Hi everyone! Brandon Wilson here to introduce you to a new series of posts, called the “Check This Out!” series (or “CTO!” for short). These posts are only intended to be a guide to lead you to some content of interest and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will cover a high-level summary of what's in the post, give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be similar to our prior series “Infrastructure + Security: Noteworthy News”.
From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!
Title: A Light Overview of Microsoft Security Products
Source Tech Community: Core Infrastructure and Security
Author: Alan La Pietra
Publication Date: March 29, 2022 (original; updated 6/2/2022)
This post provides a light overview of Microsoft security products within the Defender realm as well as Azure Sentinel, a bit on Intune, and provides you with links on where you can go to learn more about the products!
Content excerpt:
Hi, Alan here today to lightly cover something I have been asked by customers in regard to Microsoft’s security products....and that is “what defender products does Microsoft have and what are they used for?”.
Well, it’s a good question, so I thought this blog might come in handy for those questions. This is not intended to be an extensive guide by any means, only to provide you some basic information, and to help point you to where you can learn more. So, have a good read...
Let's start with "Zero Trust" capabilities and relation to Microsoft Security Products (https://aka.ms/mcra).
Title: Understanding Lock Contention in Windows Performance Analyzer (WPA)
Source Tech Community: Ask The Performance Team
Author: Will Aftring
Publication Date: June 14, 2022
This post provides a GREAT rundown on using WPA to review thread lock contention and provides a nice overview of what the thread states are as well.
Content excerpt:
For this post we will be using the Windows Performance Analyzer (WPA) to review data collected with the Windows Performance Recorder (WPR). For the sake of keeping this post focused I won’t go in depth on WPR but there are plenty of resources on how to get started. Getting Started Windows Performance Recorder | Microsoft Docs
Title: Failover Clustering in Azure
Source Tech Community: Failover Clustering
Author: John Marlin
Publication Date: July 16, 2021
In this post, John Marlin (Program Manager) walks you through some basics of failover clustering in Azure. If you’ve had questions about how clusters work in Azure, or how to configure failover clustering in Azure, then this is some must read content for you.
Content excerpt:
Azure is a cloud computing platform with an ever-expanding set of services to help you build solutions to meet your business goals. Azure services range from simple web services for hosting your business presence in the cloud to running fully virtualized computers for you to run your custom software solutions. With over 60 regions globally, 200+ products, and over 17,000 services and applications, Azure has everything you need in a cloud.
One of the products that can serve as the compute infrastructure for our service or application is Failover Clustering. Failover Clustering can be a traditional cluster or it can be running Storage Spaces Direct. No matter the choice, there are a few configuration changes that must be made post cluster creation to ensure connectivity can be made. Starting in Windows Server 2019, and moving forward, we have added detection into the cluster creation process that will automatically do some of this configuration for you.
Title: Failover Clustering Networking Basics and Fundamentals
Source Tech Community: Failover Clustering
Author: John Marlin
Publication Date: September 23, 2020
In this post, John Marlin (Program Manager) provides some updates surrounding networking in failover clustering.
Content excerpt:
In this blog, I want to talk about Failover Clustering and Networking. Networking is a fundamental key with Failover Clustering that sometimes is overlooked but can be the difference in success or failure. In this blog, I will be hitting on all facets from the basics, tweaks, multi-site/stretch, and Storage Spaces Direct. By no means should this be taken as a “this is a networking requirement” blog. Treat this as more of general guidance with some recommendations and things to consider.
Title: New Features of Windows Server 2022 Failover Clustering
Source Tech Community: Failover Clustering
Author: John Marlin
Publication Date: September 1, 2021
This post provides information surrounding new features for failover clustering in Windows Server 2022. If you work with clustering, as with most of John’s posts, this is yet another “must read” as you look to move to Windows Server 2022, whether on-premises, or in Azure.
Content excerpt:
Greetings again Windows Server and Failover Cluster fans!! John Marlin here and I own the Failover Clustering feature within the Microsoft product team. In this blog, I will be giving an overview of the new features in Windows Server 2022 Failover Clustering. Some of these will be talked about at the upcoming Windows Server Summit. One note that I will say is that this particular blog post will not cover the new features for Azure Stack HCI version 21H2. That is another blog for another time.
Title: To AAD Join or NOT...That is the Question
Source Tech Community: Core Infrastructure and Security
Author: Michael Hildebrand
Publication Date: May 27, 2022
This post, at a high level, provides some information to help you decide what route to take in regard to whether or not to perform hybrid or native Azure AD joins for your devices.
Content excerpt:
As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the rage. Outbound Internet access was used to look at wedding photos or research TechNet about recovering from an accidental AD deletion. Inbound Internet traffic was mostly remote users coming back into the corporate LAN – via VPN or <gulp> modem (where are my Shiva LAN Rover fans?).
A lot has changed. The Internet is now your LAN. Cloud services, SaaS, PaaS, anywhere/always-on connectivity, etc. are all mainstream now.
As I chat with enterprise customers in cloud strategy discussions, a few topics always come up once we get to the PC deployment and management aspects of that convo.
Title: New Azure Skilling Guides!
Source Tech Community: Azure Infrastructure
Author: Lanna Teh
Publication Date: May 24, 2022
This is a very quick post that outlines the new Azure skilling guide and provides you the links to download them. Whether you are a systems administrator or solutions architect that has to pick up Azure skills (let’s be fair, we ALL have to, we are in the future, the future is now!), these skilling guides can help you quickly gain knowledge so you can hit the ground running.
Content excerpt:
New to Azure or looking to broaden your knowledge?
Finding the right content is always a challenge, so we’ve gathered the essentials into a new learning resource designed especially for those that are new to Azure and want to learn more.
Check out Azure Skills Navigator!
Title: Recognize Tag Names Across Azure
Source Tech Community: Core Infrastructure and Security
Author: Anthony Watherston
Publication Date: June 6, 2022
This post provides a method to help consolidate and reconcile your tags in Azure to have a more aligned and easier to navigate tagging structure to help identify your resources more efficiently.
Content excerpt:
During a recent cost optimization workshop with a customer, they mentioned that although they had some tagging policies in place there was no consistency of tag names across the Azure environment. This post introduces a script to remediate this and remove some confusion from your tagging strategy.
The customer was trying to ensure that all resources were being tagged with a cost centre tag. Some of this was automatic and some was done manually by people. While there was a policy in place to control this in the future, they needed a way to remediate the existing resources.
Title: Introducing Azure Well-Architect Framework for Internet of Things (IoT)
Source Tech Community: Azure Architecture
Author: Ben Brauer
Publication Date: April 18, 2022
The title of this post, as with some others in this month’s “CTO!” guide, is very self-explanatory. If you are dealing with IoT, the Azure well-architected framework is yet another one of those “must read” areas that will help you with anything from planning your infrastructure to optimizing your costs to monitoring your resources.
Content excerpt:
Internet of Things (IoT) projects are high in complexity, and this complexity can increase substantially over time. While IoT is widely adopted in organizations, only a quarter of those IoT projects are in use, while many fail in the proof-of-concept stage. Companies cite a lack of knowledge and technical complexity as many of the challenges preventing them from using IoT more and developing new IoT solutions.
Azure Well-Architected for IoT was built by a deeply technical team of architects, consultants and developers who work daily with Microsoft’s customers and partners on their IoT solutions. This team sought to synthesize their experience of designing and deploying successful IoT projects into actionable recommendations for all our customers. Well-Architected for IoT is essentially the distillation of the knowledge and experience of our experts in IoT.
Title: Intune Device Configuration for Azure Virtual Desktop Multi-Session VMs Is Now Generally Available
Source Tech Community: Azure Virtual Desktop
Author: David Belanger
Publication Date: April 26, 2022
A quick post/announcement from David Belanger (Program Manager) about new features available for Azure virtual desktop. If you work with VDI regularly, these features might help you simplify your world a little bit more!
Content excerpt:
We're happy to announce that deploying Microsoft Intune device configuration from Microsoft Endpoint Manager admin center to Azure Virtual Desktop multi-session virtual machines (VMs) is now generally available. Intune already supports managing single session Azure AD-joined and Hybrid Azure AD-joined Azure Virtual Desktop VMs. You can now add multi-session VMs to the same management experience and deploy device-wide configurations to them. Intune is also the best solution for managing policy configuration on Azure AD-joined Azure Virtual Desktop multi-session VMs.
Title: Securing Your Virtual Networks with Azure Virtual Network Manager
Source Tech Community: Azure Networking
Author: Andrea Michael
Publication Date: May 11, 2022
This post provides a fairly in-depth overview of utilizing Azure Virtual Network Manager to secure your Azure virtual networks in the cloud. If you work with networks in Azure, you guessed it, this is another one of those “must read” articles.
Content excerpt:
AVNM is a one-stop-shop for managing the connectivity and security of virtual networks, or VNets, at scale. In this guide, we’re going to focus on the security features that AVNM offers.
AVNM works through three main components – group, configure, and deploy. You can group your VNets as you’d like, whether that’s by environment, function, team, or some other logical designation. Then you can create connectivity or security configurations to apply on those network groups. You can build and maintain topologies among the VNets in your network group with connectivity configurations, and enforce high-priority security rules among your VNets with security configurations.
Title: Optimizing Azure ExpressRoute with the Well-Architected Framework
Source Tech Community: Azure Architecture
Author: Chad Kittel
Publication Date: June 28, 2022
This is a short post outlining some basic information and additional resources for optimization of ExpressRoute, using the principles of the Azure Well-Architected Framework.
Content excerpt:
Today we’re going to be looking at the Azure ExpressRoute guide. Like all the Well-Architected Framework service guides, the Azure ExpressRoute guide delivers checklists and recommendations across the same five pillars, but with a focus on enterprise connectivity to Azure from your network. This connectivity supports your workloads that depend on the reliability, faster speeds, consistent latencies, and higher security offered by ExpressRoute than typical connections over the Internet. If you’re just planning your ExpressRoute enablement or already have it deployed, using the checklists and recommendations from this guide can help you identify opportunities to optimize this critical network infrastructure component and to make sure you stay on the right path.
As always, thanks for reading, and I hope this helps you out!
Additional resources:
- Azure documentation
- Azure pricing calculator (VERY handy!)
- Microsoft Azure Well-Architected Framework
- Microsoft Cloud Adoption Framework
- Windows Server documentation
- Windows client documentation for IT Pros
- PowerShell documentation
- Core Infrastructure and Security blog
- Microsoft Tech Community blogs
- Microsoft technical documentation (Microsoft Docs)
- FastTrack for Azure blog
- Sysinternals blog
- Microsoft Learn
- Microsoft Support (Knowledge Base)
- Microsoft Archived Content (MSDN/TechNet blogs, MSDN Magazine, MSDN Newsletter, TechNet Newsletter)