Lots to cover this week on AzUpdate. News includes Ned Pyle provides clarity on SMB signing, Microsoft announced GA for SecretManagement 1.1, details on Windows Hybrid join via single sign-on to Azure Active Directory and a Windows Server storage-based Microsoft Learn Module of the week.
Ned Pyle Explains Configuring SMB Signing with Confidence
Many years ago, Microsoft made configuring SMB signing in Windows kind of complicated. Recently, Ned Pyle, Microsoft Principle PM on the Windows Server team shared his explanation regarding the SMB signing rules.
In SMB signing, every SMB 3.1.1 message contains a signature generated using session key and Advanced Encryption Standard (AES). The entire message receives the client's hash into the signature field of the SMB2 header ensuring that a non-matching hash would signifiy a data breach and SMB would know it has been tampered with. This hash also confirms to sender and receiver that they are who they say they are, thus stopping relay attacks. Ideally, you are using Kerberos instead of NTLMv2 so that your session key starts strong.
Microsoft Announces SecretManagement 1.1 Achieves General Availability
SecretManagement is a module available on the PowerShell Gallery that enables you to use a common set of commands to store and retrieve secrets within PowerShell scripts, regardless of where you prefer to keep your secrets safe. SecretManagement 1.1 mostly includes updates to enable users operating in Constrained Language Mode (CLM). If you’ve already got SecretManagement running in your environment, review the 1.1 preview blog prior to updating for information on how the changes might impact your or vault extensions.
End of Extended Support for Windows Server 2012 and 2012 R2
Windows Server 2012, and 2012 R2 End of Extended support is approaching per the Lifecycle Policy: Windows Server 2012 and 2012 R2 Extended Support will end on October 10, 2023. Now Microsoft understands that Windows Server runs many business-critical applications and it may take more time for some organizations to migrate to supported versions which is why they have announced one additional year of extended security updates for Windows Server 2008 and 2008 R2 instances running on Azure.
Windows hybrid join single-sign-on to Azure Active Directory
Many organizations now use both on-premises and cloud resources, and users want to be able to log on once to access both. But with Azure Active Directory not understanding Active Directory credentials (and vice versa), how does this single sign on process work?