1
00:00:00,000 --> 00:00:06,200
Welcome to the Azure Security Podcast,

2
00:00:06,200 --> 00:00:09,360
where we discuss topics relating to security, privacy,

3
00:00:09,360 --> 00:00:13,720
reliability, and compliance on the Microsoft Cloud Platform.

4
00:00:13,720 --> 00:00:17,400
Hey everybody, welcome to episode 24.

5
00:00:17,400 --> 00:00:19,240
This week's a little bit different than normal.

6
00:00:19,240 --> 00:00:20,520
Rather than having a guest,

7
00:00:20,520 --> 00:00:23,560
there's actually been a lot of security news over the last few weeks.

8
00:00:23,560 --> 00:00:26,880
So we're just going to cover essentially just the news.

9
00:00:26,880 --> 00:00:29,480
Also this week, it's just Sarah and myself.

10
00:00:29,480 --> 00:00:34,560
Gladys is crazy busy and Mark is taking a well-earned break.

11
00:00:34,560 --> 00:00:36,840
So Sarah, why don't you take it away?

12
00:00:36,840 --> 00:00:40,640
Hi everyone. So I've got nice selection of news this week.

13
00:00:40,640 --> 00:00:42,280
It's some of my favorite things.

14
00:00:42,280 --> 00:00:45,200
I have some AKS, some ASC,

15
00:00:45,200 --> 00:00:48,440
and of course my baby is some Sentinel and Azure Monitor.

16
00:00:48,440 --> 00:00:50,640
So starting with AKS,

17
00:00:50,640 --> 00:00:55,640
now confidential computing nodes are available on AKS.

18
00:00:55,640 --> 00:00:58,520
They've gone GA. So they have been in preview before,

19
00:00:58,520 --> 00:01:01,360
but now they're GA, which means they have an SLA.

20
00:01:01,360 --> 00:01:05,080
We know that quite a few customers don't want to use things in

21
00:01:05,080 --> 00:01:07,160
production until they go GA.

22
00:01:07,160 --> 00:01:08,840
So what that means is,

23
00:01:08,840 --> 00:01:12,360
AKS is now supporting Enclave Aware Containers,

24
00:01:12,360 --> 00:01:17,640
that are programmed for the TEE or Trusted Execution Environment,

25
00:01:17,640 --> 00:01:19,040
which is very cool.

26
00:01:19,040 --> 00:01:21,760
So if you need to do some processing within

27
00:01:21,760 --> 00:01:24,680
an Enclave for something very confidential,

28
00:01:24,680 --> 00:01:27,000
you can now do that in AKS,

29
00:01:27,000 --> 00:01:30,160
which is cool. Next couple of things again,

30
00:01:30,160 --> 00:01:33,040
AKS is that AKS is now supporting

31
00:01:33,040 --> 00:01:37,360
just-in-time access for tasks that require elevated permissions.

32
00:01:37,360 --> 00:01:39,280
So just-in-time or JIT,

33
00:01:39,280 --> 00:01:41,120
you might be familiar with that because it's

34
00:01:41,120 --> 00:01:43,400
something that we have in ASC at the moment.

35
00:01:43,400 --> 00:01:45,800
Oh, beg your pardon, not ASC now.

36
00:01:45,800 --> 00:01:49,000
That part, JIT is actually an Azure Defender.

37
00:01:49,000 --> 00:01:50,240
Basically what it means is,

38
00:01:50,240 --> 00:01:53,680
if a task in AKS that requires elevated permissions,

39
00:01:53,680 --> 00:01:57,600
you can temporarily grant that user account,

40
00:01:57,600 --> 00:01:59,720
those permissions to be able to do that.

41
00:01:59,720 --> 00:02:02,920
So that user account doesn't have to run all the time with

42
00:02:02,920 --> 00:02:04,480
those elevated permissions,

43
00:02:04,480 --> 00:02:06,920
which of course can increase

44
00:02:06,920 --> 00:02:09,400
the risk profile of that particular account.

45
00:02:09,400 --> 00:02:15,800
So really good to see that that is now also part of AKS as well.

46
00:02:15,800 --> 00:02:17,920
Another AKS one for you,

47
00:02:17,920 --> 00:02:21,240
AKS is now supporting a new Azure policy that

48
00:02:21,240 --> 00:02:23,680
allows that makes sure that OS and

49
00:02:23,680 --> 00:02:27,440
data grids are encrypted using customer managed keys.

50
00:02:27,440 --> 00:02:30,120
That means that now we can actually create

51
00:02:30,120 --> 00:02:32,360
a policy that will audit whether or not

52
00:02:32,360 --> 00:02:35,400
customer managed keys are being used or not.

53
00:02:35,400 --> 00:02:38,400
It means that if someone tries to create

54
00:02:38,400 --> 00:02:40,920
resources without customer managed keys,

55
00:02:40,920 --> 00:02:42,640
if you put this policy in place,

56
00:02:42,640 --> 00:02:45,200
it would and you put it in enforcing,

57
00:02:45,200 --> 00:02:47,200
you'd actually be able to deny that.

58
00:02:47,200 --> 00:02:51,040
That is something that can be very important for

59
00:02:51,040 --> 00:02:52,760
some of our customers,

60
00:02:52,760 --> 00:02:54,880
particularly those who work in

61
00:02:54,880 --> 00:02:57,840
very highly regulated environments where they're

62
00:02:57,840 --> 00:03:02,040
not able to use the Microsoft provided keys.

63
00:03:02,040 --> 00:03:06,400
So great to see that that support has also come into AKS.

64
00:03:06,400 --> 00:03:09,760
Then last but not least for my AKS updates,

65
00:03:09,760 --> 00:03:14,760
conditional access within AKS has now gone GA.

66
00:03:14,760 --> 00:03:18,600
So conditional access is an Azure AD feature.

67
00:03:18,600 --> 00:03:24,000
What it does is it will look at the characteristics of a log on.

68
00:03:24,000 --> 00:03:28,800
If that log on is unusual or anomalous in some way,

69
00:03:28,800 --> 00:03:31,360
so it might be that's come from a different country,

70
00:03:31,360 --> 00:03:34,320
it might be from a device that you've never logged into.

71
00:03:34,320 --> 00:03:38,040
You as an organization are able to set policies,

72
00:03:38,040 --> 00:03:41,080
because Azure AD will give that log in a risk rating,

73
00:03:41,080 --> 00:03:43,560
it will be low, medium, or high,

74
00:03:43,560 --> 00:03:45,280
and then in conditional access,

75
00:03:45,280 --> 00:03:47,680
you can configure what you want to happen.

76
00:03:47,680 --> 00:03:49,080
So if it's a red,

77
00:03:49,080 --> 00:03:51,200
if it's a high risk login,

78
00:03:51,200 --> 00:03:54,720
you might want to block them or you might want to make them re-authenticate.

79
00:03:54,720 --> 00:03:56,620
There's quite a lot of options and I won't

80
00:03:56,620 --> 00:03:58,760
digress into what you can do there.

81
00:03:58,760 --> 00:04:01,600
But now that's also available in AKS,

82
00:04:01,600 --> 00:04:05,880
which is great because it means that if someone logs into AKS,

83
00:04:05,880 --> 00:04:09,760
which is that Azure AD considers to be anomalous or unusual,

84
00:04:09,760 --> 00:04:13,280
you can use your conditional access controls on AKS as well,

85
00:04:13,280 --> 00:04:15,280
which is very cool.

86
00:04:15,280 --> 00:04:18,520
So moving on to ASC,

87
00:04:18,520 --> 00:04:22,960
just talk a little bit about some of the things that have gone GA in ASC this month.

88
00:04:22,960 --> 00:04:27,920
We've had the new security alerts page has now gone GA,

89
00:04:27,920 --> 00:04:30,320
you may have already seen the preview of that.

90
00:04:30,320 --> 00:04:33,720
The Kubernetes workload protection recommendations,

91
00:04:33,720 --> 00:04:37,960
so the recommendations around how you configure your Kubernetes workloads,

92
00:04:37,960 --> 00:04:39,280
that's also GA.

93
00:04:39,280 --> 00:04:42,200
You see, we never get away from Kubernetes, it's too cool.

94
00:04:42,200 --> 00:04:47,600
We've also got the SQL data classification recommendation doesn't affect your secure score.

95
00:04:47,600 --> 00:04:52,600
So that's great because there are some customers that can't change that or can't use it.

96
00:04:52,600 --> 00:04:56,520
So this will no longer bring down your secure score.

97
00:04:56,520 --> 00:05:01,440
Then a couple of preview updates this month.

98
00:05:01,440 --> 00:05:06,360
We've got the Defender for Endpoint integration with Azure Defender,

99
00:05:06,360 --> 00:05:11,520
is now supporting Windows Server 2019 and Windows 10 Virtual Desktop.

100
00:05:11,520 --> 00:05:15,280
They are two platforms, of course, that a lot of you will be using.

101
00:05:15,280 --> 00:05:22,240
A lot of people have gone to Windows Virtual Desktop since last year because of COVID.

102
00:05:22,240 --> 00:05:26,680
So really good to see that there's more integration there as well.

103
00:05:26,680 --> 00:05:35,680
You'll also be able to trigger workflow automations with changes to regulatory compliance assessments.

104
00:05:35,680 --> 00:05:39,800
So if your regulatory compliance assessment changes,

105
00:05:39,800 --> 00:05:41,560
if it goes up or if it goes down,

106
00:05:41,560 --> 00:05:47,960
you'll be able to trigger a workflow to maybe to possibly remediate that or alert someone.

107
00:05:47,960 --> 00:05:49,160
Whatever you need to do,

108
00:05:49,160 --> 00:05:51,640
there's a lot of options with workflows.

109
00:05:51,640 --> 00:05:54,200
Moving on to Azure Monitor.

110
00:05:54,200 --> 00:06:00,720
We also have Azure Monitor alerts for Azure Backup is now in public preview.

111
00:06:00,720 --> 00:06:05,920
So that means that it's all helping us getting towards users having

112
00:06:05,920 --> 00:06:10,800
a consistent experience for alert management across different Azure services.

113
00:06:10,800 --> 00:06:15,720
So that means now that you can route your alerts to

114
00:06:15,720 --> 00:06:19,400
any notification channel that's supported by Azure Monitor,

115
00:06:19,400 --> 00:06:22,160
so email, ITSM, webhooks, etc.

116
00:06:22,160 --> 00:06:23,760
So that means, of course,

117
00:06:23,760 --> 00:06:27,880
that if you need to configure some monitoring alert for Azure Backup,

118
00:06:27,880 --> 00:06:31,480
you can now do that which is very good because of course,

119
00:06:31,480 --> 00:06:36,120
Azure Backup itself is very important.

120
00:06:36,120 --> 00:06:41,320
Then I'm going to talk about what's going on with Sentinel because Sentinel is my favorite,

121
00:06:41,320 --> 00:06:43,000
and I couldn't, of course,

122
00:06:43,000 --> 00:06:46,960
do a podcast without at least talking about Sentinel and containers and Kubernetes.

123
00:06:46,960 --> 00:06:50,280
So let's talk about what we announced for Sentinel.

124
00:06:50,280 --> 00:06:58,560
We actually announced that we're now doing a sync with Microsoft 365 Defender.

125
00:06:58,560 --> 00:07:03,400
So you can now sync your incidents between Microsoft 365 Defender and Sentinel.

126
00:07:03,400 --> 00:07:06,800
So what that means is if you update your incident in one of those products,

127
00:07:06,800 --> 00:07:09,080
it's going to update in the other one as well,

128
00:07:09,080 --> 00:07:12,520
which means you don't have to keep popping between the tools,

129
00:07:12,520 --> 00:07:14,280
which is really nice.

130
00:07:14,280 --> 00:07:19,400
It also means that it quite seamlessly will let you hop back into the other platform.

131
00:07:19,400 --> 00:07:22,520
So if you need to do some evidence collection or maybe a bit of

132
00:07:22,520 --> 00:07:25,840
a deeper investigation in Defender from Sentinel,

133
00:07:25,840 --> 00:07:28,880
you're just going to be able to click and it will take you back to that portal.

134
00:07:28,880 --> 00:07:31,760
So I'm not saying that you're not going to have to do

135
00:07:31,760 --> 00:07:33,920
perhaps a little bit of moving between the portals.

136
00:07:33,920 --> 00:07:35,680
That's not realistic,

137
00:07:35,680 --> 00:07:40,160
but we're really reducing it and making that integration much nicer.

138
00:07:40,160 --> 00:07:43,760
We've also just released 30 new data collectors.

139
00:07:43,760 --> 00:07:45,160
Not going to name them all.

140
00:07:45,160 --> 00:07:46,560
There is a full list to them.

141
00:07:46,560 --> 00:07:47,920
We'll put them in the show notes.

142
00:07:47,920 --> 00:07:52,120
But now we're almost at 100 built-in connectors.

143
00:07:52,120 --> 00:07:54,000
We're at 90 something,

144
00:07:54,000 --> 00:07:57,280
which makes me sad, I was hoping we'd hit 100.

145
00:07:57,280 --> 00:07:58,920
We will do very soon,

146
00:07:58,920 --> 00:08:01,400
but we're always adding those really common,

147
00:08:01,400 --> 00:08:05,200
the most requested connectors from customers.

148
00:08:05,200 --> 00:08:07,480
We always want to hear feedback on that by the way.

149
00:08:07,480 --> 00:08:12,520
So please go to user voice or hit up your local account team

150
00:08:12,520 --> 00:08:18,760
and tell us what connectors you want if you don't already see the one you want.

151
00:08:18,760 --> 00:08:24,520
We're also going to be doing improvements to automation.

152
00:08:24,520 --> 00:08:28,320
So we're going to be changing up the playbooks in the automation page.

153
00:08:28,320 --> 00:08:32,000
What that means is you're going to be able to create automation rules,

154
00:08:32,000 --> 00:08:36,800
which will simplify the automation of common incident response actions.

155
00:08:36,800 --> 00:08:40,640
So what that means is you'll be able to create maybe a change of severity,

156
00:08:40,640 --> 00:08:44,680
close an incident, do some straightforward easy bits of automation.

157
00:08:44,680 --> 00:08:47,440
You'll be able to do them in the UI of Sentinel

158
00:08:47,440 --> 00:08:49,680
without having to create a whole logic app.

159
00:08:49,680 --> 00:08:53,120
So again, just trying to make things really, really easy.

160
00:08:53,120 --> 00:08:54,880
Then last but not least,

161
00:08:54,880 --> 00:08:57,760
Notebooks has now gone GA for Sentinel.

162
00:08:57,760 --> 00:08:59,960
So if you're not familiar with Notebooks,

163
00:08:59,960 --> 00:09:03,840
Jupyter Notebooks is a way of doing,

164
00:09:03,840 --> 00:09:09,080
writing your own machine learning models in Python, R, F-sharp.

165
00:09:09,080 --> 00:09:12,240
There's a number of different languages that it supports,

166
00:09:12,240 --> 00:09:14,120
and now that is GA.

167
00:09:14,120 --> 00:09:17,440
So if you've got data scientists in your organization,

168
00:09:17,440 --> 00:09:20,600
you should definitely get them to come and do some notebook work with you,

169
00:09:20,600 --> 00:09:22,760
because it's a very cool thing.

170
00:09:22,760 --> 00:09:28,440
Essentially, security operations and security monitoring is big data and data science.

171
00:09:28,440 --> 00:09:32,240
It's looking for patterns and anomalies just with a security focus.

172
00:09:32,240 --> 00:09:34,200
So we're going to be seeing,

173
00:09:34,200 --> 00:09:39,720
I'm very confident we will be seeing more and more of that as time goes on.

174
00:09:39,720 --> 00:09:43,560
So go and have a play around and see what you think.

175
00:09:43,560 --> 00:09:49,280
There are several Notebooks created by Microsoft in there to get you started,

176
00:09:49,280 --> 00:09:52,240
and see what you think.

177
00:09:52,240 --> 00:09:57,640
So a whole bunch of items really caught my interest over the last few weeks.

178
00:09:57,640 --> 00:10:03,320
The first is a website we've set up for Microsoft Learn for

179
00:10:03,320 --> 00:10:05,360
Security Compliance and Identity.

180
00:10:05,360 --> 00:10:11,840
This is going to be a one-stop shopping for learning more about funny left security compliance

181
00:10:11,840 --> 00:10:14,640
and identity on the Microsoft Cloud Platform.

182
00:10:14,640 --> 00:10:16,560
So as we've already mentioned,

183
00:10:16,560 --> 00:10:18,640
there will be links in the show notes.

184
00:10:18,640 --> 00:10:20,080
So heading over there,

185
00:10:20,080 --> 00:10:22,920
some of these videos that are available in Microsoft Learn have come from

186
00:10:22,920 --> 00:10:24,160
the Microsoft Ignite sessions.

187
00:10:24,160 --> 00:10:27,480
This is our virtual conference that we have,

188
00:10:27,480 --> 00:10:29,760
and this is where a lot of the information actually came out for

189
00:10:29,760 --> 00:10:32,760
the last couple of weeks around security news.

190
00:10:32,760 --> 00:10:37,360
Next one is, as you trusted launch for virtual machines,

191
00:10:37,360 --> 00:10:39,640
this is now in public preview.

192
00:10:39,640 --> 00:10:45,560
Essentially, what this allows you to do is use a virtual trusted platform module,

193
00:10:45,560 --> 00:10:46,880
a VTPM.

194
00:10:46,880 --> 00:10:51,880
If you're familiar with a TPM that is required on Windows laptops, for example,

195
00:10:51,880 --> 00:10:54,280
it's a similar idea as that,

196
00:10:54,280 --> 00:11:00,480
except obviously it's virtualized because the machines themselves are also virtualized.

197
00:11:00,480 --> 00:11:06,360
This essentially gives you the ability to have a trusted boot when virtual machines come up,

198
00:11:06,360 --> 00:11:11,520
which is also another really good example of a tool that is using

199
00:11:11,520 --> 00:11:14,680
the attestation service that's available in Azure,

200
00:11:14,680 --> 00:11:17,360
which I talked about a couple of weeks ago.

201
00:11:17,360 --> 00:11:21,560
Next one is Azure Sphere, 21.02 is now available.

202
00:11:21,560 --> 00:11:24,640
This is an OS upgrade as well as an SDK upgrade.

203
00:11:24,640 --> 00:11:26,080
So if you're not familiar with Azure Sphere,

204
00:11:26,080 --> 00:11:32,040
especially a chip set that can be used for deploying secure IoT devices.

205
00:11:32,040 --> 00:11:35,280
So some of the major changes that we see in that upgrade are

206
00:11:35,280 --> 00:11:37,760
some fixes to some vulnerabilities.

207
00:11:37,760 --> 00:11:41,520
Basically Linux kernel vulnerabilities for those not aware Azure Sphere is

208
00:11:41,520 --> 00:11:46,960
basically a small version of the Linux kernel running inside of a trusted piece of hardware.

209
00:11:46,960 --> 00:11:50,680
We also now have available in public preview the ability to

210
00:11:50,680 --> 00:11:54,840
provide automatic patching on Linux VMs.

211
00:11:54,840 --> 00:12:00,200
This is huge. We've historically had this available on Windows VMs.

212
00:12:00,200 --> 00:12:06,720
So we can apply security patches and any patches that are marked as critical automatically.

213
00:12:06,720 --> 00:12:10,240
This is done obviously during off-peak hours,

214
00:12:10,240 --> 00:12:14,480
but that's now available in public preview for you to experiment with.

215
00:12:14,480 --> 00:12:17,280
This next one really caught my attention.

216
00:12:17,280 --> 00:12:23,120
This is Azure SQL Auditing is now available in general availability for

217
00:12:23,120 --> 00:12:26,760
streaming auditing events to log analytics and event hubs.

218
00:12:26,760 --> 00:12:28,920
All right. This requires a little bit of explanation.

219
00:12:28,920 --> 00:12:32,960
So Azure SQL as you probably are well aware is

220
00:12:32,960 --> 00:12:38,000
a version of SQL Server that's available as a platform as a service offering inside of Azure.

221
00:12:38,000 --> 00:12:45,960
With that, there are obviously events and alerts and so on that happen on the Azure space.

222
00:12:45,960 --> 00:12:48,480
But what about SQL Server events?

223
00:12:48,480 --> 00:12:50,320
SQL Server has been around for a long time.

224
00:12:50,320 --> 00:12:55,120
It produces a lot of internal events that are very SQL Server specific.

225
00:12:55,120 --> 00:12:59,160
Well, historically, they had their own file structure that were

226
00:12:59,160 --> 00:13:02,440
essentially buried deep inside the bowels of SQL Server.

227
00:13:02,440 --> 00:13:06,160
Well, now you can actually take those auditing events and actually

228
00:13:06,160 --> 00:13:09,480
stream them out through log analytics and event hubs.

229
00:13:09,480 --> 00:13:13,440
This to me is absolutely a godsend,

230
00:13:13,440 --> 00:13:17,040
I think for admins who are looking at administering

231
00:13:17,040 --> 00:13:19,760
SQL Servers Azure SQL databases on Azure.

232
00:13:19,760 --> 00:13:23,160
This also applies to Azure Synapse Analytics.

233
00:13:23,160 --> 00:13:27,120
Because now you don't have to go into the bowels of SQL Server,

234
00:13:27,120 --> 00:13:32,120
you can essentially just feed the data out automatically into log analytics.

235
00:13:32,120 --> 00:13:36,680
This is an absolutely huge announcement from Ignite.

236
00:13:36,680 --> 00:13:39,560
Next one is on the SQL Server theme,

237
00:13:39,560 --> 00:13:43,480
Advanced Notifications for Azure SQL Database is now in public preview.

238
00:13:43,480 --> 00:13:46,440
What that is is if we know we're going to have to shut down

239
00:13:46,440 --> 00:13:49,920
your SQL Server instance for whatever reason,

240
00:13:49,920 --> 00:13:52,480
or do some rolling updates, that kind of thing.

241
00:13:52,480 --> 00:13:55,880
Obviously, we design these systems in such a way that

242
00:13:55,880 --> 00:13:58,840
there's as little impact as possible on you.

243
00:13:58,840 --> 00:14:01,760
But now we can give you 24 hours notice.

244
00:14:01,760 --> 00:14:06,440
Again, this is huge for people who need to have advanced notification of this.

245
00:14:06,440 --> 00:14:11,080
We can do it through various notification methods such as email, SMS.

246
00:14:11,080 --> 00:14:13,280
We can do an Azure app push,

247
00:14:13,280 --> 00:14:17,320
and we also have support for additional actions,

248
00:14:17,320 --> 00:14:20,160
such as triggering, say, an Azure Function,

249
00:14:20,160 --> 00:14:22,600
a Logic App, or a WebHook.

250
00:14:22,600 --> 00:14:23,840
Again, for certain customers,

251
00:14:23,840 --> 00:14:26,600
this is huge because we're going to let you know that,

252
00:14:26,600 --> 00:14:30,320
hey, we need to take this thing offline to do some maintenance.

253
00:14:30,320 --> 00:14:33,000
This next one also really caught my eye.

254
00:14:33,000 --> 00:14:37,240
Some weeks ago, we had some of the folks from the Cosmos DB team,

255
00:14:37,240 --> 00:14:40,640
and we now have a role-based access control

256
00:14:40,640 --> 00:14:44,360
using Azure Active Directory in Cosmos DB,

257
00:14:44,360 --> 00:14:46,160
and this is now in public preview.

258
00:14:46,160 --> 00:14:49,240
We've always had our back controls and

259
00:14:49,240 --> 00:14:52,080
Azure Active Directory support at the control plane.

260
00:14:52,080 --> 00:14:54,160
People who are managing the environment,

261
00:14:54,160 --> 00:14:55,920
that's perfectly normal.

262
00:14:55,920 --> 00:14:58,960
That's essentially there for virtually

263
00:14:58,960 --> 00:15:01,480
every single Azure service that we have.

264
00:15:01,480 --> 00:15:04,560
But what we're talking about here is actually at the data plane.

265
00:15:04,560 --> 00:15:06,800
People who are using the system,

266
00:15:06,800 --> 00:15:12,800
historically Cosmos DB used essentially tokens or keys or whatever you want to call them.

267
00:15:12,800 --> 00:15:17,120
But basically an ID and you could either have read access or read-write access.

268
00:15:17,120 --> 00:15:22,120
Well, now we can provide granular access at the data plane with

269
00:15:22,120 --> 00:15:28,040
our back controls role-based access control using Azure Active Directory identities.

270
00:15:28,040 --> 00:15:31,520
I would say that this is probably,

271
00:15:31,520 --> 00:15:34,680
from my perspective, probably the biggest announcement out of Ignite.

272
00:15:34,680 --> 00:15:38,360
Followed very closely by the SQL Server announcements I mentioned earlier about being able to pull

273
00:15:38,360 --> 00:15:42,640
the SQL Server logs into Event Hubs and Stream and Log Analytics.

274
00:15:42,640 --> 00:15:46,120
Next one, again, continuing the SQL Server theme,

275
00:15:46,120 --> 00:15:52,800
is we now have the ability to audit Microsoft operations against Azure SQL.

276
00:15:52,800 --> 00:15:55,880
What that means is let's say there's a support call that you

277
00:15:55,880 --> 00:16:00,640
raise and you need someone to go in and look at an Azure SQL instance.

278
00:16:00,640 --> 00:16:04,760
Well, that may happen over a period of time.

279
00:16:04,760 --> 00:16:10,640
Sometimes you may want to know actually what was done by Microsoft support personnel.

280
00:16:10,640 --> 00:16:12,720
Well, now you can get that information.

281
00:16:12,720 --> 00:16:20,400
So this is generally available, it's just an option that you can turn on inside of the Azure SQL instance.

282
00:16:20,400 --> 00:16:22,920
But again, the nice thing is this applies to Azure SQL.

283
00:16:22,920 --> 00:16:27,600
It also applies to Azure Synapse and it applies to SQL managed instance.

284
00:16:27,600 --> 00:16:30,640
Again, when our Microsoft personnel go in and have to

285
00:16:30,640 --> 00:16:33,200
secure support operations on your instances,

286
00:16:33,200 --> 00:16:38,240
that information is logged for you to analyze and look at later.

287
00:16:38,240 --> 00:16:43,400
Another big one is zone redundant storage for Azure managed disks.

288
00:16:43,400 --> 00:16:47,960
This is pretty cool because what this means is

289
00:16:47,960 --> 00:16:51,360
the historically managed disks are used for,

290
00:16:51,360 --> 00:16:53,760
I mean, amongst other things, but virtual machines.

291
00:16:53,760 --> 00:16:56,000
Now what you can do is you can say,

292
00:16:56,000 --> 00:16:57,960
okay, for this particular instance,

293
00:16:57,960 --> 00:17:00,440
I want zone redundant storage.

294
00:17:00,440 --> 00:17:04,040
So what that means is if there is a catastrophe,

295
00:17:04,040 --> 00:17:06,680
say a tornado or something,

296
00:17:06,680 --> 00:17:11,120
it completely takes out a data center with zone redundant storage,

297
00:17:11,120 --> 00:17:16,240
the virtual machine image is essentially well zone redundant,

298
00:17:16,240 --> 00:17:18,200
which means that if that zone is taken out,

299
00:17:18,200 --> 00:17:24,520
there is still an instance of that particular image that is stored in a different geographical area.

300
00:17:24,520 --> 00:17:27,360
So if one zone is taken out,

301
00:17:27,360 --> 00:17:30,280
then the VMs are still available.

302
00:17:30,280 --> 00:17:33,440
Talking of managed disks,

303
00:17:33,440 --> 00:17:39,040
another topic here is automatic key rotation of customer managed keys

304
00:17:39,040 --> 00:17:42,440
for encrypting Azure managed disks is now in public preview.

305
00:17:42,440 --> 00:17:44,480
This does have some limitations.

306
00:17:44,480 --> 00:17:49,680
Most notably, you must be using a premier SKU of Azure Key Vault.

307
00:17:49,680 --> 00:17:53,840
What that means is you're not using the version that uses just software backkeys,

308
00:17:53,840 --> 00:17:58,000
you're using the version of Azure Key Vault that has hardware backkeys.

309
00:17:58,000 --> 00:17:59,080
So that must be in there.

310
00:17:59,080 --> 00:18:01,880
Also, there's some limitations as to the ciphers that you can use.

311
00:18:01,880 --> 00:18:07,960
But basically, this allows you to automatically rotate keys on a regular basis

312
00:18:07,960 --> 00:18:09,360
so that you don't have to.

313
00:18:09,360 --> 00:18:12,280
This is often required for compliance requirements.

314
00:18:12,280 --> 00:18:14,560
Not directly as you related,

315
00:18:14,560 --> 00:18:19,160
but Windows Server 2022 is now available in preview.

316
00:18:19,160 --> 00:18:22,280
This provides a lot of new security features,

317
00:18:22,280 --> 00:18:26,160
including but certainly not limited to secure core server,

318
00:18:26,160 --> 00:18:29,320
which brings even more threat protection to the environment.

319
00:18:29,320 --> 00:18:33,040
We also have TLS 1.3 enabled by default.

320
00:18:33,040 --> 00:18:34,880
That's a welcome addition.

321
00:18:34,880 --> 00:18:38,040
A lot of people have been wanting that in Windows,

322
00:18:38,040 --> 00:18:45,200
as well as some changes to SMB to support more improved security protocols.

323
00:18:45,200 --> 00:18:49,240
So basically, this is a version of Windows that takes into consideration

324
00:18:49,240 --> 00:18:54,840
the increases that we've seen over the last few years around cyber security threats

325
00:18:54,840 --> 00:18:59,560
and the impact of those incidents and the fact that they escalate so quickly.

326
00:18:59,560 --> 00:19:03,840
So Windows Server 2022 is certainly worth kicking the tires on

327
00:19:03,840 --> 00:19:06,200
in terms of some of the new security technology.

328
00:19:06,200 --> 00:19:09,080
This is another one that sort of took my eye as well.

329
00:19:09,080 --> 00:19:10,760
Apparently, this has been available for some time.

330
00:19:10,760 --> 00:19:12,760
I just didn't realize.

331
00:19:12,760 --> 00:19:17,840
There is a blade called the demo logs blade inside of Azure.

332
00:19:17,840 --> 00:19:19,640
Everyone has access to it,

333
00:19:19,640 --> 00:19:24,440
which allows you to experiment with, say, the Custo query language

334
00:19:24,440 --> 00:19:30,920
to actually go in and play around with essentially a large volume of data,

335
00:19:30,920 --> 00:19:34,440
security and audit data, security sensor data,

336
00:19:34,440 --> 00:19:38,520
VM monitoring, active directory health checks,

337
00:19:38,520 --> 00:19:41,240
network performance monitoring, and so on.

338
00:19:41,240 --> 00:19:44,440
So this is available inside of your subscription.

339
00:19:44,440 --> 00:19:46,200
Technically, it isn't part of your subscription.

340
00:19:46,200 --> 00:19:47,640
You just have access to it.

341
00:19:47,640 --> 00:19:49,640
But you can go ahead and do really complex queries.

342
00:19:49,640 --> 00:19:52,920
If you want to have an area that's using not your data,

343
00:19:52,920 --> 00:19:56,440
but it's still a large population of potentially real-world data,

344
00:19:56,440 --> 00:19:58,040
then this is the place to go.

345
00:19:58,040 --> 00:19:59,880
So it's called the demo logs blade.

346
00:19:59,880 --> 00:20:02,360
And as I alluded to at the very beginning,

347
00:20:02,360 --> 00:20:05,000
there will be links to this in the show notes.

348
00:20:05,000 --> 00:20:09,400
So now, the news for me is complete without me talking about TypeScript,

349
00:20:09,400 --> 00:20:11,400
as probably many of you know by now.

350
00:20:11,400 --> 00:20:13,480
I'm not a fan of JavaScript.

351
00:20:13,480 --> 00:20:14,760
Not a fan of JavaScript at all.

352
00:20:14,760 --> 00:20:19,400
In fact, a lot of people I know who use JavaScript on large projects

353
00:20:19,400 --> 00:20:22,040
where they've got to maintain a massive code base.

354
00:20:22,040 --> 00:20:24,680
Yeah, it's not fun trying to maintain that code base in JavaScript.

355
00:20:24,680 --> 00:20:28,360
And TypeScript is designed to help alleviate a lot of those issues.

356
00:20:28,360 --> 00:20:30,680
And from a security and correctness perspective,

357
00:20:30,680 --> 00:20:35,080
one of its major advantages over JavaScript is strongly typed.

358
00:20:35,080 --> 00:20:40,360
And that alone helps you make more resilient software from the get go.

359
00:20:41,000 --> 00:20:44,680
As some of you may be aware, essentially TypeScript is transpiled.

360
00:20:44,680 --> 00:20:48,200
In other words, it's cross-compiled into JavaScript.

361
00:20:48,200 --> 00:20:50,920
Visual Studio Code has built-in support for TypeScript.

362
00:20:50,920 --> 00:20:52,200
It's got a plugin that you can add.

363
00:20:52,200 --> 00:20:55,400
It gives you first-class support for TypeScript.

364
00:20:55,400 --> 00:20:58,920
Well, now we have available the new TypeScript handbook.

365
00:20:58,920 --> 00:21:03,080
If you are new to TypeScript or you want to dip your toes into TypeScript,

366
00:21:03,080 --> 00:21:04,600
you really need to lay your hands on this.

367
00:21:04,600 --> 00:21:05,480
It's a free download.

368
00:21:05,480 --> 00:21:08,840
It's available in PDF format, just as a web page.

369
00:21:09,880 --> 00:21:13,640
And also in EPUB format, so you can load it onto your Kindle.

370
00:21:13,640 --> 00:21:18,200
But the thing I love about this is it's not like a really technical document

371
00:21:18,200 --> 00:21:21,080
that explains the syntax of the language and so on.

372
00:21:21,080 --> 00:21:23,800
It's more of, hey, so here's TypeScript.

373
00:21:23,800 --> 00:21:25,400
Now what do you do?

374
00:21:25,400 --> 00:21:26,520
How do you do this?

375
00:21:26,520 --> 00:21:28,120
What sort of tasks do you do?

376
00:21:28,120 --> 00:21:30,280
Here's some common issues that we face.

377
00:21:30,280 --> 00:21:31,960
And here's how you solve them in TypeScript.

378
00:21:32,520 --> 00:21:36,520
So this is an absolutely fantastic document.

379
00:21:36,520 --> 00:21:38,440
It teaches incrementally.

380
00:21:39,400 --> 00:21:43,640
It uses the compiler a great deal to explain what's going on.

381
00:21:44,520 --> 00:21:47,160
And it's really written for the everyday person out there.

382
00:21:47,160 --> 00:21:52,440
This is not something that is designed for people who are compiler experts.

383
00:21:53,240 --> 00:21:55,400
This is an absolutely fantastic document.

384
00:21:55,400 --> 00:21:58,120
And it certainly fills a lot of the gaps in my knowledge.

385
00:21:58,760 --> 00:22:00,040
So well worth a read.

386
00:22:00,040 --> 00:22:03,320
Well, and in fact, if you're a shop who's using a lot of JavaScript

387
00:22:03,320 --> 00:22:07,880
and all the headaches that come from maintaining a loosely typed language,

388
00:22:08,680 --> 00:22:10,920
as well as a myriad of other sins,

389
00:22:11,640 --> 00:22:14,040
well worth dipping your toes into TypeScript.

390
00:22:14,040 --> 00:22:16,040
This is another one that really caught my eye.

391
00:22:16,040 --> 00:22:19,480
I just realized I probably said this for absolutely every single news item.

392
00:22:19,480 --> 00:22:25,000
Azure Defender for Storage is now powered by Microsoft Threat Intelligence.

393
00:22:26,360 --> 00:22:29,400
So what this is, so we've had my, so Azure Defender is a suite of products, right?

394
00:22:29,400 --> 00:22:31,160
So there's Azure Defender for identity.

395
00:22:31,160 --> 00:22:32,760
There's Azure Defender for storage.

396
00:22:32,760 --> 00:22:34,360
There's Azure Defender for SQL.

397
00:22:34,360 --> 00:22:35,560
And there's many others.

398
00:22:35,560 --> 00:22:38,680
And these are all very, very specific versions of Azure Defender

399
00:22:38,680 --> 00:22:42,440
that can feed up to tools like Azure Security Center with,

400
00:22:42,440 --> 00:22:44,760
hey, this particular setting is incorrect,

401
00:22:44,760 --> 00:22:46,600
or this looks anomalous and so on.

402
00:22:47,160 --> 00:22:49,800
Well, now what we're doing with Azure Defender for storage

403
00:22:50,360 --> 00:22:53,560
is we're taking a lot of the internal threat intelligence

404
00:22:53,560 --> 00:22:54,680
that we have at Microsoft,

405
00:22:55,160 --> 00:22:59,080
and using that to drive telemetry out of your storage accounts.

406
00:22:59,720 --> 00:23:04,600
So we may find that some combination of, perhaps an IP address,

407
00:23:04,600 --> 00:23:09,160
some time and some type of content may find its way into one of your storage accounts.

408
00:23:09,160 --> 00:23:13,480
And then we may decide that that's potentially nefarious.

409
00:23:14,200 --> 00:23:17,240
By themselves, they may not seem overly nefarious,

410
00:23:17,240 --> 00:23:19,400
but once you add sort of all three of them together,

411
00:23:19,400 --> 00:23:22,200
then it becomes a potentially nefarious event.

412
00:23:22,840 --> 00:23:24,600
So this is another really cool technology.

413
00:23:24,600 --> 00:23:28,040
This is a great example of just leveraging the internal data

414
00:23:28,040 --> 00:23:32,120
that we have around threat intelligence, but for your storage accounts.

415
00:23:32,120 --> 00:23:37,000
So another fantastic, this is probably another one of the really big announcements

416
00:23:37,000 --> 00:23:39,560
that really took my interest this week.

417
00:23:40,120 --> 00:23:43,640
We now have the ability in Azure Purview.

418
00:23:43,640 --> 00:23:45,720
So Azure Purview is a relatively new tool.

419
00:23:45,720 --> 00:23:49,560
I think it was announced, I think December last year, December 2020.

420
00:23:49,560 --> 00:23:55,960
It's a tool that is based on Apache Atlas.

421
00:23:56,520 --> 00:24:00,600
The best way of describing it is it's like a unified data governments tool.

422
00:24:01,320 --> 00:24:05,320
It helps you manage and govern your on-prem data,

423
00:24:05,320 --> 00:24:11,560
your cloud data, whether it's in Azure, whether it's in AWS, for example,

424
00:24:12,520 --> 00:24:14,760
as well as your SQL databases.

425
00:24:14,760 --> 00:24:21,000
It really is a holistic up-to-date map of all your data in the environment.

426
00:24:21,000 --> 00:24:23,800
It also includes things like sensitive data classification

427
00:24:24,440 --> 00:24:26,760
and the whole sort of end-to-end data lineage.

428
00:24:27,320 --> 00:24:29,480
So a really fantastic tool.

429
00:24:29,480 --> 00:24:32,440
Well, one of the features that we just added just recently

430
00:24:32,440 --> 00:24:35,080
is a connector for Amazon S3 buckets.

431
00:24:35,960 --> 00:24:41,880
So we include support for many sources of data, including blob storage, Cosmos DB,

432
00:24:43,000 --> 00:24:48,440
say data explorer, data like storage Gen1 and Gen2, Azure SQL, Azure Synapse,

433
00:24:49,160 --> 00:24:57,720
on-premises SQL Server Oracle, Power BI, Teradata, a couple of SAP instances.

434
00:24:57,720 --> 00:25:02,760
But now I've added Amazon S3 and I know for sure that this is something that

435
00:25:03,640 --> 00:25:06,840
a lot of customers have been asking for, so it's great to see that.

436
00:25:07,400 --> 00:25:08,920
And that wraps up the news on my end.

437
00:25:10,200 --> 00:25:11,320
Well, thanks everyone for listening.

438
00:25:11,320 --> 00:25:13,080
I realized this week was a little bit different.

439
00:25:13,080 --> 00:25:14,680
It was all news focused.

440
00:25:14,680 --> 00:25:20,280
Again, a lot of this was driven out of the Microsoft Ignite virtual conference.

441
00:25:20,760 --> 00:25:24,760
In a couple of weeks' time, we'll be back to sort of our regular schedule programs

442
00:25:24,760 --> 00:25:31,640
where we'll have a guest and we'll be covering a specific topic in Azure from a security standpoint.

443
00:25:32,200 --> 00:25:33,720
So again, thank you so much for listening.

444
00:25:33,720 --> 00:26:03,560
Stay safe out there and we'll see you next time.