close

Azure App Service

Microsoft Azure App Service

Azure App Service

Microsoft Azure Cloud Services Model Reaches General Availability

Azure-Availability-Zone-Microsoft-696×381

Cloud Services (extended support) is a new Microsoft solution that has been in public preview since January. After tweaking the solution over the interim months, Microsoft is now rolling out Cloud Services to everyone. The company says the offering is now generally available.

Based on the company’s Azure Resources Manager (ARM), the service replaces the previous Cloud Services that was based on Azure Service Manager (ASM). Alongside the wide release, Microsoft is also deploying a tool that helps users migrate from the old version to the new model. For the time being, this tool is working in preview.

More than just switching the base of the solution, Microsoft has also brought some changes to Cloud Services (extended support). For example, Azure Key Vault is now baked in, allowing deeper certification management.

Microsoft says the underlying function of Cloud Services, such as upgrades and rollbacks, will remain the same. Equally, the Azure GuestOS will now be aligned with Cloud Services.

Highlights

Here are the key highlights of the new service:

  • Cloud Services (extended support) also supports two types of roles, web and worker. There are no changes to the design, architecture, or components of web and worker roles.
  • No changes are required to runtime code as the data plane is the same as cloud services.
  • Azure GuestOS releases and associated updates are aligned with Cloud Services (classic).
  • Underlying update process with respect to update domains, how upgrade proceeds, rollback, and allowed service changes during an update will not change.
  • Customers must use Azure Key Vault to manage certificates in Cloud Services (extended support). Azure Key Vault lets you securely store and manage application credentials such as secrets, keys, and certificates in a central and secure cloud repository.
  • All resources deployed through the Azure Resource Manager must be inside a virtual network.
  • Each Cloud Service (extended support) is a single independent deployment. VIP Swap capability may be used to swap between two Cloud Services (extended support).

Tip of the day:

Tired of Windows 10’s default notification and other system sounds? In our tutorial we show you how to change windows sounds or turn off system sounds entirely.

Source Winbuzzer

read more
Azure App Service

Microsoft Using Special Liquid to Cool Azure Data Servers

Datacenter-Server-Liquid-Cooling-Microsoft-Azure-696×392

One of the problems companies face when handling massive computational loads is cooling. A company like Microsoft, with massive server banks within datacenters are constantly fighting against overheating. The company sees the end of the road for traditional air-cooling methods, such as fans. Instead, Microsoft is experimenting with liquid cooling by submerging servers in special tanks.

In a blog post, Microsoft explains how it uses a “two-hone immersion cooling” method by dipping servers into a liquid that does not damage electronics. The liquid carries heat away from components and then boils. By using a cooled condenser lid on top of the tank, the boiling water turns to vapor before changing back to liquid and being redistributed.

This is a closed look cooling system, according to Christian Belady, vice president of Microsoft datacenter advanced development. Speaking to The Verge, he explained how the system works:

“It’s essentially a bath tub. The rack will lie down inside that bath tub, and what you’ll see is boiling just like you’d see boiling in your pot. The boiling in your pot is at 100 degrees Celsius, and in this case it’s at 50 degrees Celsius.”

In its official blog, the company points out it is not the first company to explore this technology. For example, cryptocurrency minders have been using immersion cooling. Still, for a major leader with a massive cloud infrastructure, this is a first.

On a simpler level, the company has already explored the idea of cooling its servers by submersion. Microsoft is already dropping datacenters into the ocean to keep them cool.

Deep Sea Experiment

Microsoft’s efforts to develop underwater datacenters was launched in 2014. In 2017, Project Natick was selected among the 190 finalists of the first World Changing Ideas Awards. By 2018, the project was ready and deployed underwater off the coast of Scotland’s Orkney Islands.

Last year, Microsoft raised the datacenter capsule from the ocean and the results were positive. Microsoft says its prediction about the benefits of underwater datacenters have been upheld.

“The consistently cool subsurface seas also allow for energy-efficient data centre designs. For example, they can leverage heat-exchange plumbing such as that found on submarines,” the blog post said at the time.

Tip of the day:

Do you sometimes face issues with Windows 10 search where it doesn’t find files or return results? Check our tutorial to see how to fix Windows 10 search via various methods.

Source Winbuzzer

read more
Azure App Service

Microsoft Solves Global Azure Active Directory Outage

Azure-Space-Microsoft-696×393 (1)

Microsoft says there was an Azure Active Directory problem that is making authentication issues for some customers. According to the company, the issue is sporadic but does affect users globally. It also manifests across services, such as Dynamics 365, Microsoft Teams, Microsoft Office, Xbox Live, and Azure.

First reports of the problem started on Monday and stretched into this morning (March 16). Microsoft has now updated its Azure Status Twitter to confirm the issue has been mitigated.

“Engineers have confirmed the issue impacting Azure Active Directory has been mitigated.”

When complaints first came in, Microsoft issued the following statement regarding Azure Active Directory:

“CURRENT STATUS: Engineering teams have identified a potential underlying cause and are exploring mitigation options. The next update will be provided in 60 minutes or as events warrant.”

 

Cause

Microsoft says its analysis of the issue points to an error in the rotation of keys Azure AD uses with OpenID:

“As part of standard security hygiene, an automated system, on a time-based schedule, removes keys that are no longer in use. Over the last few weeks, a particular key was marked as “retain” for longer than normal to support a complex cross-cloud migration. This exposed a bug where the automation incorrectly ignored that “retain” state, leading it to remove that particular key.

“Metadata about the signing keys is published by Azure AD to a global location in line with Internet Identity standard protocols. Once the public metadata was changed at 19:00 UTC, applications using these protocols with Azure AD began to pick up the new metadata and stopped trusting tokens/assertions signed with the key that was removed. At that point, end users were no longer able to access those applications.”

If Azure AD has an uptime of less than 99.9% per month, users receive 25% service credit. If that number falls below 99%, they are entitled to 50%, and 100% if it’s below 95%. You can work out your downtime with the formula: “(User Minutes – Downtime)/User Minutes * 100)”.

Tip of the day:

Do you often experience PC freezes or crash with Blue Screens of Death (BSOD)? Then you should use Windows Memory Diagnostic to test your computers RAM for any problems that might be caused from damaged memory modules. This is a tool built into Windows 10 which can be launched at startup to run various memory checks.

read more
Azure App Service

Microsoft AccountGuard Security Features Coming to 31 Democracies

AccountGuard-Microsoft-696×392

Microsoft AccountGuard is evolving this week as the company brings the cybersecurity identity and access management features to 31 new democracies around the world. According to the company, “enterprise-grade” tools are now coming to other nations:

“The addition of new features to AccountGuard provides new ways to protect online accounts for political parties, candidates and their staff, health care workers, human rights defenders, journalists and certain other customers who are at greatest risk from nation-state hackers.”

AccountGuard was launched in August 2017. Available in Office 365, the service helps Microsoft Account holders running elections campaigns, in political committees, or politician staff. The tool provides more threat monitoring capabilities by regularly monitoring accounts for security breaches. Journalists, human rights workers, and more have been using Account Guard successfully.

Those industries can use the tool following Microsoft’s expansion of the service in April 2020.

During its checks, AccountGuard scans attachments for malware, phishing, and failed login attempts. If something is found, a notification is sent to the account holder. If a genuine cyber threat is uncovered, Microsoft provides remediation and ongoing support to stop the threat.

Rolling Out Now

New features coming to 31 democracies were first used during the 2020 U.S. Presidential Election. Microsoft says customers enjoyed an 18% improvement in its Identity Protection Security Score thanks to AccountGuard. This is score is an automatic review of an organization’s ability to hold off security attacks.

“These identity protection offerings help ensure only authorized people can log on to an organization’s systems and make it more difficult for hackers to impersonate legitimate staff.”

Among the countries receiving the features are the United Kingdom, France, Australia, Germany, Denmark, and Canada. You can check out the full list of supported nations here.

Tip of the day:

Did you know that as a Windows 10 admin you can restrict user accounts by disabling settings or the control panel? Our tutorial shows how to disable and enable them via Group Policy and the registry.

Source Winbuzzer

read more
Azure App Service

Microsoft Azure Space Partners with HPE for Spaceborne Computer-2 Launch

Azure-Space-Microsoft-696×393

Microsoft is teaming with Hewlett Packard Enterprise (HPE) to link the Azure cloud platform with HPE’s Spaceborne Computer-2. Under the partnership, the two companies will create compute and machine learning solutions for the supercomputer.

If you’re unfamiliar with HPE’s Spaceborne Computer-2, it is a collaboration between HP and NASA. It is a commercial supercomputer that functions in space. Specifically, it is an edge computing device that brings computation during space flights through data-intensive applications.

NASA will launch the Spaceborne Computer-2 into space on February 20 as part of the 15th Northrop Grumman Resupply Mission to Space Station (NG-15).

One of the benefits for customers is the ability to gain new data insights and research developments. For example, the information could advance fields such as weather modelling, medial imaging, plant analytics, and more.

Expanding Azure Space

With Microsoft on board, the Spaceborne Computer-2 will sync into the Azure Space initiative. Announced in October 2020, Azure Space is a bundle of cloud products combining with partnerships to make Microsoft Cloud a major player in the growing space tech area.

“HPE and Microsoft are collaborating to further accelerate space exploration by delivering state-of-the art technologies to tackle a range of data processing needs while in orbit. By bringing together HPE’s Spaceborne Computer-2, which is based on the HPE Edgeline Converged Edge system for advanced edge computing and AI capabilities, with Microsoft Azure to connect to the cloud, we are enabling space explorers to seamlessly transmit large data sets to and from Earth and benefit from an edge-to-cloud experience.

“We look forward to collaborating with Microsoft on their Azure Space efforts, which share our vision to accelerate discovery and help make breakthroughs to support life and sustainability in future, extended human missions to space.” —Dr. Mark Fernandez, Solutions Architect of Converged Edge Systems at HPE and Principal Investigator for Spaceborne Computer-2

Tip of the day:

When using your Windows 10 laptop or convertible with a mobile hotspot
you might want to limit the Internet bandwidth your PC uses. In our tutorial we are showing you how to set up a metered connection in Windows 10 and how to turn it off again, if needed.

Source Winbuzzer

read more
Azure App Service

Malwarebytes Confirms SolarWinds-Related Attack Through Microsoft 365 and Azure

Security-Icon-Microsoft-630×420

Major security and antivirus firm Malwarebytes says it was a victim of the recent SolarWinds breach through the Solarigate malware. Since last year, the state-backed breach has targeted users of the SolarWinds app Orion, including Nvidia, Microsoft, and government organizations.

In an official blog post, Malwarebytes points out it is not a user of SolarWinds apps. However, the company was breached through another vector that has already been compromised. The attack came from already breached apps that had access to Microsoft 365 and Azure services. Malwarebytes does use those two Microsoft services.

Attackers were able to access “a limited subset of internal company emails” but not any production systems.

Malwarebytes worked directly with the Microsoft Detection and Response Team (DART) to find the attack, says CEO Marcin Klecynski:

“Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails.”

Moving forward, Malwarebytes says it is working with other security firms to share information. It is hoped it will become easier to mitigate Solarigate attacks and find responses that work to stop breaches.

Attacks

Earlier this month, the U.S. Department of Justice confirmed a Microsoft 365 breach related to the SolarWinds attack. According to the government agency, the breach left 3% of its mailbox vulnerable. However, no classified information was stolen during the attack.

While the Solarigate malware can be delivered through Microsoft services, it is not caused by them. Russia-backed threat actors used the avsvmcloud.com website to host a server for the Solorigate malware. The infection was sent to 18,000 SolarWinds Orion customers. Many of those users are major organizations and government departments.

Last month, Microsoft President Brad Smith said the attack creates “serious technological vulnerability for the United States and the world”.

Also in December, the Cybersecurity and Infrastructure Security Agency (CISA) debuted a PowerShell tool to help Microsoft 365 customers mitigate Solarigate. Microsoft had recently confirmed stolen Azure/Microsoft 365 credentials and access tokens were a part of the breach.

Tip of the day:

Did you know that a virtual drive on Windows 10 can help you with disk management for various reasons? A virtual drive is just simulated by the platform as a separate drive while the holding file might be stored anywhere on your system .

The data in the drive is available in files or folders, which are represented by software in the operating system as a drive. In our tutorial we show you different ways how to setup and use such virtual drives.

Source Winbuzzer

read more
Active DirectoryAzure App Service

Tips & Tricks for Azure File Shares

Cyber-Security-Lock-Pixabay-696×392

As with any technology, when you first get started there are sometimes some bumps to getting the setup or installation correct. Those DOH moment. No matter how many times you read the administrators installation guide there may be some items that are missing that wasn’t included in the documentation or a particular scenario not thought of. Azure file shares is no different and there are some common hiccups that can be avoided with good planning. This blog post is going to give you some tips and tricks to get started with Azure file shares to help eliminate some of those bumps that you may run into.

 

Intros please

First off, I want to give a quick intro as to what Azure file shares is for those that are hearing about this for the time.  The official description of Azure file shares is:

 

“Fully managed file shares in the cloud that are accessible via Server Message Block (SMB) protocol  (also known as Common Internet File System or CIFS). Azure File shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.”

 

The short version is:

 

A file share that is in the cloud.

 

Azure file shares can be used to completely replace or supplement traditional on-premises file servers or NAS devices. They can be used by Windows, macOS, and Linux which can directly mount Azure file shares wherever they are in the world.  If you are thinking of using this to replace your local file shares you will need to use Azure file Sync and be running Windows server 2016.

 

You can use it for more than supplementing your local file server such as, Azure files can be used to in a lift and shift migration into Azure. This also works well for Hybrid scenario, where the application data is moved to Azure Files, and the application continues to run on-premises. An Azure file share is also a good for cloud applications to write their logs, metrics, and crash dumps.

 

With security on everyone’s mind you’re probably asking how is this secured? Well, Azure Files access control is maintained with several methods. Announced at Microsoft Ignite 2018, Azure Files supports identity-based authentication and access control with Azure Active Directory (Azure AD) (Preview). As part of the preview, Azure File supports preserving, inheriting, and enforcing NTFS DACLs in a file share. When data is copied from a file share to Azure Files, or vice versa, you can specify that NTFS DACLs are maintained. Please note this is in preview so I would not recommend into production. The stop gap until Azure AD for Azure file shares is GA is to use Azure file sync. When using Azure File Sync on your Windows file server, it preserves and replicates all discretionary ACLs, or DACLs, (whether Active Directory-based or local) to all endpoints that it syncs to in Azure.

 

 

Tips and Tricks

Below is a list of some tips and tricks to help remove any bumps you have may with Azure file shares.

 

Plan, Plan, Plan

I can’t say this enough, but you need to plan why and what before you jump into this head first otherwise you can risk failure.

  • Develop a clear plan. Identify what you’re moving to Azure files shares and the reasons for why.
  • Understanding the objectives will help you become more successful as you can determine if this is the right path or possibly a different solution is better.
  • Once you have those identified gather all the stakeholders and start to develop a plan for the implementation.

Use SMB 3.0

The preferred SMB client is 3.0.

  • You should be using SMB 3.0, however, you can access Azure file shares with SMB 2.1. Keep in mind that clients that are using SMB client 2.1 can only access it from within the same Azure region. Please also note the connection is without encryption. If you’re thinking of using SMB client 1.0, it won’t’ work.
  • If you are mounting from an on-premises server or outside your Azure region only SMB 3.0 is supported.

Open Port 445

Common cause for connection issues is Port 445 being block. This can be at the local level within your datacenter to even your ISP. To see the summary of ISPs that allow or disallow access from port 445 see here

  • Troubleshoot connection issues with Fiddler or PortQRY:
    • You can use Portqry to query the TCP:445 endpoint. If the TCP:445 endpoint is displayed as filtered, the TCP port is blocked. Here is an example query:

thumbnail image 1 of blog post titled 

							Tips & Tricks for Azure File Shares

 If TCP port 445 is blocked by a rule along the network path, you will see the following output

thumbnail image 2 of blog post titled 

							Tips & Tricks for Azure File Shares

  • Double check that your Antivirus & Firewall Software Policy allow Port 445. Often local system policies may also block this port.

Persistent Connections

Don’t you hate it when you mapped a drive then when you reboot your computer it disappears? Well that can sometimes happen when you make connections to Azure file shares and you don’t make the connection persistent. To make connections persistent you can use the following:

 

  • CMDKEY or Credential Manager to store Azure Storage account credentials

thumbnail image 3 of blog post titled 

							Tips & Tricks for Azure File Shares

  • You can also add “/persistent:yes“ to the net use command

thumbnail image 4 of blog post titled 

							Tips & Tricks for Azure File Shares

 

Install KB3114025

For those still running Windows Server 2012 R2 you may experience some slowness when you attempt to copy files to Azure file shares. There is a known issue with that which can be corrected by installing KB3114025.

  • Install on Windows 8.1 or Windows Server 2012 R2.
  • This also Increases performance on I/O intensive workloads

 

Access issues with an application or service account

If your application or service is running under a different user account than what the drive is mounted with, you may experience an issue where the application or service account cannot accessing the Azure file share. Some workarounds :

  • Mount the drive from the same user account that contains the application. You can use a tool such as PsExec.
  • Pass the storage account name and key in the user name and password parameters of the net use command.
  • Use the cmdkey command to add the credentials into Credential Manager. Perform this from a command line under the service account context, either through an interactive login or by using runas.

thumbnail image 5 of blog post titled 

							Tips & Tricks for Azure File Shares

 

  • Map the share directly without using a mapped drive letter. Some applications may not reconnect to the drive letter properly, so using the full UNC path may be more reliable.
    thumbnail image 6 of blog post titled 

							Tips & Tricks for Azure File Shares

 

Network and Security Policies for outside the company network or VPN

When implementing Azure file shares keep in mind it can be accessed from anywhere there is an internet connection if not configured correctly. If this violates any of your company polices on data access you will need to do some extra work. By default, storage accounts accept connections from clients on any network. You can restrict access to Azure file shares by configuring the associated storage account with limited access through the default network access rule.

 

  • Please note that making changes to network rules can impact your ability to connect to Azure Storage. Be sure to first grant access to any allowed networks using network rules before you change the default rule to deny access.

Source Microsoft

read more
Azure App Service

Microsoft Azure PlayFab Expands to More Regions, Gains AMD VM Support

PlayFab-Microsoft-Acquisitionp-Official-573×420

Microsoft is announcing the expansion of its Azure PlayFab, bringing the service to more regions while also finally adding AMD support. Specifically, support for AMD virtual machines (VM) that will provide cheaper access for customers.

At the start of 2018, Microsoft acquired cloud gaming management company PlayFab. PlayFab was a cloud-based company that provides game management and analytics solutions, including multiplayer servers. Among its services are virtual currency tracking, leaderboards, authentication, commerce, and more.

Shortly after the acquisition, Microsoft revealed plans to fold the company into Azure, creating Azure PlayFab. The company integrated features from the software into live game operations through Azure cloud. Among the services PlayFab brought to Microsoft are virtual currency tracking, leaderboards, authentication, commerce, and more.

Azure PlayFab is now reaching more users thanks to an expansion into other regions. Microsoft says it is bringing PlayFab Multiplayer Server Hosting to India Central, UAE North, Korea Central, and U.S. West 2.

AMD Support

This expansion means a total of 22 Microsoft Azure regions now support PlayFab. Moreover, the platform now supports AMD virtual machines. Microsoft says the VMs boost performance by up to 40% and also save money.

In its announcement, Microsoft explains the technical side of the AMD support:

“The Azure Virtual Machine Dav4 and Dasv4 series feature the AMD 2.35Ghz EPYCTM 7452 2nd Generation processor in a multi-threaded configuration with up to 256 MB L3 cache, and each 8 cores have 8 MB of dedicated L3 cache. The Dav4-series sizes offer a combination of vCPU, memory and temporary storage that is suitable for most gaming workloads. The Dasv4 Azure VMs expose up to 96 vCPUs, 384 GBs of RAM, and 768 GBs of SSD-based storage.”

Tip of the day:

If your PC keeps connecting to the wrong WiFi network, you can set WiFi priority to avoid the need to manually select access points over and over again.

Source Winbuzzer

read more
Azure App Service

Microsoft Debuts Azure Government Top Secret Regions

Azure-Government-Top-Secret-696×392

Microsoft has launched a cloud service geared towards governments and organizations that handle extremely sensitive data. Called Azure Government Top Secret, this is a solution for those classified files you want to stay that way.

In its announcement, Microsoft says Azure Government Top Secret is gaining accreditation with help from the U.S. government. The release build of the service was sent out on Monday (Dec. 7). Microsoft says quick development and preparation for accreditation is possible because of the synergy across Azure services:

“The broad range of services will meet the demand for greater agility in the classified space, including the need to gain deeper insights from data sourced from any location as well as the need to enable the rapid expansion of remote work.

“Additionally, mission owners will benefit from greater choice in modernizing legacy systems, with a secure cloud platform that works on open standards and open frameworks with tools that work across a wide range of skill levels, from business analysts to developers to data scientists.”

These new Azure regions bring the same abilities as standard Azure regions, albeit with protection for top secret data.

Azure Government Secret Features

At the same time, Microsoft is bringing new features to its existing Azure Government Secret service. Customers of this cloud tier includes law enforcement and the Department of Defense. In terms of the DoD, the service has Impact Level 6 and Intelligent Community Directive 503 compliance.

Microsoft says its Windows Virtual Desktop tool is now available to organizations using Azure Government Secret. Availability Zones are also coming to the Azure Government platform. These zones allow customers to manage datacenter failures by isolating their own system.

Source Winbuzzer

read more
Azure App Service

VMware Vulnerabilities Come from Russia-Backed Threat Actors Says NSA

Security-Threat-Microsoft-630×420

During the COVID-19 pandemic, there has been a massive increase in the number of people working from home. Because of lockdown measures, remote work and schooling has become the norm for hundreds of millions around the world. That said, the revolution was already underway before 2020 and many apps and services focus on providing distance work features.

Like any other tech realm that achieves mainstream success, there are bad actors who want to exploit people using apps. Some of those threat actors are state sponsored. According to an advisory by the National Security Agency in the U.S., Russian-backed hacking groups are targeting remote workers.

Specifically, the NSA says these groups are targeting vulnerabilities found in many enterprise-grade remote work solutions from VMware. In response, VMware issued its own bulletin last week that provides information on patches to prevent the flaw being further exploited.

“VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.”

Patches Available

All the vulnerable services are cloud infrastructure solutions and related to identity management. Among them are VMware Identity Manager, it’s successor VMware Workspace One Access, and others. According to the company the vulnerabilities are “Important” but not “Critical”:

“VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator.”

That rating comes because any attack must come from having prior access to a web-based password-protected management interface.

“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system. This account is internal to the impacted products and a password is set at the time of deployment. A malicious actor must possess this password to attempt to exploit CVE-2020-4006. Examples of how this password could be obtained by a malicious actor are documented in T1586 of the MITRE ATT&CK database.”

VMware advises customers to install the patches to mitigate the attack vulnerability.

Source Winbuzzer

read more
1 2 3 5
Page 1 of 5