Lots to cover this week on AzUpdate. News includes Ned Pyle provides clarity on SMB signing, Microsoft announced GA for SecretManagement 1.1, details on Windows Hybrid join via single sign-on to Azure Active Directory and a Windows Server storage-based Microsoft Learn Module of the week.
Many years ago, Microsoft made configuring SMB signing in Windows kind of complicated. Recently, Ned Pyle, Microsoft Principle PM on the Windows Server team shared his explanation regarding the SMB signing rules.
In SMB signing, every SMB 3.1.1 message contains a signature generated using session key and Advanced Encryption Standard (AES). The entire message receives the client's hash into the signature field of the SMB2 header ensuring that a non-matching hash would signifiy a data breach and SMB would know it has been tampered with. This hash also confirms to sender and receiver that they are who they say they are, thus stopping relay attacks. Ideally, you are using Kerberos instead of NTLMv2 so that your session key starts strong.
Further details can be found in Ned Pyles recent post and via the following video:
SecretManagement is a module available on the PowerShell Gallery that enables you to use a common set of commands to store and retrieve secrets within PowerShell scripts, regardless of where you prefer to keep your secrets safe. SecretManagement 1.1 mostly includes updates to enable users operating in Constrained Language Mode (CLM). If you’ve already got SecretManagement running in your environment, review the 1.1 preview blog prior to updating for information on how the changes might impact your or vault extensions.
Checkout the following SecretManagement 1.1 GA announcement post for more details.
Windows Server 2012, and 2012 R2 End of Extended support is approaching per the Lifecycle Policy: Windows Server 2012 and 2012 R2 Extended Support will end on October 10, 2023. Now Microsoft understands that Windows Server runs many business-critical applications and it may take more time for some organizations to migrate to supported versions which is why they have announced one additional year of extended security updates for Windows Server 2008 and 2008 R2 instances running on Azure.
Further details surrounding this anncoucement can be found here: Plan your Windows Server 2012 and 2012 R2 End of Support
Many organizations now use both on-premises and cloud resources, and users want to be able to log on once to access both. But with Azure Active Directory not understanding Active Directory credentials (and vice versa), how does this single sign on process work?
Sonia Cuff recently shared a Deep Dive on this topic that details the steps surrounding the hybrid join single-sign-on process. The post can be reviewed here: Deep Dive - Windows hybrid join single-sign-on to Azure Active Directory
Learn to implement and manage Windows Server file servers and storage. Implement Storage Spaces, data deduplication, and Windows Server Storage Replica.
In this module, you will learn how to:
To get the best experience from this learning path, you should have knowledge and experience of:
Learn more here: Windows Server file servers and storage management
Let us know in the comments below if there are any news items you would like to see covered in the next show. Be sure to catch the next AzUpdate episode and join us in the live chat.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.