 Good morning, everyone. Good morning, Rod Good morning, Pierre. How are you? I'm doing fantastic considering it is Friday one more day of work and then I'm on the weekend enjoying my family and hopefully the outdoors Because it is is winter now We got tons of snow, but the temperature this week is actually blue for was like minus five Celsius, so it's it's It's almost like short weathers Yeah I'm a big big big winter fan. I'm from Ohio So I'm a big winter fan The unfortunate thing is most people that live in Ohio They complain about snow even though we don't really get as much as I would absolutely love but what does happen and then I Tell people don't complain about the snow because it's Ohio. It's gonna change and it's gonna change drastically I saw our weather report this morning We are expecting like severe thunderstorms and possibly tornadoes next week already. Oh god I know go from snow to tornadoes. Hmm. It'd be nice to have a snow tornado. I would I would I would appreciate that We call that a blizzard Well you caught a blizzard I call it fun, okay Rod you are now part of the IT hopstock team How's that I am I am so I'm just sort of kind of getting settled in but I have to say that I believe I'm Absolutely gonna love it for a couple reasons First being a security person We had a very small security team up until recently so when I first joined in this role at Microsoft I was the only person That's how small our team was even though across the board At Microsoft we've invested so heavily in security. Yeah, I was that person then we you were that person in Deverell But let's not kid our audience the the the the the amount of personnel that actually work on security product is huge Yeah And that's where that real investment comes from it wasn't just me. I wasn't the only investment Yeah, we've we've had what was the number last number I heard last time I forget 10 billion or something like that When I started in security at Microsoft about two and a half years ago Just as an example of how much we have grown I'm hyper focused on things like cyber security Microsoft Sentinel defender for cloud things like that. Yep By the end of the first year working on Microsoft Sentinel at Microsoft we had like 9000 so customers using Microsoft Sentinel the latest financial report. I don't know if anybody caught that I did obviously But we now have over 15,000 Microsoft Sentinel active Microsoft Sentinel customers and that to me is Absolutely amazing. That's just evidence that our security investments are absolutely paying off Yep. Well speaking of security investments I think we do have some news about security that we're gonna get to in a little bit So you are on our team now Reporting to our glorious Leader Rick and I'm saying that because you might be in the chat And you have a partner I Always pronounce it Joy Lynn, but it is mm-hmm. Is it Joy Lynn? It is Joy Lynn. Yeah Absolutely, I heard somebody pronounce it differently in a meeting this week and I'm like I'm so I'm so self-conscious on the way I always mispronounce names Yeah, and I apologize profusely But anyway, yeah So we've had a few weeks with lots of new people rod and Joy Lynn and Amy which is in the in the chat room Right now. Oh, and she's correcting me saying it's Joe lean like the song. Okay. Thank you. Hey I think oh my goodness, so we've been we've been told Rod. We've been told Lean I thought that was like a Dolly Parton song. It it is actually it's a oh Somebody else's song, but I do believe a Dolly Parton covered it. Anyway, how about we jump into the news? We could do that Let me start this week with the bastion server. So You have to be careful with that name too, by the way Yes, no, it's not the bastard server. It's the bastion server. There we go We can see properly We now support because anybody who has used this knows that it's a fantastic Fantastic product to help secure your environment because we all need to like remote into our VMs and kind of do some management this some installation not a hundred percent of everything can always be Automated every once in a while you have to go in there and maybe just get a log file from it or upload a config file to To a VM. There's all kinds of different things and we also know that exposing our DP and correct me if I'm wrong Rod But exposing our DP to the internet is is a bad thing, correct? that is Bad thing I in fact You go as far as to say that that might If someone ever found out it might get you fired and here's here's a good anecdote So I have You know, I told people that I was gonna be on here and I would say Sentinel a lot just appeased them So here's another Microsoft Sentinel story hashtag not sponsored. Yeah, exactly So I have my own Microsoft Sentinel environment as you can imagine one of the things I do with that is I do demos for customers I use it to Investigate do my own investigations and things like that I Have Defender for cloud tied into Microsoft Sentinel Defender for cloud is very good at identifying You know compliance issues policy issues and things like that I will Manually turn off just in time JIT for my VMs periodically because I know That just as soon as I do that there's gonna be some bot somewhere in the world sitting there waiting to look to find an open RDP or UDP port and I start getting incidents created like a media I'll get 10 within the first, you know, 10 15 seconds that I turned JIT off. Oh, I know it Absolutely that important and what this does is bastion was amazing You don't have to think about it right it automatically encrypts that stream and to me that from a security perspective That is absolutely huge when a customer doesn't have to think about doesn't have to To encrypt those ports or at least protect those ports automatically they can they can do crazy nefarious Silly fangs and this will fix it for him. Yeah, but up to now bastion was allowing you to basically RDP or a remote desktop into either a Linux or a Windows machine through they through the browser so you'd have your desktop or your RDP session inside or a browser session But it made Some activities very cumbersome such as uploading and downloading files Which we have to do on a regular basis if you're getting a log file you're uploading some stuff Now with the RDP the bastion host what it allows you to do is is create a tunnel from your machine Whether it's Linux or Windows and to the bastion and then through that Connect to your VM and actually upload and download files directly from your native client So directly from Windows or directly from Linux without having to go through the browser related So it's going to simplify a lot of things and of course this is a public preview. So it's going to It's going to change like right now for our over SSH on Linux. You can only Upload or or download there's one of the two The other one's not supported right now Upload I think upload downloads not supported right now, but it's it's they're working on it. This is preview so it by the time it goes to By the time it goes to general availability it'll be fixed, but I'm just super stoked about the direction that it's heading and the amount of Value that just little changes like that can give to our audience Need to upload a new config file just Run the script connect make the connection You don't even have to go to the portal once it's created and then you upload the file and then you're done Well, this is another one of those and this is a small kind of little nuance Update some people may consider but this is still part of that security investment, right? We're trying our best to make security just Something you don't have to think about for our products and absolutely it should be I'm we can go back to the early days of Trustworthy computing and you know 20 years later. We're still kind of working on it But I think this is absolutely all part of that and the investment over the past few years is really signifies that so Yeah, no, you're right. You're right So let's jump on to the second item, which is yours, which is AKS clusters I believe well and not just AKS clusters, but this is in private preview or just released into private preview I absolutely love our private preview programs. We have done so much good with these things in creating Services features those nuance features. I was talking about for our customers based on Customer requests and feedback is we're getting customers involved in these private previews They're giving us that feedback the products are changing For the better because of that customer those customer recommendations. This is one of those right in private preview Volume backup or a persistent volume backup of the AKS clusters is now available right so this allows This backup and we'll talk a little bit I think we're going to talk about some other types of backups here shortly and recovery this allows Not just recovery, but also Recovery of one or more Persistent volume backups so they can take advantage of this private preview And it's not just Delegated to the same cluster anymore. You can also send it to a different cluster, right? Let's read Let's restore this somewhere else We could even use that to make Comparisons and things like that which a lot of development environment where you want to test something because you're getting this recurring problem in production and of course Your dev and your production environment are not always the same so you can back up your production Restore it into dev environment and then run through your scenarios. That makes things a little easier. I'm I'm just glad that Cuz you look at some of the workloads in the cloud and I've talked to some developers and And there's a misconception sometimes that's well if I've got enough If my application is architected in such a way that I've got enough redundancy that I don't need a backup I am an old-school IT and ops guy Anything that hits production has got to have a backup a restore and a recovery plan attached to it So if it is production and it is In the business depends on it. You've got to be able to back it up somehow Even if it's just snapshots every hour or something like that for like a container because I understand that some containers there's no Like if it crashes and just flushes it and then creates a new one because there's nothing There's nothing stateful in that that's it's a stateless in a lot of cases a stateless operation so it doesn't really matter But in the case of when you've got a stateless or an application running in a container on AKS or on ACI And you're tying it to persistent storage Then that's that's the the key word here is persistent and you need to be able to be able to To save it somehow. So I'm glad to see that as you're back up in Azure Kubernetes services are now realizing or and making it available The fact that you can actually back up your your nodes and eventually back up entire AKS clusters Yeah, absolutely and just to kind of re-highlight again that importance of that private preview program any Active customer can take advantage of something like this, right? So you show on that page there down the bottom There's a link fill this form out if you want to participate in this and you absolutely do And it's not a very intrusive form is are you native? Would you use it? Yes. Are you willing to precipitate in the program? Yes submit done So we're not collecting any info here Yeah, it's we try it again. It's like the security piece We're trying to make it as easy as possible To interact with Microsoft and Microsoft services and people and products and everything our engineering teams I I think to me I Coming from a long history in my profession as a community person That just warms my heart to see how well we're doing in that area. Yep All right, so let's jump on to our next news item Our next news item is about Azure site recovery and I've I've always been a big fan of Azure site recovery like since the very very beginning Because I had to be at first before with that's before we had Azure migrate I actually used Azure site recovery and with with some customers to migrate their their workloads because a Migration is basically in a site recovery without the restore. Yeah. Yeah, so you Duplicate or replicate your workloads and then you just don't fail it over you just Shut down the original So I've been a big fan of that and I've presented on that like even back into there's a 2014 for Ignite Australia Or Tech at Australia, I can't even remember whether it was Tech Ed or Ignite at that point But I'm I'm really impressed with the way they Every month or every other month they come up with their their roll-up updates They keep improving the software they keep improving the way the replication is done at this month for their January 2022 they've added a whole bunch of Different OS Linux OS is to the support they've fixed some issues with the Windows 2022 and you would think it's Windows it just works But they've had some with the agent the mobility agent as they call it that sits on your machine that replicates the data Now they've added all of those new OS and fixed 2022 and That's that's that's great But they've also listened to the community and people that are using it and made some changes in the restrictions or configurations that they were so in terms of the retention points are now available for up to 15 days is if you're in the past they were the the retention points were only available for just a few days and It wasn't quite enough. We heard the feedback through the feedback loop, but also through us advocates and The product group has made that change so you now can have your retention points that will last up to 15 days Your replication can be enabled on a virtual machine via Azure policy. So this is huge for me Yeah, if you have a tenant or resource group that is identified by tag or by however, you want to identify it as a production workload of Whether or not it needs to be so you can use tag to identify that this needs to be replicated this needs to be protected This needs doesn't have to be So now by policy when you deploy something and with those tags or that's that's Covered by that policy will automatically turn on replication for those VMs So you don't have to worry about After the fact having to go back or because you know if it's made if it's done by human at some point Somebody's gonna drop the ball and the machine is not good enough. I can be replicated Yeah, I agree. I agree. That's that's absolutely huge. That's a big Area that I'm a fan of right because a lot of our a lot of our other services within Azure We're starting to Utilize Azure policy a lot more. This is an area. I think customers really really need Education on Azure policy is absolutely important, but I just want to highlight there is a caveat Just like group policies where a group policy can negate a group policy You have to be very careful because Azure policies can do the same thing and what I would recommend being a data science security type Azure sent Microsoft Sentinel person Alert on those log files when an Azure policy doesn't work the way that it's supposed to because you can get kicked Right in the butt because of something like that. Oh the policies are Very very very powerful, but as you mentioned very very dangerous. I had a policy on the system with a customer that Would turn off certain certain Services because they were being replaced by third party. Yeah, so they would turn off the the native and eventually the They replaced the third party with native support for the what they were using but they forgot that somewhere in their policy They had a bit that would turn it off So they would turn it on they would work for 20 or 40 minutes and then it would turn it off And they couldn't figure out where it was. So policies are Very very powerful So how's that how's that phrase go with great power? Comes great responsibility. So yeah, absolutely. Yeah, but I'm yeah I'm I'm going to I'm going to allow that but I'm not gonna Die on the on the sidewalk like Peters So yeah, so Azure site recovery update lots of updates and lots of bug fixes as well that's always a good thing that we keep track of our bug fix and The next item in our Listing today is a Azure defender for identity. What's it that? Oh, this is great so part of that security investment that I was talking about earlier not just dollars but also Engineering and things like that. We have been at Microsoft and I know customers. I've talked to customers They know that we've been working extremely hard to accomplish this Take all of our security platforms all our defender stuff MCAS which is now named Microsoft Defender for apps All of those different defender branded Services and products into a central console security dot Microsoft com, right? We do have some lingering services that have just you know for whatever reason have taken a little bit of extra time to get there I think MCAS is still there's some pieces of that as well, but defender for identity This week all of the features that you could get from that original defender for identity console They are now all consolidated at security dot Microsoft comm this includes things like the full onboarding administration experience the Incidents that get created they have been consolidated with the advanced hunting In the n365 defender console, which is huge a lot of our customers use that to do hunting looking for nefarious things within the data looking for bad user habits the thing that really I Think is awesome about this is kind of we've been waiting for this from a Microsoft Sentinel perspective. We have this Consolidated defender Connector all of our defender branded services. We have this connector. We've kind of been waiting on there's still again some lingering things We haven't turned on yet. They're still in private preview. This is one of those So with this barrier out of the way with this API and all this stuff in the security that Microsoft comm I'm positive that we'll see that defender for identity piece of that connector enabled very shortly too sweet I think that's stored. So yeah Is there also a an add-on or An amalgamation of search capabilities now So within a console. Yeah security dot Microsoft comm the search capability is there For the features but also for searching through and I assume this is what you're talking about Searching through the data, right? Yeah, so all of those So if you go to advanced hunting in this security dot Microsoft comm you go to advanced hunting In search over on the left-hand side You're going to see all of the tables that are associated now with this centralized console all the identity Tables all of our defender for endpoint tables all the device tables and things like that. They are all there So yeah, you can search across all of them. Obviously You need to know KQL because you can't just you know if you use a search command search with your string It's going to search all tables at once But if you want to tie tables together you have to use your union and your joins I have a series about that. Thanks for shameless Hashtag Series it's specific security stuff right now, but you go to aka ms slash must learn KQL Takes you from day one from scratch with KQL and all the way through so that you'll be able to do things like joins and unions within the advanced console here, so Yeah Appreciate that Andrew was a big fan obviously Andrew he forgot the must in front of learn KQL there, so All right, so we now have going into our last item of the day Or was that our last item of the day It was yeah, there's more but there's more I did wanted to touch on something because We are we have five minutes left You have a Podcast of sort that you do on a regular basis in terms of security. Can you tell us more about that? Yes, every Wednesday night at 5 p.m. Eastern We stream live video on twitch It's the Microsoft security insights podcast We have product managers. We have this you're showing here last week this past Wednesday We had the authors Microsoft folks that have created a new SC 200 exam guide right had them on talking about that talking about SC 200 how to pass and all that good kind of stuff It's amazing conversation, but we do this every Wednesday night 5 p.m. On twitch and then the replay obviously as just the audio podcast is available anywhere You can find podcasts anywhere you listen to your podcast, but it's been on Microsoft security insights calm Yep, it's been an amazing thing I should note and I just want to get people energized and excited about this We are planning our own very first all day Streaming podcast event coming up in the very near future. We're planning is underway right now So it's literally just the podcast just all day long with people and guests shuffled in and out It's going to be pretty cool We used to call that a conference Yeah, now it's all virtual. Well Yeah, one of these days maybe we can talk about in-person conferences. Maybe we'll see. Yes. Yes. I really hope so And to close out today. Oh, we only got a couple minutes Let's look at our azure or Microsoft learn module of the week And considering when you and I talked about this yesterday considering how important Azure bastion host can be to your security We decided that Using the learn module that connect your virtual machine through azure portal using Azure bastion would be a great start So if you've never used it if you are still doing jump boxes Where you have to manage the box that you use to manage other boxes You got to stop that stake start looking into Um Bastion server, of course, there are some differences like you can't use the full rdp client to connect to the art to the bastion host, but it does Close up a lot of those security holes that rod is so concerned with absolutely. I'm gonna go do this one That was good. I've actually done this one before but I think I want to do it again to see if there's anything that has changed mostly based on Some of the improvements into the products that they have. Yeah Because because I know that now when you deploy a bastion host You can actually pick whether or not you're going to allow native client support or not If you've got an existing one you have to go and reconfigure it to enable native native client support But the basis and the basics of what you learn in this learn module are very very important And again, it is bastion so What did I say? No, no, no. I'm just reiterating Okay I thought I messed up with a name again No, sorry, didn't hear you Not that it would be um Unusual I'd do that all the time But you know, it's just it's just not a product naming schema that we generally use so rod you have no idea how many times in my head I say before you and I meet either in a meeting or online like this. It's rod not rob. It's rod not rob I've learned over the I've learned over the years just answer to anything. Hey usually works So I know but I'm it's a signer. I think it's a sign of respect when You try at the very least try your best to pronounce the person's name the way it's meant to be Yeah, I have to apologize to joe lane later Yeah Or Amy actually, I apologize to Amy apparently when I introduced her a couple weeks It's amy It's amy. I think so. I tell me you think so Hey, all right. So thank you very much rod for spending time with us to go over the news item in azure this week Appreciate it. Yeah, absolutely. Thanks for all those that tuned in waiting for me to flub up some crazy things so Yeah, and next week. I am away I will be somewhere in the wilderness on the back of a snowmobile in northern kebek having some fun and trying to survive a long trip in the wilderness, but jay will Cover the host capabilities and I think we will kind of have a special co-host so Make sure to join them and With that being said, thanks rod. Thanks everyone and Have a wonderful weekend. Cheers