Category Archives: Microsoft

How to deactivate Hyper-threading on Azure VMs in an easy way without Microsoft support

In my current project we have the requirement to deactivate Hyper-threading on some Azure VMs. There are some Azure VMs available without Hyper-threading which can be found on the Azure compute unit site where Microsoft published a table with VM SKUs sizes where the “vCPU: Core” give a hint about VMs which are not having HT integrated. But this sizes are very limited and we have some requirements from licensing side to disable Hyper-threading and there also some applications which have a better performance when HT is disabled.

Continue reading How to deactivate Hyper-threading on Azure VMs in an easy way without Microsoft support

The new Azure Update Manager is GA Part 1 – three big reasons to migrate to Update Center and forget the classic Update Management Center

Microsoft released a completely new designed Update solution for Azure which supports VMs running in Hybrid- and Cloud-only environments with the name Azure Update Manager (formerly known as Update Management Center). This new solution is completely new and not based on the Azure Automation solution. The Azure Automation solution is based on the Microsoft Monitoring Agent (MMA – Log Analytics Agent) which will be retired on 31 august 2024.

The new solution cut off a lot of dependencies and fully compatible with Azure Arc. The reason that the solution, which has been in preview for a long time, is now announced as GA is that this solution supports the extended security updates for Windows Server 2012, which recently went out of extended support.

Please note: Azure Update Center is based on Azure Automation and needs the Microsoft Monitoring Agent. The MMA has been discontinued and will no longer be supported after August 2024. Support for Update Center has therefore also been discontinued.

The new Azure Update Manager in preview named as Update Management Center, was needed, because of an consistent Update Management over all VMs including VMs, that are integrated via Azure Arc.

The new solution offers significante improvements:

  • Zero on-boarding with Azure Policy support
  • No dependencies on Log Analytics or Azure Automation
  • Built as native functionallity on Azure Compute and Azure Arc for Servers
  • Support Azure RBAC and roles based of ARM in Azure
  • No manual intervention is needed as long as Azure-VM- or Arc-agent is running
  • Gathered information available for analysis via Azure Resource Graph
  • Support for automatic VM guest patching and hotpatching
  • Manage Extended Security Updates (ESU) for out of supoort WS2012

In this article I will give you a overview about the solution and how you can configure this solution for your VMs. Since I’ve been using it in a large Azure environment since the Public Preview release, I’ll point out some recommendations and pitfalls.

Continue reading The new Azure Update Manager is GA Part 1 – three big reasons to migrate to Update Center and forget the classic Update Management Center

Cloud Identity Summit 2023 Recap

Our 4th edition of the Cloud Identity Summit 2023 is over and it was a blast to meet all this great speaker and the Identity Community this year virtual and in-person in Koblenz.

This year we were kindly provided with the location by the Debeka Innovation Center (DICE) which is located near the University of Koblenz and close to the Moselle. The location is a designed as a open space to enable new thinking and new technologies which is a perfect match for our Cloud Identity Summit.

The 4th edition offered 10 sessions in two parall tracks, divided into Identity Security and Identity Management and it was really a pleasure to see this big identity experience in the different Identity topics on this day live at our conference. The speakers who made the extra journey to the event can certainly be called who as who of the identity scene. Therefore, at this point I would like to thank you explicitly, because without you this event would not have been possible:

  • Sefallah Tagrerout and Jean-Francois (Jeff) Aprea – Securing your Azure Ad with our Zero Trust Approach!
  • Jan Vidar Elven – Monitoring and Reporting on Activities and Security in Microsoft Entra Azure AD
  • Fabian Bader – From (tier) zero to cloud hero: How to pwn Azure AD from on-prem
  • Kenneth van Sarksum – Implementing and building advanced Microsoft Entra Id Conditional Access scenarios
  • Christopher Brumm – Walk the walk – explore ways to ensure strong authentication in real life scenarios
  • Sfefan van der Wiele – Walk the walk – explore ways to ensure strong authentication in real life scenarios
  • Daniel Krzyczkowski – The future of customer identity with Microsoft Entra
  • Nicki Borell – Azure AD Identity Governance – What do your users do with their access
  • Sander Berkouwer and Raymond Comvalius – Just apply the basics in your Azure AD tenant!
  • Anton Staykov – Seamless cross-tenant application access with Entra Azure AD Cross-Tenant sync

Koblenz is the hometown of Thomas Naunheim therefore we had also recommendations for sightseeing tips, city walks and Restaurants and start to meet the speaker on Wednesday in a Restaurant close to the Rhine and the Deutsche Eck (German Corner). After our great dinner, we made a short city walk to the Deutsche Eck and after this to a final beer for a good preperation for our conference on Thursday.

We started our hybrid conference a little late with a strong focus on the in-person experience and also broadcast the Sessions live to the world via teams.

In my estimation it was a complete success due to four factors:

  • Which is thanks to the great speakers who share their knowledge with great pleasure
  • The on-site participants who brought a lot of fun and made the sessions interactive, through their numerous questions
  • The great help of our team which made sure that the speakers and participants felt comfortable
  • Our great sponsors (adesso SE and glückkanja-gab AG) without whom this event would not have been possible for many reasons

We hope that the conference meet the expectations from our attendees and will plan for 2024 and we really want your Feedback for good and not so good thinks. The really goal of this conference it´s a conference from the community for the community. So gave us your feedback for a better Cloud Identity Summit in 2024!

Microsoft Defender for CSPM is GA – Information about activation, billing and new pricing information

Microsoft announced with Defender for Cloud Security Posture Management a new plan in the Defender for Cloud product family which focuses on a central view on the security posture of the customer.

In this article I will give a overview about which topics Defender for CSPM covers, how it will be enabled and how the pricing is actual working which holds some suprises if Defender for Servers is already in use.

Continue reading Microsoft Defender for CSPM is GA – Information about activation, billing and new pricing information

Microsoft MVP for Azure for 2023-2024 (5th year in a row) and 1st time MVP for Security

Every year on July 1, the MVP renewal process takes place and Microsoft notifies us on that day if we will be awarded another year as an MVP based on our contributions. So most of the MVPs look into their inboxes and wait for the mail notification. Some colleagues call the day the F5 day, because second by second the inbox is updated 🙂

This year there were some technical difficulties and so late on July 1 there was an announcement that the MVP announcement would be delayed until July 6. Again a murmur went through the internet. 🙂

So the F5 day is postponed to Thursday and all are looking curious on this day. Late on Thurday the Mail comes in, but I´m in a customer meeting and overlook the notifcation. Some minutes later I take a look and I was once again recognized as a Microsoft MVP in the Azure category for 2023-2024. That was my first surprise, but the mail continues and I see another surprise. Microsoft also awarded me in a 2nd category and now I am also MVP for security. 🙂

I’m really grateful and honored to have received this special award for the fifth year in a row and also awarded as MVP for Security.

Continue reading Microsoft MVP for Azure for 2023-2024 (5th year in a row) and 1st time MVP for Security

Speaking at Experts Live Netherlands 2023 about Mastering Defender for Servers

I´m really happy to announce that I will speak at the Experts Live Netherlands 2023 Spring edition. The last one was the 10th annivesary edition in Fall last year. The Experts Live Netherlands is one of the biggest Experts Live conferences next to Experts Live Europe and because of the big Experts Live Europe will take place this year in autumn, the Orga Team decided to organize the 11 edition in spring.

Contents [show]

Session overview

This year, my session will be about the Mastering Defender for Servers. In this session I will focus on Defender for Servers to protect servers across hybrid and multicloud environments. So I dived into the different plans, feature sets, deployment methods and more. Futhermore I show as a side note the new Defender for CSPM Plan and explore how agentless scan methods works. Deploy defender for servers at scale will complete the view and enable the attendees to mastering defender for servers.

Motivation

I like the idea behind the Experts Live community and really looking forward to see many community members there, greats friends again and certainly make new contacts.
This year the edition is with 1,200 registrations sold out. The Keynote will be held by Dona Sarkar. So it is worth to be there

About Experts Live Netherlands

Experts Live is an international Microsoft community platform focusing on knowledge sharing through live events.

Every year Experts Live Netherlands organizes a large-scale one-day event where more than 1200+ IT Pros and Developers gain knowledge of Microsoft technology. National and international community experts update visitors on the latest Microsoft technologies in one day.

Slides

It was a pleasure to speak at 11th edition of the Experts Live Netherlands. With more then 1200 attendees is was one of my biggest in-person conferences in the last couple of months. Thanks to the organizers and sponsors who made this possible!

You can find the slides from my talk about Mastering Defender for Servers here. Please keep in mind that this slides was only for the Experts Live Event and I will improve the session based on the Feedback from the attendees.

Azure Firewall Basic SKU is now GA

Microsoft announces with the Azure Firewall Standard and Premium two native Firewall Services available as PaaS solution what are a great benefit to classic Firewall deployments, because of native Autoscaling Features, no need for VM Management and more. Unfortunately the price was to high for SMBs, with 900€ for the Standard and over 1200€ for the Premium Edition. A frequently requested Features, was a cheaper variant aimed at small and medium businesses.

This wish has been answered and last year October with the Azure Firewall Basic edition (public preview). The Azure Firewall Basic (AzFw Basic) has leaved the Public Preview and are now GA. The planned subscription must first be prepared before the deployment can begin with some Powershell commands.

Now Azure offers three different Azure Firewall solutions. The following table list the different SKUs and the price for using in West Europe (03/2023).

Microsoft has made some changes to deploy the Firewall Basic compared to the Firewall Standard and Premium SKU for better Service avalability. This article will give you a short overview of this changes.

Continue reading Azure Firewall Basic SKU is now GA

How I successfully passed the MS Defender for Cloud Ninja training and how the security community helped me

One of my goal this year was to work more and more with the Microsoft security solutions and got deeper into the different services and possibilities. My focus on this is to get a better understanding how we can secure our Hybrid Cloud environment with the different Microsoft defender products.

About the Microsoft Security Community

Continue reading How I successfully passed the MS Defender for Cloud Ninja training and how the security community helped me

Speaking at Cloud Brew 2022 about Azure Arc

After many hybrid events in the last few years I really like to get back to in-person or hybrid events to see the community live at the events and discuss and learn from each other about different projects and meet some new people.

About the Cloud Brew

One of my favorite conference in 2019 was the Cloud Brew in Belgium, it was a great conference because of different things:

  • Great list of speakers and sessions
  • Deep dive technical sessions
  • Big community from around europe
  • One of the biggest Azure related conference in belgium
  • Great place in the beautiful former brewery Lamot

The Cloud Brew 2022 will take place from 18/11/ – 19/11/2022 in Lamot, Mechelen in Belgium. There are some free seats available.

About my session

Continue reading Speaking at Cloud Brew 2022 about Azure Arc

My favorite Microsoft Ignite 2022 Fall Highlights

After the pandemic beguns Microsoft switched the both big conference Microsoft Build and Microsoft Ignite to virtual only events. The Ignite was two times a year in 2020 and 2021. For 2022 it was long time not clear will it go back to an in-person event or still stay as a virtual event.

The Microsoft Ignite 2022 has start 2 hours ago as an hybrid event delivered from Seattle with 6 Spotlight events around the globe and delivered as before virtually. I’m a little disappointed because a lot of the content is pre-recorded and even great speakers like Donovan Brown don’t hold their sessions live in Seattle but are only shown there virtually as well.

In this article I will share the important announcements from my perspective from the Microsoft Ignite 2022. Most of you know me as an Azure Governance, (Hybrid) Infrastructure and Security guy, so please forgive me for focusing on these things.

Continue reading My favorite Microsoft Ignite 2022 Fall Highlights