Smaller organizations are more prone to appoint IT admins with global admin rights as a “catch all” privilege, especially where the company might have started their cloud journey with Office 365. This might be compounded where in small companies, an admin will be expected to support a wider breath of technology. However, this goes against least privilege guidelines for companies looking to a “zero trust” model.
Microsoft Active Directory has been commercially available for more than 20 years. As noted in Image 1 below, the core appeal of the product is being an effective platform for authentication and providing policies at enterprise scale. However, the core premise of Microsoft Active Directory in providing effective services, is for end users to be onsite. During the time of Covid-19 with more companies shifting to a hybrid work model, Microsoft Active Directory is becoming problematic to end users.
The cornerstone of this issue is the companies relying on VPN access. Most company VPNs operate on the following assumptions:
Historically Microsoft has had common cost advantages for customers looking to onboard to the cloud such as reservations and Hybrid benefits (a reduction in cost leveraging on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure). But as time has progressed Microsoft has started introducing features which can be only found on Azure exclusively leading to Azure cost savings.
Microsoft introduced Azure Budgets as a means to help companies plan for and drive organizational accountability. While many companies view budget enforcement from a traditional perspective such as alerts, currently Azure did not give you more direct options such as shutting down virtual machines (VMs). Using Budgets makes Azure cost management easy.
While these features are not out of the box, Azure Budgets does offer integration with Azure Action Groups. Action Groups provide a means to trigger an orchestrated set of actions resulting from a budget event. Such actions can be turning off machines when a threshold takes place (in this case when the budget is exceeded by a certain amount), for example. The action groups in term can then execute a PowerShell script (within an automation account) to perform the cost savings action.
It should be noted: this course of action does not need to be applied to all VMs. For example, the
shutdown sequence of VMs to keep within budget can be directed to machines:
One of the pillars of Windows Virtual Desktop (WVD) is the technology behind profile container technology, referred to as FSLogix. Upon login, the FSLogix profile container is connected to the computing environment so the profile is readily available.
This then raises the question on the ideal locations to host the repository of profiles generated FSLogix usage. Aspects to consider:
Steve Baker, a Senior Security Solutions Architect here at Rutter, recently had the opportunity to speak with Executive Marketing and Business Advisory Services (EMBAS) about managed network security solutions. There are many issues surrounding network security that are top of mind for companies of all sizes including fraud, hacking, data breaches, etc. Steve talks about these threats and what can be done about them and to create managed network security solutions.
For those trying to relay SMTP with an application in Azure to Office, base guidance and options can be found in the Microsoft article “How to set up a multifunction device or application to send email using Microsoft 365 or Office 365”. In the article, three distinct distinct options are provided for Office 365 relay, noted in the table below:
Policies are an essential part of an overall security strategy and are many times under-valued or overlooked completely. Organizations of all sizes often struggle with developing a comprehensive information security strategy due to the challenges of prioritizing where to begin. Strong and effective policies provide an excellent set of resources to help set expectations, provide long and short term goals, and identify gaps that may need to be closed. No matter the maturity level of your organization’s information security strategy, well written policies put you on the right path for continued development.
In part 1 of these series we discussed the merits of Azure file sync. One of the options of this technology is Cloud tiering. This feature of Azure File Sync in which frequently accessed files are cached locally on the server while all other files are tiered to Azure Files based on policy settings. When a file is tiered, the Azure File Sync file system filter replaces the file locally with a pointer, or reparse point. In the event a user needs a file which has been cached, Azure File Sync quietly downloads the file from Azure Files from the cloud.
Azure file sync is the offering of syncing file information from a file server to a storage account in the cloud. The file server becomes transformed into a local cache of information, and with policies in place, tiering will move older information to the cloud. By doing so, a file server can be extended dramatically.
