Hello, and welcome to the let's talk. Azure podcast with your host Sam Foote and Ann Armstrong.
If you're new here, we're a pair of Azure and Microsoft 365 focused it security professionals. It's episode 35 of season five. Alan and I had a discussion around the news in September. Here are a few things that we key Microsoft entra intune and Defender features and updates, Azure changes, new features and any retirements. We've noticed that a large number of you aren't subscribed. If you do enjoy our podcast, please do consider subscribing. It would mean a lot to us for you to show your support to the show. It's a really great episode. So let's get started. Hey, Alan, how are you doing this week?
Hey, Sam. Not doing too bad. How are you? Yeah, really good, thank you. We took a little break, didn't we? A little respite for a week's downtime. How was your podcast holiday? Weird. Yeah, it was different, I suppose. I think it was about halfway through the week, I was like, oh, no, we haven't organized when we're going to record the podcast. And I was thinking, oh, no, it's actually okay. So, yeah, it was weird. Very strange.
Yeah, yeah, exactly. I mean, I think last week was pretty busy at work. This week's busy at work. And in between, that's somewhere. We had a land, didn't we? So, yeah, we played games all weekend. Yeah. So it just made it made sense, didn't it? What else exciting has happened in your world, Alan? I believe you. You may be going out to a exciting event.
Oh, am I? Yeah. So, yeah. Getting the opportunity to go over to ignite. We were colleague this time, so. So, yeah. Well, that's gonna be fun. We're gonna see what the new. The new locations like and everything as we keep talking about. Yeah, it's gonna be great to see it. Sold out super rapid, didn't it? I don't know if it sold out by our last episode, maybe it was three. It was like three days when it was. It sold out. The technical side, anyway.
Yeah, absolutely crazy. Yeah. So, yeah, fair play to everybody that got a ticket. And good to see that they've added the extra day. And hopefully, with the combination of the partner side, it's going to drive more attendance, more collaboration, you know, it really sort of, you know, for partners especially, it really adds a business case, doesn't it, to going, you know? So, yeah, the more people that can go, the better, I'd say. Yeah, absolutely.
So nice, right? What are we on this week, Alan? It is news. Do you want to kick us off with your side of things?
Yeah, sure. Yeah. I can talk about some of the news that came out of September. I don't remember what month it was last month. It's only a couple of days in, but it already feels like we're halfway through it to be fair. Okay, so where should I start? That is a good question. Okay, let's talk about defender XDR pool or defender XDR overall. So in here there was quite a few updates. One of them was the global search that's new, which allows you to in effect, search at the top of the, the portal for any entities that are detect, you know, that are consumed, not consumed, but identified within the sort of defender XDR and sentinel sort of environments. So that is now generally available. So I think I went to public preview sort of maybe a month ago or something like that. Makes it really easy to go and find your assets and then you know, see what information is around it. We've got the general availability gaining of copilot in Defender now includes the identity summary capability. So be able to provide instant insights into user risk levels, risk activities and things like that. So assuming that then you're able to in effect ask it what's the risks of this user kind of scenario? In a very non prompt engineering way that would be, but it's very simple, I think from a request there, from asking a generative AI, but in effect that sort of scenario. More defender XDR unified RBAC permissions being added to, to around the defender expert side of things. And there's some hunting context panels that are being added into the, into the advanced hunting there. So some good things. They're starting to bring all the new features I guess, into that portal and maybe not, rightly or wrongly, not as much. Probably moving into sort of the sentinel side, if that makes sense. I guess that's because it's kind of feeding into that one portal now.
Yeah, we're definitely seeing emerging, aren't we? Yeah, that's for sure. Search seems good to me. That seems like it would be valuable. Kind of makes you think why they haven't had a search before, I suppose. But anyway, they're not gonna moan that it's not been there, but you know, I've never really thought about that really. Because you, you sort of slice it yourself by going to different portals, don't you really, and hunt and sort of navigating through yourself. There's no, yeah, I suppose it's so big now it needs like search for it to navigate.
Yeah, yeah, you're right. You kind of like went to, you know, the devices or the identities and just searched under the assets now. But you know, you go to the products and then search for the, the entities kind of thing. But I think with the integration with Sentinel then they've had to sort of bring in a better searching mechanism, I guess because you got the raw data then, haven't you, within the center when it's got its own sort of entity pages which I guess are now integrating into the, well, we'll start to integrate into the assets and things like that, as well as I guess, some of the assets and things like that. That's coming out of the exposure management side of things and tax surface etcetera there.
Yeah, nice. Yeah, really good.
Yeah. So next one I'm going to talk about sentinel kind of segwaying myself there without even knowing it. Okay, so in here we've got some schema mapping added in the for scene migration experience. So this is around schema mapping specifically around splunk macros and splunk lookups. Being able to translate them into, in effect what you do in Sentinel. So definitely bring, building that sort of area up which we, I haven't really sort of touched to be fair, around migration, it's always been new builds for myself or existing sentinels. Yeah, not really looked at the, the migration side of things.
Yeah, I suppose it's like um, content conversion, I suppose, isn't it? Yeah, yeah, you're, you're, you're alerting rules or your detections then being converted into analytic rules or they said other things or, or just being able to help convert the data into the tables. If you want to transfer your current years worth of logs maybe into sentinel so you don't have to start from scratch and keep both as well. Nice. Yeah, really good.
We've got the general availability of importing and exporting automation rules using arm templates, which is really good because that was a thing that you couldn't as well that the sort of content areas that you couldn't do. So it's definitely going to help MSSP's and things like that to be able to then deploy their own automation rules. It's going to be really good. Google cloud platform data connectors are now generally available. So that's been preview. I have to say I haven't been keeping track of that one and then the other one, which is I think is quite important, is like defender for cloud. Microsoft have brought out a new pre purchase plan for Microsoft Sentinel. So being able to reserve the Sentinel commit units, SCU's, which isn't going to help the world when we talk about SCU's for co pilot for security. But yeah, so in effect you can prepay for your ingestion there. That includes that you, you do your pre tiering on the analytic, on Sentinel. So if you've got 100 gig of ingestion per day and you get a discount there, you can then add this reservation on top. I believe this is a you purchase upfront for a year scenario rather than like other azure reservations like virtual machines that you can pay monthly for it. So, so again, trying to save some money, I think there were some examples of something like 200 gig of ingestion. Let me just find it quickly. Yeah, yeah. 200gb a day of ingestion would normally cost 160,000 USD and it can be dropped down to 78,000 I think is the suggested thing here. What percent saving, possibly what on top.
Of your already your tiered cost. I think that might be a combination total, I think. Okay, yeah, the original page go price for 205th for five months of 200 gig would cost 160,000. With the accumulated commitment tier and the pre purchase plan, you can get down to 78,051% combination. That's from the pay as you go rate. Yeah. Okay, fine, yeah. And I think the first tier, something like 30, 20 is 31%, the 100 gig, and then maybe it goes up to 35. So it's adding another 20% saving on top.
That's similar to defender for cloud, isn't it? The commit about 20%, is that right? Yeah. So the maximum is 22, I think, but you can go from ten to 22. Okay, fine, yeah. Okay, nice. So yeah, yeah. You just gotta pay up front though, haven't you? It's a bit, but, yeah, but you know.
Yeah, exactly. Okay, well, yeah, that's good. If you're, if you've got a, if you're running them, you know, if you are running it a year and also if you've got like a match service, things like that, you can pay it, you know, pay it up with the, the mesh service on top as well, can't you? In fact, hopefully, yeah.
And that's, yeah, that's one of the, you know, what's the best way to put it? It's one of the blockers, isn't it, for Sentinel, really, because of its, you know, I'm not criticizing it for that, but there is a, you know, consumption cost, isn't there, you know, of ingestion and anything to lighten that load as much as possible is a good thing, isn't it? You know, again, you do have to have a bit of skin in the game and pre purchase, so there's that to think about. But at least you have options.
Yeah. After I can't comment what the tiering is on it, you know, when, what's the lowest you can start with thing sort of thing. But I'll take, I'll take a look at that at some point. Okay. Defender for cloud apps MDA. So in here there is kind of the, kind of the enhancement to the using Microsoft edge in browser sort of protections. This is now allowing you to enforce edge in browser when using business apps. So instead of actually saying well you can potentially use Chrome, you can use Firefox, etcetera, as long as you're from a managed device, this actually forcing it now to say hey, you have to be signed into edge. I think the main thing for this is sort of the security of edge and how much from a management perspective you can sort of control it. Not saying you can't do that with Chrome, but there are additional things in edge because it's, we'll say some of it, some of the add on stuff that's on top of the chromium sort of base is first party. But then the second part is just in effect that reverse proxy technology or not using it and it being baked in. So I think that's pretty cool as well. They are removing the ability to email end users about block actions. I think this is probably for two reasons. One is maybe notification fatigue, maybe on some of the notifications, but also potentially sending an email to say you're being blocked and that's been flagged might be bad if you're letting the bad actor know as well in that scenario.
So nice. Yeah, so that's removing and there's another one in here and it's more around a connected app called morale being added in into preview. It may be something use. It looks like it's like a brainstorming sort of technology that you can use and it looks like it can be used with copart as well in there. So it's probably something that you would probably want to protect. Nice.
The next one is intune. So on intune there's an update to the PKCs intune connector, just more around the requirements for it. I think there's an update to active directory so they just need to up and enter. So you need to make sure it's up to date to manage that side of things. But there's another one around app protection policies and the ability to set your work hours so that you can force the applications to, in effect, not work for the time outside of, outside of work hours. So it's actually the organization forcing it. Now, I know in some countries, I can't remember which ones. There are some legal, you know, government or. Yeah. Government requirements to say that, you know, you can't work outside your work hours. You can't even receive email on your devices, things like that.
But Alan, how will employees work unpaid overtime? Wow. I said, I said when there's regulatory compliances or requirements or government requirements, this. Doesn'T support my, my drive for capitalism. I'm sorry. No, this is, this is great. Really good. Yeah, I, that's a, yeah. Especially because like you said, I can't remember the regions that have that. But there are very strict. Yeah, I think it was working our rules. Right. Germany might be one of them. I don't know. I can't remember.
Yeah. But good that you can put that in place as a, well, as a mechanism to control that. And also that's going to be good for organizations for reporting about what they are actually doing. Right. Instead of just saying, oh, it's our policy that, you know, your line manager will not message you outside of work hours. Well, you know, you see it. Yeah, yeah. It's, well, it's there and as a technical control, isn't it? So that's really good. Yeah.
Yep. So the app won't even launch. It's not like you go into and it says, hey, not to work. It just says, no, can't access it. Does it kill the app? It's in effect when you try to log into it, when you launch it, it will say, no, you don't meet the required sort of requirement or the conditions to launch kind of thing. If your account was, if you're a non compliant, things like that. Okay, nice.
There's been some updates to the enterprise app catalog. Yeah. The ability to be able to, they've been adding new applications into it to increase the catalog in there. And then there's a, there's a few new updates to the Apple settings catalog. It kind of looks like it might be some of the, sort of the applications and things like that in there. Some web content filtering stuff as well. And kind of the deprecation of Android administration, Android device administrator mode, basically for Samsung as well because in effect, that's being deprecated one by Google but also by intune because it's not supported or it's not in the supported operating systems. There's a few more things in here but I think some of the key ones. And then lastly, defender for cloud, kind of jump into the azure area which will kindly make us a segue into your area, Sam. Not planned, honest. So one part is the general availability of the far integrity modeling based on defender for endpoint because the old mechanism uses the Microsoft monitoring agent which is now deprecated, still working, but I don't think you can deploy it anymore. They've also got the GA of actually the new file integrity monitoring migration experience, so being able to move between the two. So as they've ga'd that the actual technology, they're then allowed you to then make it easy to migrate. They have integrated integrations with power Bi now, so you now create custom reports and dashboards using the data for different cloud directly, which is quite interesting. I guess it's kind of there anyway, just they've actually built in the connectors for it.
Nice. Really good. And yeah, I think that's, there's a few others in here but that's the main ones for me. Nice. Thanks.
Al right, let's go on to Azure then. Quite a lot of changes. Public service announcement there was a lot of retirements in August and also a lot of retirements announced in September as well. I haven't got all of them because I only pick stuff that I get excited by, if that makes sense. So just a public service announcement. Always make sure if you are building or you use Azure in any real way to make sure that you are checking the updates. Just Google Azure update feed and just make sure you're keeping an eye on it, subscribe to it, do whatever you need to do because especially if you've got older resources, things can be retired and you may need to do maintenance to keep things live and obviously secure as well. So, but we won't go into that. Right. So first one now, generally available Azure public ips are now zone redundant by default, so it's a no cost extra. A zone redundant ip is created in all three zones for a region and can survive any single zone failure, improving resiliency. It's not in every single region I believe at the moment. I think it's, it's not all of them. So do go check the documentation, but you can also have it in non zone redundant as well. If you're using standard public ips you can pick a picker zone. Enter id support now for SSH connections in the azure portal. So yeah, so bastion now supports in public preview now supports enter id for SSH connections from within the portal. So yeah, big, nice big change there. Very good. We like not that bastion has our first choice. Hey Alan. But you know, we do like to see modern authentication protocols used. There is now a public preview for some out of box monitoring dashboards for logic app standard. So there's some key sort of insights that you get from these new out of box monitoring. It gives you a high level overview of application health, success rates, runs, actions and triggers as sort of an overview screen. Then you've got a workflows area where you can dive into individual workflows and see the status of each run and identify any issues. And then you can delve into each of those runs as well. There's also a compute area where you can monitor the compute utilization to look at performance scalability issues. So yeah, if you're using logic app standards, logic apps standards standard, I mean, sorry, go and check that out. It could help. Another public preview for logic app standard now introducing template support. So templates are sort of pre built workflow solutions that are portable between environments. So we like the ability to template and we like the ability to, especially for disaster recovery to be able to rebuild. So definitely check that out if it's of interest. Sorry. 2 seconds. Azure functions now has support for Powershell 7.4 in general availability. I believe the 7.02 version, I don't know if it's a LTS release, I think it's getting retired soon, so might be 7.2 or 7.3, I can't remember. But 7.4 is now there. Powershell and Azure functions is epic because a lot of people know Powershell, especially from, you know, on prem days. It's been around forever hasn't it? And it's, it's almost, it's almost basically.net in it. It's dangerous but it's great. It is so good. And using Powershell and Azure functions is a really good way of getting functions and jobs being created in a really low cost way. Always good to see that they're keeping that up to date. A new kind of scary public preview live resize for Azure Premium SSE V two s and ultra discs dynamically increasing the size of your storage capacity of your dig uh, your disks without causing any disruption to your applications. So this will allow, allow you to reduce costs so you can begin creating smaller disks and gradually increase their storage capacity without experiencing any downtime. According to Microsoft. I have not tried this. I want to try it. So I'd love to hear stories from the trenches on how well that works.
I wonder if they changed anything in the hypervisor side of things.
I have no idea. That preview fills me with dread, but there's some very smart people out there, and it is what year are we? 2024. Sorry, I had to check that. My mind had 2025. I don't know why I azure web pub sub now has a new public preview to support MQTT so that you can use the MQTT protocol. It does have to be over websocket. I've never used MqtT over websocket, so I don't know if that's complicated or not. And you can essentially have a hosted MQtT instance. So yeah, be interesting to see what organizations are using sort of cloud hosting services for like MQTT and things like that. But I suppose it does reduce dependency locally, so that could be handy. Okay, another update to logic app standard the logic app standards team this month seems to have just been on a absolute mad one. There's a new public preview where there is a low code rag ingestion, which is an with built in document passing and chunking. This is essentially the ability to pass a document chunk the text from content such as PDF CSV Excel into tokenized strings, which then allows you to feed that into Azure AI search and Azure OpenAI to actually be able to search against that data via an LLM. We did an episode, I think, didn't we? On Rag, if I remember rightly, and one of the most complicated. What's Rag stand for? Retrieve retrieval, augmented generation, something like that. I've butchered it, I apologize, my brain's gone blank. But essentially what it means is when you prompt, your inputs get tokenized, and then you do a search in your database for content that is similar to that content using a vector search. And then you pass that back, you attach it back to your prompt that you've put in and add it as context into the machine learning model. The LLM. What that basically means is that you can ground the LLM in more facts and facts that it wasn't trained on. So things like if you're in a security role, your operating procedures, your security architecture, if you've got specific formats that you want it to respond in, you can do that. And that passing of the documents, chunking the text, tokenizing and storing it is complex. That is one of the hardest. It's not the hardest part, but it's a hard part to orchestrate, should I say so? That's part of logic app standard now, which is. Yeah. Oh, it's a public preview. Anyway.
It's pretty powerful, isn't it, to add that into. Oh yeah, you know. Yeah, yeah. You want to ingest your PDF's and store them in azure AI search then. Yeah. So I. Yeah. Mental. Okay, do we all remember Azure data box? I do, because it's probably, I don't know if it's my favorite Azure service. It's the most unique surface. It probably is, to be honest with you. Or HCI stack, I'm not sure, because isn't there a picture with like somebody with like an Azure HDI stack on their back?
Yeah, that's it.
In like a grass meadow or something like that. Anyway, we digress. Now, generally available the Azure databox, 80 terabyte, I can't remember if that's the one you need a forklift for or not, is now generally available at Azure China. So who knows how you get it in and out of China. But it is able to, oh no, you can only import or export data to and from any of the Azure or China regions. That makes more sense to me because I think we did an episode, was it last news episode where we talked about Azure data box now goes international, doesn't it, between regions?
You can send the, or you can transfer the data internationally. Yeah. Just launch to your local region.
Sorry. Yeah, so that isn't the case here. But yeah, anyway. So, yeah, cool. But the box doesn't ship internationally, does it? They plug it in local to you and then transfer via their backbone, don't they? Anyway, yeah, I digress. There is now a smaller enterprise cache tier for Azure cache for redis. Now what you'll find with a lot of like PaaS hosted solutions like Redis cache is when you want grown up functionality such as high availability, enhanced caching, larger storage sizes, you have to bump up to a enterprise tier. Let me just get the pricing for this. Sorry, I'm typing, I haven't loaded it ahead of time, so apologies for that. And what can happen is that you can, your costs can essentially spiral out of control. You know, there are just some. I can't, sorry, 2 seconds, I'm trying to do two. Oh, I've got it now. Okay, fine, great. And I'll give this is Redis cache is a great example because to get active Jiro replication, a five nine high availability SLA, I believe the first tier was e, the funny name, the tier e five enterprise five with a cache size of four gig, moderate network performance, 17,000 client connections. So the total cost per that per month because with Azure Redis cash at the enterprise level, you pay for the infrastructure costs and also the software ip cost that started at $576 a month. Some organizations don't need to store a lot of data, but they do need high availability as an example, you know, to meet their, well their availability SLA's and also their doctor concerns as well. So they've introduced this e one. You only get 1gb of size, but the total cost of it is only $101 a month. So you know, it is, it's still a month. But if you don't need to store any more than a gigabytes worth of data in a redis cache and a redis cache is just used for caching, you know, Microsoft do make the, do make the, there is a little asterisk which says e one cache is recommended for dev test only. I probably would ignore that recommendation personally, but if in your dev test environment you do want an enterprise tier to test some of the, you know, some of the, you know, because there's different modules that you get for redis in the enterprise tier. So you might need an enterprise one in your dev test environment. So that could, that could legitimately reduce your cost. So I like to see things like that because we don't want those higher tiers with sort of better setups being, yeah, paywalled away. Azure application gateway support for TL's 1.0 and TL's 1.1 will end by the 31 August 2025. I included that retirement notice because Azure application gateway is something I've used. So yeah, August 2025, yeah, we'll remind you again, retirement Azure front door is dropping support for TL's 1.0 and TL's 1.1 and it, the, the support will end by December 1, 2024. I don't know if I've called this one out. Can't remember for I can't remember it personally, so that doesn't seem very far away. So yeah, Microsoft have a testing tool, an application testing tool called Microsoft Playwright. I'll probably do an episode on it soon because it is quite cool. It's not specifically Azure, but it's all LinkedIn. There's now a public preview of enhanced reporting and also Microsoft entry id authentication in that testing. So yeah, to get access to the workflows you can put enter id authentication in. And last but not least, there is now a public preview for Azure functions. Dotnet nine. Can you believe.net dot net is on version nine? And we're not talking about the.net framework either, because we had how many. Oh my God. Major versions we didn't get too far, did we? But minor versions we definitely did. Dotnet nine supports is now public preview in Linux plans. So yeah, if you want to stay up together with the latest versions of.net, i think.net nine is not an LTS release. I believe it's dotnet eight. So this version won't last as long, it won't be in support for as long as the LTS release. Version eight, I believe. And that's the end of my items.
Wow. That's insane. There is loads. Except for that one month where it seemed like everybody had taken the month off. Yeah, they've come back to kudos to the logic app standard team. They've added some. Yeah, some really good functionality. Yeah, well, next month's gonna be interesting, isn't it, with ignite? So. Yeah, exactly. That's gonna, that's gonna go absolutely insane, isn't it? You're just gonna be talking for like an hour and a half, aren't you? So don't worry listeners.
Well, no, because you'll be covering all the new AI AI enhancements, Alan, so you'll be fine. Yeah. Just being upset was kind of a joke. Why don't I just be a episode just on ignite in AI and then everything else in another episode, I expect. Cool. Okay. Yeah, I don't think there's anything else that I can think of from kind of the things I've seen coming in. Just think. No. So what's the next episode then, Sam?
I'm going to cover Azure web jobs. Probably won't be a super long episode, but it's sort of a more, I would say it's a more hidden feature of app service, being able to add background tasks for your web apps. But I do want to cover it because it is a challenge that people have with Paas hosted web applications. So I think there's some cool unique ways that you can use it as well. So we're going to cover that. That's cool. I've never, never heard of it.
Excellent. Yeah. Like on a side note, I can't believe we're on like episode 35 this year. Seems in itself absolutely crazy in theme.
Cool. Okay, so did you enjoy this episode? If so, please do consider leaving us a review on Apple, Spotify, YouTube, or I think our website now as well. It really helps us to reach out to more people like yourselves. If you do have any specific feedback, suggestions around episodes or anything you want us to cover. We have a link in our show notes to get in contact with us, or you can add a comment to any of our episodes on YouTube.
Yeah, and if you've made it this far, thanks ever so much for listening, and we'll catch you on the next one. Yeah, thanks. All.