 Hello, everyone, and welcome to another episode of Wired for Hybrid. Michael and I are having quite a lot of fun at looking at all of the new stuff that's coming up with Azure Networking, and this month we're going to cover a bunch of stuff like pay-as-you-go changes and new capabilities and WAF and a lot more. So stay with us and we'll get right into it. Hey, Michael, how are you doing? Awesome, Pierre. How are you, my friend? I'm doing great. The holidays are finished though, and I had to shovel myself out of a full inbox, but now we're hitting the ground running and getting to create some content for our audience again. Absolutely. I'm stoked for half-two or H-two or semester two. For those of you that don't know, you're like, hey, Mike, isn't it the first quarter? Well, not at Microsoft. It is Q3 at Microsoft. Q3. So fiscal year goes through the end of June. So really excited about what's coming up this over the next three to six months and we've got some, as you said, Pierre, we've got some great stuff coming up. So one of those things that's coming up or actually is here, came generally available last November, is for when you're using Azure Front Door, Azure Front Door Classic, and Azure CDN is newly created instances are going to block domain fronting behavior. Do you know what domain fronting behavior is, Pierre? No, I'm not quite familiar with that term. So I want you to walk me through it very quickly. Absolutely. I had to dig into it a bit to find out what it all involved. But basically, it's a technique where you use different domain names in the server name indication field with your TLS header, and then the host field in the HTTP host header. So basically what it allows you to is obfuscate the domain you're actually coming from and look like you're coming going in as a domain that's accepted by a certain network. So now with all of these, when you create any of those, this is going to be turned on by default. If you have like say existing instances, you can put in Azure support and that'll take care of it. So I think this will, from a security side, this is really going to prevent a lot of those bad actors that are saying they're coming from one place but actually aren't. One thing that this does bring up and we are fully aware of this, we've got a link to a document of how we approach domain fronting, is that while most domain fronting is done by bad actors, domain fronting is used by a lot of people that use like Telegram and WhatsApp that are in certain countries that lock down and censor them. Yeah. And so it's one of those things, it's like, okay, how do we manage that? And as a company, many of the other cloud companies are doing this as well is that just for the protection, because most of the bad acting is coming through there. We are blocking that. That doesn't mean that we're going out and actively preventing people from using Telegram or any of that sort of stuff. It's simply to do that protection of our workloads. So that's definitely important there. I definitely read that statement again because I think we've got a good stand on that. And for anybody who is listening, if you want more details, make sure to go to itopstock.com. There's a blog article there with all of the links and all of the detail, a lot more detail than what we can cover in our 10, 15 minutes here. Absolutely. Yes, speaking of covering things here, WAF or the web application firewall that is used both with the application gateway and with the front door, Azure front door, has had a bunch of enhancements and new capabilities released over the last month. So much so that we are planning our first deep dive into web application firewall, probably going to publish a beginning of March. So make sure to subscribe and ring the bell at the bottom of this here on YouTube. That way you'll get notified when we publish our deep dive into web application firewall. But for now, we've got a lot more new functionality in terms of there's new detection queries for SQL injections and cross-site scripting, which simplifies the process for you to get automated detection and responses when SQL injection and cross-site scripting is detected. Azure policies for WAF logging. If you're in an environment where you've got a lot of workloads and you've got a Windows application firewall on a lot of different application gateway and front door, instances, with Azure policy now, you can set a policy that dictates what gets logged, and that applies to all of your instances of WAF across your OLL and organization. So you don't have to go and configure number one to log all of the data that you want, and number two, and log all the data that you want, and number three, and so on and so forth. All you have to do is set the policy, apply the policy, and all of your instances of WAF will actually inherit that policy and makes it a lot easier in terms of getting the logs and metrics that your organization needs. Next one, bot manager rule set exceptions. So now the bot manager rule set 1.0 that is built into WAF to protect your web application from malicious bots that we already know with the IP reputation rule sets has now got exclusion rules because sometimes when you end up with exclusion rules, we end up with the rule would exclude certain parameters or certain situation that you may want to allow in your own environment. So now we're allowing for execution or not execution, exclusion for certain parameters. On top of the bot manager rule set exclusions and we now have an increased exclusion limit for the CRS 3.2 or the core rule set that supports all of the rules that are in WAF or the web application firewall and that limit is now up to 200. So it's a five time increases as to what we could exclude before from the rule set. So that's both on the regional application gateway with WAF and the global front door with WAF. And the last one for WAF this month is the uppercase transform on custom rules. When you have a form in your application and you have people that are entering data, sometimes in order to assess the data that's in that form you wanna normalize it. So now there's a way to normalize anything that's like uppercase to bring it back down to all lowercase and so on in order to apply those rules and really handle case sensitivity in your application. And I think that's about it for WAF this month. That's a ton of stuff. So there's some really cool stuff in WAF and WAF continues on this. I was talking with some colleagues and they're like, hey, are you gonna be talking about network security and stuff on your show? And I'm like, definitely because almost everything we're talking about is related to network security. And a couple of things that I was really excited about that jumped out to me with WAF was with the new bot manager rules set, it has some default actions of being able to determine whether they're a good actor, whether they're a bad actor, whether they're unknown and you can customize those. And then the other thing, as I was digging more into web application firewall and the updates we have is seeing how much analytics is built into WAF. You know, by default having the Azure policies turned on because we all know in security is that when you find out you've had a breach, you're not just going to the logs last night. You're going back weeks, maybe months to see when the initial was to see all of those sorts of things. So all of this integration with whether you're using Azure monitor or whatever it is, the analytics is, you know, super fantastic. The other thing that I wanted to just call out that I thought was super cool is with the change for the SQL injection and the cross site scripting templates that we have with both WAF on app gateway and Azure front door, they integrate with Sentinel. So that's how you get that automated response detection and response. So, you know, I think we're going to be talking a lot more as the weeks and months come about how did these integrate with those tools that are integrated in Azure from a security standpoint, like Sentinel and, you know, Azure monitor and all of that tool. So just lots and lots of cool stuff. And like Pierre said, make sure to check the show notes we've got plenty of docs out at learn that you can go through, you can do hands-on, you can do your own due diligence to see whether or not these are great bits for your environment. Yeah, absolutely. And I think we have one more point this month as to something that's new. And that one's yours again. Absolutely. And this is probably the best one all. Hey, now when you create a pay-as-you-go account you have 12 months, not two months, 12 months to kick the tires on over 55 different services in Azure. So this is kind of like a continuation like the free account. And so it's going to offer a number of different things. So along with getting the things that you get for free, we'll do the air quotes here free across compute storage network and databases. There's going to be other areas where you're going to get free access to resources over 12 months. Big thing to always keep in mind with this, whenever I talk to people and they're a free account, sometimes I feel like people are trying to take a free account and run their production environments on it. That's not the point of a trial. And I'm not just saying for Microsoft that's for any trial you really have. Yes. You know, like if I do a trial at Camtasia there's a watermark on it. If I do a trial for a lot of software it limits the functionality. So going in, this is a great opportunity especially in those hybrid environments for you to take a look at your environment and be able to kick the tires and do some testing to see how workloads might work for you. So this gives you the ability to be able to do that testing as you would be in a test environment. Yep. Maybe you can figure out how to run something full-blown production for free for 12 months, but... But it's not all the services. So it's not, if you're running your whole workloads it's not all going to be free. Yep. And remember... In the article on IT of stock and below in the show notes there's a link to the list of services that will be free for 12 months. Yep. Okay, Mike, I know we've decided to keep this short. We are also thinking about making this into a, just a podcast on Spotify and Apple Podcast and some other repositories. So let us know in the comments below if this is something that would be useful. And again, we have a lot more coming down the pipe. Like I said, we've got the WAF deep dive. I think we've been planning other deep dives, right? Correct? Yep. Yeah, we've got a bunch of things that we're thinking about talking about. Coming up, I can't wait for next month because one of my services, Azure Virtual Network Manager we're going GA at the end of the month. So we'll have a lot of fantastic stuff to talk about for Azure Virtual Network Manager. And I talked to one of the PMs on the team there and we're going to bring them onto the show and we're going to deep dive into Azure Virtual Network in the coming months. We've also thought about doing DDoS, maybe some stuff on deep dive in Azure DNS, front door, taking a look at zero trust networking, me and somebody from FastTrack did a great article on that. And really just kind of focusing on a lot of like security type topics for networking. So if you have some ideas of things like, hey, I'd love to hear a deep dive on this, let us know in the comments, reach out to us and we'll try to put that together. Yes. All right, so thank you so much, Michael, for everybody at home watching this. Thank you for taking the time to spend with us. And as Michael mentioned, if you've got suggestions, put them below and we'll make sure to cover those. And with that being said, we'll see you next month. Awesome, till next time, friend. Cheers.