Check This Out! (CTO!) Guide (September 2022)
Published Oct 07 2022 09:39 AM 3,431 Views


Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.


These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!






Title: Azure Cost Optimisation

Source: Azure Architecture

Author: Marc Kean

Publication Date: September 25, 2022

Content excerpt:

At Microsoft, I have delivered about 50~ Cost Optimisation Assessments as part of WAF for customers and I wanted to share some of the common cost savings that I offer to my customers based on real world experience.

I have broken this down in the various components, storage, compute (IaaS), licensing, monitoring and PaaS.

As per





Title: Azure Windows Virtual Machine Activation: Two New KMS IP Addresses (...and Why You Should Care)

Source: Azure Compute

Author: Mei Jin

Publication Date: September 8, 2022

Content excerpt:

In July 2022, we announced two new KMS IP addresses, and, in Azure Global Cloud via Azure Update - Generally available: New KMS DNS in Azure Global Cloud. We expect that most Azure Windows Virtual Machine customers will not be impacted. However, Azure Global Cloud customers who have followed troubleshooting guides, like the ones listed below, to configure custom routes or firewall rules that allow Windows VMs to reach KMS IP address in the past, must take actions to include these two new KMS IP addresses, and Otherwise, after October 3rd, 2022, your Windows Virtual Machines will report warnings of failing to reach Windows Licensing Servers for activation.





Title: Check It Out: Azure Data Explorer MS Learn Modules

Source: Azure Data Explorer

Author: Tzvia Gitlin Troyna

Publication Date: September 21, 2022

Content excerpt:

What’s a Learn module?

  • A step-by-step tutorial that provide users a free, interactive way to advance their technical skills.
  • Unlike docs, Learn modules have many pages of instruction and take considerably more time and effort to .
  • Create a free personal cluster with your Microsoft Account or an Azure active directory work or school account





Title: Scale Your Azure Firewall Monitoring with Azure Data Explorer

Source: Azure Data Explorer

Author: Guillaume Beaud

Publication Date: September 5, 2022

Content excerpt:

In this blog post, we’ll explore how Azure Data Explorer (ADX) can store and query logs from Azure Firewall and other similar sources. The information is based on a recent implementation at a leading global manufacturing company that is using Azure Sentinel, Azure Log Analytics and ADX to store and process large volumes of Azure Firewall logs cost effectively.





Title: Azure Data Factory August 2022 Monthly Update

Source: Azure Data Factory

Author: Noelle Li

Publication Date: September 12, 2022

Content excerpt:

Welcome to Azure Data Factory’s August monthly update! Here, we’ll share the latest updates on what’s new in Azure Data Factory. You can also find all our updates in our What's New in ADF page.





Title: Exploring Azure Firewall Policy Analytics

Source: Azure Network Security

Author: Gustavo Modena

Publication Date: September 12, 2022

Content excerpt:

Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It’s a fully stateful firewall with built-in high availability and unrestricted cloud scalability. Multiple customers are looking for a feature that provides a centralized view of the Firewall rules and recommendations based on all the traffic passing through their Firewalls. 

In this blog we will discuss in detail about the Policy Analytics which help you with enhanced Logging and Firewall rule management capabilities respectively.





Title: Backup Azure Firewall and Azure Firewall Policy with Logic Apps

Source: Azure Network Security

Author: Lara Goldstein

Publication Date: September 9, 2022

Content excerpt:

Azure Firewall is Microsoft’s cloud-native, fully stateful firewall as a service that provides the best of breed threat protection for cloud workloads running in Azure. It is recommended to use Azure Firewall Policy, a top-level resource, to configure your Azure Firewall instance.

By default, Azure Firewall Policy is not backed up automatically. Since the Firewall Policy will contain your specific Firewall rules and settings, you will want to ensure that it is continuously backed up, so you do not lose your defined configuration. Therefore, we have created a Logic App that will run every three days to back up your Azure Firewall and Azure Firewall Policy.

The Logic App runs every three days to export the configuration of your Azure Firewall and Azure Firewall Policy. It then formats this configuration into an Azure Resource Manager (ARM) template that gets stored within Azure Storage. You can then use this file from Storage to restore your Firewall and Firewall Policy deployments as required.





Title: Configuring Azure Firewall in Forced Tunneling Mode

Source: Azure Network Security

Author: Saleem Bseeu

Publication Date: September 2, 2022

Content excerpt:

Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.


There are some organizations that require outbound network traffic to be inspected by multiple network security appliances, such as firewalls, before it is sent out to an internet destination. A customer in Azure can use Azure Firewall to filter and apply policies to outbound traffic originating from their Azure resources, but their security policy could dictate that all internet bound traffic be sent to and inspected by another Network Virtual Appliance (NVA) Firewall in Azure or to an on-premises firewall before it is sent to the internet. 


Microsoft-logo-flag only.JPG



Title: Announcing Public Preview of SSO and Passwordless Authentication for Azure Virtual Desktop

Source: Azure Virtual Desktop

Author: David Belanger

Publication Date: September 26, 2022

Content excerpt:

Today we’re announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys). With this preview, you can now:

  • Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and the web clients
  • Use passwordless authentication to sign in to the host using Azure AD
  • Use passwordless authentication inside the session when using the Windows client
  • Use third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host






Title: Group Costs By Host Pool with Cost Management Now In Public Preview for Azure Virtual Desktop

Source: Azure Virtual Desktop

Author: Killian McCoy

Publication Date: September 26, 2022

Content excerpt:

We’re excited to announce that Microsoft Cost Management has a new feature to help you group Azure Virtual Desktop costs with Azure tags! Now in Public Preview, this new feature makes it easier to understand and manage costs by host pool.





Title: Prepare for Cloud Service Disaster Recovery - Export Key M365 Services Configurations

Source: Core Infrastructure and Security

Author: Michael Hildebrand

Publication Date: September 30, 2022

Content excerpt:

An ounce of prevention (or planning) is worth a pound of cure.  Just do something.  It doesn’t need to be perfect.  The only thing worse than a mass-deletion event is one without any sort of recoverability planning and desired settings references/materials.  Staring at a blank portal page, trying to recall from memory what had been setup previously is no bueno.  Plus, management will be asking ‘why weren’t we better prepared to recover from this?’  Have a solid answer vs a ‘deer in the headlights’ stare. 

Sadly, as of today, there isn’t a ‘backup now’ or ‘recover now’ button in the portals but there is some good news; since these are SaaS capabilities, there are no servers to restore or infrastructure to recover/establish.  It’s basically entering configuration information in web forms. 

Here are a few ideas on possible BCDR for your M365 services (you may find/have others – if so, great!  Share what’s worked/not worked for you in the comments)





Title: How To Determine What Devices Are Connecting To a Storage Account

Source: Core Infrastructure and Security

Author: Andrew Coughlin

Publication Date: September 26, 2022

Content excerpt:

Have you ever wondered how to determine if any devices are still using a storage account blob, file, table, or queues? In this blog post I will talk about the process of setting up monitoring to understand if/what devices are still communicating to a storage account.  What we will not cover is how to determine what the purpose of the storage account is or the impact of removing the storage account.  This is an exercise that would need to be done by yourself and may include others within your organization.





Title: Create Azure Service Health Alerts for All Resource Groups

Source: Core Infrastructure and Security

Author: Werner Rall

Publication Date: September 19, 2022

Content excerpt:

I recently had a customer requirement for creating Azure Service Health Alerts. The way access was provided in Azure, meant that only specific users had access to their respective Resource Groups. We also did not want these users to receive alerts for all Resources in the Subscription [Default scope for Service Health Alerts].





Title: Azure Enterprise Policy as Code - A New Approach

Source: Core Infrastructure and Security

Author: Anthony Watherston & Heinrich Gantenbein

Publication Date: September 12, 2022

Content excerpt:

We work closely with customers using Azure Policy and have seen many different methods of deploying and maintaining it, from manual to over-complicated automated methods, everyone has a unique way of doing it. This code was developed to make policy deployment and management simpler while providing full flexibility for complex environments. The driver was looking at the over-engineered methods and incomplete solutions being used and trying to produce something that could easily be implemented and managed by people with little knowledge of infrastructure as code, while still being scalable and maintainable.





Title: Fun with Azure VPN

Source: Core Infrastructure and Security

Author: Felipe Binotto

Publication Date: September 6, 2022

Content excerpt:

Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia.

I decided to make this post for a couple reasons. The first reason is to demonstrate how you can quickly build a hub between your own lab and your internet devices using Azure and how easy it is. No more port forwarding in your router, public IP addresses in your VMs, everything will route through the Azure gateway, and you will get an any-to-any type of connectivity. The second reason is to demonstrate some important concepts such as:

  • Site-to-Site VPN
  • Point-to-Site VPN
  • BGP
  • Azure AD authentication for VPN





Title: Upgrading AKS Using REST API

Source: Core Infrastructure and Security

Author: Varghese Joji

Publication Date: September 1, 2022

Content excerpt:

This blog covers the usage of Microsoft.ContainerService REST APIs to demonstrate upgrade options on an AKS cluster. It also goes through the authentication setup to call these APIs using POSTMAN and we also look at options using CURL.





Title: Azure Container Apps Networking: A Condensed View of Concepts

Source: FastTrack for Azure

Author: Marcos Martinez

Publication Date: September 21, 2022

Content excerpt:

The purpose of this post is to provide a condensed, more chronologically ordered view into the various networking concepts and components that need to be taken into account when deploying Azure Container Apps (ACA). By presenting and meshing the concepts of Vnet integration, public vs. private environments, and service discovery, I believe that you can more efficiently understand the networking landscape of ACA. Though not required, if you have some background with Kubernetes, understanding these networking concepts can become easier, as well.





Title: Support Tip: Changes to Help and Support in Microsoft Endpoint Manager

Source: Intune Customer Success

Author: Intune Support Team

Publication Date: September 28, 2022

Content excerpt:

Intune’s Help and support workflow is getting a new access point to make it easier to troubleshoot or create a support case while navigating your current workflow. Now, you’re able to access support and perform topic-specific searches in context via the ? icon at the top of the screen rather than being directed away from the current screen. This allows you the ability to view remediation steps and insights in a side-by-side Help and support pane, as you make necessary changes to resolve issues.





Title: Support Tip: Learn How To Simplify JSON File Creation for Custom Compliance

Source: Intune Customer Success

Author: Intune Support Team

Publication Date: September 15, 2022

Content excerpt:

With the recent general availability of custom compliance, customers now have the ability to further define what device compliance means for their organization's managed Windows devices. Custom compliance uses a PowerShell script and an associated JSON file to define one or more rules. The process works like this:

  1. The PowerShell script runs on a device to discover and report on the settings defined in the JSON file.
  2. Then, the JSON file defines the acceptable values for those settings.





Title: Improving Device Discoverability and Classification Within MDE Using Defender for Identity

Source: Microsoft Defender for Endpoint

Author: Yakir Zilberman

Publication Date: September 13, 2022

Content excerpt:

Having visibility into the devices on a network is very important for an organization to help prevent cyberattacks in an ever-expanding threat landscape. Additionally, the more information that can be discovered about the devices, the easier it is to manage them and to protect your network. Having the ability to locate, identify, and accurately classify devices in real-time means you can quickly discover vulnerable devices and carry out intelligent prioritization. 





Title: What's New In Microsoft Endpoint Manager - 2209 (September) Edition

Source: Microsoft Endpoint Manager

Author: Ramya Chitrakar

Publication Date: September 22, 2022

Content excerpt:

Microsoft Endpoint Manager's September 2209 service release includes a new security enhancement for user-based enrollments to help mitigate potential security incidents – this is a critical feature given the overall security landscape today. Additionally, we're releasing a Windows Autopilot device diagnostics capability that will automate the log-collection process and streamline troubleshooting for IT admins. I hope you appreciate these enhancements as deployment wraps up for the month.





Title: Microsoft Entra Change Announcements - September 2022 Train

Source: Microsoft Entra (Azure AD)

Author: Shobhit Sahay

Publication Date: September 30, 2022

Content excerpt:

In March 2022, we announced our simplified change management process, which allows customers to predictably plan their deployments, and in Junewe introduced Microsoft Entra as our new product family that encompasses all of Microsoft’s identity and access capabilities.  

Since that time, we’ve continuously improved Azure Active Directory (Azure AD), released a public preview of an enhanced “My Apps” experience, and launched the general availability of Microsoft Entra Permissions Management and Microsoft Entra Verified ID. 

To match the growth of our identity and access product family, we’ve expanded our change management process to cover all of Microsoft Entra. Today, we're also sharing our September train for feature changes and breaking changes. 





Title: Say Goodbye To Unmanaged Azure AD Accounts For B2B Collaboration

Source: Microsoft Entra (Azure AD)

Author: Robin Goldstein

Publication Date: September 2, 2022

Content excerpt:

Today I am announcing the end of unmanaged (“viral”) accounts for B2B collaboration in Azure Active Directory (Azure AD), part of Microsoft Entra. The presence of unmanaged accounts has been a major pain point for many customers, contributing to increased support costs, and making it harder to manage access and user lifecycle. Thanks to the team for delivering the Azure AD B2B bring your own identity capabilities that make this possible and make collaboration even more secure.





Title: Defend Your Users From MFA Fatigue Attacks

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: September 28, 2022

Content excerpt:

With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (aka, MFA spamming) have become more prevalent. These attacks rely on the user’s ability to approve a simple voice, SMS or push notification that doesn’t require the user to have context of the session they are authenticating. Anytime users are doing “click to approve” or “enter your PIN to approve” instead of entering a code they see on-screen, they are doing simple approvals. Our studies show that about 1% of users will accept a simple approval request on the first try. That’s why it’s critical to ensure that users must enter information from the login screen and that they have more context and protection. We track these attacks across our ecosystem, and it’s very clear they are on the rise – with push notifications, voice approvals and SMS as the top culprits. 





Title: Build Skills That Open Doors - With Microsoft Learn

Source: Microsoft Learn

Author: Eric Rifkin

Publication Date: September 17, 2022

Content excerpt:

At Microsoft, our mission is to empower every person and organization on the planet to achieve more. In a world driven by technology, access to technical skills is a vital part of that mission. For this reason, we've brought together all the technical content, learning tools, and resources that Microsoft has to offer in the new Microsoft Learn product family.





Title: SMB Authentication Rate Limiter Now On By Default In Windows Insider

Source: Storage at Microsoft

Author: Ned Pyle

Publication Date: September 21, 2022

Content excerpt:

With the release of Windows 11 Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication. This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take 50 hours at a minimum. The goal here is to make a machine a very unattractive target for attacking local credentials through SMB. 

In various other releases, it was off by default. Now it's on. The feature otherwise doesn't change except for some bug fixes.







Previous CTO! Guides:


Additional resources:


Version history
Last update:
‎Nov 20 2022 06:12 PM
Updated by: