Core Infrastructure and Security Blog

17 MIN READ

Check This Out! (CTO!) Guide (June 2024)

Microsoft

Jul 13, 2024

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

Title: Stop Worrying and Love the Outage, Vol III: Cached Logons

Source: Ask the Directory Services Team

Author: Chris Cartwright

Publication Date: 6/20/24

Content excerpt:

This is the third post in a series where I try to provide the IT community with some tools and verbiage that will hopefully save you and your business many hours, dollars, and frustrations. Occasionally, we get cases for users working remotely that are unable to log on with a message that the domain is not available. More often than not, this is caused by an overly enthusiastic Cached Logon configuration.

Title: General Availability of SQL FCI and AG Features SQL Server Enabled by Azure Arc

Source: Azure Arc

Author: Abdullah Mamun

Publication Date: 6/14/24

Content excerpt:

We have good news. Two business continuity features for SQL Server enabled by Azure Arc are now generally available:

View Failover Cluster Instance
Manage Availability Group

Title: Announcing enhanced multicloud integration enabled by Azure Arc

Source: Azure Arc

Author: Meagan McCrory

Publication Date: 6/18/24

Content excerpt:

We are thrilled to announce a new set of capabilities for multicloud customers, making it easier than ever to manage cloud resources from a centralized platform. With the adaptive cloud approach enabled by Azure Arc, customers can quickly and easily access and manage their workloads across Azure and AWS through the multicloud connector, which is free to use!

Title: WS2012 ESU Updates

Source: Azure Arc

Author: Aurnov Chattopadhyay

Publication Date: 6/24/24

Content excerpt:

We have a myriad of key updates for customers enrolled in WS2012/R2 ESUs enabled by Azure Arc! As we continue to refine and expand the offer, investments have focused on reducing friction and improve the usability of WS2012/R2 ESUs enabled by Azure Arc. We’re excited to announce our brand-new usage view, preview of the transition scenario, and improvements to pre-requisites, billing, and included capabilities.

Title: Announcing the Public Preview of Upgrade Policies for Virtual Machine Scale Sets with Flexible Orchestration

Source: Azure Compute

Author: Micah McKittrick

Publication Date: 6/16/24

Content excerpt:

Today we are announcing the public preview of upgrade policies for Virtual Machine Scale Sets with Flexible Orchestration. Upgrade policies allow for more granular control over the upgrade process, ensuring that your services remain available and responsive during updates.

Title: Azure Pricing: How to navigate Azure pricing options and resources

Source: Azure Governance and Management

Author: Kyle Ikeda

Publication Date: 6/13/24

Content excerpt:

Now, we will dive deeper into how Azure pricing works and how you can learn more about it. We will use the example of Contoso, a hypothetical digital media company, to show how they use Azure pricing resources to guide their migration to the cloud.

Title: Azure Pricing: How to estimate Azure project costs

Source: Azure Governance and Management

Author: Kyle Ikeda

Publication Date: 6/13/24

Content excerpt:

Lets understand how you can calculate your project costs when migrating or building a new solution in Azure. We will continue to use the example of Contoso, a hypothetical digital media company, and how they use Azure pricing resources to guide their migration to the cloud.

Title: Azure pricing: How to calculate costs of Azure products and services

Source: Azure Governance and Management

Author: Kyle Ikeda

Publication Date: 6/13/24

Content excerpt:

In our previous blogs we explained the Azure pricing structure and how customers can estimate their project costs when migrating to Azure or building a cloud-native application. We introduced readers to Azure Migrate, the Total Cost of Ownership (TCO) Calculator, pay-as-you-go account, and the Azure Architecture Center. Now we will go a step further to address the needs of a customer who has decided to migrate their workloads or deploy cloud-native solutions and wants to budget for the specific Azure services they’ll be using. We will continue using the example of our digital media company, Contoso, and how they use Azure services to feel confident they’re getting the best value at every stage of their cloud journey.

Title: Azure pricing: How to optimize costs for your Azure workloads

Source: Azure Governance and Management

Author: Kyle Ikeda

Publication Date: 6/13/24

Content excerpt:

In this final installment of our blog series, we will discover how to optimize the value of your Azure investment. Through a mixture of optimization best practices and Azure tools, we will see how the digital media company Contoso maximizes their cloud spend to get more out of their workloads.

Title: Announcing Zone Redundancy and Multi-Region Capabilities in Azure Landing Zones

Source: Azure Governance and Management

Author: Paul Grimley

Publication Date: 6/18/24

Content excerpt:

In today's dynamic business environment, the resilience of cloud infrastructure is not just a preference but a necessity. We are thrilled to announce the latest enhancements in Azure Landing Zones with the rollout of the first phase of zone redundancy and multi-region support, designed to meet the high demands for availability and resilience in your cloud deployments. We also are announcing our plans and subsequent roadmap to make our ALZ Bicep and ALZ Terraform implementation options zone-redundant by the end of the calendar year (2024).

Title: Announcing the General Availability of Change Actor

Source: Azure Governance and Management

Author: Ian Carter

Publication Date: 6/19/24

Content excerpt:

Identifying who made a change to your Azure resources and how the change was made just became easier! With Change Analysis, you can now see who initiated the change and with which client that change was made, for changes across all your tenants and subscriptions. 

Title: Announcing Azure Monitoring Agent support in Azure Landing Zones

Source: Azure Governance and Management

Author: Arjen Huitema

Publication Date: 6/21/24

Content excerpt:

Hello and welcome to another blog post about Azure Landing Zones, the best practice framework for accelerating your cloud adoption journey. In this post, I will share with you some of the latest updates and enhancements that we have made to Azure Landing Zones.

Title: Controlling Data Egress in Azure

Source: Azure Networking

Author: Craig DuBose

Publication Date: 6/10/24

Content excerpt:

Regulated companies impose stringent requirements on data governance to prevent data exfiltration. As a Cloud Architect, ensuring the safe and efficient exit of data from our network to external destinations is paramount. This document aims to provide a comprehensive guide to the strategies, best practices, and tools we employ at various customers to maintain robust security measures.

Title: Azure Virtual Network Manager mesh and direct connectivity are generally available

Source: Azure Networking

Author: Andrea Michael

Publication Date: 6/13/24

Content excerpt:

Azure Virtual Network Manager's mesh connectivity configuration and direct connectivity option in the hub and spoke connectivity configuration are generally available in all public regions! Visit our public documentation on connectivity configurations to learn more about Azure Virtual Network Manager's connectivity configuration concepts, how they work, and steps to get started.

Title: Build scalable cross-subscription applications with Azure Load Balancer

Source: Azure Networking

Author: Mahip Deora

Publication Date: 6/20/24

Content excerpt:

We are thrilled to announce that Azure cross-subscription Load Balancer is now available for public preview in all Azure public and national cloud regions. This capability enables you to have your Azure Load Balancer components in different subscriptions. For example, you could have the load balancer’s frontend or backend instances in a different subscription from the one that the load balancer belongs to.

Title: Optimizing Data Flow: Leveraging ExpressRoute FastPath for reduced latency and increased throughput

Source: Azure Networking

Author: Cynthia Treger

Publication Date: 6/27/24

Content excerpt:

This article examines the data flow and performance benefits of Microsoft Azure's ExpressRoute and ExpressRoute FastPath features in Hub & Spoke environments. It outlines the default asymmetric data routing and the enhancements achieved through FastPath. Key updates and constraints for FastPath, as well as IP address limits and monitoring metrics, are also discussed.

Title: A Closer Look at Azure WAF’s Data Masking Capabilities for Azure Front Door

Source: Azure Network Security

Author: David Frazee

Publication Date: 6/13/24

Content excerpt:

The Azure Web Application Firewall (WAF) on Azure Front Door offers centralized protection for your web applications against vulnerabilities and threats. The effectiveness of your Azure WAF in managing traffic can be assessed through WAF logs stored in specified locations such as a Log Analytics Workspace or Storage Accounts. These logs document requests that have been either matched or blocked by WAF rules. This data is crucial for monitoring, auditing, and resolving issues. By default, WAF logs are maintained in a plain text format for user convenience and analysis. However, these client requests might include sensitive personal data, like personally identifiable information (PII), which can include names, addresses, contact details, and financial information. Without proper sanitization, logs containing such PII could be exposed to unauthorized access. To address this, Azure Front Door WAF now offers sensitive data protection through log scrubbing. This feature is Generally Available as of June 20, 2024. WAF log scrubbing employs a customizable rules engine to pinpoint and redact sensitive portions within the requests, replacing them with a series of asterisks (******) to prevent data exposure. This blog will explains the log scrubbing process and provides practical examples for a more comprehensive understanding.

Title: Seamless Recovery: How to Automate Azure VM Evictions Start Ups with Azure Functions

Source: Core Infrastructure and Security

Author: Werner Rall

Publication Date: 6/10/24

Content excerpt:

Azure has some incredible services that we can use for all business sizes and even budgets. One of these amazing services we find is a highly discounted virtual machine called a spot instance. A spot instance in essence is a special kind of Virtual Machine that can at any time be evicted when capacity is required for the standard or default Virtual Machines. Why would I want to run it then? Because it is super cheap! How cheap? In some cases, up to 90% Off.

Title: Dynamically Updating Azure IP Ranges with PowerShell and DevOps

Source: Core Infrastructure and Security

Author: Werner Rall

Publication Date: 6/17/24

Content excerpt:

Keeping your Azure IP ranges up-to-date is crucial for maintaining the security and efficiency of your cloud environment. This blog post will guide you through the process of dynamically updating your Azure IP ranges using the official Azure documentation, PowerShell scripts, and DevOps practices.

Title: Simplifying Azure Diagnostics with Category Groups and the New Built-In Policies

Source: Core Infrastructure and Security

Author: Heinrich Gantenbein, Luke Alderman

Publication Date: 6/24/24

Content excerpt:

Let’s talk about how you use it in your organization. We are not covering the mechanics here; the documentation covers that. Instead, we’ll cover variations to deployment.

Title: Update on MFA requirements for Azure sign-in

Source: Core Infrastructure and Security

Author: Naj Shahid

Publication Date: 6/27/24

Content excerpt:

We would like to share an update on the announcement that Microsoft will require multi-factor authentication (MFA) for users signing into Azure. In this post, we share clarifications on the scope, timing and implementation details, along with guidance for preparation.

Title: How to budget your Azure cloud spend with Microsoft Cost Management

Source: FinOps

Author: Gregor Wohlfarter

Publication Date: 6/11/24

Content excerpt:

If you are using Azure for your cloud applications, you might be wondering how to manage your costs effectively. You might have heard of Microsoft Cost Management, a service that helps you monitor, analyze, and optimize your cloud spending. But did you know that Microsoft Cost Management also offers a powerful feature called Budgets?

Title: Azure Advisor Cost Optimization workbook – April release

Source: FinOps

Author: Seif Bassem

Publication Date: 6/13/24

Content excerpt:

The Azure Cost Optimization workbook is a powerful tool that helps you monitor and optimize your Azure costs. It provides you with a comprehensive overview of your Azure environment and offers actionable insights and recommendations based on the Well-Architected Framework Cost Optimization pillar.

Title: Use budget management and forecasting to bring your FinOps practice into the era of AI

Source: FinOps

Author: Antonio Ortoll

Publication Date: 6/21/24

Content excerpt:

As you expand your use of the cloud, cost management becomes increasingly important. But lack of visibility into spending practices can hamper your cloud cost management efforts. With cloud costs constantly fluctuating and decision-making often decentralized in large organizations, gaining visibility into expenses can be challenging. The right cloud management tools can help reveal and eliminate hidden costs associated with the cloud and provide a holistic view of all your cloud cost centers.

Title: Empowering cloud efficiency through FinOps

Source: FinOps

Author: Sonia Cuff, Arthur Clares, Thomas Lewis

Publication Date: 6/25/24

Content excerpt:

Now available on-demand, for free, is the recording of our Azure Webinar session "Empowering cloud efficiency through FinOps".

Title: Announcing new Windows Autopilot onboarding experience for government and commercial customers

Source: Intune Customer Success

Author: Maggie Dakeva

Publication Date: 6/5/24

Content excerpt:

Today, Intune is releasing a new Autopilot profile experience, Windows Autopilot device preparation, which enables IT admins to deploy configurations efficiently and consistently and removes the complexity of troubleshooting for both commercial and government (Government Community Cloud (GCC) High, and U.S. Department of Defense (DoD)) organizations and agencies.

Title: Granular RBAC permissions for endpoint security workloads

Source: Intune Customer Success

Author: Laura Arrizza

Publication Date: 6/20/24

Content excerpt:

The built-in role ‘Endpoint Security Manager’ is used to manage policies and features within the Microsoft Intune admin center Endpoint security blade or, admin actions can be limited by using the custom role with the ‘Security baselines’ permission.

With Intune’s June (2406) release, we’ll begin adding new permissions for each endpoint security workload to allow for additional granularity and control. The ‘Security baselines’ permission previously included all security policies and now, it will only include security workloads that do not have their own permission.

Title: Single-region deployment without Global Reach, using Secure Virtual WAN Hub with Routing-Intent

Source: ITOps Talk

Author: Jason Medina

Publication Date: 6/7/24

Content excerpt:

This article describes the best practices for connectivity and traffic flows with single-region Azure VMware Solution when using Azure Secure Virtual WAN with Routing Intent. You learn the design details of using Secure Virtual WAN with Routing-Intent without Global Reach. This article breaks down Virtual WAN with Routing Intent topology from the perspective of an Azure VMware Solution private cloud, on-premises sites, and Azure native. The implementation and configuration of Secure Virtual WAN with Routing Intent are beyond the scope and aren't discussed in this document.

Title: Dual-region deployments using Secure Virtual WAN Hub with Routing-Intent without Global Reach

Source: ITOps Talk

Author: Jason Medina

Publication Date: 6/25/24

Content excerpt:

This article describes the best practices for connectivity, traffic flows, and high availability of dual-region Azure VMware Solution when using Azure Secure Virtual WAN with Routing Intent. You learn the design details of using Secure Virtual WAN with Routing-Intent, without Global Reach. This article breaks down Virtual WAN with Routing Intent topology from the perspective of Azure VMware Solution private clouds, on-premises sites, and Azure native. The implementation and configuration of Secure Virtual WAN with Routing Intent are beyond the scope and aren't discussed in this document.

Title: New and Free Active Directory Domain Services Applied Skill Credential

Source: ITOps Talk

Author: Orin Thomas

Publication Date: 6/25/24

Content excerpt:

Today Microsoft launched a brand new Applied Skill Credential related to Active Directory Domain Services Administration.

Title: Microsoft Copilot in Azure Series - Copilot Access Management

Source: ITOps Talk

Author: Pierre Roman

Publication Date: 6/27/24

Content excerpt:

Today, we’re diving into Microsoft Copilot in Azure. It’s like having a super-smart assistant in the cloud! It’s an AI-powered tool that’s all about making your life easier when you’re working with Azure, when you’re navigating the Azure portal, or using the Azure mobile app. Now, keep in mind, at the time of recording this, Copilot in Azure is still in preview. That means it’s like a sneak peek, and there are some extra terms you have to check out before you jump in. This Copilot in Azure can be a real lifesaver. It knows a ton about Azure’s services and resources, it also has access to all the information in Azure Resource Graph. It’s like having a cheat sheet for the cloud. You can ask it questions about your environment, and it’ll give you answers tailored to your own Azure resources, and your level of access.

Title: Microsoft Entra ID Governance licensing clarifications

Source: Microsoft Entra (Azure AD)

Author: Kaitlin Murphy

Publication Date: 6/19/24

Content excerpt:

In the past few weeks, we’ve announced the general availability of Microsoft Entra External ID and Microsoft Entra ID multi-tenant collaboration. We’ve received requests for more detail from some of you regarding licensing, so I’d like to provide additional clarity for both of these scenarios.

Title: How to break the token theft cyber-attack chain

Source: Microsoft Entra (Azure AD)

Author: Alex Weinert

Publication Date: 6/20/24

Content excerpt:

We’ve written a lot about how attackers try to break passwords. The solution to password attacks—still the most common attack vector for compromising identities—is to turn on multifactor authentication (MFA). But as more customers do the right thing with MFA, actors are going beyond password-only attacks. So, we’re going to publish a series of articles on how to defeat more advanced attacks, starting with token theft. In this article, we’ll start with some basics on how tokens work, describe a token theft attack, and then explain what you can do to prevent and mitigate token theft now.

Title: Move to cloud authentication with the AD FS migration tool!

Source: Microsoft Entra (Azure AD)

Author: Melanie Maynes

Publication Date: 6/26/24

Content excerpt:

We’re excited to announce that the migration tool for Active Directory Federation Service (AD FS) customers to move their apps to Microsoft Entra ID is now generally available! Customers can begin updating their identity management with more extensive monitoring and security infrastructure by quickly identifying which applications are capable of being migrated and assessing all their AD FS applications for compatibility.

Title: Introducing the Microsoft Entra PowerShell module

Source: Microsoft Entra (Azure AD)

Author: Steve Mutungi

Publication Date: 6/27/24

Content excerpt:

We’re thrilled to announce the public preview of the Microsoft Entra PowerShell module, a new high-quality and scenario-focused PowerShell module designed to streamline management and automation for the Microsoft Entra product family. In 2021, we announced that all our future PowerShell investments would be in the Microsoft Graph PowerShell SDK. Today, we’re launching the next major step on this journey. The Microsoft Entra PowerShell module (Microsoft.Graph.Entra) is a part of our ongoing commitment and increased investment in Microsoft Graph PowerShell SDK to improve your experience and empower automation with Microsoft Entra.

Title: The guide to Microsoft Intune resources

Source: Microsoft Intune

Author: Lior Bela

Publication Date: 6/10/24

Content excerpt:

Whether mobile or desktop, virtual or physical, in the office or out in the world, Microsoft Intune can help you secure access to your company resources and keep your workforce productive from a single pane of glass. While this is an awesome capability, it also brings some complexity with it. Customers have asked for a guide that spells out explicitly what they should do to get started with Intune. Here you'll find the resources you need before, during, and after your Intune deployment.

Title: Windows Server 2025 Storage Performance with Diskspd

Source: Storage at Microsoft

Author: Dan Cuomo

Publication Date: 6/14/24

Content excerpt:

If you manage on-premises servers, you know one of the final tests you run before going to production is a performance test. You want to ensure that when you migrate virtual machines to that host, or you install SQL server on that machine, that you’re going to get the expected IOPS, the expected latency, or whatever other metrics you deem important for your business’ workloads.

So, after all the group policies have been applied, firewall rules are set, agents are installed and configured (or anything else you do in your deployment playbook), you download Diskspd, NTTTCP, and other performance testing tools you use to test this server compared to your baseline (if you don’t do this, you should be!).

Title: Myths and misconceptions: Windows 11 and cloud native

Source: Windows IT Pro

Author: Harjit Dhaliwal

Publication Date: 6/11/24

Content excerpt:

Let’s discuss the myths around the move to cloud-native management, with Microsoft Intune and Microsoft Entra ID, and Windows 11. In this post, we will address some common questions and misconceptions by sharing insights and perspectives gathered from the conversations we’ve had with organizations of all sizes from around the globe this past year.

Title: Deprecation of WSUS driver synchronization

Source: Windows IT Pro

Author: Paul Reed

Publication Date: 6/28/24

Content excerpt:

If you’ve been using driver synchronization updates via Windows Server Update Services (WSUS), you may already be aware of the newest cloud-based driver services. Many are already enjoying the benefits of managing their driver updates with Microsoft cloud. This means that we’ll soon be deprecating WSUS driver synchronization.

Title: Windows news you can use: June 2024

Source: Windows IT Pro

Author: Thomas Trombley

Publication Date: 6/28/24

Content excerpt:

Here are the latest Windows 11 features, capabilities, services, and tools that you can start using this month. Based on your feedback, we’ve also included information to help you catch up on lifecycle milestones and preview opportunities. We hope that this paints a better timeline and helps you embrace a secure, cloud-native future with Windows 11.

Title: Introducing GPU Innovations with Windows Server 2025

Source: Windows OS Platform

Author: Afia Boakye, Rebecca Wambua

Publication Date: 6/6/24

Content excerpt:

AI empowers businesses to innovate, streamline operations, and deliver exceptional value. With the upcoming Windows Server 2025 Datacenter and Azure Stack HCI 24H2 releases, Microsoft is empowering customers to lead their businesses through the AI revolution.

Title: Hyper-V live migration network selection in Windows Server 2025

Source: Windows OS Platform

Author: Steven Ekren

Publication Date: 6/13/24

Content excerpt:

Microsoft continues to bring innovation and improvements to our Hyper-V platform. Live migration has been around for a while and is a key component to managing virtual machines (VMs). With Windows Server 2025 you will see improvements that make Hyper-V more reliable, increase scale, and improve performance. This article covers an improvement with Live Migration, and you can expect to see more articles soon to cover other innovations for Windows Server 2025.

Title: Windows Server 2025 and beyond

Source: Windows OS Platform

Author: Dan Cuomo

Publication Date: 6/14/24

Content excerpt:

This article focuses on what’s new and what’s coming in Windows Server 2025.

Title: Use GPUs with Clustered VMs through Direct Device Assignment

Source: Windows OS Platform

Author: Afia Boakye

Publication Date: 6/19/24

Content excerpt:

In the rapidly evolving landscape of artificial intelligence (AI), the demand for more powerful and efficient computing resources is ever-increasing. Microsoft is at the forefront of this technological revolution, empowering customers to harness the full potential of their AI workloads with their GPUs. GPU virtualization makes the ability to process massive amounts of data quickly and efficiently possible. Using GPUs with clustered VMs through DDA (Discrete Device Assignment) becomes particularly significant in failover clusters, offering direct GPU access.

Title: Microsoft options for VMware migration

Source: Windows OS Platform

Author: Dan Cuomo

Publication Date: 6/21/24

Content excerpt:

Recent developments in the on-premises virtualization market have unsettled users and prompted a re-evaluation of their organization's strategy. Microsoft provides a robust set of solutions tailored to your specific goals and requirements. During this session, we will delve into these options, emphasizing the long-term advantages of choosing Microsoft & Hyper-V.

Title: Improving server security and productivity with Hotpatching

Source: Windows OS Platform

Author: Dan Cuomo

Publication Date: 6/28/24

Content excerpt:

When it comes to installing securing updates, organizations are often concerned about the potential for business disruption and reduced system availability. This is a thing of the past with Hotpatching!

Come see how Hotpatching enables you to apply critical security updates without rebooting your servers, reducing downtime and improving productivity. Hear from the Xbox team, who have successfully adopted Hotpatching for the online gaming platform. Discover what is in store as we expand the service and make it more broadly available.