CIS Tech Community-Check This Out! (CTO!) Guide (July 2022)
Published Aug 04 2022 08:12 AM 1,937 Views
Microsoft

 

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.

These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful. If you have been a long-time reader, then you will find this series to be very similar to our prior series “Infrastructure + Security: Noteworthy News”.

 

From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!

 

BrandonWilson_20-1659625297384.png

 

Title: Introducing Azure Well-Architected Framework Assessments for Azure Stack Hub (Preview)

Source Tech Community: Azure Architecture Blog

Author: Neil Bird

Publication Date: July 15, 2022

Content excerpt:

 

Today we are announcing two pillars of the Well-Architected Framework are available in Preview for Azure Stack Hub on the Microsoft Assessment Platform. These are the Reliability and Operational Excellence pillars. If you are using Azure Stack Hub to deploy and operate workloads for key business systems, it is now possible to answers questions for these pillars within the assessments platform. After completing the assessments, you will be provided with a maturity or risk score, together with prescriptive guidance and knowledge links that suggest possible improvements you could make to your architecture design and score.

 

BrandonWilson_3-1659624909401.png

 

Title: Cost Optimisation In The Cloud – Practical Design Steps For Architects and Developers – Part 1

Source Tech Community: Azure Architecture Blog

Author: Shane Baldacchino

Publication Date: July 17, 2022

Content excerpt:

 

Cloud and cost. It can be quite a polarising topic. Do it right, and you can run super lean, drive down the cost to serve and ride the cloud innovation train. But inversely do it wrong, treat public cloud like a datacentre then your costs could be significantly larger than on-premises.

 

BrandonWilson_4-1659624922988.png

 

Title: Armchair Architects: Architecting Mission Critical Apps

Source Tech Community: Azure Architecture Blog

Author: Ben Brauer, Eric Charran, Uli Homann, David Blank-Edelman

Publication Date: July 22, 2022

Content excerpt:

 

In a new episode of the Azure Enablement Show, Uli, Eric, and David have a lively discussion about what architects need to consider when designing mission critical solutions such as emergency services that must always work.

 

BrandonWilson_5-1659624936527.png

 

Title: Introducing Azure Well-Architected Framework Assessments for Azure Stack Hub (Preview)

Source Tech Community: Azure Architecture Blog

Author: Neil Bird

Publication Date: July 15, 2022

Content excerpt:

 

Today we are announcing two pillars of the Well-Architected Framework are available in Preview for Azure Stack Hub on the Microsoft Assessment Platform. These are the Reliability and Operational Excellence pillars. If you are using Azure Stack Hub to deploy and operate workloads for key business systems, it is now possible to answers questions for these pillars within the assessments platform. After completing the assessments, you will be provided with a maturity or risk score, together with prescriptive guidance and knowledge links that suggest possible improvements you could make to your architecture design and score.

 

BrandonWilson_6-1659624944111.png

 

Title: Introducing Virtual Machine Restore Points – A Simpler Way to Protect Azure Workloads

Source Tech Community: Azure Storage Blog

Author: Dinesh Reddy Kethi Reddy

Publication Date: July 19, 2022

Content excerpt:

 

Azure today announces the launch of VM restore points, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM. VM restore points captures a comprehensive backup solution as it supports both app consistent and crash consistent snapshots (in preview). This can then be used to restore disks and VMs in scenarios such as data loss, data corruption, disaster recovery, or mishaps during the maintenance of your infrastructure and workloads.

 

BrandonWilson_7-1659624949490.png

 

Title: GA: Azure Storage Updating Client-Side Encryption In SDK To Address Security Vulnerability

Source Tech Community: Azure Storage Blog

Author: Manu Yareshimi

Publication Date: July 11, 2022

Content excerpt:

 

Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key that is maintained in Azure Key Vault or another key store. Current release versions of the Azure Storage SDKs use cipher block chaining (CBC mode) for client-side encryption (referred to as “v1”). The current implementation of CBC block mode is vulnerable to a padding oracle attack, provided the attacker has write access to the blob and can observe decryption failures. The attacker would need to perform 128 attempts per byte of plain text to decrypt blob contents. We view putting this combination of qualifiers together for an attack to be rare. We encourage customers to assess the risk to their scenarios.

 

BrandonWilson_8-1659624962334.png

 

Title: Managing WAF Policies and DDoS protection plans with Azure Firewall Manager - Microsoft Tech Communi...

Source Tech Community: Azure Network Security Blog

Author: Gustavo Modena, Shabaz Shaik

Publication Date: June 29, 2022

Content excerpt:

 

As your organization’s security requirements grow, it becomes difficult to manage all the perimeter security technologies. To simplify the management of cloud-based network security, we can use Azure Firewall Manager and its centralized management dashboard to gain visibility and centrally configure capabilities for Azure Firewall, Azure WAF and DDoS Protection technologies. In this blog we will specifically focus on using Azure Firewall Manager for WAF Policy Management and Distributed Denial of Service (DDoS) Protection plan management. For more details on Network Security Management with Azure Firewall Manager, please refer to this blog AZ-FWM-Blog.

 

BrandonWilson_9-1659624975741.png

 

Title: Azure Virtual Desktop is Moving Away from Storage Blob Image Type

Source Tech Community: Azure Virtual Desktop Blog

Author: Tom Hickling

Publication Date: July 18, 2022

Content excerpt:

 

Why is Azure Virtual Desktop moving away from Storage Blob image type?

  • Storage Blob images are created from unmanaged disks that lack availability, scalability, and friction free experience that the currently supported custom image types (managed images from managed disks and Shared Image gallery images) offer.
  • The option is still available on the portal but hidden to avoid its use and will be moving toward deprecation soon. 
  • Troubleshooting and maintaining platform and custom images are easier for customers.

 

BrandonWilson_10-1659624986815.png

 

Title: Announcing General Availability of Scheduled Agent Updates on Azure Virtual Desktop

Source Tech Community: Azure Virtual Desktop Blog

Author: Seneca Friend

Publication Date: July 21, 2022

Content excerpt:

 

This week at Microsoft Inspire we announced that Scheduled Agent Updates on Azure Virtual Desktop is now Generally Available! 

This feature gives IT admins control over when the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent get updated. You can specify the time of day you want to update the Azure Virtual Desktop agent. You can schedule agents to be deployed at convenient times such as outside peak business hours so that business critical work and end user productivity is not interrupted.

 

BrandonWilson_11-1659624997119.png

 

Title: Accessing Key Vault from Another Subscription Over Private Endpoint

Source Tech Community: Core Infrastructure and Security Blog

Author: Andrew Coughlin

Publication Date: July 25, 2022

Content excerpt:

 

Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure IaaS.  I recently received questions from a few of my customers about access to a key vault from a different subscription.  In this blog I will walk through the process of using a managed identity and access an Azure Key Vault from another subscription with private endpoint.

 

BrandonWilson_12-1659625009775.png

 

Title: Accessing Key Vault from Another Subscription Over Public Endpoint

Source Tech Community: Core Infrastructure and Security Blog

Author: Andrew Coughlin

Publication Date: July 4, 2022

Content excerpt:

 

Hello everyone, it has been a while, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure IaaS.  I recently received questions from a few of my customers about access a key vault from a different subscription and from a different region in a different subscription.  In this blog I will walk through the process of using a managed identity and access an Azure Key Vault from another subscription.

 

BrandonWilson_13-1659625020982.png

 

Title: Deprovisioning Cloud PCs in Windows 365

Source Tech Community: Core Infrastructure and Security Blog

Author: Jake Stoker

Publication Date: July 14, 2022

Content excerpt:

 

I am based out of the UK as a Senior Program Manager / Modern Work Architect Specialist (MWAS) within the Endpoint Management space. Today I am going to cover the hot topic which is Windows 365 and more specifically the deprovisioning process piece of the lifecycle.

Bringing Cloud PCs into the world is different from a typical VM or physical device, taking them out of the world is different too. Typically, you would “Wipe” a physical windows device from the MEM console to reset the device. With Windows 365 Cloud PCs, you must take a different route to achieve this.

 

BrandonWilson_14-1659625030314.png

 

Title: Azure DDoS Protection Standard Costs Estimation

Source Tech Community: Core Infrastructure and Security Blog

Author: Helder Pinto

Publication Date: June 13, 2022

Content excerpt:

 

If you are considering the activation of Azure DDoS Protection Standard – a great solution to better protect your Azure Virtual Network (VNet) resources from DDoS attacks – you may ask yourself: Which VNet(s) should you enable the service inOr how many IPs can be covered by the base pricing? This sometimes isn’t trivial to find out, especially if you have a large or complex Azure infrastructure, made of multiple VNets and public resource types.

 

BrandonWilson_15-1659625041961.png

 

Title: DNS over TLS available to Windows Insiders

Source Tech Community: Networking Blog

Author: Tommy Jensen

Publication Date: July 13, 2022

Content excerpt:

 

DNS over TLS (DoT) is an alternative encrypted DNS protocol to DNS over HTTPS (DoH). Where DoH treats DNS traffic as one more HTTPS data stream over port 443, DoT dedicates port 853 to encrypted DNS traffic and runs directly over a TLS tunnel without HTTP layering underneath. This may result in a small performance improvement depending on the network environment at the cost of the flexibility HTTPS-based protocols can provide.

Client support for DoH was shipped in Windows 11 and Windows Server 2022. Starting today, the latest Windows Insider builds also offer client support for DoT.

 

BrandonWilson_16-1659625052076.png

 

Title: How Microsoft Defender for Identity Protects Against DFSCoerce

Source Tech Community: Security, Compliance, and Identity Blog

Author: Daniel Naim

Publication Date: July 1, 2022

Content excerpt:

 

Almost a year has passed since the “PetitPotam” attack vector was initially discovered. Shortly after, Microsoft Defender for Identity provided detection capabilities for this vulnerability. Earlier this month, a new attack vector that was inspired by PetitPotam was published by Filip Dragovic. The attack, which was later dubbed “DFSCoerce” can exploit the DFS-NM protocol to coerce the Domain Controller to authenticate against any server to create NTLM Relay attack. This has the potential to allow a non-privileged user in the domain to become a domain admin.

 

BrandonWilson_17-1659625061827.png

 

Title: Announcing the Sunset of Windows Information Protection (WIP)

Source Tech Community: Windows IT Pro Blog

Author: Rafal Sosnowski

Publication Date: July 21, 2022

Content excerpt:

 

Certain capabilities within the solution known as Windows Information Protection (WIP), previously referred to as Enterprise Data Protection (EDP) will be discontinued over time. As a result, we recommend that you explore Microsoft Purview Information Protection and Data Loss Prevention for your multi-cloud and multi-platform data protection needs.

 

BrandonWilson_18-1659625075276.png

 

Title: Windows 11 Onboarding and Demo Lab Test Kits

Source Tech Community: Windows IT Pro Blog

Author: Harjit Dhaliwal

Publication Date: July 22, 2022

Content excerpt:

 

To make it easier for you to plan for, test, and validate Windows 11 in your environment—and prepare your end users and management teams for a familiar, but fresh user experience—we’ve created two robust and downloadable kits.

The updated Windows 11 and Office 365 Deployment Lab Kit contains a complete lab environment including evaluation versions of Windows 11 Enterprise, Windows Server 2022, and a collection of tools which allow you to test and conduct a proof of concept for Windows 11 deployment. The Windows 11 Onboarding Kit provides a collection of materials that you can use to help prepare your users and ensure that they get the most out of Windows 11.

Windows 11 brings many new features to IT professionals and knowledge workers. And as with anything new, there are also new things for IT administrators to learn.

 

BrandonWilson_19-1659625088509.png

 

 

Previous CTO! Guides:

 

Additional resources:

 

 

1 Comment
Co-Authors
Version history
Last update:
‎Aug 04 2022 08:25 AM
Updated by: