 Good morning, everyone and welcome to another edition of high Z update on this Friday May the 6th Mr. Claus You look like you look like a jack-o-lan you know What's going on Well, I'm only one-third of my way through my coffee this morning It's an early start for us on the West Coast, but for this show it's worth having an early start because I love this show I love doing it, but on top of all that I swear I was on patch and switch because you're wearing my shirt What do you do man? That's that's later. That's at nine o'clock. It's Friday. It's Friday. It's a fortnight I gotta I gotta pay homage There you go. Well taught me everything I know about podcasting. There you go. Well, I hope you hope you find them Whoever that mysterious man is because I was trying to work all the strange Ghosts and goblins and junk out of my setup because I'm in my new office and the new house right now I'm not set up. I just rapidly got set up yesterday in time for the show for yet for today and I Like literally I'm using my backup camera here as opposed over here My lights are focused as if I'm using it over here. It's it's all discombobulated So I think today's show is gonna be a lot of fun You think this one not not patch and switch. I mean this one this one. Okay. Okay. Yeah, I think it is gonna be a lot of fun actually though the PG's or product groups, I guess we love our acronyms have gone really tight lipped FLA is my friend Then again TLA's and FLA's three letter FLA or letter acronyms Yeah, yeah, so so in case you don't know this is the ramp up to build season. So we're in the month of May The build environment is currently being built And they generally tend to hold off a lot of the news Until after build launches because then they use the announcements inside of build environment So I'm assuming that the pickings were pretty slim today The pickings were extremely slim this week in terms of how many Actual announcements and and I typically try to stay away from preview because I want to make sure that's the announcements or something You can actually use in production unless it's really really kind of like Really cool then I then I say okay. It's in preview but start looking at it so yeah fairly slim slim pickings but there are some people on tech communities that have released some put some articles this week that are very very interesting and Open the door for Fixing some actual issues. So I picked a couple of those. Okay. Well, I'm looking forward to it I know what I saw something that we're supposed to be talking about and did my reading and my research on them So looking forward to them as shall we get started and share some of these? Yes, absolutely Won't you go first? No, I would say I'm assuming you have shared desktops You're ready to go off and show the article because I know I didn't set that up. There we go. There we go So the first one from tech community is from the core identity and security blog area and community It's out there and specifically talking about password list RDP with Windows. Hello for business So I'm a huge fan of Windows. Hello for business the device I'm using supports it right here with this funky little camera And it's absolutely awesome to be able to go off and to use and can be part of your password list strategy Nice and easy to deploy out on your environment But this particular one is basically a very nice setup on a walkthrough of how to establish Using Windows. Hello for business using an RDP connection to get into different places It can be a bit complicated with regards to the setup involved for it with the official documentation Or they link off to what that all happens to be but the idea behind this is Um, this gives you the best way to do it with the RDP environment as well as with remote administrative console experience as well Pretty cool, man. So Betty's basically any time there's a pop-up that says Hey, put in your credentials. Right. You can use hello and I'm looking at my own environment here in this house because I've got a few machines under the desk there that I've Pillaged and duct taped together from missing the Misfit parts Where it's just my lab because I have to simulate on-prem When I do a lot of my stuff And I have to remote into it and I always I'd love to be able to just look at the camera because I got my brio that's right next to my actual camera For microsoft hello, right So why don't if I could just like rdp and then And I'm in that would be so wonderful Right, but like the you know, I'm scrolling through the document there I just want to call it obviously prerequisite prerequisites You got to worry about is you have to have a hybrid joined Windows 10 slash windows 11 machine that you're going to be using for this particular setup You have to go ahead and have pki involved with a modified certificate template And you also have to have GPO configured for dual enrollment And then finally also have both a standard level user and a high a high privilege user that has been synchronized with azure ad That you'll be using for this particular environment for that setup. And then again, we don't have time to go through everything in here, but paul does a really good Good job of basically breaking down each of the individual steps the power shell You got to run the configuration with certificates and sort of stuff good screenshots that happens to be in there And then an example of how that all works But you basically are able to go off as I'll as I'll quote from his conclusion using this method We have achieved passwordless multifactor authentication for rdp and remote administrative tools The mfa is something that we have in the device where the certificates are stored And the something that we know which is the pin used to unlock those keys So it meets the requirements for what password is like A couple of good comments in there people asking some questions about it too Go check out that article now. You already did the blog post for this, right? Where you I did them all off and links and stuff like that So go check out the blog post associated with this episode and take a look at that If it's something that you want to go off and set up Yeah, and if you're it's either on itopstalk.com, which takes you right to the blog or aka dot ms slash az update We'll take you to the latest episode right All right, who's up man? What's next? What's next? Uh What's next is that we can now automatically rotate keys in and generated in key vault Now, I would say this is probably The second most common issue that comes up amongst it pros and operations folks and even everybody that works in it The first one being it's always dns The second one Is being that there's been some kind of a key that expires Either a key that expires or a key that was leaked Yes, one or the other and you need to repeal it. So like if you're if you're using for example storage accounts Uh, and you've got the key The secondary key because I never give the for the primary key to anyone but the the primary the secondary key for example if you've Put it into a configuration of a script somewhere to connect and dump some data into it and that gets leaked um, now you have to manually Rotate it Well, if it was in key vault your script would have to go and get it every time it runs And if it rotates on its own What happens if it gets leaked it'll get rotated. So Uh, this is now generally available. Uh, it was in preview for a while So you have to set up a policy for uh, how the automated key rotation actually works The information is all in docs, uh Fond configure auto rotation key. It also comes with a policy for expiry, which I have not mentioned in the article But now you can expire a keys. Um, that are linked to your environment Plus if you have for example like uh, encryption or and stuff like that You have to pay particular attention to when you rotate your keys so that you don't end up locking files that are already encrypted with the old key Got it Not bad at all My my puppy just walked past. She was not impressed with the auto key rotation feature Uh, so she's decided to leave the studio and she's now Going back to her bed in the hallway. Well, it's also early. So she's we're probably kind of she's like, why is this guy talking? Why the lights on in this office? That's right. You got it. Uh, yeah, so we've got actually, uh comments from facebook We're now uh streaming on facebook as well the books of face the metaverse the metaverse Speaking of which maybe we should uh Do a test and run the next az update in in a metaverse somehow We I got my I got my new uh VR headset right on man. We can try something like that at some time All right, so uh next article that we have is this next one is so easy. I can do this You can do that one. I can do this one. All right, I'll let you do that one. However, it is in public preview Yes, but it's so cool. You said we don't do public preview But sometimes when there's not enough to talk about we do it in public preview because we need to have articles, right? Yeah, but this one, uh considering I was at the p uh Power shelf summit last week. Okay. Okay. Okay. You take it. You take it. You were just no no No, no, go ahead. Go ahead. I insist. I insist. Okay. You were just at the summit You were talking with a bunch of folks Talking about the bunch of folks we uh, we had a discussion with the even the product group on um Maybe some of the issues that we have with power shell code fragmentation And when I mean code fragmentation, I mean you have uh, because mostly Everybody on this list. So I'm talking about uh, paul and andrew and our facebook user Which for some reason in our interface just comes up as facebook user Uh and jared and everybody else and anthony We all have these like usb keys with a whole bunch of scripts. Do people really still have those? Well, I've migrated to a github repo, but I'm sure some people say it's it's an analogy. Okay. Okay. I'll I'll let you know with it. I'll let you run with it but we all have like our repos of key of uh scripts and some are written for uh windows power shell 5.1 some are written for Power shell six and some seven and now seven point two And if you're running it locally you're running it with this version if you're running it in azure You're using azure power shell if you're running it in a function it's like we're getting to the point where there's they're starting to get fragmentation in the the the Versions of power shell that we use in those scripts and some Will behave differently. So you have to be really careful as to where you want to run your stuff in which version you run in it and actually Jared says he does Anthony says I still use a 3.5 floppy. Actually, I use a zip drive I'm a five and a quarter man five and a quarter with the plastic notch you cut yourself the whole that's right Yeah, we've been around I got key cards somewhere Anyway back to the article back to the article. So now, um The power shell functions team is working really really hard to keep up with the releases of power Shell because power shell now be an open source the releases are coming more frequently uh and So the the the functions team is working to keep up with that pace So that we can avoid at least having that fragmentation where If you are using power shell core or power shell Seven because we don't call it core anymore. Um We can always try to be at the very at the latest stable Release which is currently 7.2 So that's that's really cool. Especially since I'm got a whole bunch of uh demos for a couple presentations that I'm building on using um Azure function and power shell. So that makes my life easier. Yep Not bad Not bad at all my friend We have the passwords next We are talking about password again now I will freely admit I am a huge fan of password managers Uh, I've been getting password managers up and running with my family for the most part Almost everybody's using them. My my wife still prefers to have A limited number of passwords. She has not fully embraced the ecosystem But at least if I'm setting the passwords for the different accounts inside our password manager that we use Um, she knows how to be able to pull it up and do it And be able to get that strong password um, and I would I would add to that that Having gone through a death in the family in the last year When we tried to as executors tried to get over some of the accounts that they were using because they were The person that passed was the person that paid the bills for like embridge for gas Electricity and stuff like that With password manager in some cases you can have shared vaults, right? And have those passwords. So we've set that up at home as well. But yeah, so that's What what we're talking about in this particular space is an is an additional functionality added to Microsoft authenticator again, also As corporate users at microsoft we have authenticator on a crap ton of stuff as a way that we implement multi-factor authentication And be able to go off and have you know proof that you're logging into different resources online Is it like that so i'm very very familiar with microsoft authenticator even through party websites They need to have like tokens generated and stuff like that. I'll use microsoft authenticator as well And it's all it's been extending its functionality more and more but This particular one we've got an mvp that's off and written up an article about how to use Microsoft authenticator to generate strong random passwords For you and they go through Actually, no, sorry. It's not mvp. It's a product manager on the authenticator team It's kind of strange if they would have someone introduce a product manager. Hello, let me get you over to To rajat, uh, who's going to talk about this but either way, um, you can use time-based passwords You can use push authentication all that sort of stuff that's all part of the authenticator But they basically added the funx now you've now having a random password generated so on your mobile device pull up the website you're working with um, and go ahead and Fill out the details when you have to go off and build an individual Password through a user ID or password prompt And then they walk you through how to go and do a auto fill or synchronization Of those passwords from your microsoft account. So obviously, um, it only works with microsoft accounts Which is the consumer versions of the accounts. It does not work with enterprise level or your work accounts if you will And allows you to go off and store those random generated passwords It recognizes the website is being asked for just like another password manager would And allows you to auto fill those and obviously you have to select and have auto fill enabled for Your particular device in question be it ios or android to be able to go off and make it work It's great. It's there. It's free And it is individual for a single user It's not shareable amongst the family that you and I were talking about before that's more functionality for an advanced capability um I'm not going to bother plugging one or the other but just you just start using password managers, please This is a great step if you don't have one if you are looking for one with more functionality There's a bunch out there in the market that's transcend different things and as you mentioned It's definitely worthwhile getting everybody involved and using them early like the best part is My son as an example, he swears by his password generator Like he does he doesn't know what any of his passwords are anymore. He doesn't care He just new website goes in makes a new user id random password gets generated That's super strong and long and then gets stored in his uh in his environment. So it's good It's good to get the statement. I have the same issue I can't I if you asked me to log in to our corp my corp account right now with my password I wouldn't know what it is. Yeah It's like 24 characters like really complicated Uh, I generated once I logged in once. I turned on power power less powerless Passwordless I was not powerless. I was passwordless. Oh And and I did something I normally don't do I read the comments And someone actually asked I think Neil Palooza asked any plans for shared passwords for a small business or family situation And rajat doing the good thing that p.m. Should be doing is following up those comments And he says the team is working on shared passwords for family scenarios. Look at that Not bad my friend pretty cool bad and there's a there's an extension for chrome I couldn't find one in the edge native Store But you can use the chrome extension on edge Because it's true chrome. Yeah, it's chromium as the engine so you can do that So you could have it on your machine synced up to your phone Using your microsoft account to store all your passwords nice Pretty cool. How many are we gonna save in the year by not having to uh Buy a third party product. Well, I don't know the uh The big thing for me is gonna be that It's eventually this is one step closer towards our original story at the very beginning going password less And so that's ultimately where I want to get I want to get to the point where it's like look It's something I've got something I know and it's not a password and it's just Follows me around wherever that happens to be Oh jaren says that it's built into edge nice cool I'm gonna have to look into that. Oh, yeah profiles. So, um Um What else is coming up in the community because we're done our news articles because they're pretty light this week The next section is talking about community type events and what's going on. Hmm. I bet you you have something About microsoft build, right? Uh, I don't but I should well pull up the registration page because I'll talk about microsoft build as you get there Um, some goodness from the build side of things. First of all, congratulations. I know you made the preview reel With your outtakes of doing welcome to microsoft build get ready for it for that little video that's right there So that's kind of cool. Go to my build at microsoft.com Uh, and I'm not letting the cat out of the bag. I don't think but let's just say that Um, next week some very important information that everyone likes to look at will be available online I can't say what it is, but generally it helps you plan out your couple of days of build Is all I'm going to say that sort of stuff comes up next week In order for you to participate you are going to want to go off and register at my build at microsoft.com We're doing a whole bunch of new stuff this year I can also share that we have been working hard to try to get more technical content into microsoft build in a variety of ways and As with anything we iterate and try to make better take feedback iterate and try to make better So give bill a shot see where it's at. I know it's still primarily for the developer audience But there is stuff in there for infrastructure and operations folks as well Uh, personally, I love watching the announcements coming out of the satya level the first day keynotes That's where I get a lot of stuff as far as value is concerned for things But there's a large amount of things going on There's some learn live sessions that are going to be in there, which are kind of cool I know our team is signed up to be able to do one of those at least if not two of those And there's always a whole bunch of opportunities for the connection zone to go off and to have ask the experts with different product teams and stuff like that So, um, there's definitely a lot of stuff that's going on the question I always get asked is when are we going to be in person again? And the answer I always give I have no clue I had my first in person last week. Oh, yeah, that's right. It was the power shell summit, right? Power shell summit it was so wonderful and I'm not going to be as heavily involved in build this year because I am um Not preoccupied but pre-engaged somewhere else If we have any french-canadian speaking Right now that are listening to us May 24th to 26th, I will be in kebec city La Villereine dans notre belle province de kebec Cette site de web c'était construit dans les mille les mille neuf cent Seuf cent quinze quelque chose comme ça No, it's it's their it's their their schtick is there the they wanted what they wanted to look vintage this year But it's a web at kebec or web in kebec It's an All it's missing is that is the under construction with the guy going like this with the pickaxe I really like the little hamburger here for for the menu. Ah the hamburger menu. Oh nice Because typically we have the three lines and we call that the hamburger. So you're presenting in kebec. That's cool, man I'm gonna be presenting in kebec. I guess they they were looking for a french-canadian presenter for represent microsoft and nice all the other ones were involved with world so They uh, they went to the bottom of the barrel and got me Nice Nice. Yeah builds 24 26 um and the kebec web at kebec 22 it's taking place as well Um, are they going to be recorded? Are they going to be streamed online? Uh unknown at this point We're still uh kind of i'm still discussing with the organizers exactly How this thing is going to go but uh apparently they're looking at like They're looking at uh 800 people In person So and there might be some of some of the breakouts. I believe are hybrid. Oh, yeah, uh, but it's more on the react view type script javascript part of the equation Which is really weird to see me there. Yeah, no, I I believe that the coming year is going to be very much a test With a variety of different types of uh engagement being hybrid and or in person and that sort of stuff We can never go back to the In-person only kind of stuff because everyone's looking for the on online type of access to things in some way shape or form Uh and likewise as well the in person stuff. We try to accommodate that sort of thing So I think 2022 slash 2023 is going to start to open up a bunch of different possibilities as we Start to wrangle with how to handle in person stuff like I had an in person meeting last week That was like a three-day workshop in leadership team meeting with a bunch of people We literally spent the first like hour of the meeting figuring out how to present in the same room with people like How do you ask questions? How do you make sure you're including the people that are online and remote? Do you run your camera locally? You turn off your camera? You like it literally took us a first hour just kind of worked out the semantics What we're supposed to do so you mean at the board room table You can't hit that a little button to raise your virtual hand Well, so what we came up with what we came up with was the conference room camera Was the main camera that we used so that we could see everything Each of us had to join teams because there's teams obviously And then we muted our speaker or muted our microphones But we turned cameras on so you would at least see the persons in the people in the room And yes, you could use your raise hand stuff And then we designated a different person every chunk of time To be the chat moderator to make sure that people were respecting the hands up And we're respecting the chat on the side to be able to pull stuff up But it was we we managed to work it out worked out well They're very inclusive that I like trying to be like this is the it's like why do you need to go in person this stuff? We we spent the first half hour at the summit Just trying to figure out how we shake hands in the world Was it awkward the awkward? It was the big elbow, the bump, the hand Did you do a foot tap? I haven't done the foot tap Yeah, I I I actually just try to break the ice when I'm meeting people in person for the first time in a long time I'm like, okay. I like are you a hugger a handshaker or a bumper? Ah, that's good. They they choose it's on them. That's how I work And we have one more community event coming out very very very shortly. Okay. What's that? Oh That's that's a hilarious graphic that does not render well Yes, the patch and switch show is back after a couple of fort nights actually because of scheduling other things going on Um, we managed to get both joey and myself and jared Uh all coordinated in our internal chat to be able to say we're going to do a show So we're going to have a show coming up in about an hour and a half or so I might nap in between the shows so don't tell anyone Uh, so we'll see what's going on So join us on a on twitch.tv slash patch and switch coming up, but we still have The learn module of the week and i'm going to put you on the spot because I didn't see which one it was Do you have one? I do Okay, okay, and I actually pump the learn modules because this is also not just about news It's about learning something new that you can take with you on your Journey of learning with microsoft learn. Which one did you pull up? Accuracy I actually went a little bit of a different route this week because I didn't pick a learn module I picked the whole learning path which has a bunch of modules on how microsoft is using Multifactor authentication as part of cyber security Nice, so this is a two hour and 17 minute if you read every single word and did every single piece of the lab Uh, it looks like it's uh, what summary and other ones one two three four five six Like the first one is a securing active directory with mfa. Right second one is understanding mfa identity management on microsoft 365 and the third one is to implement and manage that hybrid identity So so we have the ability as microsoft even other people can make them as well If you have a learn profile You can make your own learning paths to be able to save them and share them with friends and families stuff like that I just want to pull this one out I mean this one here is quite cool because it's obviously tied to a multifactor story We talked about at the very very beginning But an example of pulling them together from interesting resources across the board are good other bald friend In the team or in thomas Created a desktop support Learning path that doesn't exist. He literally made one as a collection And pulled in modules just as if you were doing an exam for Managing and working with windows 10 and windows 11 in an enterprise environment Um, I don't know if you can pull that one up easy enough pull up on twitter his tweets and I will continue to uh Let's continue the ramble. I don't find it Just to kind of just to kind of see that it exists if you just look for or in thomas nothing fancy You you weed out and look in between the different posts about his sci-fi Models and pictures that he shares But it was created a little while ago and it actually was a blog post also on Itops doc.com if that's easier for you to find Is that the one on oh, yeah, that's the one. Yes came out the earlier in the week But on itops training for windows client desktop support Just pull up that url people can see it online on the screen share as we sign out the show Free training for windows client desktop installation support and troubleshooting So he literally went through The different content on microsoft learn to create this equivalent learning path Thank you very much for copying that url and we'll be putting that inside the blog post You can take a look at it later as an optional one Because people need to go off and remember how to use and work and manage desktops And no one's no l2 We do we still do that? Yeah, it's pretty cool Let's wrap it up my friend. We're at time We are at time and I know that you have to go and have another coffee and so do I have a nap And then have a nap have a nap. I'm gonna go for a coffee and try to find some contacts in the house Thank you very much. Mr. Claus for joining me this morning Pleasure as always and well be sure to watch you in an hour and a half And for all of you at home watching this, uh Can you see that? The breweries are calling Yes, well, maybe it's a little early for us. Yeah later later. Maybe anyway for all of you at home Thank you very much for joining us. We'll see you next week. Cheers. Cheers