Kurt Shintaku's Blog

Check out #AzureOpenSource Day on Tuesday, March 7th, 2023.

Learn how to use your data to build intelligent, scalable apps faster and easier. Take a deep dive into open source and Azure and see the latest open-source technology in action—while connecting with the community of industry leaders, innovators, and open-source enthusiasts.

Join this free digital event to:

• See app-building demos using Azure and the latest in open-source technologies, cloud-native architectures, and microservices.
• Get tips and best practices for open source from industry leaders at companies like HashiCorp, GitHub, and Redis.
• Learn to build cloud-native apps for relational and nonrelational data with Azure Cosmos DB, now supporting native PostgreSQL.
• Discover new capabilities in IaaS, PaaS, containers, and serverless computing, including Azure Kubernetes Service (AKS).
• Explore practical ways to optimize your open-source investments and gain more time for innovation.
• Learn how to protect your data and business assets by building on a highly secure cloud platform designed to meet your open-source security and compliance needs.

Plus, ask Azure and open-source industry experts your questions during the live chat Q&A.

• Date/Time:
  Tuesday, March 7, 2023
  9:00 AM–10:30 AM Pacific Time (UTC-8)
   
• Registration:
  https://info.microsoft.com/ww-landing-azure-open-source-day.html?ocid=cmm595mpcp0

If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven’t gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled.

You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.

Read at the link below for instructions on how to enable NTLM auditing via Group Policy to elevate the effectiveness of your Microsoft Defender for Identity deployment.

• Microsoft Defender for Identity | Enable NTLM Auditing
  https://azurecloudai.blog/2023/02/07/microsoft-defender-for-identity-enable-ntlm-auditing/

I had planned on writing something similar to what’s below however this was a such a good roundup, I shamelessly stole the following from Jiadong Chen, Microsoft Cybersecurity MVP.

Microsoft is leading the way in security best practices with their comprehensive reference materials, such as the Microsoft Cybersecurity Reference Architectures, Microsoft cloud security benchmark, the Cloud Adoption Framework, and Microsoft security best practices provide valuable guidance on how to best protect systems and data in the cloud. In this post, I’d like to share some of the key Microsoft security best practices resources that can help ensure your organization’s security!

()
Diagrams and sections in MCRA are a key source of security best practices for many topics including:

• Zero trust user access, security operations, multicloud and cross-platform capabilities, operational technology (OT), attack chains, technical capability coverage, Azure native security controls, and security roles and responsibilities. https://lnkd.in/gZ_t_88h

()
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives:

• Explicitly validate trust for all access requests https://lnkd.in/g6MjQDpy
• Ransomware recovery readiness https://lnkd.in/gYkFm5zF
• Data protection https://lnkd.in/gn5XzcuV
• And more! https://lnkd.in/gEr5q2ET

()
The MCSB provides security best practices for Microsoft Azure, on-premises datacenters, and other cloud providers, including two types of guidance:

• Security controls
  Identity Management (IM): https://lnkd.in/d8bvgaUA
  Network security (NS): https://lnkd.in/dRJfYfpV
  and more! https://lnkd.in/drR5zmTk
• Security baselines
  Security baselines are standardized documents, describing the available security capabilities https://lnkd.in/dzYjPK5g
  Full security baseline mapping file: https://lnkd.in/dMcTQvfA

Cloud Adoption Framework can help you get started with several different getting started guides, of which security is an important component.

• Azure Top 11 essential security practices: https://lnkd.in/dPjY2Axc
• Cloud security functions: https://lnkd.in/dTQvUwJ4
• Reference implementation: https://lnkd.in/dTKgmBcV

Assess your Security Journey for Cloud Adoption. Receive actionable considerations to improve your security posture. https://lnkd.in/dH-tV95F

()
Helps accelerate security program modernization with reference strategies built using Zero Trust principles https://lnkd.in/dFhNZGFP

Recently, Jeff Woolsey, Microsoft Principal Program Manager for Windows Server & Hybrid Cloud, in what can only be described as a fit of frustration , posted this information to his followers & it’s worth repeating:

1. Do not put Domain Controllers on the open internet. 
   Do not put Domain Controllers on the open internet. 
   Do not put Domain Controllers on the open internet.
   Here’s some additional helpful guidance for securing Domain Controllers:
   Securing Domain Controllers Against Attack
   https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack#blocking-internet-access-for-domain-controllers
2. You should run all domain controllers on the newest version of Windows Server that is supported within your organization. Organizations should prioritize decommissioning legacy operating systems in the domain controller population.
3. Keeping domain controllers current and eliminating legacy domain controllers, allows you to take advantage of new functionality and security. This functionality may not be available in domains or forests with domain controllers running legacy operating system.
4. What is the impact of upgrading the Domain or Forest Functional Level?
   https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/what-is-the-impact-of-upgrading-the-domain-or-forest-functional/ba-p/399348
5. At this point in time, your domain controllers should all be running at Windows Server 2016 Functional Level. There’s a good chance that future AD features will require a 2016 DFL. To learn more about Active Directory Functional Levels see:
   What Are Active Directory Functional Levels?
   https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787290(v=ws.10)
6. Q: Are their any concerns about upgrading Domain or Forest Functional Level
   A: No. In a review over a decade of support calls, NOT ONE involves a case where changing the Domain or Forest Function Level was responsible as the root cause of any issue.
7. How to raise Active Directory domain and forest functional levels:
   https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/raise-active-directory-domain-forest-functional-levels
8. Best Practices for Securing Active Directory
   https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Check out what’s being announced at #AzureCosmosDBConf!

Azure Cosmos DB Conf is a free virtual developer event co-organized by Microsoft and the Azure Cosmos DB community.

This is our third Azure Cosmos DB Conf. Sessions will be a combination of Microsoft and community delivered. Come and learn more about Azure Cosmos DB. See what others in the community are building.

March 28, 2023 8:00AM PT – 11:00AM PT 

Pre-Register Now:

• Azure Cosmos DB Conf 2023:
  https://learn.microsoft.com/en-us/events/learn-events/azure-cosmos-db-conf-2023/

Do you have students that are looking for a career in technology?

Are you a student looking for resources on how to get ahead with Microsoft technology?

Microsoft Student Summit
A good place to start is the Microsoft Student Summit 2023, a 90 minute virtual event the week of March 20 to help build your skills and experience on the Microsoft Cloud. Students and tech career seekers should register now to attend a session in your timezone.

“Student Hub” and more
Additionally, the following resources are available from Microsoft for students interested in careers in tech:

• Student Hub Overview – Microsoft Learn Student Hub
  • Student Training and Certification
  • Student discounts
• Self-paced online training – Learning Paths & Modules
• Instructor-led Microsoft Virtual Training Days
  • Microsoft Virtual Training Days – Azure
  • Microsoft Virtual Training Days – Business Applications
  • Microsoft Virtual Training Days – Microsoft 365
  • Microsoft Virtual Training Days – Security

Learning Pathways is a a collection of self-guided learning journeys to help you with your ongoing professional development.

These guides are one-page overviews that are HYPERLINKED and show the available training available for the subject.  They act as learning companions to the Enterprise Skills Initiative and are available in the following categories:

Infrastructure:

• Azure Administrator
• Azure VMWare Solution
• Azure Solution Architect
• Azure Network Engineer
• Stack Hub Operator

Data & AI:

• Data Skills (Aspiring Analyst)
• Power BI Data Analyst
• Data Engineer
• Azure Synapse Analytics
• Azure Database Admin
• Azure Data Scientist
• AI Engineer
• Microsoft Purview

Security:

• Security Operations Analyst
• M365 Security Admin
• Azure Security Engineer
• Identity and Access Admin
• Information Protection Admin
• Microsoft Sentinel

Development:

• Azure Developer
• Azure DevOps
• GitHub Learning

Other:

• Microsoft Cost Management
• Digital Skills > Cloud
• Microsoft Teams

AWS-to-Azure:

• Azure for AWS Architects
• Azure for AWS Developers
• Azure for AWS SysOps

To download the guides. visit:

• DOWNLOAD: Microsoft Cloud Learning Pathways
  https://learning-pathways.co.uk/

Microsoft has made 6 major announcements in the past few weeks regarding artificial intelligence.

1. Microsoft OpenAI partnership
2. GPT & Bing & Edge
3. GPT & Viva Sales
4. GPT & Teams Premium
5. Microsoft on Responsible AI
6. General availability of “Azure OpenAI Service”

Additionally, Microsoft previously announced exclusive licensing of GPT-3 language model.

• BLOG: Microsoft teams up with OpenAI to exclusively license GPT-3 language model

For State & Local Government decision makers, the opportunity is excellent:

• BLOG: How OpenAI can benefit State and Local Government
• BOOK: Generative Artificial Intelligence Use Cases in State & Local Governments: Scratching the surface of the "Why" & "How" to initiate implementing … through the lens of 100 use cases

Azure has made OpenAI services available in “commercial” tenants:

• SITE: Azure OpenAI Service – Advanced Language Models
• DOCS: Azure OpenAI – Documentation, quickstarts, API reference
• BLOG: General availability of Azure OpenAI Service expands access to large, advanced AI models with added enterprise benefits

There’s been lots of coverage from the press.

• New York Times:
  Microsoft’s ChatGPT-Powered Bing Makes Search Interesting Again
• Bloomberg:
  Microsoft’s AI Chatbot Finds Early Success in Bing Searches
• Wall Street Journal:
  I Tried Microsoft’s New AI-Powered Bing. Search Will Never Be the Same.
• Business Insider:
  Microsoft Bing Vs Google Search: Why Bing Is so Much Better
• CNET:
  Microsoft’s AI-Powered Bing Can Run Rings Around Google Search:  For eight of 10 tough questions I asked, I liked Bing’s answers better.
• CNBC:
  Microsoft will offer ChatGPT tech for companies to customize: source
• Windows Central:
  Microsoft unveils crazy new Bing powered by ChatGPT AI tech | Windows Central
• Yahoo! Finance:
  ChatGPT on track to surpass 100 million users faster than TikTok or Instagram: UBS
• SiliconAngle:
  Microsoft integrates OpenAI’s GPT-3.5 model into its Viva Sales application
• Inverse:
  Microsoft Teams Premium Has the First Actually Useful Application of OpenAI’s GPT-3
• ZDNet:
  ChatGPT – One million people have joined the waitlist for Microsoft’s AI-powered Bing

A new paperback book that examines the use of Generative AI for State & Local Government scenarios was released earlier this month:

"Generative Artificial Intelligence Use Cases in State & Local Governments" is a groundbreaking book that explores the numerous ways in which AI can be harnessed by government entities at the state and local levels to enhance their operations and services.

The book provides a comprehensive overview of AI technologies and their potential applications, including:

• predictive maintenance
• fraud detection
• budget forecasting
• grant application review
• and much more

With real-world case studies and examples of AI deployments, the book illustrates the tangible benefits that can be achieved by incorporating these technologies into government operations.

The book also provides practical guidance on how to plan and implement AI projects, including best practices for data management, ethical considerations, and how to foster collaboration between AI practitioners and government officials.

Whether you are a government executive, an AI professional, or simply interested in the role of technology in the public sector, this book is an essential resource for anyone looking to understand the future of AI in state and local governments.

Get the book here on Amazon:

• Amazon.com: Generative Artificial Intelligence Use Cases in State & Local Governments: Scratching the surface of the "Why" & "How" to initiate implementing … through the lens of 100 use cases: 9798376107843: Shekhar, Vidhu, ChatGPT, OpenAI: Books