 Hello and welcome back to another episode of a zed update. I'm Anthony Bartolo join as always by producer Pierre Roman Pierre How's it going? I'm good. How you doing? Good. Good. It's been a while. It's been a month Since we've done the live show We've had some the smaller segments happen. I'm good. How you doing? Good. We got a bit of an echo going I muted it We've had some couple of smaller episodes going on during the week. What have you what have you been up to for the month of July? Ah Took a little bit of time off. I had some family vacation or visits and that's about it It was it was pretty it was it was nice to slow down for a bit How about you? Oh, yeah, and that's the thing, right? It's the important piece is to take care of yourself You know everybody's been working hard, especially throughout everything that's going on working from home But you do still need to take a break. You still need to take time for yourself did a little bit of camping out southwest area and You know just enjoyed the outdoors, which is really good to get outdoors but to do to do it safely, of course Lot of news still going on we were reporting throughout the month of July and we've been sharing that out But there's more news that we're gonna report on today So without further ado Pierre, did you want to get started? Sure. What are we talking about? I Great to have you back Pierre No, just kidding. So SMB Configure SMB signing for with confidence. So Ned put out this article that refers to how SMB signing works and how well first of all, it's not a new thing. It's been around since windows 2000 Windows NT4 windows 98 as he says in this is in his blog post it's actually old enough to drink but It's it's a really it's a fairly complicated process to actually Configure it and manage it. So he put this article up to Kind of level set how you manage it how you configure it and And it's it's so important because SMB signing means that every message that you send contends a Signature generated from your session key and AES Encryption which means that at any point if any anything touches That message and or changes the data in any way the header won't match the signature and then the SMB protocol will know that that has been Attacked with like a man in the middle attack type of deal And considering that a lot of crypto where or crypto malware is using SMB to Propagate itself. That's very very Important so yeah, so you put this article in that has all of the Details on how you configure it with registry keys to set and so on And policies to set in order to protect yourself better Oh This is great, you know, and that's the thing a lot of people question the whole aspect of SMB in its implementation I love the the you know run through of the man a little man of the middle attack and how it's eliminated In the use of SMB and for the encryption piece Because really when you think about it If you're still using SMB one or like the the the original SMB like you really you're asking for trouble So turn that stuff off I was gonna I almost slipped turn that stuff off and make sure that you secure your environment kids It's hard to we cool to recover from from those from those those attacks Understanding how your tax occur is always important. I love the fact that it's detailed in terms of the use of SMB Yeah, just stop those types of attacks and that's what net is put forth There's actually a full-on run through in his article. So do check that out There's also a tying video That we filmed with that actually Sonya and orange film with Ned in terms of proper SMB implementation and considerations and that's available on itopstock.com on the latest AZ update article Is it actual video run through of the implementation of SMB and then just questions being asked in that as well It's really good. Yep Shall we continue on with the news? Absolutely So next up have you dabbled in the use of secret management? I Have Tell me a little bit about it. What what what have you done in secret management? Well, I did use For my environment, I got my own demo environment I've got a whole bunch of servers that are typically Shut down unless I need them. So I've got this whole kind of hybrid environment. I I Regularly tried to change the password off of them, but I don't want to have to remember to go to each machine so I do have a PowerShell script that so I put the the password in in Key Vault right and then I use PowerShell with secret management to read it from Key Vault stick it into a local repository or a secured repository local And then go and update all of those machines with that password using PowerShell PowerShell remote Now secret management in PowerShell It does a lot more now because it has more providers. So one of the big things is that this time around It has for example Provider for last pass. So if you've got a last pass Suscription and you've got all your passwords into into that then you don't have to start hard coding passwords into your scripts and of course it doesn't mean that your script will run unattended because You need the you need you actually need to bootstrap it so you have to put in the first password to unlock the last pass Repository and then it can read all the passwords in it. So it doesn't mean that it makes it completely unattended, but it does simplify a lot of things So the news that we're talking about here in terms of the use of secret management is it's gone GA So version 1.1 has finally gone GA Includes a plethora of updates including the Constraint language mode made available Inside of inside of secret management I love the fact that there are there there is the extensions made available for solutions like last pass to use inside of secret management For that availability of if you're already even invested in this password keeper you can still harness the ability of secret management to extract the the passwords from tools like last pass and there are other tools as well So do check the documentation made available on it ops talk that will showcase, you know If you've invested in this if you're using this current package or password manager Sorry, you can have the available using secret management to use those passwords as required. Yep No, it's really cool anything that simplifies the the security of your scripts and your PowerShell modules where you don't have to hard code anything or or have Easy guessable passwords is is a plus that we absolutely have to keep Hammering on everybody who is writing it Don't do it Like not not don't use the secret password module. I mean don't hard code passwords, right? People are still doing that though. That's the scary thing, right? So there's there's a lot of stations that are hard coding passwords. Oh Yeah Or not passwords. They're hard coding passwords. There are coding connection strings. They're hard coding a Bunch of stuff which is has been a no-no for years But it's the path of least resistance, right? Back in 1981 Canada's Wonderland opened its doors and is the largest amusement park that we have here in Canada I was so excited to finally get on the only one. Oh, no, there's a lot of them There's there's a couple. There's a couple Actually, there's one in Calgary too. I just learned that that's it's about the size of the wrong What was last time you were at Wonderland? I remember and even remember In 1981 Wonderland had a handful of rides when it opened one of them was the king right a royal Canadian Royal Canadian my buster mind buster the Canadian but the mighty Canadian my mind buster and Exactly have you you've been on that ride though, right? Can you my buster? No, so in you know back in the early 80s late 90s or mid 90s great ride smooth ride and Then it got rougher and rougher and over. It's a wooden roller coaster. It's no the roller coaster They're talking about the retirement of the possible of the roller coaster due because it's become so rough and the reason I bring this up is because the next item on the news is the end of support for Windows Server 2012 and 2012 are two if If you know roller coasters being as old as they are You know come to a point of retirement because of safety the same take type of consideration should be put in the place when you're looking at your Back-end Infrastructure in terms of what you're trying to move forward with your organization. So period take it away. Well Like this is not new news like I if you can tell on the date in the the post right now It's like it was put there on July 14th When you really think about it when we retired 2008 and 2003 was the exact same story We started think talking about it like two three years in advance and Then sick like a year to six months before we retired it then all of a sudden enterprises and IT pros Out in the wild started saying oh my god. Why didn't you tell me? So I I wanted to make sure that we start talking about this now because it'll end in 2023 So like two years only two years And it is in line with the Microsoft support lifecycle policy and the lifecycle policy came about Actually a in the 90s late 90s Time in the mind buster was still a good ride yeah, but it was at well at that point Like let's say SMS was had its own lifecycle policy and server at his own life cycle and the bisdoc server like exchange Like all of our products were at their support policies were dictated by the product group and it became very very confusing for enterprise administrators and in IT pros and operations folks out there that are looking at that going I Have no idea when this piece of software is gonna end and and and it might end suddenly it might end never You nobody ever knew so at the time they made this policy where every commercial or enterprise grade software so it doesn't apply to Like age of empire or alo right, but it doesn't anything. That's like enterprise grade take that with like the the air quotes Would follow this policy five years of mainstream support means which means bug fixes Which means feature fixes or feature updates, which means security updates Which means like the the whole gamut where we can fully supported bumper to bumper If you know if this was a car that would be a full warranty bumper to bumper including consumables But after five years, then you go into security updates only and it's right up to ten years so it is Predictable so you know that all of your products when you deploy them You have got at least ten years worth of usage Secure usage out of them now after ten years the only way to keep support for those would be to one by a Custom support agreement, which are extreme extremely Expensive and not everybody gets approved for it because you have to show that you have a plan to get off of the platform Right, right and the other is if you migrate it to Azure then you get an extend I think is another two years of security support Which basically is just a way to say okay Well, we're giving you a two extra years for you to work on how to get off of that that that platform which is no longer supported and 2012 my god, it's going to be almost any like it's 2022 in a few months, right, right? It's time Well, there's still some organizations that are running 2003 and 2008 Right in the chat room if you look at the chat room. We have Andrew McCollum was saying yeah There's organizations that are still running 2008. There was a good question that came in from Paul Jensen. Didn't I read that going forward? It's only going to be LTSC LTSC long-term Yeah, long-term service contracts, I believe I Don't know they they seem to change their mind Fairly fairly regularly in terms of what the programs are so like that that program where if you run it in in Azure Was there for I think it was sequel the last sequel that went out of of support in the last server which 2008 I Don't know how much uptake that it's been And You really have when you get to those types of programs you really have longtime services branch channels Yeah, it's a branch. It's channel. Yeah And thank you. I don't know it might be it might be going forward. It might be going forward from 2016 or from 2019 But 2012 2012 and 2012 R2 Really didn't have those those channels, maybe so I have to answer Andrew I'm not sure I'm going to have to look it up and to that effect. I'm gonna take my pencil and I'm gonna write it down And you're answering Paul that was Paul's question. So we'll look into that Jared Jared aka audio guy Steve he's mentioned of the fact that it's long term the audio guy Yes, Steve the audio guy. It's been a while. I think you know, I have to get back in the groove of calling him Paul also makes mention that no more Samuel semi-annual channels only long-term service And Jared also liked my my mindbuster reference saying that it was a great stretch to put that into the new segment Next up in the news Windows single sign-on For use on Azure Active Directory, this is an interesting one this question comes up a lot What is the difference between Active Directory and Azure Active Directory? Do they talk to each other? Why do I have to have my users sign on to two different? Authentication methodologies to gain access to the information that matters to my organization most, you know It's it's something that comes up a lot in a lot of conversations that we have and so Sony actually went out into the full research in terms of What does this actually mean? Why is there a difference between the two platforms? How can you invoke? Single sign-on so that your end users sign on once authenticate once and then gain access to the pothra of Content and data and information that lets them move forward in regards to the day-to-day activities I love this because it's going through it talks about the inclusion of Azure AD connect Which for those of you are not aware it's that solution that allows for the synchronization of your on-premises Active Directory objects into Azure Active Directory then you still have to invoke the single sign-on Enablement functionality There's the whole availability of the the capability to then extend services Authenticating through the cloud to on-premises to gain access to information And Sony does a phenomenal job of going through this in regards to even Flushing out the actual sequence for the authentication how that actually occurs between Azure AD and Active Directory as well Also going through the primary refresh token Enablement and what that actually is and how that's actually being enabled So it's more than just a step-by-step force It actually goes through and talks about the technology and how this actually comes into play for the adoption of single sign-on Authentication through Azure Active Directory to Active Directory for the gain access to those services Yeah, and it's also a An evolution of this the sessions that they recorded with Steve Sifus at our IT obstacles all things hybrid Event which is available here on YouTube. So Subscribe and hit the bell Wow Yeah, the video is actually at the end I believe of the article. Yeah, there it is there it is And active Azure Active Directory and act then Microsoft Active Directory services or Windows Active Directory services The only thing they really share is two words in the name because there are completely different beasts So Steve makes a great Explanation of that and how they they each work fellow Canadians Stephen Sifus Yes, he does a phenomenal job of going through that. So definitely check out that video Jared actually makes mention that he's been having issues with a machine as a Azure AD joined running scheduled tasks I've heard that I've heard that it you know in some instances if you're running scheduled tasks You may run into challenges. You have to make sure that the the connect Azure AD connects Sequencer Happens to be you know, you might have to increase the refresh rate to ensure that the authentication still allowed For those tasks. However, I was told that if you use power automate and its authentication method actually will allow for In the case of need for an increase sink for Azure AD connect for automation of tasks Something to check out. I've not tested it, but I've been told that that is the case Yeah, I haven't looked at it either but Pencil paper, I'm gonna take a note Got a lot of notes today on today's show It's content fodder for the for the for our blog and for their other videos So this I this is where I get my ideas is from the audience. That's like, hey, I'm having this problem So let me look into it So what's awesome is that, you know, we have those participating in the chat room. So today we have Andrew We have Jared we have Sorry Paul Jensen So, you know, definitely when you're talking on the show or when when we're watching the show Having that collaboration and participation on the chat room is always invited It allows us to you know, answer your questions as they come in and have chats And I love when they have chats inside of the chat room as well, which is really good speaking of ideas and capturing ideas Patches which is on today as well later on today. I believe it's at noon eastern standard time Which is another great show you and Jared or audio guy Steve Also, the audio guy Steve the audio guy. We're gonna get you to remember that at one point I'm having one of those days Also run testing in production. What is the differences between the shows? What is the differences between patches switch and testing in production because you alternate dates, right? Yeah, so They they're every fourth night and so we're the other fourth night. So they go on we go on they go on we go on Testing in production became started out where Jared and I were discussing some of the issues they were having with with sound with streaming with me Producing this show producing other shows producing recording for our Our channel So we started kind of like meeting ad hoc and discussing like how can we try stuff and then we like maybe people would be interested in Figuring out like how do you come up with content? How do you record? How do you broadcast what type of equipment are needed? Like just everything and anything that has to do with Building content whether it's for streamers whether it's for you have to record a session for your Your own company like a training session or a message that all of your employees are gonna see So we started that and we just said oh, well, let's give it a try so we had one episode and then another and It's going well. We've got a pretty decent viewership and the the folks on the on the chat are very Very engaged so they're giving us a lot of Ideas for content to look at I'm trying to like a scoop here and Steve with Steven I have the Steve the Auto guy and I have talked about this before I'm trying to get a big name to come and talk to us about the differences with Short bike content such as tick-tock and YouTube shorts versus longer term or longer type Content, which is the type of stuff like a half hour 45 minutes Technical sessions, so I'm I've tried to reach out to him I'm in process of trying to get some time on this calendar of a big name Or we're trying to get things. Hey, that's exciting. Yeah, so I like I like I like John John I like Jared's mention of the differentiator saying that a testing production has a plan Yes, because we actually have a production meeting three days before the the actual show where like this is what we're gonna talk about This is this is what your end is gonna be this is what my end It gives us time to because of a lot of times it's show-and-tell like let me show you a live in production I'm gonna try this Right, you have to have some kind of setup You have to be prepared so we we make a plan Paul also reminded me that Memory is always the first thing to go. Don't I know it? I thought it was the second thing to go. I Don't want to know what the first is. I can't remember. Oh, sorry. I can't remember Let's go to our Microsoft learn module of the week and tying into the news that we had in terms of SMB Implementation we have the Windows server file servers and storage management learning path So what I love about this this is based on technologies for 2012 and 2016 This will be, you know earmarked to be updated for 2019 2020 to but it's a great way to start off your Your journey in terms of storage implementation practices from Windows server itself Again, what I always love about Microsoft learn is the ability to do things in a sandbox so you're actually doing hands-on labs on Azure in a in a Windows server VM to go through and test out the functionality utilization of the duplication SMB integration implement the ice because he you know all the great Solutions made available for storage on Windows server all available on Microsoft learn. Yep I love Microsoft learn because there are different types of learners There's my wife's a teacher. Can you tell she's been like teacher driven that into my head And and it's it's good because it helps me in my in our job Where they are some visual learner. There are some Tactile learner, so you basically some learn by reading some learn by doing some learn by watching and This kind of like learn kind of gives you a bit of of all all three so that like there's a description of what it is and then there's an Exercise that you get to touch and play and then sometimes there's some little videos that are included in it in terms of the Concepts overlooking at the concept. So it's really a well-rounded way of learning the technologies I'm very much a hands-on learner. So I what I appreciate about Microsoft learn is those sandboxes I can go through and replicate the steps that are provided It's something where I learned through muscle memory and understanding of you know the technology and going through and actually completing the tasks It's like what we used to do back in the day when we used to do those hands-on labs across Cross country and now it's in a virtualized plane So you can spin it up at any time and learn at your leisure, which is really cool Wow, where did the time go shows almost done? Yeah, pretty superior if people want to get a hold of you What's the best way to get a hold of you? I have been and always shall be at Lyra. Can I As mentioned throughout as mentioned throughout the show All articles for a set update can be accessed on itopstock.com There's also a quick URL that can get you there It's aka ms forward slash ace at update and if you want to get a hold of me for some reason you can do so Wireless life on Twitter. I almost forgot my own Twitter tag Wow, the memories really going yep. All right, that's the end of the show. Thank you everybody for joining us We will see you all again next week. Have a great weekend See you later up here. See you later