Today I’m starting news posts. Resources I find on the internet like blog posts and formal and informal announcements about all things IT, especially related to Microsoft Cloud. And sometimes what I like or dislike about it.
Removing the last Exchange server
So the big news is out. We can finally remove (but not uninstall!!) the last Exchange Server in a hybrid identity environment and still be compliant with Microsoft’s standards. Well, the truth is a bit more nuanced of course as there are some caveats and requirements, like having to work solely with PowerShell and no auditing trail of recipient management, but if you are OK with that, by all means remove that server! This update may very well mean we’ll change the architecture at some of our customers who have a hybrid identity architecture because of legacy applications, where all mailboxes are in Exchange Online.
Pentester Academy
A few weeks ago I found out there is an actual exam to take regarding Azure AD pentesting. It is called the Certified Az Red Team Professional or CARTP for short. To become CARTP certified there’s this upcoming bootcamp course to take which costs 499 dollars, but you’ll get a lot in return:
- 4 live sessions and live session recordings
- 40 flags to be collected
- more than 20 labs
- the CARTP exam
To me this sounds very interesting and I might go for it when the timing fits my calendar.
UDR service tags
Service tags (those you can use on NSGs for example) have been available for some time now and makes life of Azure Networking Engineers so much easier. Now Microsoft has announced service tags are available for User Defined Routing. UDRs are used to override default networking routes within Azure VNets. Now with the use of service tags there is no need to download a JSON file with all current IP addresses of Azure services to automate these UDRs, when for example a VM needs a route to Storage Account. Yet another way to make the administering Azure experience so much better. Very welcoming change!
Azure AD security operations guide
Another security topic! It’s hot these days. Recently I found out Microsoft has a good writeup regarding best practices around [security operations with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-introduction. This should come in handy with our (and your) security operations team. As a member of the Cloud Center of Excellence I like these best practice white papers to get the company aligned in using the cloud.
Microsoft Partner changes
So Microsoft is changing things again. Now Microsoft Partner Network. It contains a lot of changes, like the removal of Competencies like Gold and Silver. But are they really gone? A well written summary by Jussi Roine here takes you up to speed. As this is something I’m involved with at my company, I really like the nuanced perspective of another MS Partner regarding these Microsoft changes.
Azure AD Graph extended retirement date
So we’re all aware the Azure AD Graph will be retired. Right? This means the Azure AD and MSOL powershell modules for example are also going to be retired. Luckily there’s some extra time to get our apps and scripts updated to work with the Microsoft Graph. New date is end of year.
But be aware that the licensing assignment APIs are still going to be retired by the 26th of August. This makes way for the new license management platform. I’m excited what that will bring apart from what is listed at this blog post.
Azure monitor updates
Whoever works with Azure Monitor will like this upgrade. The endless scroll experience is so much better than going through pages of results and using excel like filtering is so much more intuitive when spitting through some raw logs. Using search in the KQL search results set, and using Pivot mode really make this package complete. Like like like.
Modularize DevOps pipelines
Here’s a well written blog about keeping your pipelines and pipeline jobs DRY (don’t repeat yourself). When working on a single or a few pipelines this doesn’t make much sense, but the bigger your organization grows and uses Azure DevOps pipelines, the more convenient and manageable it is to modularize everything. No need to update the same change in a hundred places (which is error prone), but just at a single file. This takes pipelines to the next level.
Azure Monitor Agent and W10/W11
So the Microsoft agents used for logging (and there are a bunch are replaced by one agent, the Azure Monitor Agent. Now Windows desktop is in the picture for this new agent, to benefit Azure Sentinel use. Again, our Security Operations team will be pleased. But preview for now!
Web Attack cheat sheet
If you are even remotely into InfoSec this is going to be an awesome cheat sheet. This cheat sheet might just come in handy! Lots of things I don’t know anything about. Or did not know about those linked resources.
Azure DevOps wiki documentation
Who loves writing documentation? Me neither! Always takes up too much time and energy. Sometimes we just have to write documentation for our colleagues, and sometimes it is obligated to comply for audits. Luckily we can automate part of our documentation. Here’s a nice blog post on just how to do that in Azure DevOps.