Episode 451 - Landing Zones

by Sujit D'Mello January 13, 2023

Jack Tracey, a Cloud Solutions Architect from the Customer Architecture and Engineering team talks to us about the work his team does to create the Landing Zones which can form the foundation for any well-designed Azure platform. He explains what they are and best practices to consume them in your cloud strategy.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode451.mp3

YouTube: https://youtu.be/6Nfeaw9uELQ

Resources:

https://aka.ms/alz

https://aka.ms/alz/tailoring

https://aka.ms/alz/tf

https://aka.ms/alz/bicep

 

Other updates:

Private Preview: Featured Clothing | Azure updates | Microsoft Azure

Public Preview: IT Service Management Connector (ITSMC) is now certified with ServiceNow Tokyo version | Azure updates | Microsoft Azure

 

General availability: Apache log4J2 sink to Azure Data Explorer | Azure updates | Microsoft Azure

Keywords: ,

Filed Under: Podcast

Episode 426 - Defender for the Cloud

by Sujit D'Mello June 8, 2022

Audrey Long, a Senior Security Software Engineer in Commercial Software Engineering at Microsoft, discusses the Defender for the Cloud service. She explains how the service plays an important part in securing our assets and apps in Azure and other clouds as well. 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode426.mp3

YouTube: https://youtu.be/w5wG6Bf2aQY

Resources: 

Overview: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction

 

Other updates:

General availability: Storage optimized Azure VMs deliver higher performance for data analytics. | Azure updates | Microsoft Azure

 

Generally available: Azure NC A100 v4 virtual machines for AI | Azure updates | Microsoft Azure

 

General availability: New portal experience for Microsoft Artifact Registry | Azure updates | Microsoft Azure

 

 

Start skilling on Azure with these helpful guides

 

https://azure.microsoft.com/en-us/blog/start-skilling-on-azure-with-these-helpful-guides/

 

 

 

Find out why your SQL Server data belongs on Azure

 

https://azure.microsoft.com/en-us/blog/find-out-why-your-sql-server-data-belongs-on-azure/

Keywords:

Filed Under: Podcast

Episode 422 - Open Service Mesh

by Kendall Roden April 28, 2022

Thomas Stringer is a Software Engineering Lead in the Open Service Mesh team at Microsoft and he gives us insights into the OSM add-on for AKS and tells us why that makes applications on AKS so much more secure.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode422.mp3

YouTube: https://youtu.be/DICsJmFSGCs

Resources: https://openservicemesh.io/

Cloud Native Computing Foundation (cncf.io)

 

Other updates:

General availability: App Service - Networking capabilities added to Basic pricing tier | Azure updates | Microsoft Azure

 

Public preview: App Service - Configure networking in Azure Portal during app creation | Azure updates | Microsoft Azure

Keywords:

Filed Under: Podcast

Episode 406 - Azure Bastion

by Evan Basalik December 16, 2021

Keywords:

Filed Under: Podcast

Episode 367 - Enterprise Scale Landing Zones

by Cynthia Kreng February 28, 2021

The team talks to Azure specialists Jeff Mitchell and Rob Kuehfus about the Enterprise Scale Landing Zones that are part of the Cloud Adoption Framework. These architectural templates allow enterprises to lay down an Azure footprint that is consistent with best practices in terms of security, governance, networking and identity and can be leveraged by new and existing Azure customers.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode367.mp3

YouTube: https://youtu.be/5xshifBaj1E

Resources:

 

Review the Enterprise-scale landing zones Architecture guidance

Review the Enterprise-scale landing zones implementation guidelines

Review and deploy a reference implementation

MS Learning Path - Create an enterprise-scale architecture in Azure

Try out the reference implementation on your own: Introduction to Enterprise Scale ‘in-a-box’ tutorial (Github)

Check out the Channel 9 series for ESLZ and WAF here

Other updates:

· Azure Defender for App Service introduces dangling DNS protection - https://azure.microsoft.com/en-in/blog/azure-defender-for-app-service-introduces-dangling-dns-protection/
· Prevent dangling DNS entries and avoid subdomain takeover - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover

Demystifying cloud economics
https://azure.microsoft.com/en-us/blog/demystifying-cloud-economics/
E-commerce on Azure increases security with Payment Card Industry Three-Domain Secure compliance
https://azure.microsoft.com/en-us/blog/e-commerce-on-azure-increases-security-with-payment-card-industry-three-domain-secure-compliance/
Automating quota management with Azure Quota REST API
https://azure.microsoft.com/en-us/blog/automating-quota-management-with-azure-quota-rest-api/
Microsoft plans to establish first datacenter region in Indonesia
https://azure.microsoft.com/en-us/updates/microsoft-plans-to-establish-first-datacenter-region-in-indonesia/

 

 

Keywords: , ,

Filed Under: Podcast

Episode 352 - Azure Security Podcast

by Sujit D'Mello November 2, 2020

Kendall, Cale and Sujit talk to Michael Howard, a Senior Principal Consultant at Microsoft and an expert in Azure Security related topics. Michael has his own Podcast on these topics so we asked him about some of the trends, issues and advise he has discussed on his own Podcast. He provides some great insights into what is top-of-mind in the cloud security space.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode352.mp3

Resources:

Podcast
https://azsecuritypodcast.net/
https://twitter.com/AzureSecPod

Me
https://twitter.com/michael_howard
https://www.linkedin.com/in/mikehow/
https://michaelhowardsecure.blog/

Other updates:

Azure Cost Management and Billing updates – October 2020
https://azure.microsoft.com/en-us/blog/azure-cost-management-billing-updates-october-2020/
  
Microsoft unlocks the full potential of the smart building ecosystem
https://azure.microsoft.com/en-us/blog/microsoft-unlocks-the-full-potential-of-the-smart-building-ecosystem/
https://azure.microsoft.com/en-us/updates/public-preview-aks-pod-identity/
https://azure.microsoft.com/en-us/updates/ga-azure-spot-on-aks/

 

Keywords:

Filed Under: Podcast

Episode 333 - TLS 1.0 Deprecation

by Evan Basalik June 8, 2020

Candace Jackson, a Senior PM in the Azure Security team, give us an update on the effort to remove the use of TLS 1.0 from applications in Azure.

 

Media file:

 https://azpodcast.blob.core.windows.net/episodes/Episode333.mp3

Resources:

links:
https://www.microsoft.com/en-us/download/details.aspx?id=55266
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls


Connection logging - This help identify what cipher suites and protocols are negotiated during a successful handshake

IIS
https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

Nginx
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
https://serverfault.com/questions/620123/how-can-i-let-nginx-log-the-used-ssl-tls-protocol-and-ciphersuite

Apache -
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#logformats

 Some resource specific documenation that shows how to configure protocol and cipher suite usage
https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-custom-settings#disable-tls-10-and-tls-11
Blog: https://blogs.msdn.microsoft.com/appserviceteam/2018/04/17/app-service-and-functions-hosted-apps-can-now-update-tls-versions/
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-1112
https://docs.microsoft.com/en-us/azure/cloud-services/applications-dont-support-tls-1-2

 

Other updates:

Live Video Analytics now in public preview
Updated: June 01, 2020
Live Video Analytics (LVA) on IoT Edge is now in public preview. It is a platform to capture, record, and analyze live video and publish the results (video and/or video analytics), for you to build intelligent video applications. You can use LVA for a number of use cases across industries such as retail, healthcare, and transportation. You can bring any custom AI by plugging in video analysis edge modules, whether they are Cognitive Services containers, custom edge modules built with open source machine learning models, or custom models trained with a customer’s own data. You can also combine video analysis with other business data to make smarter business decisions.
LVA integrates with a number of Azure services (in the cloud and/or the edge), such as Stream Analytics on IoT Edge, Cognitive Services on IoT Edge, Media Services, Event Hub, and Cognitive Services.

From <https://azure.microsoft.com/en-us/updates/live-video-analytics-now-in-public-preview/>

 

 
 
 NOW AVAILABLE
CNI security vulnerability in older AKS clusters and mitigation steps
Updated: June 01, 2020
A security vulnerability has been identified in the container networking implementation (CNI) in CNI plugin versions v0.8.6 and older that may affect older AKS clusters.
Details
An AKS cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.
This vulnerability has been given an initial severity of Medium with a score of 6.0.
Vulnerability analysis and verification
All AKS clusters created or upgraded with a Node Image Version later or equal than “2019.04.24” are not vulnerable, as they set net.ipv6.conf.all.accept_ra to 0 and enforce TLS with proper certificate validation.
Clusters created or last upgraded before that date are susceptible to this vulnerability.
You can verify if your current Node Image is vulnerable by running: https://aka.ms/aks/MitM-check-20200601  on a machine that has CLI access to the cluster’s nodes.
Windows nodes are not affected by this vulnerability.

From <https://azure.microsoft.com/en-us/updates/cni-security-vulnerability-in-older-aks-clusters-and-mitigation-steps/>

From //build 2020 - Azure SQL Edge (preview)
https://azure.microsoft.com/en-us/services/sql-edge/


Deploy to Azure using GitHub Actions from your favorite tools
https://azure.microsoft.com/en-us/blog/deploy-to-azure-using-github-actions-from-your-favorite-tools/

 

Keywords:

Filed Under: Podcast

Episode 317 - Azure Lighthouse Security

by Cale Teeter March 2, 2020
In this episode we chat with Gunnar Campo on Azure Lighthouse, which provides partners with an easy way to run managed solutions for customers, and manage this via a single plan of glass.  Gunnar talks through the various areas that Lighthouse helps here with RBAC, scaling, and monitoring of these solutions.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode317.mp3

Transcript: https://eus2.videoindexer.ai/accounts/e0eee289-7730-4999-978b-eb7f63be8cb5/videos/fb6da9345b/

 

Other updates:

Azure Monitor Log Analytics now has new, upgraded visualizations

From <https://azure.microsoft.com/en-us/updates/azure-monitor-log-analytics-upgraded-results-visualization/>

Fileless attack detection for Linux in preview
https://azure.microsoft.com/en-us/blog/fileless-attack-detection-for-linux-in-preview/

Burst 4K encoding on Azure Kubernetes Service
https://azure.microsoft.com/en-us/blog/burst-4k-encoding-on-azure-kubernetes-service/

A secure foundation for IoT, Azure Sphere now generally available
https://azure.microsoft.com/en-us/blog/a-secure-foundation-for-iot-azure-sphere-now-generally-available/

Preview of Active Directory authentication support on Azure Files
https://azure.microsoft.com/en-us/blog/preview-of-active-directory-for-authentication-on-azure-file/

 

Keywords:

Filed Under: Podcast

Episode 301 - Azure Sentinel

by Sujit D'Mello October 17, 2019

Azure Security Specialist, Sarah Young, gives us the low-down on the new Azure Sentinel service which gives you a SIEM in Azure that watches over all of your enterprise.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode301.mp3

Transcript: https://eus2.videoindexer.ai/accounts/e0eee289-7730-4999-978b-eb7f63be8cb5/videos/2ad7063764/ 

https://azure.microsoft.com/en-us/services/azure-sentinel/

 

Other updates:

For the first time ever, you can register your self-installations of SQL Server on Azure Virtual Machines with Resource Provider to unlock features and functionality previously only available with our Azure Marketplace images.

Azure Kubernetes Service (AKS) managed identities integration is now available in preview. With managed identities, AKS now supports creating and using system-managed identities instead of service principals. Managed identities are essentially wrappers around service principals, making their management simpler.

From <https://azure.microsoft.com/en-us/updates/managed-identities-integration-in-azure-kubernetes-service-aks-is-now-in-preview/>

Private Preview - Azure Spring Cloud service
https://azure.microsoft.com/en-us/updates/private-preview-azure-spring-cloud-service/

New output options in Azure Stream Analytics—SQL Managed Instance and SQL Server on VM
https://azure.microsoft.com/en-us/updates/new-output-options-in-stream-analytics-managed-instance-and-sql-server-on-vm-as-output-targets-for-stream-analytics/

Measuring your return on investment of Azure as a compliance platform
https://azure.microsoft.com/en-us/blog/measuring-your-return-on-investment-of-azure-as-a-compliance-platform/


Infura Now Natively Supported in the Azure Blockchain Development Kit for Ethereum
https://blog.infura.io/infura-now-natively-supported-in-the-azure-blockchain-development-kit-for-ethereum-430fb02f1c9b
Discover, develop, and deploy smart contracts faster with Blockchain Dev Kit updates
https://cloudblogs.microsoft.com/opensource/2019/10/08/microsoft-azure-blockchain-dev-kit-updates-ethereum-devcon/
Azure Monitor adds Worker Service SDK, new ASP.NET core metrics
https://azure.microsoft.com/en-us/blog/azure-monitor-adds-worker-service-sdk-new-asp-net-core-metrics/

Keywords:

Filed Under: Podcast

Episode 286 - Secured Workstations

by Evan Basalik July 5, 2019

The team talks to Frank Simorjay about the importance of securing the workstations and learns why if the workstation isn’t secure, then many of the other security controls become useless.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode286.mp3

Transcript: https://eus2.videoindexer.ai/accounts/e0eee289-7730-4999-978b-eb7f63be8cb5/videos/3efd880845/?location=EUS2

Resources: https://aka.ms/securedworkstation

Keywords:

Filed Under: Podcast

Announcements

Now on Spotify! Simply search for Azure Podcast and you will find it. Also available on YouTube and Amazon Music as well! 

Podcast Clients

You can find us on iTunes, Spotify, XBOX Music and in most Podcast clients on Android. Or simply use the RSS feed link above and plug it into your Podcast client.



Flyer

Love this podcast? Use this flyer to socialize it with your community.

Calendar

<<  March 2024  >>
MoTuWeThFrSaSu
26272829123
45678910
11121314151617
18192021222324
25262728293031
1234567

View posts in large calendar

Tag cloud