You. Hello and welcome to the let's talk. Azure podcast with your host Sam Foote and Ann Armstrong.
If you're new here, we're a pair of Azure and Microsoft three, six, five focused it security professionals. It's episode one of season five. Alan and I had a recent discussion around what new features or services that have come into public preview or general availability over the past month or so. Here are a few areas that we covered Microsoft Defender for endpoint updates Microsoft entra global secure access general Azure infrastructure. Updates we have noticed that a large.
Number of you aren't subscribed. If you do enjoy our podcast, please do consider subscribing. It would mean a lot to us. For you to show your support to the show. It's a really great episode, so let's jump in. Hey, Alan, how are you doing? First episode back in 2024 and season five. Hey, Sam, not doing too bad. How are you? Yeah, our first episode, I think we're a week behind, but that's okay for what we said.
Yeah, we did have quite a long break and there was at least one person, at least one that called me out for our break that we had broken up a week earlier than usual. Nobody has caught up with me since us delaying our first episode of the year. So I think we've got away with it. Well, maybe when we publish this one we won't have, but yeah, for the moment we've got away with it. How was your festive holiday break?
Yeah, it was good. Lots happened and took the kids and the family to London for a weekend. And enjoyed it with family mainly. So that's all good. How about you? Yeah, very similar. Not really doing a lot. Didn't have to travel too far this year, which was nice. It's always good to spend time with. Family and I think we got a.
Good amount of disconnected time as well. It didn't feel too long as well to me. I felt like we were shortchanged a little bit because of the dates and the timings of it. But I think that was good for me personally because I didn't get to the stage where I felt like I didn't know what to do, if that makes sense. Right. We came back to work sort of at the right time for me personally.
Yeah, I think it's the longest because I think I took a couple of weeks. Can't remember now. It seems so long ago. But last year, even though last week or whatever it was, but yeah, it was a long time. I think it's the longest time I've had off for a while. Nice. Yeah, it's good to decompress for sure. Right, Alan, should we get stuck into this episode? It's probably worth me sort of setting the scene really on this one. We're going to try some new formats. Of episodes this year.
For season five we're going to start to cover news and updates because we do like to focus on certain topics and deep dive into certain areas. But there is so much change in azure that we don't want to do sort of updates and news too much because there is a lot and there's a lot of noise there, mainly around topics that we're not mainly focused on or we don't feel add a massive amount of value, if that makes sense, not like a big step forward. So what we're going to try is we're going to try and do maybe a monthly news and platform updates episode where we just sort of highlight and pick out the best updates that we sort of resonate with that can sort of add the most value to people using Azure and Office 365. So Ellen, do you want to get us started and give us some of your. These are mainly sort of December ish, early January updates, right?
Yeah, sort of, yeah. Probably coming out of ignite as well. I know we kind of did an ignite episode, but there's some stuff that I found whilst looking at some of the documentation about what's new that I didn't even know that had come out sort of thing. And some of it is quite interesting. So like you said, I don't think it's very hard, I think, to sort. Of announce some of these news or. These updates, especially when we're doing specific topics every week.
So yeah, every so often doing a quick update of some interesting things is good. I guess one of the ones I've noticed sort of since ignite as well is we did an episode on secure global access, but the Internet access now is public preview. So this is the other part to it. I wasn't able to get onto the private preview so I couldn't see what it was about. So probably in sort of December time.
I was sort of checking it out because I think this got announced in late December that it was public preview. In essence, this part of the secure global access, there's various sections of it, but some key areas are sort of web content filtering, user based. So if anyone's been using defender for endpoint web content filtering, which is device based, this brings it to the identity at this point so you can be. More granular with it.
So if you've got devices that are multi user, hot desks, things like that. You can now be more granular with it. And the categories are very granular as well. So with defender for endpoint, the built in ones, I'd say there's quite a few categories there, but sometimes it doesn't break down far enough for some organizations. But this one now sort of breaks down into things like, I'll just throw some out here like dating and personals.
The usual ones that shouldn't be seen at work. You've now got business use, so now. You can allow that category. So it should sort of COVID everything we need. There's things in here like personal sites, private ip addresses, so you can block that with it. Now just a quick look. There's a few others games, because it wasn't really broken down, sort of this granular last time. There were some really peculiar ones, I thought. So it can cover malware, cryptocurrency, mining, that sort of stuff.
Now. Isn'T that I should say one of the sort of reasons for customers not to utilize web content filtering in defender for endpoint as much as maybe point solutions that are out there because of the lack of granularity. I've seen some pushback from that side, if I recall correctly. Yeah, so it's that and it's also being able to add your custom ones in. So you could do it with Defender. For endpoint, but it was custom indicators.
And I think there's only a limit of like 15,000 URLs or ips and things like that. Does that include your IOC correct indicator? Okay, yeah, it's all baked into that sort of thing. And it was very difficult as well. To, because you'd have to almost like. Categorize group devices based on the users. Rather than categorizing the users. And it doesn't matter what device they use kind of thing. So it's very difficult. So if you were on AVD or Windows, no AVD, and you had multi session.
You couldn't differentiate between it. I mean, to be fair, I don't. Know if this works on AVD after. Saying that, but potentially it will do. In the future if it doesn't. Okay, that's pretty good. That's definitely a compete there for the proxies out there. We still don't know how much this. Service is going to cost yet. It's not been announced in there.
That's going to be very interesting to see because both sides of secure access is, there's a lot of noise about it. At the moment. Right. Lots of excitement. So it's going to be interesting to see. And I just fingers and toes crossed that it lands without a bump. Yeah, exactly. And along with this, along with web content fill, you can block URLs directly. The other interesting thing which I didn't. Know was that technically, because you kind of create policies and groups for the.
Different sort of areas for accessing, say. Dropbox as an example, and you're not got single sign on from know going. Into it, you could actually put MFA in front of that application that served that application or that URL even because. You can add condition. If you want to access that category. Or allow it, you can put an MFA in front of it, which I thought was interesting. Yeah, really? Yeah, there's that. And also sort of the other part. To it is that within conditional access.
You can have a compliant network. So because you're kind of tunneling through this through the Microsoft network, it identifies you as going, being a trusted device and going for a trusted network. It means you can then only allow access to three six five if you're connected successfully. Meeting criteria. I guess some organizations today force.
It'S not wrong to do it this way, but force users to go via their VPN to access three six five, which is fine. It adds the extra security to say you have to be connected to us. To be able to access three six five. But it obviously does put reliance on.
The organization's VPN service. All the data has got to come that way and go out the organization's Internet pipes, things like that. So there's all cost there, as well as potential risk of service being lost because those services go down for some reason. Not that organizers don't have contingency and backups and disaster recovery plans, but it's there. It's potential there. Yeah, I thought that was good. Yeah, no, that's really good. Yeah. Some great updates coming out of that new product.
Yeah, I just can't wait to find. Out how much it's going to cost because I think it's going to be. Like you said, it's an interesting one. I see loads of different scenarios for it already. That's that one probably going on to the sort of next one that's on my list. It's probably a smaller one, but quite interesting. In defender for cloud apps, and you have the cloud discovery shadow it, the app catalog there. Microsoft have added a new category in there for Gen AI.
So any generative ais that Microsoft are. Tracking or put into this now you. Can see which users are accessing it, which is interesting. And it's interesting because that means you. Can start to understand if users are. One using it, which is kind of in somewhat okay in some form. But I guess the potential risk there. Is. An organization's users using that service. And inputting corporate data for it to. Generate a report or something, and it. Then being consumed by the model and.
Then technically publicly available or not owned now by that organization. So I think that it's quite good to kind of understand, at least potentially, how big your problem is or how much people are using it, and whether. Something like Copilot, Microsoft Copilot for Microsoft 365 might benefit you if they're using it to enhance their output.
Yeah, definitely. I know there's a lot of concern, obviously balanced on the other side of productivity gains. Right. But definitely a prompt interface that you can effectively paste any data into. There is an element of potential data loss there, right. Through inadvertent insider risk activity. So definitely good to be able to identify the usage of those tools, at least before you even look at blocking it, maybe, which is really interesting. And I know there's a wider conversation about preparing for copilot. Right. What data your user has or doesn't have access to in the most simplistic sense. Right. Because day to day you might not know that you've got access to, I don't know, the payroll folder accidentally. Right. But then when you then ask Copilot how much one of your colleagues earns, you might get back the answer that you weren't expecting. So there's a lot of talk about how you approach sort of copilot and sort of, that's a wider generative AI conversation, I think, anyway. But yeah, it's good to see that there's recognition of those tools being used and starting to sort of follow up on that.
Yeah, absolutely. It might even be help the organization understand or at least give an area to ask the users why they're using it, not in an aggressive way to understand it. So that is there value in having some generative AI?
Because if you have like shadow it happening, right, somebody's starting to use copilot, maybe they've personally bought it and they're starting to use it to generate something. Right. It's better to be able to detect that and realize, oh, maybe this user does actually need to be licensed for copilot because they'll be able to get the same value out of it. It just might be more controlled. Right.
So you don't understand about this shadow it usage without being able to discover it first. So the fact that you can now categorize it is a big bonus, I'd say. Yeah, it's definitely a thing with shadow. It isn't, it is deemed bad because people are going around services, things like that potentially. But in some form there's got to. Be a reason why as well. So it's understanding that, isn't it, from. A business and then understanding if services. Need to be added or controls need.
To be changed to reduce it, like you said.
Yeah, because one of the big drivers of Shadow, it is not nefarious data leakage, it's a drive for productivity and efficiency gains. Right. But what we sometimes have is if we allow users to have freedom, they'll take that freedom quite rightly and start using it. And you don't realize it until you can actually discover it. So it's why Defender for cloud apps is so powerful and other tools like it, I should probably say, because it does give you that visibility. Yeah. Okay.
So moving on to my sort of next area is defender for endpoint updates. And there's a couple in here, some of them small but quite interesting. So if anyone's had to allow defender for endpoint out of your corporate firewalls internally, and you have to whitelist all of those URLs, which the wild cards, there's quite a few there, I can't remember how many. It's like 2025 URLs. You have to whitelist in public preview.
Now Microsoft have now started to move some of those services under a single wildcard URL. I can't remember what it is off the top of my head, but in effect about four or five of their services now now come into that. So now I think it's now down to sort of maybe five or six URLs. So that's in public preview at the moment. And you can switch over to it by enabling on the back end and the feature of Defender for Endpoint, which. Will make it the default. Or you can download the onboarding script.
And there's a simplified URL version of. It, and then you can just re onboard a device and it will switch over eventually. I expect Microsoft will push out that it will switch all of the endpoints over to it eventually. So it might be worth know a few devices being onboarded that way to see if your firewall rules will still work with it and things like that before the big change. But the change where Microsoft start pushing. It over, I expect it will be.
A couple of years before they decommission the other URLs. But it's worth preparing for it. The next one is the defender for endpoint. Plugin for WSL. So on Windows ten, Windows eleven, where you have WSL previously, defender for endpoint. Wouldn'T really sort of enter that environment because it's kind of sandboxed off. It's kind of like a different operating. System in some ways. So it's a plugin to sort of feed into that area to be able to then protect and detect in that environment what is.
Alan? Windows subsystem Linux or something like that. Windows subsystem for Linux, just more what it actually is. What's the benefits of it? Put me on the spot, Sam, thanks. So WSL is an effect where you can install a version of Linux, Ubuntu and some of the other ones there sort of into your operating system for. Windows and then you can, I think. The main benefit is really around developers. So they can then develop in Linux in effect. Is that right Sam?
Yeah, I think one of the big drivers for WSL is that a lot of developers have the preference of utilizing Macs for development. There's a good ecosystem of package managers, application management systems and to some extent Linux has a lot of that as well. And plus now a lot of this has been true for a long time because Linux has been a staple of servers on the Internet for a long long time. But if your preference was to use Windows for your development and then you ended up deploying to a Linux server, you would have to go through that disconnect of making sure your app ran in both places.
Right.
There's a big push to develop as close in the system, as close to your end production environment as you possibly can. That's number one. Number two as well is running Docker on Linux doesn't require the level of when you ran docker on Windows previously it used Hyper V. You effectively just installed a. I don't even know what the. I assume it was just like a debian image or a virtual machine and you effectively just proxied into it. And now Docker runs natively within side of WSL. Because WSL is just a hypervisor. Linux or Debian, that's probably fair to say Unix like operating systems, you can install various different ones. What the real benefit is as well is if you run a graphical user interface application. So let's say you take your vs code or something like that. When you run it from WSL you can actually interact with it just like a normal window. Like a normal windows window is probably the right thing to say. So you get best of both worlds really. You have this isolated integrated development environment that is close to your production systems, know, dockerized. But you also get the benefit of having windows as your primary operating system if that is what your preference is. For me, when I was previously a developer, I needed to use my Mac less and less because the only thing that I really needed Mac for was iOS application publishing. But you can get around that anyway with dev boxes, et cetera, build services. Now WSL has made a lot of that really easy to work with. So yeah, like you say, MDE coverage is really important in those areas as well because you're effectively root in that operating system. So there's potential there.
Yeah, and I guess as well, like you said, it's easier, using WSL is easier to manage because it's kind of just there sort of thing as part of the local os in some form. But also I guess I kind of feel like it doesn't take as much resource as if it was a VM. Because you got your own disk to. Look after and it's everything else ram where it's all just like shared at that point. It's all sort of native in some form.
And if you think about it, the visibility of MDE, you're moving sort of your crown jewels potentially into that instance. Right. You're maybe putting your application code so you do have to think about vulnerability management there and other malware and other threats and attacks. So it's important to cover it, that's for sure. Yeah.
Okay, so the last part of sort of the defender friend endpoint updates is this new attack disruption called user contain. So we've had device contain, so that if you've got enterprise Iot discovery on and you can see devices, you can contain them. So that all defender for endpoint enabled endpoints, stop talking to it. But this is in effect going to the user perspective. So this is one of the things. That I didn't know came out and. Sort of found, and this is really.
Interesting in that in effect when you. Contain the user, it doesn't matter where they are, but if that user tries to authenticate or sign into any device that's got MDE on it. So if you're trying to connect to SMB, RDP, RPC and network logon as. Protocols, they're blocked for that user, but everyone else is fine. That seems like really powerful to be. Able to stop a user. So if user has been compromised, either human based attacking or it's ransomware and.
It'S using their credentials to access SMBs, things like that. You can slow that process up.
I won't say necessarily stop it because obviously defender for endpoint is going to try and stop the spread of it, but it's going to slow the process up of that user being able to access services or lateral movement, things like that, until your soc or your security analysts can then investigate about how gives them more time basically to do that investigation and the impact and try and actually stop the attack completely. So I think that's definitely an interesting one.
I need to go and try it somewhere. So we'll probably be testing it out in the next couple of weeks. Sam, thanks. As added to the list of cool things we need to check out. But yeah, I thought that was really interesting. There were a few more other areas to sort of COVID but I think that's enough for this month kind of thing for. So Sam, what have you got for some of the news out in the last couple of months?
Okay, I'm going to start off with a freebie because we do like a freebie. Well, it's not fully free. It is free. I don't know. SQL managed, don't know. I don't think we covered it in our SQL Azure episode. It probably warrants its own episode to be honest with you. But a SQL managed instance is effectively SQL Server hosted for you in a PaaS environment. So it's not quite SQL Azure. So what we sometimes happen when people are migrating for from maybe their own on prem or even cloud based where they manage their own SQL instances, we sometimes have an issue migrating them to SQL Azure. Maybe there's some features that aren't supported in SQL Azure yet because there are some differences there. Managed instances effectively, I believe it's the latest stable version of SQL Server that is managed for you so you can connect to it with SQL Server Management Studio. It's very similar to what you would have been used to with your on premise SQL environments. There is now a free, can I call it tier? There's a free tier that is free of charge for the first twelve months. So you can have a general purpose instance. One of the big things about having a managed instance is that you just get a host and you can have as many databases basically on it as you want. Whereas in SQL Azure, unless you're going with elastic pricing model, you usually have to pay per database generally. So this gives you a general purpose instance with up to 100 databases. So there is a limit on this one. In the free tier, get 720 v core hours of compute every month that's about the average of one v core an hour for the whole of the month. Basically this is a free tier. It's really to get you testing it, making sure you're happy with it. Maybe running a pre prod or a development or staging infrastructure there. You got 64 gig of storage as well, so you can apply a free offer. You get it for a year and it's a really good way to sort of get started with it. The free limits are monthly, so you can run out of those 720 vcore hours. The instance will be stopped at that point. So you have to be a bit careful with how you're sort of managing that. So yeah, just be a bit careful if you're trying to run anything. But I think it's really mainly for development and testing, to be totally honest with you. I won't go massive into managed instance because I want to do a whole episode on it. But it's great to see there's a free offering there for people to at.
Least get started with. Yes, that's pretty good because like you said, this, probably wanting to move up. To it, but maybe don't want to. Spend six months trying to understand it. And if it's that, you know, I'm not saying it's that difficult, but six months to understand what you can do with it and kind of stuff and. You can do that for free and then move your prod instances up to the paid tiers. Yeah, that's great.
And you get the 720 hours for the whole month. Right. So if you do have a higher demand application that you want to test there, maybe you want to move like your tableau or x, Y or Z up there. You could migrate a backup version of it there, see how it runs, see how you go and then take it down. You might have consumed more than, let's say you had it up for a couple of days. You might assume more than 48 hours worth of v cores. But it doesn't really matter because your credits last. You, you can use as much as quickly as you want, basically the next one, which is good because I'm kind of a secret fan of Azure Chaos studio. It's not a secret. I did an episode on it, I suppose, but they've released some new faults in Azure Chaos studio allows you to literally inject chaos into your infrastructure in Azure. So you may be doing unit tests, integration tests, disaster recovery testing, but this is where you can actually simulate disruptions into the infrastructure without actually waiting for any disruptive activity to happen. So yeah, we did an episode I don't know when we did it. Alan, can you look that up whilst I talk about it? We did an episode. Go back and listen to that episode if it's something that you might want to test with your infrastructure and applications. But there's three new faults. The faults are what you inject in for service bus, which is change queue state, change topic state and change subscription state. So they're service direct faults. Basically you can inject straight into your service bus namespace so you can really test the reaction of your application to any one of those things. What's the best? Let me just see if I can get you a total. There's quite a lot of faults in the fault libraries and fault providers. There's a really good documentation from Microsoft on how you inject those faults in and how you manage them.
So if you're going to look for those numbers. But the episode was season four, episode eleven for the Chaos studio that you did.
Nice. Yeah, no, I'm done with that one. Just a quick update from Chaos Studio there. This next one is a bit of a mammoth. I'm going to try to not butcher this because this is not my area whatsoever. I just think it's cool, basically. So, DicOm, it may be a format that nobody's heard of, but it's. DicoM is used in medical imaging. I am not an expert, but I believe it's so that you can mark up and layer on top of medical imaging. Basically. It's apparently been a standard for ever, I say ever. Like the first version was in 1985, basically. So basically a diacon file, it's got various different artifacts inside of it, like the actual image itself, communication protocols, there's lots of other things inside of that file. I'm sorry, I'm absolutely butchering it, but it's quite widely used. We are now seeing a huge amount of AI and ML focus around medical imaging. So things like consultants not needing to mark up imaging that comes out of machines, people are applying machine learning and computer vision models to that, to detect, to screen images. There's a big conversation about how accurate that is and whether it's medically ethical to do that. But you can't deny the innovation that's going on in that space to improve efficiencies there. And what has now gone into preview is there's a diacom service in Azure health data services, something that I've never looked at before, but it's an integration and a layer on top of Azure data lake. So what they're really doing there is they are allowing you a specialized storage area and mechanism for storing those files, but then getting that medical imaging into data lake so that you can then connect it to the other ecosystem of tools that Microsoft actually currently has. And then there's obviously, well, not obvious, but there's a direct connection into Azure synapse, Azure databricks, Azure machine learning, Microsoft Fabric. It's effectively getting all of that data into one place. And what my assumption is is that integration is essentially going to allow you better access permissions and granularity of that specific diacom format. It's not something that I've looked at. I just wanted to call out that it seemed like a really good addition, especially if people are working in those imaging formats. All I've heard is that it's not trivial to manage those data formats day to day. But again, it's on my list. Basically there may be an episode on it because if I manage to get a, I don't even know where I'll get a diacom file to be honest with you. I don't know, there must be test ones out there. So I'll give it a try if I possibly can.
That's cool. Sounds interesting.
Yeah, the next one. So ultra disks, I love this product because it's probably one of the coolest, maybe Chaos Studios cooler, I don't know, it's one of the coolest names I would say, on Azure. So ultra disks are the highest performing storage option for virtual machine applications. So it's really about super data intensive workloads. Think databases, transaction, transactional workloads. So you know there's, there's, it's really for intensive bulk operations. It's not to be used for things like operating system disks. You can buy anywhere from four gig to up to 65 terabytes, I think something like that. I can't remember what it is. Yeah, I think it's 65 terabytes all the way from 300 megabytes per second throughput up to four gigabit gigabytes per second up to 160,000 I ops. These things are pretty high performance. I'd love to work on a product that required one. I unfortunately haven't ever had to deploy one. But what is good is they are now available in UK west and there's a bit of thing with, of it feels like it's smaller. I don't know that for a fact, but it definitely feels like it doesn't get as much love as UK south for us UK Azure dwellers it's also in Poland central as well. And I can't really comment know over there because I don't really know what the topologies are like over there. But it's good because if you do have an ultra disk deployment in UK south, you've struggled to have failover or disaster recovery, high availability to UK west. You might have data sovereignty issues that you, sorry, regulations I should say. I call them issues. Well just a freudian slip that came out of me there. So this is just going to give you more options and we do like to see these features being deployed across all the regions.
That's good. Yes. Like workloads, like SAP isn't it? And things like that. I think it's one of the examples. Good. I wonder if there'd be another disk type above ultra.
Why don't it would be. It's got to be something pretty cool because whoever came up with ultra disc. Yeah, definitely. And the last one that I've got is something that I would have loved for many years. Azure app configuration snapshotting so if you've ever set app configuration in Azure app service, it is not complicated. There's a few different ways to approach it. You can use a key vault, you can embed it in your config files, you can punch it into the portal, you can use the API X, Y and Z, but sometimes you need to deploy new changes to that and sometimes that can be a bit dangerous. Right. Maybe you're updating a database connection string as an example. What about an audit trail? Because once you've changed it, who changed it? What did they change it from? What did they change it to seeing the history and difference there. So yeah, so general availability of snapshots in app configuration. So again, we're talking about safe deployment here, making sure that we control our rollout, we're not just free typing. And what can sometimes happen is your application, if your application is running, you might want to update some configuration all at the same time. So it's not like punch in one hit, okay. Punch in one hit, okay. You might need to roll it out all at the same time so you get controlled rollouts, last known good configurations, you get versioning, auditing. You can use snapshot between your testing and staging environments. So you've got consistent environments there and it's basically a lot simpler to manage. So yeah, really, really good update that I, I'd never really thought of, to be totally honest with you, I never really thought that you would need that, but now I've read it, I'm like, that's really handy basically. So yeah, if you're using app service then definitely have a look at that for sure.
Yeah, it definitely sounds like, I mean not that I've done a lot of app service configurations, but I have done a little bit and. Yeah, I see what you mean about. Being able to track it and also. Revert back easily without you having to. Copy and paste it somewhere you was. And stuff like from a novice doing it at least sort of thing, not from a CI CD process.
Yeah, and it's probably worth just calling out that it is integrated with Kubernetes service as app service, Azure functions and Azure container apps as well. So you create like an app configuration store? I believe so. I might do an episode on this because it's quite a cool feature, but I think I'd need to actually go through it and see how it works and how it works in the real world and how it functions. So yeah, it looks really cool. No, that's cool.
That's pretty much me. For a wrap up, anything else that we haven't heard of it, Alan, any other things that spring to your mind? No, I think they're pretty good ones. And like I said, I've got a. Few on my list of stuff but it's not really. Well, I suppose I could talk about. Windows three six five and AVD updates. He says that now there's been some updates just with the management of it.
Over the last sort of three or four months really. And I've been sort of slow keeping track of it in the background. But some main ones are like if. You'Re using Fslogix to manage the profiles on AVD, at least beforehand you couldn't. Configure it with Defender, not defender with intune. You had to kind of either do. A script to do it, but now it's in the settings catalog. So now you can configure that for it.
So that's a really good thing. And obviously the Windows three six five boot side of things, that's really good. Now that you can add Bluetooth devices, things like that which came out of I think you went GA and out of ignite side of things. So that's great as well because pretty much from a laptop perspective and using Windows three six five you're almost sort of there. The only thing that's missing at the. Moment is captive portals access.
But when I was at ignite that was sort of suggested that it's on the roadmap. So it almost makes reusing laptops old. Hardware and use the latest operating system. So seems like good win there. As well. But yeah, I think that's probably it for this episode, for this news. Nice, Alan. So yeah, what's the next episode? Yeah, so I'm going to do the.
Next episode or be the SME in the next episode, I should say. And I'm going to talk about Microsoft Defender XDR, kind of the rebranding of the portal, which was Microsoft three, six, five Defender. I think we've probably done an episode. On this previously, but quite a lot's changed. A lot of the products are now feeding into it. I think we kind of need a refresh now what's new, what's coming, what was announced kind of thing, and.
How. Powerful that portal is out of it, alongside with Microsoft, Sentinel and things like that. So I think it's time to not. Regurgitate, but refresh that sort of episode. Because a lot's changed. That's what I'll cover next week. Perfect. Great. Yeah, that's going to be really good.
Cool. Okay, so did you enjoy this episode? Did you enjoy this format of the news? If so, please leave us a review on apple or Spotify. This really helps us catch more people. Not catch, but reach more people than you. If there's a specific feedback about this. Episode, the format, we'd love to hear about it. We have a link in our show. Notes and get in contact with us. Yeah. And if you've made it this far, thanks ever so much for listening and we'll catch you on the next one. Yeah, thanks. All.