How does your organization respond to incidents? While at NDC Porto, Richard chatted with Mandi Walls about her experiences with different incidents, from corrupted files to data center failures. Mandi talks about detecting and determining the scope of an incident, whether it is specific to a customer (or group of customers), or possibly system wide. The conversation ranges over external attacks, bad software updates, unique configuration problems, and more. Keeping good records during the incid...
Nov 27, 2024•36 min•Ep. 960
How do you test your database? While at NDC Porto, Richard chatted with Dan Mallott about building unit tests for transactional databases like SQL Server. Dan talks about using testing frameworks constructed for the purpose, like TSQL-T, to make it easier to test individual database elements, from stored procedures to column constraints. The conversation digs into the challenges around testing, tolerating the changes to the database, and tweaking how you write your T-SQL code to be more testable...
Nov 20, 2024•34 min•Ep. 959
What's happening with SQL Server Management Studio? Richard chats with Erin Stellato, now at Microsoft, about the big jump coming for SSMS. Erin talks about how folks felt SSMS was a bit neglected when the reality is that there was a push to catch up with its parent codebase in Visual Studio. However, the next version of SSMS makes that jump, which opens the door to some excellent extension models. The conversation dives into the role of the Copilots in SQL Server through SSMS - helping you unde...
Nov 13, 2024•42 min•Ep. 958
How does Software-Defined Networking in Azure work? Richard chats with Aidan Finn about his experiences working with the suite of Azure networking products, including Firewall and Route Server. Aidan talks about the training available on Microsoft Learn to get up to speed with the power of Azure Firewall, including building policy rule sets. The conversation also explores the power of defining how traffic can move within your network to clarify when potentially malicious software is active. Link...
Nov 06, 2024•40 min•Ep. 957
ARM for Windows is here in the form of the Snapdragon Copilot+ PCs - how do you update them? Richard talks with Aria Hanson about how Windows Updates treat ARM like just another Windows device - all the updates! Aria talks about the transition time with Windows 24H2 update, which has some specific Copilot+ PC features. But when looking at ARM-based Windows devices, don't just focus on the Copilot part; check out the great battery life and the simpler architecture that should lead to long-life ma...
Oct 30, 2024•40 min•Ep. 956
How can you secure your company information with Azure Virtual Desktop? Richard talks to Jim Duffy about his work helping companies comply with NIST SP 800-171 security standards. These are the new standards required for Department of Defense contracting - including all subcontractors and suppliers. The security standard is thorough, with over 100 requirements. And you have to be audited to show that you comply! Even if you don't work with the government, the NIST security standard is excellent,...
Oct 23, 2024•34 min•Ep. 955
Can you pen test yourself? Paula Januszkiewicz says yes! Richard talks to Paula about taking an active role in understanding your organization's security vulnerabilities. Paula talks about the low-hanging fruit she often finds as a professional penetration tester - typically on poorly maintained infrastructure like PKI servers. The conversation digs into tooling you can use to find vulnerabilities - just make sure you trust the source of those tools. Not everyone is a good guy in open source! An...
Oct 16, 2024•37 min•Ep. 954
How can OpenAI help you with PowerShell? Richard talks to Doug Finke about his experiences with ChatGPT and GitHub Copilot to help him write PowerShell and how he incorporated the OpenAI API into a PowerShell library to create a conversational interface in his PowerShell scripts! Doug talks about his productivity gains using OpenAI to write better quality PowerShell faster - helping him understand the code, automate test writing, and explore aspects of PowerShell he had never dug into. But beyon...
Oct 09, 2024•40 min•Ep. 953
Microsoft 365 Data Governance has always been critical - but it's only getting more important! Richard talks to Nikki Chapple about her experiences working with companies trying to get their "data estate in order." That phrase is what Microsoft recommends before turning on tools like Copilot for M365. Nikki talks about how hard the goal of data security is - that it is just as tricky as any other security goal. Data security is an endless process that needs refining and work on routinely as new ...
Oct 02, 2024•44 min•Ep. 952
What does Windows Server 2025 bring to Active Directory? Richard chats with Orin Thomas about the new version of Windows Server coming and what to expect around Active Directory. Orin talks about how mature the Windows Server space is, so only incremental improvements are warranted, but they are important ones - like retiring NTLM once and for all. And when it comes to Active Directory, there are new secure features you're going to want, but you do need to up your functional level to get them, a...
Sep 25, 2024•43 min•Ep. 951
Do you know how asymmetric encryption works? While at the Kansas City Developers Conference, Richard sat down with Eli Holderness to discuss many of the encryption technologies being used today—and the new options coming in the future! Eli talks about how symmetrical encryption and public key encryption have been the focus of modern encryption, especially on the web. But the ongoing security arms race means we have to keep tweaking encryption—what if we made a bigger leap? Asymmetric encryption ...
Sep 18, 2024•39 min•Ep. 950
What can you do to Microsoft 365 with PowerShell? Turns out - almost anything! Richard talks to Tony Redmond about his ongoing efforts to educate sysadmins about the vast array of capabilities in M365, including all the PowerShell cmdlets that can let you retrieve and control everything in M365. There's now so much information that Tony and his team have created a separate book explicitly focused on automating M365 with PowerShell. The conversation also turns to the role of Copilot - GitHub Copi...
Sep 11, 2024•38 min•Ep. 949
How is generative AI evolving, and what can we do about it? While at NDC in Oslo, Richard chatted with Alison Cossette about her work as a data scientist before the ChatGPT explosion in November 2022 and what life has been like since the LLM came to town. Alison talks about the rigor of building AI models using generative AI before ChatGPT and how many of those efforts have diminished when confronted with a friendly, confident language model. Eventually, this rigor will be needed - as the danger...
Sep 04, 2024•38 min•Ep. 948
Leadership wants to get on the AI bandwagon - what are the security risks? While at the Kansas City Developers Conference, Richard sat down with Steve Poole to talk about his experiences helping companies manage the risk of bringing AI into the company. Steve talks about the impact of introducing a new development stack, especially open-source stacks where you aren't sure of the providence of the code - sometimes there's malware in there! The conversation also moves to the various sources of lan...
Aug 28, 2024•34 min•Ep. 947
What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of thre...
Aug 21, 2024•36 min•Ep. 946
Are you ready for passkeys? Richard talks to Tarek Dawoud from Microsoft about the evolution of passwordless access with passkeys. Tarek talks about the FIDO alliance and the ongoing effort to create authentication strategies that are mathematically impossible to phish - no password stuffing under the covers that might get exploited by a man-in-the-middle attack. The conversation also dives into the passkeys name and how it's a rebranding of passwordless authentication to make it easier for ever...
Aug 14, 2024•39 min•Ep. 945
What does it cost to recover from a disaster? While at NDC Oslo, Richard chatted with Natalie Serebryakova about her work helping companies understand their disaster recovery costs and what that process can teach you about your infrastructure. Natalie talks about different types of disasters, from the deletion of a production server to a major outage caused by a fire at a data center - and the power of working through the scenario to determine what needs to be backed up and what it takes to reco...
Aug 07, 2024•39 min•Ep. 944
Ready to move your device certificate authority to the cloud? Richard chats with Richard Hicks about Microsoft Cloud PKI - certificate management for devices and people as part of the Intune Suite. Richard talks about it being early days for Cloud PKI, so not everything you want is there yet. The only way to get a certificate onto a device is through Intune, so some devices, like servers, don't have a way to play yet. However, there is a bridge between Active Directory certificates and Cloud PKI...
Jul 31, 2024•45 min•Ep. 943
How are you protecting your organization's data? Richard chats with Joanne Klein about her work with Microsoft Purview to help with data protection, management, and governance. Joanne talks about a spike in data protection concerns from Microsoft Copilot - if you have been securing data through obscurity, you're in for a nasty surprise! Copilot has a knack for finding every nook and cranny of data. Proper data protection also means effective archiving - getting rid of out-of-date or irrelevant d...
Jul 24, 2024•37 min•Ep. 942
How has the cloud transformed the way we work with data? While at Build in Seattle, Richard sat down with Arun Ulag, Microsoft CVP of Azure Data, to discuss how the cloud has transformed how we work with data. The pre-cloud practice of extract-transform-and-load into OLAP cubes has given way to the data lake - you don't need to pre-process data if you have all the compute you need on demand. Arun goes further into empowering analysts using tools like PowerBI - but the key is access to data. With...
Jul 17, 2024•37 min•Ep. 941
What hardware runs Azure today and into the future? While at Build in Seattle, Richard sat down with Rani Borkar to discuss the hardware that makes up Azure Compute, including examples of the new Cobalt and Maia processors! Rani talks about Cobalt first, Microsoft's ARM processor designed for workloads in the cloud. Then, a look at the Maia processor, which focuses on neural net workloads like large language models. As Rani explains, the scale of the work coming to the cloud today allows for spe...
Jul 10, 2024•34 min•Ep. 940
More application platform pieces make your life better! While at Build in Seattle, Richard sat down with Buu Lam of F5 to discuss F5's latest offering, NGINX as a Service in Azure. Buu discussed how F5's products have evolved to run in the cloud, not just on their hardware. While you could run them as virtual machines or containers, providing them as services in Azure is better. You purchase the service in the marketplace and as part of your Azure billing. The conversation digs into the advantag...
Jul 03, 2024•35 min•Ep. 939
What are the hard parts of machine learning? Richard chats with Lynn Langit about her work helping the Mayo Clinic improve patient outcomes using machine learning to understand patient data better. Lynn talks about the challenges of multi-modal data analytics - taking all the different data collected from a patient, like an X-ray or video, along with treatment notes, to create an overall picture of treatment and outcome. Then multiply that by thousands of patients, making a complicated data prob...
Jun 26, 2024•35 min•Ep. 938
Have you rolled out Microsoft Defender for Cloud? Richard chats with Yuri Diogenes about the bundle of tools under the Defender for Cloud moniker. Yuri describes Defender for Cloud as a Cloud-Native Application Protection Platform (CNAPP). This Gartner term covers the various elements that go into a cloud-native application, including APIs, servers, containers, storage, resource manager, and more! Defender for Cloud integrates with Microsoft Purview to understand data sensitivity, and Microsoft ...
Jun 19, 2024•37 min•Ep. 937
How can Microsoft Copilot make your intranet better? Richard chats with Susan Hanley about her experiences adding Copilot into the intranet via the Copilot Studio and Viva Engage. Susan talks about the challenges of getting your intranet data in order - most notably, archiving old information so that it doesn't clutter up a Copilot with out-of-date and inaccurate data. The conversation explores making smaller Copilots focused on specific domains, like company policy. It's still the early days fo...
Jun 12, 2024•47 min•Ep. 936
How are your company's Apple devices connected to the enterprise? Richard talks to Michael Epping about the recent additions in Entra that support the authentication of Apple MacOS and iPadOS devices. Michael discusses Apple's Secure Enclave as the equivalent of Trusted Platform Management in Windows. With Entra Platform SSO, you can now use that authentication to access Azure resources and, ultimately, on-premises Kerberos-secured resources! These features are still in public preview but fully ...
Jun 05, 2024•38 min•Ep. 935
How can you use PowerApps to extend the functionality of other apps? Richard talks to Christina Wheeler about her efforts to teach folks to use PowerApps to add the functionality they need to Dynamics 365 and elsewhere! Christina talks about her move to Microsoft, shifting from SharePoint to PowerApps, but still essentially doing the same thing - finding customer solutions. The conversation ranges over the power of the Dataverse to provide access to all sorts of data and the emerging role of the...
May 29, 2024•33 min•Ep. 934
Two old guys talk about Windows AGAIN? Richard brings back Paul Thurrott for the tenth time to discuss Windows more. This time, the discussion focuses on the end of life for Windows 10 - currently October 2025. Paul discusses how it used to be April 2025, but that's not enough time. Is it enough time now? The conversation spans other Windows-related topics, including alternative versions like Windows 365 and Azure Virtual Desktop. And what about Windows 12? There is a bit of speculation at the e...
May 22, 2024•46 min•Ep. 933
Machine learning models need updating - what's the reliable way to do it? While in Romania, Richard sat down with Annie Talvasto to talk about her work helping to build DevOps practices around machine learning: Building repeatable processes for data ingestions, cleaning, organization, model building, and deployment. The challenges are the arrays of skilled people needed to operate and evaluate the pipeline - it takes domain experts to know if the machine learning results are accurate and valuabl...
May 15, 2024•33 min•Ep. 932
How's your identity governance? Richard talks to Jef Kazimer from Microsoft about Entra's capabilities to help you have robust governance around identity. Jef talks about the lifecycle of identity - when someone joins the organization and a new identity gets created, privileges changing as roles evolve, to the eventual offboarding when that person departs. The same sort of cycle exists for devices, too - the question is only how much work you must do to get through those cycles. Entra offers too...
May 08, 2024•34 min•Ep. 931
