JPG

 

Title: Multi-Key Total Memory Encryption on Windows 11 22H2

Source: Windows Kernel Internals

Author: Jin Lin

Publication Date: November 23, 2022

Content excerpt:

The security and privacy of customer data is a core priority for Azure and Windows. Encrypting data across different layers of device and transport is a universal technique to prevent exploits from accessing plaintext data. In Azure, we have a multitude of offerings to provide different levels of data confidentiality, encryption and isolation across workloads types (Azure Confidential Computing – Protect Data In Use | Microsoft Azure). One of such is VM memory encryption with Intel’s Total Memory Encryption – Multi Key (TME-MK), providing hardware accelerated encryption of DRAM. With the latest Intel 12th Gen Core CPUs (Alder Lake) offering this capability, we are delighted to extend support in Windows 11 22H2 for TME-MK.

 

 

Microsoft-logo-flag only.JPG

 

 

Previous CTO! Guides:

 

Additional resources:

 

1 Comment
Co-Authors
Version history
Last update:
‎Dec 01 2022 03:39 PM
Updated by: