 Good morning, everyone. Good morning, Amy. Good morning, dear. Good. It's Friday the 13th. Friday the 13th. Yeah, I wanted to be the thumbnail. I was going to put up pictures of us and then. I can't remember the name of the character, but they're like the hockey mask on. And then I got worried about DMA strikes. Yeah, never. Oh, what's that? You're wearing your new office swag. Oh, yeah. See what I got doing on that? Well, at least you're wearing it right side front. What are you talking about? Oh, you haven't seen that post? We have a teammate that decided to take a picture with his shirt and. Oh, and we love you. Yes, you put that on Twitter and I just had to realize you're wearing it backwards, right? The tag hitting your throat. We love you, or on your special special. Hey, we've already got a few people online. We got Anthony Bartolo. He's currently in Seattle. So 7 a.m. Good for you, Anthony, to be up that early. Also, Mr. Shockley. That's also at 7 a.m. One man. People get up early in the West Coast. Crazy. And. Rabbit Junior is here and there's probably going to be some more that are going to join us anytime soon. Oh, what did you think about the listing of updates for this week? It's pretty thin, wasn't it? Yeah, I think they're hiding for build, you know, the big stuff, the exciting stuff, make everyone wait in anticipation. Oh, yeah, it's kind of hard to find some stuff. I think it's I'm wondering whether or not it has anything to do with the fact that well, it's probably has anything to do with the fact that build is in what, two weeks? And everybody's kind of like sitting on their news waiting to figure out how they were going to put them on on the on the day of or. Oh, your mind. Yeah, I think all the orange comments. Yeah. Oh, Mr. Bender is joining us from LinkedIn. Hey, good morning, Mr. Bender. Yeah, this was my Christmas present by the way, too. It was came in. That's right. That was a little care package from our illustrious leader, Mr. Rick Claus. That and a oh, we had a really nice water bottle. Yeah. Yeah. With the twenty twenty two. Yeah. The hydro flask. Adroflask. Yes. And I had mine for about 10 minutes. Mm hmm. And my daughter is. Ooh, hydro flask gone. Any cool stuff. All my stickers are gone by my 10 year olds. Well, I got a pile of them here if they if she wants more. Sure. They raccoons mean come on. Hey, and that's one thing about in person events slowly starting back is that there's going to be more swag. I am a swag. What's the right term because, you know, you don't want to swag. Enthusiast. Enthusiast. Yes. That's one word for it. I am not. I go to conferences and I I don't I'll go to the booth and I'll talk to the partners and I'll talk to the people there. But I do not typically grab on any of the swag unless they have some really cool shirts. But right. Yeah, I'm with Derek. Everyone loves swag. Well, I yeah, I would have co-workers like you who are like, nah, and then I get something really cool. They're like, oh, well, go get me one. I'm like, no, you go stand in line. Get your own. Get your own. Lots of swag for a magic. Lots of swag event. Yeah, because Anthony right now was supposed to present with me at an event we had this week. I tech conference in Toronto. But what is called back to the mothership to help with the Imagine Cup and I believe it's the 20th anniversary of the Imagine Cup, which is a really cool contest worldwide where each city for students University in colleges where they actually make a project leveraging the technology and they have to pitch it and it's actually really cool the way they do it. And then each winner of each country gets to Seattle to compete for for the Imagine Cup. So Anthony is there with the students right now. It should be I'm looking forward to hear from about it and see what the solutions that these people came up with. Yeah, should be cool. Definitely. All right, let's hide this. Well, we don't have a lot of news today, but we do have some so do you want to get going? I guess so. All right. So I believe the first one is mine, which is the Azure Compute Gallery now supports Trusted Launch Virtual Machine. So Trusted Launch Virtual Machines are a it's just a regular VM mostly for Gen 2 of the VMs and they have virtual TPMs. They have secure boots installed. They have like a whole bunch of different technology, which you can deploy on their own, but all together they make this this machine is what we call Trusted Launch. It's to protect form from like root kits and the type of malware that would normally embed itself in like right in the root in the kernel of the machine and that makes that machine a bit more secure. There are some drawbacks though. So there's some services that you can't do like you can't replicate a Trusted Machine as it's running apparently. So they if you'll go to the documentation or if you go to itopstock.com I listed a put a link in today's post about what the requirements are and what the prerequisites and so on. But it's really cool, especially if you're in an environment that requires that level of security. If you're an environment where your workloads are specifically sensitive, then getting a machine that is trusted with the Trusted Launch is a good idea. But now because of that in the gallery you can actually create your own images from a Trusted Launch Machine and use them and share them within your subscription or your tenant so that other people in your group, whether they'd be developers or others or maybe it's just part of a continuous deployment program where instead of having a blank image and then having to install everything you can have your own images made specifically for your workloads and call them up and deploy them at a moment's notice but through the portal through PowerShell or CLI as normal. So I think it's pretty cool. I'm kind of looking forward to the day where all of our machines are trusted the Trusted Launch. I see that as something that should be done by default but I recognize this on limitation in terms of hardware that it has to run on in terms of the virtual TPM chips and so on that allocated to each of those VMs. At least by default we start turning off like PIPs and you know RDP and you have to enable it and you know when you are deploying so we try to encourage. RDP is not turned on but they're not turned off by default and oh okay. It's okay my subscription everything's turned off. Well yeah because you're using one of our the Microsoft managed and so there's a policy for governance to not expose RDP which is a good thing. Yeah. I have a demo subscription that's outside of MSIT control because sometimes if you want to demo something that is blocked by Corp if we're not owners or because we're not admins of the subscription so they kind of block some stuff out. But this week I had this demo and I set up these machines and Rod I don't know if Rod is looking but is watching but it'll be happy that I was demoing how you can surface all of these machines in AWS and on-prem through Azure Arc and then apply other services so how to make your on-prem your on-prem experience better by using cloud services and I demoed Sentinel and it picked up that one of my machine was being brutally attacked on port on the RDP port through 389 because I had forgotten to turn it off. I just deployed a bunch of machines and then join them and so I could see in Sentinel like and where the attack are coming from. And funny enough they weren't coming from the places that you would normally think they're coming. They were coming from Oregon. Weird. I hear something like 12-year-old in Oregon. Maybe trying to get into a machine that has absolutely nothing on it. It's just an empty VM running. I'm a hacker. I'm hacking Microsoft. Yeah, we're going to fight you. I almost I need to get my Liam Neeson voice. Yeah. And I'm not going to do anything of the time. All right. So what is your item this morning? I believe do I need Oh, you got it. Okay, cool. Generally available now is Azure Arc enabled servers have support for private endpoints. So we already have that private link available where you don't have to go over the interwebs. You know, it's all private and now you can actually create endpoints to connect to as well. So using your VPN or express route, you can securely talk to endpoints and put them on your I think it's per service. If you go to the link in there, it goes over how to, you know, how to deploy it using a VM extension and then how it works. If you have your Azure Arc private link scope, you can connect your private endpoints to an Azure resource. And in this case, it's Azure Arc enabled servers. And then you can looks like. Yeah, the private endpoint in your Vnet allows it to reach Azure Arc enabled server endpoints through private IPs from your network instead of using the public IPs. So that's really cool. So you don't have to go over the main internet. I'm just more security. Yeah, and it's almost like a nice, a nice thing for me that this is happening this week because at the conference that I did and the session that I did on Arc, that was one of the questions. We had a few people in there that were working for government and they're like, okay, so this looks fantastic, but we have a requirement to not connect to cloud services outside of controlled and secure methods. How can we do this? And it just happened that it was the day that morning Thomas Maurer had posted a posting that it had gone GA. So like, yes, actually, you can. Right. Yeah, you go over that backbone versus the internet. Yeah, because that's public internet is public internet. Like it's not a it's not a safe space there at all. Go to Starbucks and type in your passwords on the Wi-Fi. I have several little VPN app installed on my laptop. So when I travel, I'm always make sure to turn one on. Yeah. Yeah. So but it VPN site to site VPN or express routes are both very secure and useful tools. Express route costs a little more, but a little more faster to it's while it depends because you you negotiate your price with your with your telco because it really is just an MPLS segment that's terminated both at your in your data center. So your last mile from your telco and the other end within our data center, it's definitely more robust. Yeah. We're always told to like ask for the biggest pipe and then but start small and then because it's harder to add than take away apparently. I don't know when you get an express route as a customer. Not sure if that's still true. Yeah. Yeah. Site to site VPN is a great option, especially if you're in a like testing environment or if it's something that you are working up to or setting it up through the VPN until you can actually get the express route put in place because it's not because it has that last mile portion to it. It's not like you can just go to the portal and say deploy express route and then it's done. I get that'd be nice. It would be nice. I don't want to call Comcast. Who wants to call itself? I'm looking for houses right now at the houses and more in the country because we're looking like a half acre type lot. And every time my wife finds a nice house, the first thing I do is I go to my internet provider and I go, what's available there? Because I've got like a fiber connects to the house here. Yeah. I'm like, oh, no, I'm not going. I'm not going back down to 50 megs up and down. I can't live like this. I can't live like that. I thought Canada was all country. Don't you all just ski up there? Yeah, we get out of the house. We get in the sled and we mush the dogs to the office. It gets to school. Yeah, that's right. That's what Americans think of. The next item on our list is the resource network NAT Gateway health checks are now available in the resource health. And if you haven't seen what the resource health is, is basically there's like three models resource health. I'm having a brain fart. I can't remember. But there's like basically there's a portal that tells you whether or not there are outages with Microsoft or the services. I used to skate to school appeal both ways, appeal both ways. Yeah. And snow up to my knees. No, it didn't skate to school. I put my my snow shoes on and just trek through the woods to the school. No, I'm just kidding. And now you can have your virtual network NAT health. So whether or not you're running out of IPs, if one's not connected, if there are any any kinds of problems whatsoever, it actually gets surfaced up in the resource health, which is a nice kind of great dashboard that allows you to identify and potentially troubleshoot issues that you may have. So figure brain fart. Nice. Oh, my boss is on. We have to be more professional, I guess. Is that where is he? I don't see him. Oh, I see him. Oh, he's working regular IT guy. He kind of changes his name so that we won't know him, but he forgot to change your avatar. So yeah. So the it's just another way of keeping track of your environment in a in a way that is useful for you. Managers love it because it's on. I got nice pretty pictures and kind of dashboard age type of stuff, but it allows you to quickly drill down to where the problems are and troubleshoot them and eventually fix them kind of cool. I have a cool story about our dashboard. Once we I forget what it was like our network was like npm through Cisco and we'd have it on the big screen. So the managers could walk by and be like, oh, it's green. And then one would turn like yellow and what's wrong with that? And then we would just change it to green. Everything's fine. I know I worked with the customer where the screensaver for the machine that was running that big TV with the dashboard was an actual picture of the dashboard when it's all green. So they would just leave it there and then also in the screen same or would kick in and then everybody would walk by and say, oh, we're green and then walk away. Dashboards are great as long as they they're refresh often enough and you don't play games with your management. We do not condone that type of behavior. Got in trouble if someone found out there's something broken before we did. Squirrel. Squirrel. Yeah, I don't know. I don't know what Rick is saying, but I think he must have seen real off track because we saw his pick and brain fart noise. I know this this chat room is really going sideways right now. Let's move on to our next item. Yes. From the Red Hat Summit. We now have more updates for Red Hat in our marketplace. So now we can have the Red Hat automation platform is available. It says in North America with global available the global availability coming soon. So you can automate and scale in the cloud. And then also it's like the theme Azure Arc enabled SQL manage instance is now supported on Red Hat OpenShift. So if you need to run your workloads outside of Azure and your own data center, you can throw some arc on it and make it talk to Azure. New game distracted in the easy update. Oh, there you go. It's working. And then rel9 is available May 24th through Azure and then there's also I didn't realize this Azure hybrid benefit for Linux 3.0. So starting May 24th, I always, you know, Linux is free, but I guess Red Hat, you know. Red Hat is not. Yes, you pay licensing so you can bring your licensing or it says being bring your own subscription and get a get some save some money on that. So there's some cool stuff that came out of the Red Hat summit. And I also had a co-worker who used to call it Ansible instead of Ansible. Was he French? No, he was Polish. French people for I was speaking for myself here. We have a tendency to put the emphasis on the wrong syllable and see Blair and see Blair. Yeah, no, I find this very interesting because it's just one more way. I think that Azure is making it possible for organizations to get to the cloud without having to relearn a whole new set of tools have to convert all of their deployment mechanisms to either be bicep arm, CICD, whatever it may be, and to also to use what they've been using, which is in people that are using Red Hat or using Ansible automation to deploy and manage their environments. So by enabling things like that, we're making it possible for them to do this without to take advantage of Azure without having to relearn everything. So it's just your curve, your learning curve to get actually productive on Azure is getting flatter, which I think is a great thing. Yeah, getting closer to the easy button, but not completely. You still got to do some stuff. Yeah, I don't think we're going to get to the easy button any time soon, but somebody at the door, you're still muted. It's 2022. I know I'm muted at purpose. You've learned to bark this year. Thanks, Milo. That's okay. That's okay. Me and UPS guy who's not leaving him a treat. It's mad. UPS truck shows up and they don't leave a treat. He's like heartbroken. They do. They're known for it. He can recognize that truck. We'll chase that truck down the street on a walk. There's the brown truck. It's the brown truck. No, just for a little doggy treat. My dogs are more like my doorbell. If somebody comes to the door, I know. Yeah. All right. That was pretty much it for the event for for the news this weekend. We did have to dig into technical communities blogs for for product announcements that weren't officially on the Azure news or Azure update site. We do have a couple of community events that are coming or one community events that's coming that is like official. We have and I might not completely fit the audience that normally watches a Z update, but it is the first anniversary of Azure static web app. Yeah. I actually use Azure static web app because I find I'm not a developer and for the stuff that I need, it's really really good. Like my my personal website is just I check into GitHub like to change if you mark down files, check it into to get hub and it gets published and it works really well and it's cheap for me for to host that. Yeah, it's a great way to host those websites and I just bam update, you know, did it for a lot of community events as well. Just Azure static web app. Yeah. And so on May 19th, there's going to be a. It says one hour an hour and a half, but I think there's a bit more to it. There's the ancillary kind of broadcast that are going on and apparently our friend Donovan Brown is going to be speaking at that and lots of good people that are going to give us their experience and all of the good stuff about Azure static web apps. And that's not going to be Scott Hanselman and Donovan Brown on learn TV. So some Microsoft MVPs and product team and oh, it's a whole week 30 days of SW a song. Okay, so it starts on May 19th, but the whole week. Okay, perfect. Yeah. Now I have more stuff to work on. Get that badge. Yeah, no, I have other things to do. But it does take us to the learn module of the week. Yeah. And this week I thought since we talked about private link that it would be a great idea to refresh our knowledge on designing and implementing private access to Azure services and that private access is not limited to Azure Arc, but it's one of the services that you can leverage or that you could that leverages private link to connect. But this is really a great way to secure. Let's say your past services so that past stays within the Microsoft the Azure backbone to connect from your your past to your SaaS or your past to your I as environment. So if you have a database running in a VM, but you have a website that's running in past, you can connect it directly without having to basically go out to public internet and back in back in. That's cool. So it's not very long. It's an hour and a half. It's actually a pretty nice module. I'm gone through about half of it by now. Again, I think I did it a long time ago, but now I'm kind of reviewing it in light of some of the new stuff that's coming. Also just to whether or not there's more stuff that I need to ramp up on. Always be learning. Always be learning. So always be closing. Always be and it's cool. Anthony said that students love Azure static web apps. So it's easy way to deploy their ideas to Azure. Yeah, great. I think it's it's something that even though we're not developers, we can use developer tools and develop developer concepts to make our lives as it and operations easier. So and even Jared is saying that he's also looking at ways to have CMS deploy static web page. So if you have a process that can spit out HTML, you could definitely just put it right into that and make it available to everyone. So really cool. I want to see that really good, really good things. Yeah. Oh, it's already been half an hour. Wow. I just have too much fun with you, Pierre, especially when it starts off with making fun of Oren, you know, that's always a bonus. That is just a bonus. If it's not Oren, it's right. I love him. I love him just in case. Yeah. I'm not of the gender. I'm not allowed to use that. Oh, you can't. You can't. No, my kids would kill me too. I'm probably embarrassing him right now. If I yeah, I've been told by my daughter to like not try to do anything like that at all. All right, Amy. So thank you very much for joining us again this week. It's always fun. Yeah. And we will see you at home. Next week. Online or on our Discord server. So see you later. Be good. See you later. Happy Friday, 13th. Oh, yeah. You just jinxed it now. It's what you make of it. All right. Yeah.