Amsterdam, the city of choice for Microsoft’s Ignite conference and one of the final legs on the European tour. The last two days have been packed with information throughout the Microsoft (primarily cloud) technology stack, from identity management with Azure Active Directory, Microsoft Hyper-Converged Infrastructure in Windows Server 2019 and Microsoft Office 365 with Teams. The organisation of the event was stellar, the sessions held covered a broad range of technical subjects as well as catering for differing technical abilities and cloud experience. With a questionable keynote, diving straight into Microsoft SQL queries and PaaS technical dives, the event kicked off a steadily improved. Overall it was very beneficial and would be recommended for anyone that works in and around Microsoft products, articulating alternative practices and pushing a cloud first strategy really gave another perspective on a lot of technologies that have been around for a number of years! The following article will summarise a few of the key features and discussion points raised, to hear more please register for our London or Jersey event!
Identity Management, the number one security risk in the modern day is a weak password. I cannot stress enough, that if you do not have Multi factor authentication (MFA) enabled on any of your external services, enable it… NOW! Moving on swiftly, we’re embarking on a world of Software as a Service which means disparate authentication models and a vast quantity of usernames, passwords and website URL’s that we all need to remember. What if you could have a single username and password, that logs in with your native Active Directory password and will authenticate you to a vast array (thousands) of different SaaS suppliers and systems with a single click. Azure Active Directory Business to Business and Business to Consumer are the answer, and if these two out of the box applications don’t tick all of the boxes OKTA will mop up the rest. These features allow you to utilise your Active Directory accounts to authenticate to external providers and can allow third parties to login with external credentials following strict permissions, policies and restrictions. Identity Management is something everyone should be thinking about, don’t get left behind!
Windows administrator Console (WAC) and Windows Server 2019, two great products that I personally cannot wait to start working with in enterprise environments. Hybrid Cloud management in WAC becomes almost enjoyable, having the ability to completely manage an operating system (even/especially Server Core) opens doors that were previously sealed closed due to administrative overheads. Utilising PowerShell a large number of Operating Systems, from Windows Server 2008 R2 through to Windows Server 2019 and even Windows 10 can be managed using WAC. Giving the ability to quickly view health statuses, resource usage in real time and run configuration and a large intake of tools from our beloved MMC console make this tool a requirement for efficient management of Windows Server based operating systems. Windows Server 2019 is going to be the hybrid cloud operating system of choice, period. With Server Core being the recommended route, Microsoft have released a new set of tools called ‘Features on Demand’ or FOD which is a small installer that gives administrators key tools that enable troubleshooting and remediation much more efficient on a Server Core installation. FOD includes explorer.exe, mmc.exe, perfmon.exe and more! This means that leveraging all of the security benefits from running a low footprint operating system become substantially more feasible when managed using WAC and FOD, as we still get the native GUI consoles that we are used to for scalable and manageable deployments.
A lot more was discussed, including the file server migration tool – Enabling us to migrate a file server, shares, networking information, machine domain name and persona from one server to another! This means that an Operating System upgrade will not have to be as painful as it once was, migrating data with robocopy scripts manually creating file shares and applying ACL’s all become a thing of the past. macOS and iOS management and security enhancements through Microsoft Intune, you can even set a corporate background now on your iOS devices! Securing your Azure tenancy and ensuring all monitoring is configured appropriately, a big oversight in many Microsoft Azure portals is the analytics and monitoring that can be created.
The final thing that needs to be raised is Infrastructure as Code, embarking on a journey into the cloud comes with its pitfalls. One of which is state configuring of your Azure Tenancy, what’s meant by this is the configuring of your Virtual Networks, Subnets, Virtual Machines (At a virtualisation level), security, monitoring, storage and the list goes on. In Microsoft Azure’s portal you cannot backup your configurations unless it’s stored in some type of code repository, which is where Infrastructure as Code comes in. Enabling your Azure Tenancy to be deployed and stored in code gives great benefits such as protection against a malicious individual, change management processes around committing configurations (you can see exactly what’s going to change rather than what someone ’says’ they are going to change!). It is a shift in mindset and a difficult change to implement but Infrastructure as Code really is something everyone should be aware of!