Kurt Shintaku's Blog

Microsoft researchers used AI to assist the American Red Cross in analyzing maps of Lahaina, Maui to identify damage to buildings.  “This is critical because they need to understand where to send people, which areas need to [be] prioritized, which part are they not considering,” according to Chief Scientist for Microsoft AI for Good, Juan M. Lavista Ferres:

Our hearts go out to the residents of Maui in the wake of this week’s devastating storm and wildfires. Microsoft is working with the American Red Cross and Planet on a preliminary assessment of the damage in Lahaina in order to help first responders and relief organizations in their critical work.

We have run our damage assessment AI models on the satellite images we received from Planet and have maps of the affected buildings. If your organization would benefit from the underlying data in this report—please contact me. We are committed to sharing this information in support of the response efforts.

There are a total of 2,810 buildings in the study area. Out of these, we estimate that at least 1722 buildings were damaged.

• 1,088 are between 0 and 20% damaged.
• 110 are between 20-40% damaged.
• 169 are between 40-60% damaged.
• 238 are between 60-80% damaged.
• 1,205 are between 80-100% damaged
  

Please note: Our AI model determines if a building has been affected based on satellite imagery. While we strive for accuracy, satellite data has its limitations. The provided maps should be used as a preliminary reference and verified on the ground for a comprehensive assessment.

Read more here:

• Microsoft AI tool reveals swath of devastation from Maui wildfire – GeekWire
  https://www.geekwire.com/2023/wildfires-and-microsoft-and-amazon/

Defender for Identity (MDI) is introducing a new sensor type for Active Directory Certificate Services (ADCS).

• AD CS is a Windows Server role that issues and manages public key infrastructure (PKI) certificates in secure communication and authentication protocols.
• AD CS can be part of a domain controller, in which case, no extra actions are needed. However, if your AD CS is on it’s own server, you must make sure that events are being collected from that server.

If your sensor is installed on a domain controller with AD CS, you’ll view additional security content, such as related alerts and Secure Score reports.

Read more at:

• What’s new – Microsoft Defender for Identity: "New Sensor Type for Active Directory Certificate Services”
  https://learn.microsoft.com/en-us/defender-for-identity/whats-new#new-sensor-type-for-active-directory-certificate-services-ad-cs

We released a “less expensive” storage tier called “Cold tier” – which is approaches the costs of our lowest cost offering, “Archive Tier”, for folks retaining data in Azure Storage that needs to be accesses a few times a year & has a data read & data retrieval costs that aren’t exorbitant.

Cool/Cold is good for folks that know they’ll definitely need to pull data a handful of times during the year – and not just store the data for retention/compliance reasons.  Read more about the differences here: “Access tiers for blob data – Azure Storage”.

Here’s the announcement:

Azure Blob Storage Cold Tier is now generally available. It is a new online access tier that is the most cost-effective Azure Blob offering for storing infrequently accessed data with long-term retention requirements, while providing instant access.

Azure Blob Storage is optimized for storing massive amounts of unstructured data. With blob access tiers, you can store your data most cost-effectively based on how frequently it will be accessed and how long it will be retained.

The pricing of the cold tier storage option lies between the cool and archive tiers, and it follows a 90-day early deletion policy. You can seamlessly utilize the cold tier in the same way as the hot and cool tiers, through REST API, SDKs, tools, and lifecycle management policies.

Refer to the blog and documentation for additional details. You can find pricing information on the Azure Blob

GENERAL SUMMARY:
To quote, our docs, “Data in the cool and cold tiers have slightly lower availability, but offer the same high durability, retrieval latency, and throughput characteristics as the hot tier.

For data in the cool or cold tiers, slightly lower availability and higher access costs may be acceptable trade-offs for lower overall storage costs, as compared to the hot tier. For more information, see SLA for storage.”

Cost differences are:

• Cold storage capacity cost is ~80% less than the cost of Hot, ~50% less than the cost of Cool
• Cold storage write operations cost 4x the cost of Hot, 2x the cost of Cool
• Cold storage read operations cost 26x the cost of Cool, 10x the cost of Cool
• Cold storage data retrieval cost is 3x the cost of Cool

EXAMPLE:
For example, charges for 100TB of Azure Storage in WestUS 2: (According to https://aka.ms/pricing)

• Capacity:
• Hot $1800/mo
• Cool $1000/mo
• Cold $400/mo
• Archive $100/mo
• Writes/10000 operations:
• Hot $.065
• Cool $1.30
• Cold $2.34
• Archive $1.30
• Reads/10000 operations:
• Hot $.05
• Cool $.13
• Cold $1.30
• Archive $65.00 or $650.00 (High priority)
• Data Retrieval
• Hot N/A
• Cool $10/TB
• Cold $30/TB
• Archive $20/TB or $100/TB (High priority)

Here’s our recent posts about the NEW Cold access tier for Azure Storage:

• ANNOUNCEMENT: “Efficiently store data with Azure Blob Storage Cold Tier — now generally available”
  https://azure.microsoft.com/en-us/blog/efficiently-store-data-with-azure-blob-storage-cold-tier-now-generally-available/
• DOCUMENTATION:
  https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview

Use generative AI to keep costs under control. See how Copilot in Microsoft Cost Management helps you get insights and recommendations for cost savings in the cloud.

VIDEO SYNOPSIS:
Reduce unpredictability of operational costs with visibility into workload-related spend using AI chat in Microsoft Cost Management. See spending patterns and anomalies that drive up costs, set budgets, share workload costs across teams and business units, and identify opportunities for optimization.

DOCS: Understand and optimize your cloud costs with AI-powered functionality in Cost Management

▫️https://aka.ms/MCM-AIPreview

Our Inside Track series recently wrote about Microsoft’s own transition to using Microsoft Sentinel for it’s Enterprise SIEM.

We recently implemented Microsoft Sentinel to replace a preexisting, on-premises solution for security information and event management (SIEM). With Microsoft Sentinel, we can ingest and appropriately respond to more than 20 billion cybersecurity events per day.

Microsoft Sentinel supplies cloud-scale SIEM functionality that allows integration with crucial systems, provides accurate and timely response to security threats, and supports the SIEM requirements of our team.

The article goes over the anticipated value add from the new cloud-based solution, the design, architecture & implementation, the resulting experience. There are also links to operational documentation from the Microsoft Security team.

✅ Moving to next-generation SIEM at Microsoft with Microsoft Sentinel: https://www.microsoft.com/insidetrack/blog/moving-to-next-generation-siem-at-microsoft-with-microsoft-azure-sentinel/

#Azure Boost is one of #Microsoft Azure’s latest #infrastructure  #innovations that can provide:

✅ Up to 100% greater network performance with 200 Gbps networking throughput

✅ Industry-leading remote storage throughput and IOPS performance of 10 GBps and 400K IOPS

✅ Security isolation by running storage and networking processes separately on Azure Boost’s purpose-built hardware instead of on the host server

✅ Reduced downtime needed for Azure host infrastructure updates which get executed directly onto the Azure Boost hardware with minimal impact to VMs on the host servers.

Azure Boost is a new system that offloads #virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built hardware and software, such as networking, storage, and host management.

By separating hypervisor and host OS functions from the host infrastructure, Azure Boost enables greater network and storage #performance at scale, improves #security by adding another layer of logical isolation, and reduces the maintenance impact for future Azure software and hardware upgrades.

▫️AZURE PREVIEW UPDATE: https://azure.microsoft.com/en-us/updates/preview-azure-boost/

▫️BLOG ANNOUNCEMENT: https://techcommunity.microsoft.com/t5/azure-infrastructure-blog/introducing-microsoft-azure-boost-preview/ba-p/3876742

If you’re a Teams user, it’s fairly easy to build extensions to do just about anything.

Boost productivity and collaboration by building your first app for Microsoft Teams with GitHub Copilot.

If you want to learn how to use GitHub Copilot, the AI pair programmer that helps you write code faster and better, then this video is for you.

Here’s @aycabs building an npm search app in ~5 minutes.

👉 Install & start your free trial: https://aka.ms/get-copilot

More info: https://github.com/features/copilot Quick startup guide: https://docs.github.com/en/copilot/qu… Blog: Use AI pair programming to build a Microsoft Teams app https://aka.ms/AIPairProgramming/Blog Getting started with GitHub Copilot https://aka.ms/GetStarted_GitHubCopilot Teams tooklit https://aka.ms/ttk-codespaces-me

Interested in developing your own private OpenAI solutions in the security & privacy of your own cloud enclave?

We have a training available called, “Develop Generative AI solutions with Azure OpenAI Service” that has 7 modules in it (about an hour each) that goes over everything you need to get started with designing & implementing an Azure AI solution… and preparing for AI-102, our Azure certification exam for AI design & implementation.

Module list:

1. Get started with Azure OpenAI Service
2. Build natural language solutions with Azure OpenAI Service
3. Apply prompt engineering with Azure OpenAI Service
4. Generate code with Azure OpenAI Service
5. Generate images with Azure OpenAI Service
6. Use your own data with Azure OpenAI Service
7. Responsible Generative AI

And yes, it’s free.

Course description:

Azure OpenAI Service provides access to OpenAI’s powerful large language models such as ChatGPT, GPT, Codex, and Embeddings models. These models enable various natural language processing (NLP) solutions to understand, converse, and generate content. Users can access the service through REST APIs, SDKs, and Azure OpenAI Studio.

This learning path helps prepare you for Exam AI-102: Designing and Implementing a Microsoft Azure AI Solution.

Prerequisites

Before starting this learning path, you should already have:

• Familiarity with Azure and the Azure portal.
• Experience programming with C# or Python. If you have no previous programming experience, we recommend you complete the Take your first steps with C# or Take your first steps with Python learning path before starting this one.

Start the training here:

• TRAINING: Develop Generative AI solutions with Azure OpenAI Service
  https://learn.microsoft.com/en-us/training/paths/develop-ai-solutions-azure-openai/

Our architects here at Microsoft have shared some useful tools for Azure for the Azure Administrator that I’ve found useful & thought I’d share here:

Azure VM Comparison
(https://azureprice.net)
Find and compare Azure Virtual Machines specs and pricing on one page across different tiers, payment types, and regions. Check the column Best region price: it will help you to find the region where that particular VM is cheapest. To help you find the best VM for your money, please check the price/performance page.

Azure VM Selector 
(https://aka.ms/VM-selector)
The Azure VM selector is a web-based tool that helps you identify the right virtual machine (VM) based on your needs and budget. It is localized in 26 languages and available worldwide.  Using the VM selector, you can specify your requirements, such as the category of workload you plan to run in Azure, and the technical specifications of your VM (e.g., OS disks storage options, data disks storage performance, Operating System, deployment region, etc.).  After a few simple steps, the tool identifies the best VM and disk storage combination based on the information you enter. You will then be able to view the details of the recommended VMs and their prices.

Azure Charts 
(https://azurecharts.com/)
Azure Charts is a web-based application that helps you visualize and explore the Azure cloud and its ecosystem. You can use Azure Charts to see the live status, metrics, and trends of Azure services, regions, solutions, and topics. You can also compare different scenarios and options, and learn more about Azure features and best practices. (Azure Charts is a side project created by a Microsoft employee, Alexey Polkovnikov, using public data sources)

Azure Pricing Calculator
(https://aka.ms/pricing)
The Azure Price Calculator is a tool that helps you estimate the cost of using various Azure services. You can select the services you want to use, specify the configuration and usage details, and then see the estimated cost based on the current prices for those services. You can also compare different scenarios and options to find the best fit for your needs and budget.

Azure Free
(https://aka.ms/freeazure)
Azure Free is a way to get started with Azure without paying anything. You can create a free account and get $200 in Azure credits for the first 30 days, as well as some services that are always free or free for 12 months. You can use these free services to learn about Azure, build your skills, and test your ideas. Some of the free services you can use are:

• Azure Virtual Machines: Create Windows or Linux virtual machines in the cloud.
• Azure SQL Database: Manage relational data with a fully managed database service.
• Azure Cosmos DB: Build scalable applications with a fast and flexible NoSQL database service.
• Azure App Service: Host web, mobile, or API apps with a fully managed platform.
• Azure Functions: Run code on demand without managing servers or infrastructure.
• Azure Cognitive Services: Add AI capabilities to your apps with smart APIs.

Azure Mobile App
(Android | iOS)
Azure has a mobile app available on both Android and iOS. The official app is a handy tool to have on hand when away from your PC or office that helps you keep track of your resources while on-the-go:

• Stay connected to the cloud and check status and critical metrics anytime, anywhere
• Stay informed with notifications and alerts about important health issues
• Stay in control of your resources and take corrective actions, like starting and stopping VMs and web apps

Azure Cloud Shell & Visual Studio Code Azure Account Extension
The Azure Account extension provides a single Azure sign in & subscription filtering experience for all other Azure extensions. It makes Azure’s Cloud Shell service available in VS Code’s integrated terminal.

Azure Cloud Shell itself is an interactive, authenticated, browser-accessible terminal for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Cloud Shell runs on a temporary host provided on a per-session, per-user basis. Your Cloud Shell session times out after 20 minutes without interactive activity. Cloud Shell persists your files in your $HOME location using a 5-GB file share.

(https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)

Azure Status & Azure Service Health
(https://azure.status.
microsoft/)
(https://aka.ms/
azureservicehealth)
Azure Status provides you with a global view of the health of Azure services and regions. With Azure status, you can get information on service availability. Azure status is available to everyone to view all services that report their service health, as well as incidents with wide-ranging impact.

Azure Service Health provides a personalized experience that includes all outages, upcoming planned maintenance activities, and service advisories.

Azure Updates
(https://azure.microsoft.
com/en-us/updates/)
Get the latest updates on Azure products and features to meet your cloud investment needs. Subscribe to notifications to stay informed.

Note: Our Principal Azure Architect, Jay Thakkar, advises users to filter on the “in-preview” & skip the “in-dev” or “now-avail” updates then subscribe to the list via RSS feed to receive daily updates, which is available prominently on the site.

Azure Architectures
(https://learn.microsoft.com/en-us/azure/architecture/browse/)
Find architecture diagrams and technology descriptions for reference architectures, real world examples of cloud architectures, and solution ideas for common workloads on Azure.

Select from over 800+ pre-created diagrams for various scenarios including:

• Ingest & store medical data in Azure
• Prevent IPv4 exhaustion in Azure
• WordPress on virtual machines, Azure, App Service, AKS
• Deploy Autodesk Maya on a virtual machine
• etc.

Azure Icons (Official)
(https://learn.microsoft.
com/en-us/azure/architecture/
icons/)
Helping our customers design and architect new solutions is core to the Azure Architecture Center’s mission. Architecture diagrams like those included in our guidance can help communicate design decisions and the relationships between components of a given workload.

On this page you’ll find an official collection of Azure architecture icons including Azure product icons to help you build a custom architecture diagram for your next solution.

Incidentally, we have icon sets for other Microsoft cloud solutions:

• Microsoft 365 architecture icons and templates
• Dynamics 365 icons
• Microsoft Power Platform icons

Azure Icons (Unofficial)
https://code.benco.io/icon-collection/azure-icons/
This is a regularly updated set of icons that, according to Principal Azure Architect Jay Thakkar, scrapes all of the PNGs from Azure so you tend to find a lot of the missing icons/services in this collection.  He uses this when something is missing from the official icon set.

Azure Storage Explorer
https://azure.microsoft.
com/en-us/products/storage/
storage-explorer/
Azure Storage Explorer is a free tool that allows you to easily manage your Azure cloud storage resources from your desktop. You can upload, download, and manage Azure Storage blobs, files, queues, and tables, as well as Azure Data Lake Storage entities and Azure managed disks. You can also connect to individual resources using various authentication methods, such as connection strings, access keys, or Azure Active Directory. Azure Storage Explorer is available for Windows, macOS, and Linux operating systems.

Organizations have many reasons to respond to a legal case involving certain executives or other employees in your organization. This might involve quickly finding and retaining for further investigation-specific information in email, documents, instant messaging conversations, and other content locations used by people in their day-to-day work tasks.

You can perform these and many other similar activities by using the Microsoft 365 eDiscovery case tools in the Microsoft Purview compliance portal.

Want to know how Microsoft manages its eDiscovery investigations?
Here’s a technical white paper you can download that explains how we use the same search and investigation tools to manage our internal eDiscovery workflow.

The following article goes over:

• how to pursue legal investigations using Microsoft 365 eDiscovery (Basic)
• how to deliver faster, more efficient investigation & end-to-end delivery through Microsoft 365 eDiscovery (Premium)

Read the article here:

• Manage legal investigations in Microsoft 365 
  https://learn.microsoft.com/en-us/purview/ediscovery-manage-legal-investigations