One of my goal this year was to work more and more with the Microsoft security solutions and got deeper into the different services and possibilities. My focus on this is to get a better understanding how we can secure our Hybrid Cloud environment with the different Microsoft defender products.
After the pandemic beguns Microsoft switched the both big conference Microsoft Build and Microsoft Ignite to virtual only events. The Ignite was two times a year in 2020 and 2021. For 2022 it was long time not clear will it go back to an in-person event or still stay as a virtual event.
The Microsoft Ignite 2022 has start 2 hours ago as an hybrid event delivered from Seattle with 6 Spotlight events around the globe and delivered as before virtually. I’m a little disappointed because a lot of the content is pre-recorded and even great speakers like Donovan Brown don’t hold their sessions live in Seattle but are only shown there virtually as well.
In this article I will share the important announcements from my perspective from the Microsoft Ignite 2022. Most of you know me as an Azure Governance, (Hybrid) Infrastructure and Security guy, so please forgive me for focusing on these things.Continue reading My favorite Microsoft Ignite 2022 Fall Highlights
Microsoft announces with the Azure Firewall Standard and Premium two new Firewall Services available as PaaS solution what are a great benefit to classic Firewall deployments, because of native Autoscaling Features, no need for VM Management and more. Unfortunately the price was to high for SMBs, with 900€ for the Standard and over 1200€ for the Premium Edition. A frequently requested Features, was a cheaper variant aimed at small and medium businesses.
This wish has been answered and is now available in the form of the Azure Firewall Basic edition. The Azure Firewall Basic (AzFw Basic) is available as public preview and the planned subscription must first be prepared before the deployment can begin with some Powershell commands. This article will guide you through the setup process for a Hub and Spoke Network and the main difference between the three Azure Firewall editions.
Azure Firewall edition comparison
Microsoft already introduced the Azure Firewall as Standard Edition in 2018 and expanded it with numerous updates in 2019. The Firewall Manager followed at the end of 2019 to manage various Azure firewalls under one roof. Mid of 2021 Microsoft announced the Azure Firewall Premium edition and extend the capabilities compared to the standard edition by the following features: TLS Inspetion, IDPS, Web categories and URL Filerting.
The acceptance of the firewall has been high so far due to the numerous features and the fact that the firewall is provided as a PaaS solution. As an SMB solution, the prices called are too high and that is where the Basic Edition is now trying to attract attention.
The following table list the difference between the edition. Please note the Maximum throughput between the different edition. Azure Basic Firewall is limited at time of article of 2 VMs under the hood and a maximum troughput of 250 (maybe increase to GA).Continue reading Azure Firewall Basic is available as Public preview
Many of my customers move to the cloud in the last recent years. This means for existing environments a start of a journey away from on-prem system going forward to cloud environments. We all know a journey starts with preperation and needs different steps and is always not a good idea to work on all systems together. But on the other hand, same system still exists in there old way and use sometimes old, unsecure protocols for communication and authentication.
To adress this issues Microsoft announce Septemper 2019 in a blog article “Improving security” the disabling of support for Basic authentication for the protocols like EWS, POP, IMAP and Remote Powershell. After the plan the corona crisis came up and Microsote decided to postpone the disabling of the noted protocols.
In September 2021 Microsoft released new information about this in the article “Basic authentication and Exchange Online” including some updated information. Microsoft will disable basic authentication beginning 1st of October 2022 for all protocols except SMTP auth. This means the following protocols will be disabled:
- Exchange Web Services (EWS)
- Exchange ActiveSync (EAS)
- Remote PowerShell
After 8 Months of planning the Cloud Identity Summit 2022 is over and I can say it was really a pleasure to help to organize this great Community event from my perspective. Four years ago Thomas Naunheim come up with the Idea to create a event focus on Identity for the Community. We discuss this in our Azure Bonn Orga Team and finally the Cloud Identity Summit was born. At the end of 2019 we plan the first edition for 2020 as a in-person event, but things changed and we changed the format to an virtual event and this also for 2021.
Back in february we start planning for the 3rd edition 2022 and we decided to go back to our original idea to hold it as a in-person event, but with the experience of two virtual events we move it to an hybrid event. Yesterday was our 1st Cloud Identity Summit 2022 as hybrid edition and I can say, I was really exited about it. Why?
Three months ago on 7th of April Microsoft announce a new exam for security architects and introduce again the existing exams SC-200, SC-300, AZ-500 and MS-500. The article contains the new announcement of the new exam SC-100 to become Microsoft Cybersecurity Architect.
I took the Microsoft Cybersecurity Beta exam #SC100 and got yesterday the confirmation that I passed the exam. This is great news for me as it confirms that I am gaining a better and better knowledge in Azure Security topics.
In this article I will introduce the exam, how to get the Microsoft Cybersecurity Architect Expert award and which materials I used to prepare for the exam.Continue reading How I passed the Microsoft Cybersecurity Architect exam SC-100 and why I am now a Microsoft Cybersecurity Architect Expert
I know it’s been a little quiet on new blog articles the last few months, but that’s due to other community topics I’m working on. One of my new projects is the Azure Ask my Anything Live format that I will be hosting with my team at Azure Bonn Live on YouTube and Linkedin. I’m excited to announce that we’re kicking off this year with an Azure AMA on Azure Virtual Desktop Best Practices, and we have the pleasure of welcoming Marcel Meurer and Patrick Koehler to this session. Marcel and Patrick are two Azure MVPs and do a lot of work in the AVD community. Marcel is known as the brains behind the WVDAdmin and Project Hydra products, which are services to automate all things Azure Virtual Desktop. Patrick has also been active in the AVD community for many years with great sessions and insights about AVD and is the organizer of AVD TechFest together with Simon Binder.
Azure AMA – Azure Virtual Desktop Best Practices will take place live on Youtube on February 14, 2022. You can register for this event via our Azure Bonn page. Please note that this is a live AMA session and we would love for you to join us live and bring your questions to the session. If you don’t have time this time, please use our Microsoft forms to submit your questions before the session starts. The session will be held in German, but you can also ask your questions in English.
GermanContinue reading Azure AMA – Azure Virtual Desktop Best Practices #AVD with Marcel Meurer and Patrick Koehler
Today Windows Server 2008 (R2) / Windows 7 reaches her End of Live (14.01.20) date and doesn`t receive Security updates anymore.
I think it was a great time with Windows Server 2008. WS2008 launched Hyper-V, one of the most powerful hypervisor on the market and the foundation of today’s Azure infrastructure. With WS2008, the first version of the Server Manager, the pre-release version of Windows Admin Center, was released.
In this article, I will list some of your options to get extended support for available Windows Server 2008 (R2) – but I prefer to discuss new solutions to replace the outdated infrastructure. Use this date to consider a change to move your infrastructure to the same flexible and scalable environment you had when Windows Server 2008 was introduced.
I know the time is to short to demote the existing Windows Server 2008 R2 and migrate the workloads to a newer operating system. But now it’s time to modernize your landscape. See which solutions Microsoft offer to extend the time or to renew the infrastructure.Continue reading Bye Bye Windows Server 2008R2 It was a good time – Get Extended Support and think about a change
Im ersten Teil habe ich vorgestellt, warum ein Azure Governance Konzept sinnvoll ist, wie sich Management Groups als organisatorisches Mittel in Azure dafür nutzen lassen und warum diese für Azure Blueprints als Vorraussetzung notwendig sind. Im 2. Teil werde ich nun zeigen, was Azure Blueprints sind, wie sich diese einrichten lassen und was beim erzeugen einer neuen Subscription passiert, wenn ein Azure Blueprint darauf angewandt wird.Continue reading Azure Management Groups und Blueprints – Ueberblick und Einrichtung – Teil 2
Der Weg in die Cloud ist eigentlich simpel, ein Konto im Azure Portal angelegt, die Kreditkartendaten hinterlegt und schon können alle verfügbaren Azure Ressourcen ausgerollt werden. Dies mag für Testumgebungen durchaus ein möglicher (wenn auch nicht empfohlener) weg sein. Für Produktiv Workloads, unabhängig ob Cloud only oder Hybrid-Szenario, sind Regeln erforderlich und sinnvoll. Um die Umgebung zu Strukturieren, um Kostenexplosionen zu vermeiden und um die Umgebung abzusichern.
Solche Richtlinien und Regeln lassen sich mit einem Governance Konzept erstellen und festlegen. So können bereits simple Fragen, wie ein zentrales Namensschema für Azure Services, das Design der Netzwerke oder die maximal erlaubten VM-Größen, geklärt werden. Ein Governance Konzept ist für den gesamten Tenant gedacht und damit Subscriptions übergreifend gültig. Die Subscriptions wiederrum eignen sich um unterschiedliche Kostenstellen zu erfassen oder Projektgrenzen zu definieren.
Bisher war es nicht einfach möglich, zentrale Einstellungen für neue Subscriptions vorzugeben. Dies hat sich mit der Einführung von Azure Blueprints geändert. Mit Azure Blueprints lassen sich zentrale Einstellungen vorgeben, die beim Rollout einer neuen Subscription auf diese angewandt werden. Um Azure Blueprints einsetzen zu können sind Management Groups notwendig. Management Groups geben die Möglichkeit den Azure Tenant aus Organisatorischer Sicht zu strukturieren.
Dieser zweiteilige Beitrag wird zunächst die notwendigen Management Groups als Voraussetzungen von Azure Blueprints erläutern und anschließend die Möglichkeiten von Azure Blueprints und deren Rollout vorstellen.Continue reading Azure Management Groups und Blueprints – Überblick und Einrichtung – Teil 1