Core Infrastructure and Security Blog

9 MIN READ

CIS Tech Community-Check This Out! (CTO!) Guide (June 2022)

Microsoft

Jun 30, 2022

Hi everyone! Brandon Wilson here to introduce you to a new series of posts, called the “Check This Out!” series (or “CTO!” for short). These posts are only intended to be a guide to lead you to some content of interest and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will cover a high-level summary of what's in the post, give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be similar to our prior series “Infrastructure + Security: Noteworthy News”.

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

Title: A Light Overview of Microsoft Security Products

Source Tech Community: Core Infrastructure and Security

Author: Alan La Pietra

Publication Date: March 29, 2022 (original; updated 6/2/2022)

This post provides a light overview of Microsoft security products within the Defender realm as well as Azure Sentinel, a bit on Intune, and provides you with links on where you can go to learn more about the products!

Content excerpt:

Hi, Alan here today to lightly cover something I have been asked by customers in regard to Microsoft’s security products....and that is “what defender products does Microsoft have and what are they used for?”.

Well, it’s a good question, so I thought this blog might come in handy for those questions. This is not intended to be an extensive guide by any means, only to provide you some basic information, and to help point you to where you can learn more. So, have a good read...

Let's start with "Zero Trust" capabilities and relation to Microsoft Security Products (https://aka.ms/mcra).

Title: Understanding Lock Contention in Windows Performance Analyzer (WPA)

Source Tech Community: Ask The Performance Team

Author: Will Aftring

Publication Date: June 14, 2022

This post provides a GREAT rundown on using WPA to review thread lock contention and provides a nice overview of what the thread states are as well.

Content excerpt:

For this post we will be using the Windows Performance Analyzer (WPA) to review data collected with the Windows Performance Recorder (WPR). For the sake of keeping this post focused I won’t go in depth on WPR but there are plenty of resources on how to get started. Getting Started Windows Performance Recorder | Microsoft Docs

Title: Failover Clustering in Azure

Source Tech Community: Failover Clustering

Author: John Marlin

Publication Date: July 16, 2021

In this post, John Marlin (Program Manager) walks you through some basics of failover clustering in Azure. If you’ve had questions about how clusters work in Azure, or how to configure failover clustering in Azure, then this is some must read content for you.

Content excerpt:

Azure is a cloud computing platform with an ever-expanding set of services to help you build solutions to meet your business goals. Azure services range from simple web services for hosting your business presence in the cloud to running fully virtualized computers for you to run your custom software solutions. With over 60 regions globally, 200+ products, and over 17,000 services and applications, Azure has everything you need in a cloud.

One of the products that can serve as the compute infrastructure for our service or application is Failover Clustering. Failover Clustering can be a traditional cluster or it can be running Storage Spaces Direct. No matter the choice, there are a few configuration changes that must be made post cluster creation to ensure connectivity can be made. Starting in Windows Server 2019, and moving forward, we have added detection into the cluster creation process that will automatically do some of this configuration for you.

Title: Failover Clustering Networking Basics and Fundamentals

Source Tech Community: Failover Clustering

Author: John Marlin

Publication Date: September 23, 2020

In this post, John Marlin (Program Manager) provides some updates surrounding networking in failover clustering.

Content excerpt:

In this blog, I want to talk about Failover Clustering and Networking. Networking is a fundamental key with Failover Clustering that sometimes is overlooked but can be the difference in success or failure. In this blog, I will be hitting on all facets from the basics, tweaks, multi-site/stretch, and Storage Spaces Direct. By no means should this be taken as a “this is a networking requirement” blog. Treat this as more of general guidance with some recommendations and things to consider.

Title: New Features of Windows Server 2022 Failover Clustering

Source Tech Community: Failover Clustering

Author: John Marlin

Publication Date: September 1, 2021

This post provides information surrounding new features for failover clustering in Windows Server 2022. If you work with clustering, as with most of John’s posts, this is yet another “must read” as you look to move to Windows Server 2022, whether on-premises, or in Azure.

Content excerpt:

Greetings again Windows Server and Failover Cluster fans!! John Marlin here and I own the Failover Clustering feature within the Microsoft product team. In this blog, I will be giving an overview of the new features in Windows Server 2022 Failover Clustering. Some of these will be talked about at the upcoming Windows Server Summit. One note that I will say is that this particular blog post will not cover the new features for Azure Stack HCI version 21H2. That is another blog for another time.

Title: To AAD Join or NOT...That is the Question

Source Tech Community: Core Infrastructure and Security

Author: Michael Hildebrand

Publication Date: May 27, 2022

This post, at a high level, provides some information to help you decide what route to take in regard to whether or not to perform hybrid or native Azure AD joins for your devices.

Content excerpt:

As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the rage. Outbound Internet access was used to look at wedding photos or research TechNet about recovering from an accidental AD deletion. Inbound Internet traffic was mostly remote users coming back into the corporate LAN – via VPN or <gulp> modem (where are my Shiva LAN Rover fans?).

A lot has changed. The Internet is now your LAN. Cloud services, SaaS, PaaS, anywhere/always-on connectivity, etc. are all mainstream now.

As I chat with enterprise customers in cloud strategy discussions, a few topics always come up once we get to the PC deployment and management aspects of that convo.

Title: New Azure Skilling Guides!

Source Tech Community: Azure Infrastructure

Author: Lanna Teh

Publication Date: May 24, 2022

This is a very quick post that outlines the new Azure skilling guide and provides you the links to download them. Whether you are a systems administrator or solutions architect that has to pick up Azure skills (let’s be fair, we ALL have to, we are in the future, the future is now!), these skilling guides can help you quickly gain knowledge so you can hit the ground running.

Content excerpt:

New to Azure or looking to broaden your knowledge?

Finding the right content is always a challenge, so we’ve gathered the essentials into a new learning resource designed especially for those that are new to Azure and want to learn more.

Check out Azure Skills Navigator!

Title: Recognize Tag Names Across Azure

Source Tech Community: Core Infrastructure and Security

Author: Anthony Watherston

Publication Date: June 6, 2022

This post provides a method to help consolidate and reconcile your tags in Azure to have a more aligned and easier to navigate tagging structure to help identify your resources more efficiently.

Content excerpt:

During a recent cost optimization workshop with a customer, they mentioned that although they had some tagging policies in place there was no consistency of tag names across the Azure environment. This post introduces a script to remediate this and remove some confusion from your tagging strategy.

The customer was trying to ensure that all resources were being tagged with a cost centre tag. Some of this was automatic and some was done manually by people. While there was a policy in place to control this in the future, they needed a way to remediate the existing resources.

Title: Introducing Azure Well-Architect Framework for Internet of Things (IoT)

Source Tech Community: Azure Architecture

Author: Ben Brauer

Publication Date: April 18, 2022

The title of this post, as with some others in this month’s “CTO!” guide, is very self-explanatory. If you are dealing with IoT, the Azure well-architected framework is yet another one of those “must read” areas that will help you with anything from planning your infrastructure to optimizing your costs to monitoring your resources.

Content excerpt:

Internet of Things (IoT) projects are high in complexity, and this complexity can increase substantially over time. While IoT is widely adopted in organizations, only a quarter of those IoT projects are in use, while many fail in the proof-of-concept stage. Companies cite a lack of knowledge and technical complexity as many of the challenges preventing them from using IoT more and developing new IoT solutions.

Azure Well-Architected for IoT was built by a deeply technical team of architects, consultants and developers who work daily with Microsoft’s customers and partners on their IoT solutions. This team sought to synthesize their experience of designing and deploying successful IoT projects into actionable recommendations for all our customers. Well-Architected for IoT is essentially the distillation of the knowledge and experience of our experts in IoT.

Title: Intune Device Configuration for Azure Virtual Desktop Multi-Session VMs Is Now Generally Available

Source Tech Community: Azure Virtual Desktop

Author: David Belanger

Publication Date: April 26, 2022

A quick post/announcement from David Belanger (Program Manager) about new features available for Azure virtual desktop. If you work with VDI regularly, these features might help you simplify your world a little bit more!

Content excerpt:

We're happy to announce that deploying Microsoft Intune device configuration from Microsoft Endpoint Manager admin center to Azure Virtual Desktop multi-session virtual machines (VMs) is now generally available. Intune already supports managing single session Azure AD-joined and Hybrid Azure AD-joined Azure Virtual Desktop VMs. You can now add multi-session VMs to the same management experience and deploy device-wide configurations to them. Intune is also the best solution for managing policy configuration on Azure AD-joined Azure Virtual Desktop multi-session VMs.

Title: Securing Your Virtual Networks with Azure Virtual Network Manager

Source Tech Community: Azure Networking

Author: Andrea Michael

Publication Date: May 11, 2022

This post provides a fairly in-depth overview of utilizing Azure Virtual Network Manager to secure your Azure virtual networks in the cloud. If you work with networks in Azure, you guessed it, this is another one of those “must read” articles.

Content excerpt:

AVNM is a one-stop-shop for managing the connectivity and security of virtual networks, or VNets, at scale. In this guide, we’re going to focus on the security features that AVNM offers.

AVNM works through three main components – group, configure, and deploy. You can group your VNets as you’d like, whether that’s by environment, function, team, or some other logical designation. Then you can create connectivity or security configurations to apply on those network groups. You can build and maintain topologies among the VNets in your network group with connectivity configurations, and enforce high-priority security rules among your VNets with security configurations.

Title: Optimizing Azure ExpressRoute with the Well-Architected Framework

Source Tech Community: Azure Architecture

Author: Chad Kittel

Publication Date: June 28, 2022

This is a short post outlining some basic information and additional resources for optimization of ExpressRoute, using the principles of the Azure Well-Architected Framework.

Content excerpt:

Today we’re going to be looking at the Azure ExpressRoute guide. Like all the Well-Architected Framework service guides, the Azure ExpressRoute guide delivers checklists and recommendations across the same five pillars, but with a focus on enterprise connectivity to Azure from your network. This connectivity supports your workloads that depend on the reliability, faster speeds, consistent latencies, and higher security offered by ExpressRoute than typical connections over the Internet. If you’re just planning your ExpressRoute enablement or already have it deployed, using the checklists and recommendations from this guide can help you identify opportunities to optimize this critical network infrastructure component and to make sure you stay on the right path.