You, Helen. Hello and welcome to the let's Talk. Azure podcast with your hosts, Sam Foote and Alan Armstrong. If you're new here, we're a pair of Azure and Microsoft three, six, five focused it security professionals. It's episode nine of season five. Sam and I had a recent discussion around what Microsoft released in February. Here are a few things we covered dark mode in Defender XDR Cloud PKI, improvements in Azure key vault and configuration as code customization in Microsoft dev box.
We've noticed that a large number of you aren't subscribed. If you do enjoy our podcast, please do consider subscribing. It would mean a lot to us for you to show your support to the show. It's a really great episode, so let's dive in. Hey, Alan, how are you doing this week? Hey, Sam. Not doing too bad. It's been busy prepping and things. How about you? What have you been prepping for? Prepping to go over to Redmond to Microsoft MVP summit next week.
Nice. That sounds exciting. Get to meet up with your fellow mvps. Do you know how many attend? Is that a known number? Yeah, I don't know. Off the top of my head, I don't know what sort of the numbers are. Unfortunately, it first to go last year. Yeah, no, that'd be really good. I assume we get a lot of backstage access, is that right? At this type of event? Is this in with product teams? How does it sort of work? Yeah.
I go see what I can say now, but yeah, there's definitely a lot of stuff, sessions with the community as well as the product groups, things like that, to find out what's coming for us to be able to give feedback along with various other things which are very interesting. So looking, really looking forward to it.
Obviously it's a chance for you mvps to sort of mingle and network with each other, but is it really to sort of give you a flavor of what's coming up for the next year so that you can start to plan content, feedback, that type of thing?
Yeah, it's a bit of that. But it's also, like you said, it's not just about being around with the other, you know, other mvps. It's about, you know, the product groups and be able to give feedback in person or if you're virtual then virtually. So yes, to see what's coming, what's planned, maybe a deeper dive into some of the stuff that you've not been able to get into. And yeah, there's like roundtables of giving feedback. What's good. What's bad about some of the solutions? Sweet. Yeah.
Well, hopefully have a really good time. Probably just to call out now is we're not going to do an episode next week because Alan is traveling and it's slightly unfair on both of us to try and organize a remote podcast session. So. Yeah, we're going to skip next week, but then we'll be back with a nice episode from Alan the following week. Should we jump into the news?
Yeah, sure. I'll go first. So some things in Defender XDR or the Microsoft Defender products, the biggest thing I think is dark mode in the portal. It seems to be the thing that a lot of people are waiting for. I've never actually really noticed that there isn't a dark mode, to be totally honest with you. How do you configure it? Is it just system aware? Like if you're.
Yeah, I think it's system aware. Or there's a little button on the actual screen itself that says dark view. I think we did notice it the other day, which didn't realize because some of the text was a bit weird. Can you remember? But maybe not. But maybe I was talking to Chris or someone else. It might have been Chris, actually, but yeah, we've seen it was a bit different. I didn't quite realize it was the dark mode. You're like, what's this? This is a bit buggy today. Like somebody.
I think it's because I'm used to dark mode in everything that I didn't realize it wasn't in dark mode before. I think that's probably the problem. Is it everywhere? Is it rolled out fully now? What's the sort of status of it? Should we expect it?
Yeah, I think it's portal wide. I think they did it in February. So I think it is everywhere now. Okay, so yeah, nice. Okay, so on to the next one and defend for endpoint. We have some new Attack service reduction rules. One of them is rebooting machines into safe mode. So I'm guessing this is. No, sorry, that's not right. Blocking. Rebooting machine in safe mode. So that's the machine being in safe mode. Maybe a potential attacker or someone is making changes and then trying to get it to reboot into full os to try to execute command on the restart. That's quite an interesting one.
Have you ever seen that's it?
No, I haven't seen any attacks that way. But I can kind of understand what the rationale why you might there. Yeah, because I suppose you could set up a service or something in the safe mode and then if you can get past some of the protections maybe, I guess. So the other one is blocking the use of copy or copied or implement. Sorry, impersonated system tools. This could be the use of executable files. So it's acting as like copying copy tools. So copy and paste. So it might be, what tool was it I was using the other day that called it? There's some other tools. It might be like not snippet but something similar to that where you can copy and paste stuff into it. So it's just stopping something in the middle collecting that data. Maybe if you've got like the third party tools doing the standard copy paste or trying to read that data at least.
Okay, so executable files that identified as copies of Windows system tools, like applications that pretend to impersonate legitimate windows system tools. Is that to say like in your example, somebody made a nefarious version of the snipping tool? Yeah, okay. Right, nice.
Yeah, that's kind of the ones there. There were some others, but they sort of came out in March, so we want to keep them for next time. Defender identity. So a couple of months ago, maybe six months ago, they added the active directory certificate services connector or the agent. So you can see what your PKI is doing and they've just added some new security posture assessment against it. So you can see how insecure it might be because the certificates can be the keys to the kingdom for authentication, things like that. I think that's quite interesting to enhance that there.
Yeah, definitely 100%.
And then moving on to intune and kind of related to PKI and that is the release of cloud PKI. So being able to create your root certificate authorities and your issuing certificate authorities within intune and being backed by HSM hardware systems. So this means that you can now with intune providing you by the additional SKU, deploy certificates without needing active directory certificate services. So you don't need another step away from on premise sort of requirements. So for some organizations it might be you're using it for your Wi Fi, your VPN, that kind of thing. And now you may have a PKI server on premise just for that, but all your devices are cloud based. Enter joined. This now allows you to remove that server, save some money on resources or management of it, and let Microsoft sort of look after it and secure it. So I've been playing around with it and it's really good, really easy. It's a lot easier than configuring cloud active directory stiffcut services.
How much does it cost? I think it's on its own. I think it's around either two pounds or $2 per user per month. Okay.
So it kind of scales really well for small organizations because you haven't got to worry about me imagining a server. Maybe when servers, maybe when the user count does come in a little bit larger, the sort of cost saving might not be there from a server running versus paying for Microsoft to look after it kind of thing. But then I suppose you've got to think about your security and the maintenance of it, making sure that the certificates are still valid, the root CA and things like that. Sometimes what a best practice is to have the root CA offline and then turn it on when you need to upgrade the certificate and things like that. So there's all lots of things you have to do to make sure you keep it in a good state when you're using the on prem version. So I think a lot of that's gonna take a lot of that pain away.
Yeah, definitely. Yeah, there's, there's probably a lot of small to medium sized businesses that are going to really well benefit from that. Right. And like you say, once you get up into the large sizes, once you are an organization of a size where if you had 10,000 users, that'd be 20,000 pounds a month, wouldn't it? Right? Is that right? Yeah, 10,000 users would be 20,000 pounds a month, wouldn't it? Which is, that's a lot of hardware and a lot of somebody's time. Right. So it might not scale up to those levels, but at least there is a. Well, I don't know about the commercials for that. I can't really comment on that. But what I can, I suppose, comment on is that for the smaller to medium sized businesses, it is actually a way of being able to get access to this type of solution. Right. Because rolling your own thing just at that sizes just isn't feasible, is it, whatsoever?
No, because again, if you're small enough, then you might actually have an MSP sort of building that and looking after it for you as well. So there's additional cost there, I guess, as well. But it is part of the intune suite, so it's just been added to that. So there might be that the cost saving of buying the whole suite and you get a benefit of all of the products might mean that that cost is generally lower anyway. That's probably the way to probably save money on it from buying the suites as always.
Okay, so yeah, if you were looking at the suite then it's been added to the total suite cost. Is that fair to say? So it's no extra cost on top of the current suite pricing? No, exactly. Okay. I don't know how you'd split because I think the suites about eight or nine pound per user per month and I think there's six, seven, eight features in there. Yeah. Okay. Generally reduce the cost. I suppose it depends on what you're using in it.
Yeah, I suppose nefarious thinking that it's priced so that intune suite is attractive to upsell to if that makes sense. Right. Get bundle as much value into that total package so that two pounds per user per month on its own doesn't seem like good value, if that makes sense. But I don't know.
Yeah, exactly. Again, because you can buy it per user, you could buy one or two licenses, get it set up, test it out, get everything working with it and then decide to roll it out slowly. Or maybe it's only certain users need it. Maybe it's as simple as that as well in a large organization. Nice. Yeah, sounds really good. Yeah, that's kind of all I've got for this week. So what about you Sam, what have you seen that's new this week in Azure?
Okay, so yeah, a few updates in Azure. Again, the list is a lot longer than what I'm going to talk about. It doesn't paint a sort of fair picture of all the updates in Azure because there's a lot more, some cool additions I've seen. So app service for Linux now supports mounting Azure storage using the NFS protocol. This doesn't necessarily seem that exciting I suppose, but it does remove the requirement of SMB as part of your sort of. Now I don't really know the huge benefit of picking NFS over it because app service is managed by Microsoft anyway and the kernel is managed by them. So I don't really know how that side of things works. But yeah, there is NFS support now for app service for Linux, which I think is a cool update. There has been some improvements in Azure key vault so there are now FIPS 142 level three hsms now for Azure key Vault. So a newer standard, the federal information processing standard fips. So if that's a requirement in your organization, definitely check that out. Also there are premium hsms are now available that support PCI, DSS and PCI three DS certification as well. So for payment card industry data standards you have a managed HSM solution there that is certified. And a lot of times we bump into these type of regulatory compliance issues with using these sort of pass and sase sort of solutions. So it's really good to see some actual support. Ongoing rollout of new standards and regulatory compliance going out there. Probably worth calling out that it's been rolled out to all geographies except for the UK. At the moment I've got no reasoning why it's not in the UK, but that is availability for the UK will be announced at a later date. I'm guessing hardware availability but I don't know.
Yeah, hardware space maybe. I heard about them building another expanding the data centers. Right. But yeah, that's interesting. It's good like you said because we can put some controls around some of the Azure services to make them compliant with PCI and things like that. But if you can get one that's certified that you can just go yeah, put this please. Then that's box checked. Yeah, box check. I don't have to worry about it. Anything.
Exactly. So yeah, that's really good. There's a public preview now out for if you didn't need any extra help getting your SQL workloads into Azure, Microsoft have got another handy migration assessment tool for you. So there's an Azure SQL migration assessment now which is enabled via Azure arc. So I haven't tried this out yet. It's definitely on my list to do a bit of a deeper dive into. So once you connect your SQL server with Azure Arc, you'll receive an Azure SQL migration readiness assessment. And for you, Alan, it is on by default obviously. And it will also do it on a continuous basis to keep you up to date to make sure if at any time you fancy moving your SQL workloads to Azure, there is an assessment ready there waiting for you. But take away the sarcasm for a moment. I think any type of system that helps companies migrate if that's something they're looking to do and to take away some of that burden of migration. I see that as a net positive in my personal opinion.
Yeah, definitely. It should be on by default, shouldn't it? Check. I suppose if it wants to dive in a bit more you might have to give it some permissions but into the database itself. But I suppose it might be able to get some information from ARC and stuff like that.
Yeah, it's good. Yeah. And when you look at the SQL server, the Arc SQL server, there's a migration section on the left hand side menu and there's just a separate blade called assessments and it's currently preview. So yeah, it will give you sort of readiness assessments map out your risks and any concerns that it's got and it gives you a confidence rating of how confident it is that you'll actually be able to migrate. The other really cool part of it which I haven't mentioned yet, is performance based Azure SQL configuration calculations. So they take snapshotting for ten minute data points and then attempt to size you into SQL and Azure because that is not a simple conversation to have converting on prem SQL resources into the cloud. Dtus, isn't it? Well, dtus or blended vcores, however you want to size that type of thing. So I'm really sort of keen to give this a go and once it gets maybe a little bit closer to GA, maybe we'll do an episode on it and I'll take us through actually running an assessment and see how it fares. I just need something sort of chunky enough to test with if that makes sense because just creating an empty database with a couple of tables in it, we really need to fake a tableau or a solar winds or something like that. See how we can do that.
Yeah, it's definitely good. I was just thinking around the defender for SQL side of things because obviously you pay a little bit more for it to be on Prem, don't you? So that could help you understand what your sizing is in Azure and then also you'll be able to work out how much you might be able to save on defender for SQL.
Yeah, I mean there's other benefits to arcing these machines, right? Yeah. So even if you're not looking to move them today, get that readiness assessment done. In my opinion. If that's something that if you're looking to do and then you can have your plan, or at least part of the plan ready laid out in front of you, right? 100%, yeah.
And if you're sweating assets, your hardware, it's telling you that you can move it, you can just wait till you've consumed to your hardware is going starting to become end of life, things like that or capacity limits. And also if you're making database changes, you can still check it's compatible with Azure, can't you?
Yeah, exactly. Because it's constant. Yeah, exactly. So yeah, really excited to see how effective that actually is. The next one for me, another public preview configuration is code customizations in devbox, effectively a system in place to sort of accelerate developer onboarding by extended automation of setting up the development environments using configuration as code. I haven't tested this out yet. This has been put on my list to sort of jump into, but yeah, effectively writing code and configuration to further configure dev boxes on launch basically. So yeah, it's definitely something I want to have a look at because Devbox is a really good way to get your sort of local development environments cloud hosted and accelerated.
Yeah that's good. That is good because it's affect Windows three, six, five AVD blend, isn't it in some form?
Yeah, it's like a different way to approach that definitely. And the last one that I've got is Ga for the Azure API management developer portal. Apparently there is a new layout, I haven't looked at it yet. So again this is on my list to have a look at, which apparently ensures your developer portal works great on multiple form factors and devices. So better mobile support maybe potentially tablet, I don't know. Basically the main bulk of it is a new UI and refreshed UI and then there is apparently a more robust set of help resources for site management basically. So I think it's all sort of developer experience, user experience related changes basically to the developer portal. So yeah, definitely something to have a look at if that's what you use in API management. That's all I've really got for news for February from the list. Loads of other things. Loads of other things, but not really anything that we generally tend to get involved in.
Yeah, I just looked, I didn't do defend for cloud apps. MDA, there is one for March. This is really cool. But it's not March yet. Well it's not our March. Oh, do you just want to do a sneak break? You're so excited by it. Go on.
So this is data in motion protection for edge for business users. So if anyone's using session control within defend for cloud apps, so being able to block, download, upload, copy paste, et cetera. Currently you go through a broker, a proxy and you see the URL change. What this is is taking that for edge users, forcing them to use their business profile but then locking it down within edge itself. So having local controls not being done by the broker itself so it doesn't actually redirect the URL to the broker and get a different URL change which we see sometimes as being a problem with the application, with hard coded URLs within their applications, not being able to be rewritten. So this is edge doing it all for you and then the URL just looks normal. That's quite good. And if you use, say you're on a machine, use chrome instead or safari et cetera, then you'll go through the broker but you can set it to know you get a better experience and a faster experience through Microsoft Edge. So it reduces latency. Things that actually I've got to go through this broker. It's all as if you're using it, but all the controls now are built into edge. In effect. I think that's super powerful.
Nice. Yeah, really good. Definitely. Yeah. I think anything for defender cloud apps is they put some new governance app, governance alerts in there for credential access and lateral movement. So just seeing applications initiated a key vault multiple times with no success is one of them. And a dormant Oauth app, predominantly using graph and exchange, recently seen accessing arm workloads. So just seeing it move from three, six, five to Azure.
Nice. Really good. Yeah. Okay, well, we'll leave it there then, Alan, shall we? For this week, in terms of updates, it's usually quite a quick episode really for Azure updates because it's just sort of as they've landed. Right. Yeah. And if you want to go back and see the updates from January, we did an episode at the end of January, start of February for January's updates and we continue to do that every month. Yeah, Alan. No episode next week. But what about the episode after next week?
Yes. So I am going to do one on the customer connection programs. So the private previews areas that you can access might not be able to talk about some of the private previews, but I can kind of talk around the community, the benefits and all that sort of stuff. So it's not just for mvps partners, it's also for customers as well to see some of the new stuff. So, yeah, we're going to dive into those programs and sort of see the benefits there.
Okay. Yeah, that'd be great. Yeah. The customer connection preview communities are, I would say, highly active. Right. With people. So it'd be really good to take us through that. No, definitely, yeah. Cool. Okay. So did you enjoy this episode? If so, please do consider leaving us a review on Apple or Spotify. This really helps us to reach out to more people like you. If you have any physic feedback or suggestions, we have a link in our show notes to get in contact.
Yeah. And if you've made it this far, thanks ever so much for listening and we'll catch you on the next one. Yep, thanks. All.