Category: Microsoft
Category Archives: Microsoft
Azure Automation supports Azure CLI commands in runbooks
Azure Automation has announced support for Azure CLI commands in runbooks (preview announcement). The rich command set of Azure CLI expands capabilities of runbooks even further, allowing you to reap combined benefits of both, for automating and streamlining management of Azure resources. Azure Automation runbooks target orchestration on a wide array of resources such as Virtual Machines, Arc-enabled Servers, Databases, Storage, Azure Active Directory, and much more, along with complex workflows involving multiple resources.
Azure Automation has emerged as a pivotal service that provides a complete end-to-end solution for managing complex hybrid environments. It facilitates authoring of PowerShell and Python scripts with intelligent suggestions through GitHub Copilot, provides a serverless platform for execution of those scripts, offers the flexibility to execute those scripts on Azure or in customer’s local environment, and monitors those executions comprehensively.
Quickstart
Learn how to run Azure CLI commands in PowerShell 7.2 runbook here.
For any questions or feedback, please reach out to askazureautomation@microsoft.com
Know more about Azure Automation roadmap here.
Microsoft Tech Community – Latest Blogs –Read More
Quick, Check It Out Before It’s Too Late! Azure Cost Optimization At It’s Finest!
Good evening or morning to our readers! Brandon here to give you a last second heads up (sorry) on some great references for optimizing your costs in Azure. As many of our readers know, I have a particular affinity for cost savings for our customers, so I wanted to get this out quickly! Act fast!
2/22/2024:
Check out this livestream event for optimizing your Azure costs with Azure savings plans and reservations, presented by Obinna Nwokolo (Principal Technical Program Manager) and Priyanshi Mittal (Senior Product Manager):
https://developer.microsoft.com/en-us/reactor/events/21719/
Additionally, I highly recommend taking a look at this interactive guide on savings plan and reservation commitments: FinOps on Azure Exercise 8 – Manage commitment-based discounts (cloudguides.com)
So short for my history of being “Brandon “long-winded” Wilson”, yet hopefully helpful none-the-less!
Microsoft Tech Community – Latest Blogs –Read More
Get ready for take off with Microsoft at SQLBits 2024
Microsoft is all set to soar high as the headline sponsor of SQLBits in Farnborough, UK from March 19-23. With their engines revved up, Microsoft is ready to take off and deliver 2 full-day workshops, 40+ sessions, a keynote, a booth, and much more at the event.
Join keynote speaker, Asad Khan, General Manager of SQL, along with other SQL experts, as they take you on a journey through the latest from SQL Server, Azure SQL, Microsoft Fabric, and more. And don’t miss the opportunity to dive into The Cloud Workshop for the SQL Professional led by Bob Ward, geared towards SQL Server users migrating to Azure SQL, and the From Beginner to Certified: A Fabric Analytics Engineer Workshop led by Bradley Ball and Mark Pryce-Maher.
So, come aboard and join us on this informative journey! Start planning which sessions you’ll be attending with our quick reference guide:
Date/Time
Location
Session Title
Speaker
Co-speaker(s)
WEDNESDAY
3/20 – 9:00am
Gate 1
Introduction to Microsoft Fabric
Mohammad Ali
3/20 – 9:00am
Gate 13
PostgreSQL for SQL Server Professionals
Silvano Coriani
3/20 – 9:00am
Gate 4
What You Should Know About Always On Availability Groups
Bob Ward
3/20 – 11:10am
Gate 4
Database of the future is here – Azure SQL Hyperscale deep dive
Arvind Shyamsundar
Aditya Badramraju
3/20 – 11:10am
Gate 3
Simplified SQL modernization journey with Azure SQL Migration Tools: A deep dive
Ajith Krishnan
Neel Ball;
3/20 – 11:10am
Gate 13
SQL DB: a developer’s catalyst
Muazma Zahid
Carlos Robles
Jerry Nixon
3/20 – 1:50pm
Gate 4
Modernize your SQL Data by starting cloud journey with SQL Server enabled by Azure Arc.
Raj Pochiraju
Dhananjay Mahajan
3/20 – 4:00pm
Gate 11
Azure SQL Managed Instance Deep Dive by Microsoft Product Group
Dani Ljepava
Niko Neugebauer; Nevena Nikolic; Uros Milanovic; Djordje Jeremic
THURSDAY
3/21 – 9:00am
Microsoft Keynote
Asad Khan
Yitzhak Kesselman, Bob Ward, Buck Woody, Erin Stellato, Patrick LeBlanc, Adam Saxton
3/21 – 10:10am
Gate 10
A Deep Dive into DevOps Practices with Azure SQL
Carlos Robles
Jerry Nixon
3/21 – 10:10am
Gate 9
Fly at Mach-speed with Azure SQL Managed Instance
Nevena Nikolic
Uros Milanovic; Niko Neugebauer
3/21 – 10:10am
Gate 5
Flying High with Data Engineering in Microsoft Fabric
Aitor Murguzur
Luke Moloney
3/21 – 10:10am
Gate 12
Hidden Gems in SQL Server 2022 Database Engine
Ajay Jagannathan
Dimitri Furman
3/21 – 10:10am
Gate 4
Welcome to the world of SQL Copilots
Bob Ward
Joe Sack
3/21 – 12:00pm
Gate 12
Come see your SQL Perfmon in the cloud
Bob Ward
Dimitri Furman
3/21 – 12:00pm
Gate 8
Discover what’s new in Azure SQL Managed Instance through an exciting Demo Party!
Niko Neugebauer
Nevena Nikolic and Uros Milanovic
3/21 – 12:00pm
Gate 11
What You’ve Been Missing in SSMS
Erin Stellato
Drew Skwiers-Koballa
3/21 – 2:10pm
Gate 1
What’s new on the Power BI Roadmap
Mohammad Ali
Rui Romano
3/21 – 2:10pm
Gate 11
Zero to Hero with SQL Server on Linux – DBA & Developers
Amit Khandelwal
Tejas Shah
3/21 – 3:20pm
Gate 12
Building AI ready applications
Muazma Zahid
Sanjay Mishra
3/21 – 4:50pm
Gate 4
Accelerate your Oracle/Mainframe Modernization journey to Azure SQL
Mukesh Kumar
Asad Khan; Des Fitzgerald
3/21 – 4:50pm
Gate 5
Harnessing Data Science and AI in Fabric
Luke Moloney
Aitor Murguzur
3/21 – 4:50pm
Gate 5
What’s new in SQL Tools
Drew Skwiers-Koballa
FRIDAY
3/22 – 9:00am
Gate 12
Modern models of managing database fleets in Azure PaaS.
Bogdan Gavrilovic
Dani Ljepava, Uros Milanovic
3/22 – 9:00am
Gate 1
Your first flight with Data Factory in Microsoft Fabric
Ulrich Christ
Krishnakumar Rukmangathan
3/22 – 10:10am
Gate 1
The Microsoft Data Leadership Panel
Bob Ward
Asad khan, Sanjay Mishra, Muazma Zahid, Alicja Kucharczyk, Mohammed Ali
3/22 – 12:00pm
Gate 11
Data tiering using data Virtualization in SQL
Ajay Jagannathan
3/22 – 1:40pm
Gate 2
JSON – a first class citizen in Azure SQL DB
Sanjay Mishra
Abhiman Tiwari
3/22 – 1:40pm
Gate 8
Advancing the DBA’s Role in the Cloud: In the Cockpit of Azure SQL Managed Instance
Dani Ljepava
Djordje Jeremic and Bogdan Gavrilovic
3/22 – 1:40pm
Gate 6
More for less: Cost optimizing your Azure SQL databases
Aditya Badramraju
Arvind Shyamsundar
3/22 – 1:40pm
Gate 3
Navigating Modern Authentication in SQL
Jordan Hays
Pieter Vanhove
3/22 – 3:20pm
Gate 8
Making the SQL Query Processor Work for you
Derek Wilson
3/22 – 3:20pm
Gate 1
SQL Server and Windows Server Better together on Azure
Bob Ward
3/22 – 4:50pm
Gate 11
Achieve peak performance and availability for your SQL Server and Azure SQL workloads with core engine enhancements
Ajay Jagannathan
Derek Wilson
3/22 – 4:50pm
Gate 12
Extendable by Design: Building Generative AI Apps with Postgres and Vector Storage and Azure AI
Adam Wolk
SATURDAY
3/23 – 9:00am
Gate 12
SQL Server Containers & Kubernetes – Going to Production!
Amit Khandelwal
Tejas Shah
3/23 – 9:00am
Gate 9
Azure SQL DB Data Portability : Mirroring, CDC, Export/Import and DataSync
Rajesh Setlem
Carlos Robles
3/23 – 9:00am
Gate 12
Confidential development with Always Encrypted using enclaves
Pieter Vanhove
3/23 – 9:00am
Gate 10
HADR on SQL Server on Azure VMs: Everything you Need to Know
David Pless
3/23 – 9:00am
Gate 2
Operational insights in your hybrid-cloud multi-cloud SQL inventory outside azure using Arc SQL Server
Dhananjay Mahajan
3/23 – 10:10am
Gate 7
Deep {sky}diving into Data Factory in Microsoft Fabric
Jeroen Luitwieler
Chunhua Gu
3/23 – 10:10am
Gate 11
Perfecting business continuity for Azure SQL DB
Rajesh Setlem
3/23 – 2:10pm
Gate 3
Business continuity of on-prem SQL Servers using Azure services through Arc
Dhananjay Mahajan
Raj Pochiraju
3/23 – 2:10pm
Gate 4
SQL Server on Azure VM – Configuring for Price-Performance
David Pless
3/23 – 2:10pm
Gate 5
The What and the Why of Microsoft Fabric Real-time Analytics
Devang Shah
3/23 – 4:00pm
Gate 4
A Deep Dive into Microsoft Fabric Data Warehouse
Mark Pryce-Maher
3/23 – 4:00pm
Gate 8
Best Practices in PostgreSQL Tuning: Navigating Key Performance Bottlenecks in the Cloud
Alicja Kucharczyk
3/23 – 4:00pm
Gate 1
How to design and build AI applications with vector search using Azure OpenAI & Azure Cosmos DB
Theo van Kraay
3/23 – 4:00pm
Gate 12
SQL Modernization Journey with Tools, Assets & Migration Best Practices
Neel Ball
Ajith Krishnan, Des Fitzgerald
Community Hangar
The Community Hangar is a unique feature of SQLBits, it’s a space where attendees can meet and interact with community groups, experts, and enthusiasts. Find us in the Community Hangar for opportunities to “Meet the PG” or product group – the folks who build the products and features you use every day.
THURSDAY
11:30 – 11:50
Meet the PG: SQL Leadership
Asad Khan, Sanjay Mishra, Muazma Zahid, Ajay Jagannathan, Joe Sack, Tejas Shah, Dhananjay Mahajan, Buck Woody
12 – 12:50
Meet the PG: Power BI with Patrick, Adam & Mohammad
Mohammad Ali, Patrick LeBlanc, Adam Saxton
15:20-16:10
Meet the PG: PostgreSQL in Azure
Alicja Kucharczyk, Adam Wolk, Silvano Coriani
1620-16:40
Meet the PG: Data Platform Security
Pieter Vanhove, Jordan Hays
FRIDAY
11:30 – 11:50
Meet The PG : SQL Server in hybrid and multicloud environments
Dhanajay Mahajan, Raj Pochiraju, Ajay Jagannathan
12:00 – 12:50
Meet The PG: All things Azure SQL DB
Aditya Badramraju, Arvind Shyamsunder, Rajesh Setlem, Dimitri Furman
14:50 – 15:10
Meet the PG : SQL Server on Linux/Containers
Amit Khandelwal, Tejas Shah
15:20 – 16:10
Meet the PG: Developers
Muazma Zahid, Jerry Nixon, Carlos Robles, Abhiman Tiwari
SATURDAY
10:10 – 11:00
Meet the PG: SQL tools
Drew Skwiers-Koballa, Erin Stellato, Subhojit Basak, Carlos Robles
11:30 – 11:50
Meet the PG: Azure SQL Managed Instance
Niko Neugebauer, Dani Ljepava, Nevena Nikolic, Uros Milanovic, Djordje Jeremic, Bogdan Gavrilovic
14:10 – 15:00
Meet the PG: Data Integration
Jeroen Luitwieler, Ulrich Christ, Krishnakumar Rukmangathan, Chunhua Gu
Register today!
To learn more about SQLBits or to register, click here.
Microsoft Tech Community – Latest Blogs –Read More
Think like a People Scientist: Understanding and interpreting your survey data
At Viva Glint, our customers frequently ask us how to ‘think more like a People Scientist’ at key moments in their employee listening lifecycle. For example, how would a People Scientist think about designing a survey or listening strategy? What would they consider when analyzing and interpreting survey results in preparation for a boardroom meeting? Or perhaps, how do they use their skills to influence acting on employee feedback? On February 20th, we were delighted to bring you the first webinar in this series on ‘Think like a People Scientist’ to answer all your questions and more!
During this webinar, Jennifer Stoll (Principal People Scientist), Jason Thomas (Senior People Scientist) and Ben Tankus (People Science Analyst) shared their collective experiences and tips and tricks on how to approach the analysis of employee survey data. They spoke about the importance of understanding the impact of both internal factors (i.e. organizational priorities, organizational context etc.) and external factors (i.e. economic/industry trends) during the analysis. They also explained how to use the different types of reports available in Viva Glint to gather insights, some basic data science principles to be aware of, and how to use survey comments to aid your understanding of the employee experience.
If you missed the live event, watch the recording here. You can also access the slide presentation below which includes a list of further resources to help you.
For other upcoming events in this series see our event listings page.
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Learn for Organizations: Jump-start team technical training
It’s no surprise that organizations, teams, and individuals all need technical expertise to succeed. Since today’s teams have limited time to build new skills for their key projects, there’s an increasing demand for technical training that can be covered in self-directed, always-on, digital resources—outside of the classroom. To help meet these team skill-building needs, we’re happy to announce Microsoft Learn for Organizations—a faster, more focused way to help close skill gaps and drive business success across your organization. This valuable resource features curated collections that help take the guesswork out of learning journeys so learners can apply new skills to quickly unblock projects. And this is just the beginning. We’ll make regular updates to include the latest technology and skills, adding collections, features, and more.
What is Microsoft Learn for Organizations?
Microsoft Learn for Organizations serves as the front door to all that Microsoft Learn offers for learners engaged in team training. It’s your trusted source to get your teams skilled up and ready to power AI transformation with the Microsoft Cloud. Its focus is on streamlining what it takes for teams to gain technical skills to meet project and business goals. Resources include:
AI skill-building resources.
Curated collections (for organization leaders and for learners) that link to:
Learning paths and other self-paced content.
On-demand videos and events.
Gamified learning opportunities and skills challenges.
Instructor-led training (ILT) with Training Services Partners (TSPs) to help learners gain tech skills that translate from the classroom to the workplace.
Credentials, including Microsoft Certifications and Microsoft Applied Skills.
Success stories that explore how organizations achieve and benefit from a culture of learning.
Connections to a global community of learners and experts to help broaden expertise.
Which collections are available?
Microsoft Learn for Organizations includes a number of self-paced collections to help jump-start team training and skill up your teams for success. The initial collections include:
Build and modernize with AI. Help accelerate the benefits of AI at your organization by training everyone on this transformational technology.
Accelerate developer productivity. Equip yourself with essential skills to harness transformative AI tools, fostering innovation and accelerating developer productivity.
Get started with organizational skilling. Explore skill-building resources that you can use to start creating a learning culture within your organization.
Migrate and secure Windows Server and SQL Server workloads. Build the skills to guide your organization’s migration to the cloud with a wide variety of training options for Azure.
Migrate enterprise apps. Discover an extensive array of resources designed to help your organization efficiently migrate enterprise applications at scale.
Migrate SAP. Find out how to support your organization’s SAP migration efforts with a selection of skill-building resources.
Power business decisions with cloud-scale analytics. Uncover the potential of cloud-scale analytics to transform data into actionable insights at enterprise scale.
Transform your organization with skills for business professionals. Find out how to strategically apply Microsoft solutions across your organization, using training to empower business users and leaders.
Who can benefit from this new skill-building resource?
This exciting new self-service resource is for all organizations—for-profit or nonprofit, large or small—that want to train their teams and get the most value from their investment in Microsoft products, solutions, and technologies. It can benefit:
Team leaders who need to upskill team members to unblock key tech projects.
Learning managers who are focused on employee development to help meet organizational goals.
Anyone involved in coordinating training programs (formal or informal) who is interested in reducing barriers to technical skill-building.
All learners, especially those who need to accelerate project outcomes with tailored training to fit their learning styles and their demanding schedules, along with a way to certify and validate their newly gained skills.
Ready to jump-start your team training and help close skill gaps?
When you train your teams, develop a learning culture, and promote continuous learning development, it’s good not only for team members but also for your business. Closing tech skill gaps is one of the best ways for individuals to meet their professional goals and for organizations to meet their business goals—it’s a win-win.
Microsoft Learn offers expert and engaging learning experiences that are relevant to real-world challenges that your team members face every day. And Microsoft Learn for Organizations meets your team members wherever they are in their learning journey, to help them gain the technical expertise they need to thrive, demonstrate their expertise through industry-standard credentials, and validate that their skills remain top-notch.
Go to Microsoft Learn for Organizations, explore the collections and other resources, share them with your colleagues, and join the community. Stay tuned for more details as we evolve Microsoft Learn for Organizations to help ensure that your teams can keep up with changing roles and responsibilities, take their skills and projects to the next level, and help drive project and organizational success.
Microsoft Tech Community – Latest Blogs –Read More
Retirement of RBAC Application Impersonation in Exchange Online
Today we are announcing that we will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts starting in May 2024, and that in February 2025, we will completely remove this role and its feature set from Exchange Online.
Modernizing Application Access
Historically, when you needed to grant an application access to more than its own mailbox in your Exchange organization using Exchange Web Services (EWS), you had limited options.
Simple delegation worked for one-to-one and even some one-to-few scenarios, but when you needed to grant access to many mailboxes, Impersonation was the way to go. Impersonation provided easy and broad access to many mailboxes, but limited options for scoping resources for access, and limited visibility outside of Exchange.
Today, the Microsoft identity platform / application model is the standard way to build apps that integrate with your data in the Microsoft cloud. Registering your app in Microsoft Entra simplifies deployment and adoption, makes permissions clearly visible, and helps to standardize your integrated applications.
How Does This Affect Me?
All apps must have an App Registration, and when using Application permissions (not Delegated), the app must use a secure credential for access.
When using EWS, you still grant the full_access_as_app Application permission, which provides the same level of mailbox access as ApplicationImpersonation. You can use an Application Access Policy to restrict the resources the application can access. You can also use RBAC for Apps to restrict the resources it can access.
Better yet, use Graph, as EWS is going away!
How Do I Find Accounts Using This Type of Access and What Actions Should I Take?
Use Exchange Online PowerShell to check for accounts that have been assigned the ApplicationImpersonation role:
Get-ManagementRoleAssignment -Role ApplicationImpersonation -GetEffectiveUsers
For EWS applications requiring 1 to many mailbox access, ensure the application is configured properly with OAuth to use App-only access.
Implement resource-scoped access using Application Access Policies or Role Based Access Control for Applications in Exchange Online to control mailbox access as needed for your scenario.
The Exchange Online Team
Microsoft Tech Community – Latest Blogs –Read More
Welcome to the Microsoft Defender Experts Ninja Hub
We’re excited to announce our Microsoft Defender Experts Ninja Hub. We have compiled document guides, videos, and other resources to help you get familiar with our Defender Experts services and stay up to date on the latest from the Defender Experts team.
We’ll update this post as we add resources, so make sure to bookmark this page: https://aka.ms/DefenderExpertsNinjaHub
Microsoft Defender Experts for XDR
Microsoft Defender Experts for XDR is a managed extended detection and response (MXDR) service that triages, investigates, and responds to incidents for you to help stop cyberattackers and prevent future compromise. Defender Experts for XDR delivers human expertise to security teams quickly to help address coverage gaps and augment their overall security operations. The documentation links below provide more information on the service, requirements, and FAQs:
What is Microsoft Defender Experts for XDR offering | Microsoft Learn
Before you begin using Defender Experts for XDR | Microsoft Learn
Get started with Microsoft Defender Experts for XDR | Microsoft Learn
How to use the Microsoft Defender Experts for XDR service | Microsoft Learn
Communicating with Microsoft Defender Experts | Microsoft Learn
How to search the audit logs for actions performed by Defender Experts | Microsoft Learn
Additional information related to Defender Experts for XDR | Microsoft Learn
FAQs related to Microsoft Defender Experts for XDR | Microsoft Learn
Microsoft Defender Experts for Hunting
Microsoft Defender Experts for Hunting proactively looks for threats 24/7/365 using unparalleled visibility of cross-domain telemetry and leading threat intelligence to extend your team’s threat hunting capabilities and improve overall SOC response. The documentation links below provide more information on the service, requirements, and reporting:
What is Microsoft Defender Experts for Hunting offering | Microsoft Learn
Key infrastructure requirements for Microsoft Defender Experts for Hunting | Microsoft Learn
How to subscribe to Microsoft Defender Experts for Hunting | Microsoft Learn
Understand the Defender Experts for Hunting report in Microsoft Defender XDR | Microsoft Learn
Ninja Show episodes featuring Defender Experts
Season 5, Episode 5: Improve your security posture with Microsoft Defender Experts for XDR
Season 3, Episode 4: Defender Experts for Hunting Overview
On-demand event sessions featuring Defender Experts
Microsoft Security Tech Accelerator 2023: Defender Experts in-depth: Running a Modern SOC in the age of LLMs
Microsoft Ignite 2023: Jumpstart your SOC with Microsoft Defender Experts for XDR
Microsoft Webinar: Revolutionize Managed XDR with Microsoft
Microsoft Ignite 2022: Introducing Microsoft Defender Experts for Hunting
Defender Experts videos
Explainer Video: Microsoft Defender Experts for XDR
Explainer Video: Microsoft Defender Experts for Hunting
Video: Adversary in the Middle Hunting Story
Deep dives from the Microsoft Security blog featuring Defender Experts
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
One way Microsoft Defender Experts for Hunting prioritizes customer defense
Podcasts
Microsoft Security Insights Show Episode 181: Brian Hooper and Phoebe Rogers: A day in the life of a Defender Experts for XDR analyst
Microsoft Security Insights Show Episode 168: Steve Lee, Defender Experts
To learn more about Defender Experts, click here.
Microsoft Tech Community – Latest Blogs –Read More
Defender for Cloud deployment in AWS/GCP – Agents, Resources, IAM and Cleanup options
Objective of the article
The purpose of this article is to provide organizations with a comprehensive understanding of all the agents and resources deployed as part of Defender for Server, Defender for Container, Defender for SQL in their AWS/GCP environment by Defender for Cloud. The article aims to guide organizations on the impact of Defender for Cloud on their environment and what they need to remove when switching Defender for Cloud plans on the security connector. Where possible this article should avoid duplicating information that is already available on Microsoft Learn and focus on providing information that is not publicly available or documented on Microsoft Learn.
Introduction:
Have you ever wondered about the agents, extensions, resources and roles deployed as part of Defender for Server, Defender for Container, Defender for SQL on your AWS or GCP workloads? Have you ever needed to update the selection of Defender for Cloud plans on a security connector for your AWS or GCP environment? This article provides you with a comprehensive understanding of the impact of agents and resources on your environment and guides you on what can be removed when updating the Defender for Cloud plans on a desired security connector.
The following table summarizes Microsoft agents and extensions for CWPP:
Agent
Defender for Servers
Defender for Containers
Defender for SQL on Machines
Azure Arc Agent
✔
✔
✔
Microsoft Defender for Endpoint extension
✔
Log Analytics or Azure Monitor Agent extension
✔
*In deprecation process
✔
Defender Sensor
✔
Azure policy for Kubernetes
✔
SQL servers on machines
✔
Let’s review list of agents, resources and roles per plan and cleanup options
Defender for Server – AWS:
Resource
Type
Creation Phase
Offboarding
MDE – The Microsoft Defender for Endpoint agent provides comprehensive endpoint detection and response (EDR) capabilities
Agent
Post connector creation
For Windows servers instructions: Offboard Windows servers
For non-Windows servers instructions: Offboard non-Windows servers
Azure Arc – AWS machines connect to Azure using Azure Arc
Agent
Post connector creation
SSM – SSM Agent is
mandatory for Arc onboarding
Agent
Post connector creation
Some customers rely on SSM Agent for other purposes so please check it before removal
For removal instructions please check AWS guide
DefenderForCloud-DefenderForServers;
DefenderForCloud-ArcAutoProvisioning;
DefenderForCloud-AgentlessScanner;
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
The policies associated with the role name should be removed too
For removal instructions please check AWS guide
Defender for Server – GCP:
Resource
Type
Creation Phase
Offboarding
MDE – The Microsoft Defender for Endpoint agent provides comprehensive endpoint detection and response (EDR) capabilities
Agent
Post connector creation
For Windows servers instructions: Offboard Windows servers
For non-Windows servers instructions: Offboard non-Windows servers
Azure Arc – GCP machines connect to Azure using Azure Arc
Agent
Post connector creation
microsoft-defender-for-servers
IAM – service account
Script creation
The service account is customizable – it is saved within the created connector
For removal instructions please check GCP guide
defender-for-servers
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
For removal instructions please check GCP guide
OIDC –
defender-for-servers
IAM – workload identity pool
Script creation
For removal instructions please check GCP guide
*Defender for Server P2 require Microsoft Monitor Agent (MMA or LA agent) and/or Azure Monitor Agent (AMA) for some features, but since it’s in deprecation phase, please follow these articles for details and offboarding options:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/upcoming-changes#defender-for-servers
AMA removal: Manage Azure Monitor Agent – Azure Monitor | Microsoft Learn
MMA removal: Manage the Azure Log Analytics agent – Azure Monitor | Microsoft Learn
For MMA, please make sure Legacy solutions are removed from Log analytics workspace.
Defender for Container – AWS:
Offering
Resource
Type
Creation Phase
Offboarding
Run-time threat protection
Azure Arc enabled kubernetes- Connects your EKS clusters to Azure and onboards the Defender sensor
Agent deployed on single node
Post connector creation
You can remove Azure Arc-enabled Kubernetes via Azure CLI or Azure PS:
Cleanup Azure Arc-enabled Kubernetes
Running this command will delete all arc related resources including extensions
Defender Sensor
Sensor deployed on each node
Post connector creation
You can remove defender sensor using the Azure portal, Azure CLI, or REST API: Remove the Defender sensor
Azure Policy for Kubernetes – Extends the Gatekeeper v3
Extension deployed on one single node
Post connector creation
You can remove defender extensions using the Azure portal, Azure CLI, or REST API: Remove the Defender agent
Agentless threat protection
S3
Post connector creation
Delete S3 bucket with ARN: arn:aws:s3:::azuredefender-{ AwsRegion}-{ AwsAccountId}-{ ClusterName}
For removal instructions please check AWS guide
SQS
Post connector creation
Delete a queue with ARN:
arn:aws:sqs:{ AwsRegion}:{ AwsAccountId}:azuredefender-{ ClusterName}
For removal instructions please check AWS guide
Kinesis Data firehose (Amazon Kinesis Data Streams)
Post connector creation
Delete a stream with ARN:
arn:aws:firehose:{AwsRegion}:{ AwsAccountId}:deliverystream/azuredefender-{ ClusterName}
For removal instructions please check AWS guide
DefenderForCloud-DataCollection;
DefenderForCloud-Containers-K8s-cloudwatch-to-kinesis;
DefenderForCloud-Containers-K8s-kinesis-to-s3
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
The policies associated with the role name should be removed too
For removal instructions please check AWS guide
Agentless Container Vulnerability Assessment
MDCContainersImageAssessmentRole
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
The policies associated with the role name should be removed too
For removal instructions please check AWS guide
Agentless discovery for Kubernetes
MDCContainersAgentlessDiscoveryK8sRole
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
The policies associated with the role name should be removed too
For removal instructions please check AWS guide
Defender for Container – GCP:
Offering
Resource
Type
Creation Phase
Offboarding
Run-time threat protection
Azure Arc enabled kubernetes- Connects your GKE clusters to Azure and onboards the Defender sensor
Agent deployed on single node
Post creation
You can remove Azure Arc-enabled Kubernetes via Azure CLI or Azure PS: Cleanup Azure Arc-enabled Kubernetes
Running this command will delete all arc related resources including extensions
Defender Sensor
Sensor deployed on each node
Post connector creation
You can remove defender sensor using the Azure portal, Azure CLI, or REST API: Remove the Defender sensor
Azure Policy for Kubernetes – Extends the Gatekeeper v3
Extension deployed on one single node
Post connector creation
You can remove defender extensions using the Azure portal, Azure CLI, or REST API:Remove the Defender agent
Run-time threat protection (AuditLogs)
Container.googleapis.com
Enable API
Script creation
Please note, it might be used by other solutions
For removal instructions please check GCP guide
logging.googleapis.com
Enable API
Script creation
Please note, it might be used by other solutions
For removal instructions please check GCP guide
Data Access audit logs configuration
Settings
Script creation
Please note, it might be used by other solutions
Name of component to disable:
Kubernetes Engine API
For removal instructions please check GCP guide
Pub/Sub Topic
Post creation
For each cluster in a project a topic is created with prefix: “MicrosoftDefender-“
For removal instructions please check GCP guide
Pub/sub Subscription
Post creation
For each cluster in a project a subscription is created with prefix: “MicrosoftDefender
For removal instructions please check GCP guide
SINK – log route
Post creation
For removal instructions please check GCP guide
microsoft-defender-containers;
ms-defender-containers-stream;
IAM – service account
Script creation
The service account is customizable – it is saved within the created connector
For removal instructions please check GCP guide
MicrosoftDefenderContainersDataCollectionRole;
MicrosoftDefenderContainersRole;
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
For removal instructions please check GCP guide
OIDC – containers
IAM – workload identity provider
Script creation
For removal instructions please check GCP guide
Agentless discovery for Kubernetes
containers
IAM – workload identity pool
Script creation
Please note, this identity been used by DCSPM plan as well
For removal instructions please check GCP guide
mdc-containers-k8s-operator
IAM – service account
Script creation
The service account is customizable – it is saved within the created connector
For removal instructions please check GCP guide
Agentless Container Vulnerability Assessment
containers
IAM – workload identity pool
Script creation
Please note, this identity been used by DCSPM plan as well
For removal instructions please check GCP guide
mdc-containers-artifact-assess
IAM – service account
Script creation
The service account is customizable – it is saved within the created connector
For removal instructions please check GCP guide
Defender for SQL- AWS:
Resource
Type
Creation Phase
Offboarding
Defender Agent
Agent
Post connector creation
Removed automatically on plan change
Removal can be done via Azure Portal in extension tab
Azure Monitor Agent for SQL server – Collects security-related configuration information and event logs from machines
Agent
Post connector creation
Azure Monitor Agent offboarding: Unistall AMA
Azure Arc – AWS machines connect to Azure using Azure Arc
Agent
Post connector creation
Uninstall Azure Arc
Please remove Arc only after defender agent removal
DefenderForCloud-ArcAutoProvisioning;
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
The policies associated with the role name should be removed too
For removal instructions please check AWS guide
Defender for SQL- GCP:
Resource
Type
Creation Phase
Offboarding
Defender Agent
Agent
Post connector creation
Removed automatically on plan change
Removal can be done via Azure Portal in extension tab
Azure Monitor Agent for SQL server – Collects security-related configuration information and event logs from machines
Agent
Post connector creation
Azure Monitor Agent offboarding: Unistall AMA
Azure Arc – GCP machines connect to Azure using Azure Arc
Agent
Post connector creation
Uninstall Azure Arc
Please remove Arc only after defender agent removal
microsoft-databases-arc-ap;
IAM – service account
Script creation
The service account is customizable –
it is saved within the created connector
For removal instructions please check GCP guide
defender-for-databases-arc-ap;
IAM – role
Script creation
The role name is customizable –
it is saved within the created connector
For removal instructions please check GCP guide
OIDC – defender-for-databases-arc-ap
IAM – workload identity pool
Script creation
Delete: defender-for-databases-arc-ap
For removal instructions please check GCP guide
Note: Microsoft Monitoring Agent (MMA) is being deprecated in August 2024. As a result, Azure Monitoring Agent (AMA) been used, but for customers that still use MMA, removal option:
Manage the Azure Log Analytics agent – Azure Monitor | Microsoft Learn
Please make sure Legacy solutions are removed from Log analytics workspace.
Conclusion: In this article, we have provided a comprehensive overview of all the agents, extensions, and resources deployed as part of Defender for Servers, Defender for Containers and Defender for SQL on AWS/GCP workloads. We have also presented detailed clean-up options for organizations looking to switch their Defender for Cloud plans. While our focus has been on Cloud Workload Protection Plans (CWPP), it is important to note that resources deployed by Cloud Security Posture Management (CSPM) plans are not listed here. As the solution and its features continue to evolve, the resources deployed or impacted by Defender for Cloud may vary between versions. We hope this article serves as a valuable resource for organizations looking to better understand the impact of Defender for Cloud on their AWS/GCP environment.
Acknowledgements
Special thanks to Bojan Magusic for the great partnership and technical review.
Reviewed by:
Lior Arviv, Senior Program Manager
Aviv Mor, Principal PM Manager
Ido Keshet, Principal PM Manager
Maya Herskovic, Senior PM Manager
Bojan Magusic, Product Manager 2
Microsoft Tech Community – Latest Blogs –Read More
Manage the latest versions of Azure Stack HCI with SCVMM
Azure Stack HCI is a hybrid cloud solution that lets you run virtualized workloads on-premises with direct access to Azure services. It combines the performance, security, and scalability of hyperconverged infrastructure (HCI) with the flexibility and innovation of Azure.
As a datacenter scale customer, to take full advantage of these new capabilities, you need a powerful and reliable management solution that can handle the complexity and scale that comes with large scale deployments. To address these requirements, customers can continue to leverage System Center components as the management solution for larger deployments of Azure Stack HCI 23H2 clusters for a select set of scenarios while leveraging Arc based management of HCI clusters for other scenarios.
Supported Azure Stack HCI scenarios with System Center
The following scenarios will be supported in SCVMM to manage Azure Stack HCI 23H2:
Addition, creation and management of Azure Stack HCI clusters.
Ability to provision and deploy Virtual Machines (VMs) on the Azure Stack HCI clusters and perform VM lifecycle operations.
Set up networking on Azure Stack HCI clusters.
Deployment and management of SDN network controller on Azure Stack HCI clusters.
Management of storage pool settings, creation of virtual disks, creation of cluster shared volumes (CSVs) and application of QoS settings.
Migration of VMware and Windows Server based workloads to Azure Stack HCI.
Management of Azure Stack HCI clusters using the same PowerShell cmdlets used to manage Windows Server clusters.
Azure based VM self-serve capabilities and Azure management services through Azure Arc-enabled SCVMM.
Supported Azure Stack HCI scenarios through Azure and WAC
The following scenarios will continue to be supported from the Azure Portal/WAC to manage Azure Stack HCI 23H2:
Creation of Azure Stack HCI clusters.
Register and unregister Azure Stack HCI clusters from VMM.
Upgrading Azure Stack HCI 22H2 clusters to 23H2.
Enablement of Azure benefits on VMs running on Azure Stack HCI clusters.
All operations on Azure Stack HCI clusters deployed with Windows Defender Application Control (WDAC).
All new Azure Stack HCI 23H2 features like GPU-Partitioning, SDN Multi-site, etc.
All Azure Stack HCI features that were previously unsupported with SCVMM like Stretched clustering.
When is the support for Azure Stack HCI 23H2 coming with System Center?
Azure Stack HCI 23H2 support will be added to the next LTSC version of System Center. The General Availability of the next LTSC version of System Center will be closer to the General Availability of Windows Server 2025.
Contact us
The System Center team is committed to delivering new features and quality updates with the LTSC and UR releases at regular cadence. For any feedback and queries, you can reach us at systemcenterfeedback@microsoft.com.
Microsoft Tech Community – Latest Blogs –Read More
Update records in a Kusto Database (Public Preview)
Kusto databases, either in Azure Data Explorer or in Fabric KQL Database, are optimize for append ingestion.
In recent years, we’ve introduce the .delete command allowing you to selectively delete records.
Today we are introducing the .update command. This command allows you to update records by deleting existing records and appending new ones in a single transaction.
This command comes with two syntaxes, a simplified syntax covering most scenarios efficiently and an expanded syntax giving you the maximum of control.
Here is an example of the simplified syntax:
.update table MyTable on Id <|
MyTable
| where Id==3
| extend Color=”Orange”
This command will update all records where Id==3 by replacing the Color column value by “Orange”.
As mentioned above, the command really does a .delete and .append in one go. In this case, it is equivalent to those 2 commands:
.delete table MyTable records <|
MyTable
| where Id==3
.append MyTable <|
MyTable
| where Id==3
| extend Color=”Orange”
The only exception to running those 2 commands is that the append command is run with the state of the table prior to the deletion. Indeed, if you would run those two commands, the .append command wouldn’t do anything since the records with Id==3 would have been deleted by the first command.
This is a good way to show how the same command would be represented using the expanded syntax:
.update table MyTable delete D append A <|
let D = MyTable
| where Id==3;
let A = MyTable
| where Id==3
| extend Color=”Orange”;
The expanded syntax allows you to explicitly define the delete and append queries.
Both syntaxes support a whatif mode where the command doesn’t change the table but returns the expected changes. We recommend always starting with a whatif mode to validate the predicates.
We encourage you to go through the many examples of the online documentation page to familiarize yourself with the syntax.
We believe this new command gives you an alternative for your data pipelines. Many loading scenarios involve updating records. For instance, ingesting new data in a staging table to then update the records of a main table with those new records. This is now possible with the .update command.
The command is in public preview and we are looking forward for your feedback!
Microsoft Tech Community – Latest Blogs –Read More
Always Encrypted with secure enclaves – Intel SGX vs VBS
Always Encrypted with secure enclaves is a feature of Azure SQL Database that allows you to protect sensitive data from unauthorized access, even from the database administrators. Secure enclaves are regions of memory isolated from the server that can perform computations on encrypted data without revealing the plaintext. When processing SQL queries, the database engine delegates computations on encrypted data to a secure enclave. The code in the enclave decrypts the data and performs computations on plaintext. This can be done safely, because the enclave has strong isolation guarantees. It is a black box to the containing database engine process and the OS, so database administrators or machine administrators cannot see the data inside the enclave.
By leveraging secure enclaves, Always Encrypted can support rich confidential queries, including pattern matching, range comparisons, sorting and more. It also enables in-place cryptographic operations, such as encrypting existing data or rotating the data encryption keys.
Azure SQL Database supports two types of secure enclaves: Intel SGX enclaves and VBS enclaves. In this blog post, we will compare these two options and help you choose the best one for your use case.
What are Intel SGX enclaves and VBS enclaves?
Intel Software Guard Extensions (Intel SGX) enclaves is a hardware-based trusted execution environment technology. Intel SGX protects data actively being used in the processor and memory by creating a trusted execution environment (TEE) called an enclave.
Virtualization-based Security (VBS) enclaves (also known as Virtual Secure Mode, or VSM enclaves) is a software-based technology that relies on Windows hypervisor and doesn’t require any special hardware. The hypervisor creates a logical separation between the “normal world” and “secure world”, designated by Virtual Trust Levels, VTL0 and VT1, respectively. VBS secure memory enclaves create a means for secure, computation in an otherwise untrusted environment.
What are the advantages and disadvantages of Intel SGX and VBS enclaves?
The main advantage of Intel SGX enclaves is that they provide stronger security guarantees than VBS enclaves. Intel SGX enclaves are resistant to attacks from the host operating system.
The main disadvantage of Intel SGX enclaves is that they have limited availability. The databases require specific hardware (DC-series) that are not supported by all Azure SQL Database service tiers and regions. Let us know if you need a region to be enabled where we currently do not support DC-series. Secondly, DC-series comes with an extra cost because of the specific hardware that is needed which is limited to a maximum of 40 physical cores.
The main advantage of VBS enclaves is that they have wider availability than Intel SGX enclaves because we don’t have the hardware dependency. VBS enclaves can run on any Azure SQL Database service tier in any region and comes with no extra cost.
The main disadvantage of VBS enclaves is that they provide weaker security guarantees than Intel SGX enclaves. VBS enclaves help protect your data from attacks inside the VM. However, they don’t provide any protection from attacks using privileged system accounts originating from the host.
Below is a summary comparison of Intel SGX and VBS enclaves:
Intel Software Guard eXtensions (SGX)
Virtualization-based security (VBS)
Available in DC-series hardware configuration
No hardware dependency
Purchasing model
vCore model
DTU and vCore
Compute mode
Provisioned
Provisioned and serverless
Compute size
Up to 40 (physical) vCores
Any (up to 128 vCores)
Regional availability
Regional availability: East/West US,
North/West EU, Canada Central, UK South, Southeast Asia
All Azure regions
Security
Protection from rogue customer’s DBAs
Protection from rogue customer’s DBAs
Protection from attacks originating from both guest and host OS (rogue cloud operators, malware)
Protection from attacks originating from guest OS (rogue cloud operators, malware), but not host OS
Attestation using Microsoft Azure Attestation
No attestation currently supported
How to choose between Intel SGX and VBX enclaves?
The choice between Intel SGX enclaves and VBS enclaves depends on your security requirements. Think about who you want to protect your data for. Do you want to protect your data from malicious insiders or do you also want to protect your data from the host provider. If you need the highest level of security, you should use Intel SGX enclaves.
The table below can help you with that decision.
Attacker
Attack method
Always Encrypted with Intel SGX enclaves
Always Encrypted with VBS enclaves
DBAs connecting over TDS
Querying encrypted columns without access to the encryption keys
Y
Y
VM (guest OS) administrators
Generating a memory dump of the SQL Server process or scanning its memory
Y
Y
Data center/host administrators
Generating a memory dump of the host server
Y
N
If needed, you can always switch the enclave type by changing the SLO of the database. In general, there are no changes needed in the application if you switch from VBS to Intel SGX or the other way around.
Conclusion
Unlike Intel SGX, VBS is a software-based solution with no hardware dependency. This allows us to bring the benefits of Always Encrypted with secure enclaves to all Azure SQL Database offerings, so that you can use the feature with a compute tier (provisioned or serverless), a purchasing model (vCore or DTU), a compute size (currently, up to 128 vCores), and a region that best matches your workload requirements. And, since VBS enclaves are available in existing hardware offerings, they come with no extra cost. It is important to note that Intel SGX enclaves remain a recommended option for customers who seek the strongest level of protection, including the isolation from host OS administrators, which VBS enclaves do not provide.
Learn more
Always Encrypted with secure enclaves documentation
Getting started using Always Encrypted with secure enclaves
GitHub Demo
Data Exposed episode (video)
Microsoft Tech Community – Latest Blogs –Read More
Microsoft’s commitment to Azure IoT
There was a recent erroneous system message on Feb 14th regarding the deprecation of Azure IoT Central. The error message stated that Azure IoT Central will be deprecated on March 31st, 2027 and starting April 1, 2024, you won’t be able to create new application resources. This message is not accurate and was presented in error.
Microsoft does not communicate product retirements using system messages. When we do announce Azure product retirements, we follow our standard Azure service notification process including a notification period of 3-years before discontinuing support. We understand the importance of product retirement information for our customers’ planning and operations. Learn more about this process here: 3-Year Notification Subset – Microsoft Lifecycle | Microsoft Learn
Our goal is to provide our customers with a comprehensive, secure, and scalable IoT platform. We want to empower our customers to build and manage IoT solutions that can adapt to any scenario, across any industry, and at any scale. We see our IoT product portfolio as a key part of the adaptive cloud approach.
The adaptive cloud approach can help customers accelerate their industrial transformation journey by scaling adoption of IoT technologies. It helps unify siloed teams, distributed sites, and sprawling systems into a single operations, security, application, and data model, enabling organizations to leverage cloud-native and AI technologies to work simultaneously across hybrid, edge, and IoT. Learn more about our adaptive cloud approach here: Harmonizing AI-enhanced physical and cloud operations | Microsoft Azure Blog
Our approach is exemplified in the public preview of Azure IoT Operations, which makes it easy for customers to onboard assets and devices to flow data from physical operations to the cloud to power insights and decision making. Azure IoT Operations is designed to simplify and accelerate the development and deployment of IoT solutions, while giving you more control over your IoT devices and data. Learn more about Azure IoT Operations here: https://azure.microsoft.com/products/iot-operations/
We will continue to collaborate with our partners and customers to transform their businesses with intelligent edge and cloud solutions, taking advantage of our full portfolio of Azure IoT products.
We appreciate your trust and loyalty and look forward to continuing to serve you with our IoT platform offerings.
Microsoft Tech Community – Latest Blogs –Read More
Partner of the Year Awards – share how you make a difference
It’s Partner of the Year Award (POTYA) season – one of the most anticipated time periods of the year for Microsoft partners. Our team leading the POTYA Social Impact category is excited to be reading partner entries of changemaking innovations and technology delivery enabling positive societal impact around the world.
I encourage partners to take this unique opportunity to tell your story, and showcase your business leadership and commitment to purpose, with impactful customer engagements focused on enabling inclusion, sustainability, and community resilience.
POTYA Social Impact category
This category honors industry and technical leaders in the areas of community response, inclusion, and sustainability. Additional consideration will be given for submissions demonstrating solution/service market availability and scalability.
The Community Response POTYA recognizes a partner organization that is providing innovative and unique services or solutions based on Microsoft technologies, helping solve challenges faced by communities and making a significant social impact during unprecedented times. We will be recognizing the contributions of partners driving response and recovery to crises impacting communities around the world, highlighting solutions and services that are driving innovation and partnerships that protect fundamental rights, uplift, and create a positive impact on communities.
The Inclusion Changemaker POTYA recognizes a partner organization that excels at providing innovative and unique services or solutions based on Microsoft technologies that help customers solve challenges of diverse representation, economic access, digital inclusion, and/or accessibility. Inclusion changemakers drive digital transformation to help enable more inclusive economic growth. Technology can unlock innovations toward a more inclusive and equitable world, leading to greater innovations for everyone, including the 1+ billion people living with disabilities.
The Sustainability Changemaker POTYA recognizes a partner organization that excels at providing innovative and unique services or solutions based on Microsoft technologies that help customers solve challenges of sustainable digital transformation. Environmental stewardship has grown in strategic importance as a significant driver of organizational and business performance as well as innovation and market value. To help drive technological innovation and industry transformation toward a more sustainable and climate stable future, we look to solutions and services that help organizations understand their impact on the climate and deliver on sustainability commitments.
If your offers serve nonprofit customers, also consider the Nonprofit POTYA (in the ‘Industry’ category). The Nonprofit Partner of the Year Award recognizes a partner organization that excels at providing innovative services or cloud solutions based on Microsoft technologies that help nonprofits tackle the world’s biggest challenges and deliver on their missions. Successful entrants will demonstrate strong growth in revenue and/or marquis customer wins.
Call for nominations
To learn more on preparing a standout entry and how to submit your POTYA nomination, visit https://aka.ms/POTYA. The application deadline is 6:00 PM Pacific Time (PT), on April 3, 2024.
Need inspiration? Revisit 2023 POTYA Social Impact Category winners here.
We look forward to celebrating your leadership and impact.
Microsoft Tech Community – Latest Blogs –Read More
SQL Server サービスが OS の起動時に自動起動してこなかった場合の対処策について
こんにちは。SQL Server サポート チームです。
今回は、OS の起動時に、 SQL Server サービスの起動が指定時間内に開始要求または制御要求に応答しないことでサービスの起動に失敗する場合の対処策についてご紹介します。
事象
SQL Server サービスのスタートアップの種類が自動となっている場合、OS起動時に SQL Server サービスも自動で起動されます。
その際に、サービス起動タイムアウト時間である30秒以内にサービスが起動できない場合があり、システム イベントログに次のようなエラーが記録され、起動に失敗します。
種類 : エラー
ソース : Service Control Manager
イベント ID : 7009
説明 :
MSSQLSERVER サービスの接続を待機中にタイムアウト (30000 ミリ秒) になりました。
種類 : エラー
ソース : Service Control Manager
イベント ID : 7000
説明 :
“MSSQLSERVER サービスを、次のエラーが原因で開始できませんでした:
そのサービスは指定時間内に開始要求または制御要求に応答しませんでした。”
原因
SQL Server サービスの自動起動がタイムアウトに達する原因に、以下のようなものがあります。
1. OS 起動直後の CPU や Disk の高負荷
OS 起動時には、多くのサービスが同じタイミングで起動するため、CPU や Disk への負荷が高い状態となります。
このような状態では、SQL Server サービスは起動時に Disk からの読み込みも多く、CPU や Disk の高負荷の影響を受けやすいため、SQL Server サービスの起動に時間がかかり自動起動が失敗する場合があります。
2. サービス起動時のドメインコントローラーとの通信遅延
SQL Server の サービスアカウントがドメインユーザーの場合、サービス起動時にまだドメインコントローラーとの通信が確立出来ていない時にも起動アカウントのログインができずサービスの起動に至らないため、自動起動が失敗することがあります。
対処策
このような場合、SQL Server サービスのスタートアップの種類を「自動(遅延開始)」に変更することで、起動時に CPU や Disk へ負荷が集中するタイミングを避けて SQL Server サービスを起動することが可能となります。
OS の起動時に SQL Server サービスの自動起動に失敗することが無い場合、この対応は不要ですが、自動起動が失敗する場合には対処策として実施いただき、状況が改善されるかご確認ください。
変更手順
1. [ファイル名を指定して実行] で、services.msc を指定し、サービス ウィンドウを起動します。
2. 「SQL Server (MSSQLSERVER)」 サービスを右クリックし、[プロパティ] を選択します。
※ MSSQLSERVER は既定のインスタンスの場合の例です。実際に設定するインスタンスのサービスを選択してください。
3. “スタートアップの種類” で [自動(遅延開始)] を選択し [OK] をクリックします。
※ SQL Server サービスは、既定で SQL Server Agent サービスと依存関係がありますので、SQL Server Agent サービスも “自動(遅延開始)” に変更してください。また、その他のサービスでも、SQL Server サービス、または SQL Server Agent サービスに依存していることで起動に失敗している場合、そのサービスも “自動(遅延開始)” に変更ください。
本設定により、OS起動時に自動起動されるサービスから2分遅れて対象のサービスの起動が開始されるようになりますので、指定時間内の起動に失敗する状況が改善することが期待できます。
なお、SQL Server サービスと依存関係は設定されていないものの SQL Server を利用するアプリケーションにおいて、OS 再起動後に SQL Server サービスが起動するまでの時間が遅くなることにより、アプリケーション側で SQL Server への接続エラーなどが発生する可能性があります。
SQL Server を利用するアプリケーションの OS 起動後の開始タイミングについても念のためご確認ください。
※ OS の起動時に SQL Server サービスの起動に失敗しない環境では、上記の対処策は不要です。
※ SQL Server 2022 以降は[開始モード] が [自動] と表示されている場合でも、サービスは代わりに [自動 (遅延開始)] モードで開始されます。
SQL Server サービスの開始、停止、一時停止、再開、再起動 – SQL Server | Microsoft Learn
※本記事は 2020 年 にMSDN TechNet に公開されたブログ記事を一部修正し、再投稿したものです。
Microsoft Tech Community – Latest Blogs –Read More
Encryption and Ledger in Azure SQL Database | Data Exposed
In this episode of Data Exposed, learn about the recent Azure SQL security innovations with Anna Hoffman and Pieter Vanhove.
Resources:
TDE with database-level CMK now generally available for Azure SQL Database – Microsoft Community Hub
SQL Server Management Studio improvements for Always Encrypted – Microsoft Community Hub
Ledger in Azure SQL Managed Instance now generally available – Microsoft Community Hub
View/share our latest episodes on Microsoft Learn and YouTube!
Microsoft Tech Community – Latest Blogs –Read More
Windows containers in Kubernetes: Automating nodepool management with Calico’s Windows HPC Support
Hello, we would like to feature our partners from Tigera Calico that we team up with to co-author a blog on Host Process Containers with Calico. Below are the names of the partners that co-authored the blog.
Dhiraj Sehgal Reza Ramezanpour
As the landscape of containerized applications evolves, enterprises are increasingly integrating Windows containers into their Kubernetes workflows.
These days with the help of cloud services such as Microsoft Azure Kubernetes Service, anyone can build and operate a Kubernetes environment with ease. However, there are a lot of fine-tuning and automation that are involved in preparing your production-ready environment that are done in the background. For example, networking is a huge part of the cloud-native environment, and all aspects of your business in the cloud depend on it.
Project Calico is a networking and security solution for the bare metal and cloud that offers great flexibility for such environments. In this blog, we will focus on how the new release of Calico has leveraged a new a feature of Windows containers, Host Process Containers (HPC) to optimize footprint in your cloud environment. On top of that, we will look at how HPC support makes the life of DevOps administrators easier by offering more control over the host machine in a Windows environment.
The challenge of manual nodepool management
One of the biggest challenges of managing Kubernetes clusters in an unmanaged or on-premise deployment. In a cloud environment like AKS (Azure Kubernetes Service), the cloud provider takes care of many aspects of managing your Kubernetes cluster, making it a seamless and hassle-free experience. However, when it comes to a customized environment where you have control over the node pools, the responsibility of managing and configuring the cluster falls on your shoulders. This can be a bit daunting, especially if you are new to Kubernetes or have limited experience with infrastructure management.
Managing Windows nodepools in such environments can be more challenging than Linux where privileged containers can configure host settings and integrate naturally with Kubernetes, Windows containers previously lacked this capability requiring administrators to use scripts or manual configuration steps outside of Kubernetes. This can be time-consuming and error-prone, especially when scaling your cluster quickly. Additionally, manual nodepool management can be disruptive to application lifecycles.
HPC is similar to a privileged container in Linux, just like privileged containers, HPC containers have the capability to access and make modifications to the host operating system. Silos are similar to namespaces in Linux which allow processes to run in an isolated environment. The following blog post highlights how Windows HPC is used for Calico and what are the benefits of it.
Calico’s Windows Host Process Containers
Calico’s Windows HPC support released in Calico OS 3.27 automates CNI installation and brings the Calico capabilities to Windows nodepools. This means that Kubernetes administrators can easily install Calico on their environment without having to manually install and configure Calico on each node, similar to Linux-based containers.
Calico’s support for Windows HPC feature works by running Calico as a HPC on each node. HPC are a special type of container that has access to the host’s filesystem. This allows Calico to install and configure itself on each node without requiring manual intervention from the Kubernetes administrator.
Benefits of automating nodepool management
Automating node pool management with Calico’s support for Windows HPC feature provides a number of benefits for Kubernetes administrators, including:
Reduced operational overhead: Automating nodepool management eliminates the need for Kubernetes administrators to manually install and configure Calico on each node. This frees up their time to focus on other tasks, such as managing Windows container-based applications.
Improved application performance and reliability: By automating node pool management, Kubernetes administrators can reduce the risk of disruptions to application lifecycles. This is because Calico can be installed and configured on new nodes without requiring any downtime for existing applications.
Increased agility and responsiveness to changing business needs: Automating node pool management makes it easier for Kubernetes administrators to scale their clusters up or down as needed. This can help businesses to respond more quickly to changing customer demand and other business needs.
Consistency between Windows and Linux GitOps practices.
How to enable Calico using Windows Host Process container support
For this part, we are going to assume that you have a hybrid Kubernetes cluster in your environment that supports HPC.
HPC support is provided with Kubernetes 1.22 and above, it also requires containerd 1.6+. If you would like to know more about these requirements, click here.
When your cluster is up and running, install the latest Tigera operator:
Use the following installation resource to install Calico for your Windows environment using the HPC feature:
kubectl create -f -<<EOF
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
calicoNetwork:
windowsDataplane: HNS
ipPools:
– blockSize: 26
cidr: 192.168.0.0/16
encapsulation: VXLAN
natOutgoing: Enabled
nodeSelector: all()
—
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {}
EOF
In environments where Calico is used for IP Address Management, you need to disable IPaddress sharing by using the following command:
kubectl patch ipamconfigurations default –type merge –patch='{“spec”: {“strictAffinity”: true}}’
Conclusion
To sum up, Windows nodes in non-cloud-provider environment used to be hard to install and configure because they did not have privileged containers. However, with HPC now generally available on Kubernetes, users can create containers that can automate the configuration of their node via accessing the host filesystem.
Calico has leveraged this technology to provide a Kubernetes-native way to install and manage networking in your cluster.
This means that the management of Windows nodes in a Kubernetes cluster is now fully automated, eliminating the need for administrators to manually configure nodes or containers.
Overall, the adoption of HPC in Kubernetes has transformed the way CNI solutions are installed and managed on Windows nodes, providing a more streamlined and automated approach that enhances the scalability, reliability, and ease of use of Kubernetes clusters.
Please look out for a coming blog covering Zero Trust with Tigera Calico.
Microsoft Tech Community – Latest Blogs –Read More
Final Reminder: Outlook REST API v2.0 and beta endpoints decommissioning
As we work to ensure better security, reliability, and performance for our customers, and as we announced in our previous blog post in September 2023, we are decommissioning the Outlook REST v2.0 and beta endpoints starting March 31, 2024. After this date, we will start progressively shutting off the endpoints until they become completely unavailable.
This means that any application that is still using these endpoints will stop working at some point after March 31, 2024 (except for Outlook Add-Ins as also communicated before). We strongly recommend that you migrate your applications to the Microsoft Graph API as soon as possible to avoid any disruption. Please refer to https://aka.ms/FromOutlookRestToGraph for guidance.
We continue to track the use of these endpoints and will inform the affected tenants through a Message Center post before we fully disable the endpoints. However, we urge you to migrate your applications as soon as possible.
The Microsoft 365 Team
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Learn AI Skills Challenge Pitch Winner: Watch Out
The Microsoft Learn AI Cloud Skills Challenge held in July wrapped up an incredible learning journey with the AI pitch Challenge; a showcase of innovation where passionate learners brought their visions to life through the power of AI. These creators shared how they would harness Microsoft’s AI technology to craft solutions for the future in a 3-minute video pitch. Out of many, five outstanding winners emerged, each with a unique and compelling vision.
This series of blog posts spotlights each creator sharing the transformative potential of their ideas.
Hello! I’m Ahmet Dedeler, a 16-year-old high school junior from Turkey, and I’m eager to share with you not just my latest project, “Watch Out,” but also my journey in the tech world. My adventure began with a simple curiosity about coding. Python and JavaScript were my initial gateways, but they quickly became much more than just programming languages. They were the tools that helped me understand the power of technology in solving real-world issues.
From Hackathons to Hosting One
My enthusiasm for coding swiftly led me to the world of hackathons. These weren’t just competitions; they were platforms where I could test my skills, innovate, and learn from peers. Winning a bunch of hackathons was a thrilling experience, each victory not just an achievement but a stepping stone to something greater.
This journey through numerous hackathons sparked an idea – why not host my own? Thus, “Boost Hacks” was born. It was a leap from participant to organizer, from learner to leader. The event was a massive success, with 800 participants, 85 innovative projects, and a staggering $180,000 in prizes. This wasn’t just about organizing an event; it was about creating a space for like-minded individuals to collaborate, innovate, and push the boundaries of technology.
Unveiling “Watch Out”: A Vision for Safer Communities
“Watch Out” is born from a desire to enhance community safety through the power of AI. It’s an AI-driven system that uses Computer Vision to detect and alert people about potential safety hazards in their surroundings – from fallen trees to damaged sidewalks.
How “Watch Out” Works
The system operates by analyzing live street footage, continuously scanning for anomalies or potential dangers. When it detects a hazard, it immediately notifies local authorities and emergency services, ensuring quick action and a safer environment for everyone.
The Inspiration Behind the Project
The idea for “Watch Out” came from observing everyday community challenges. I wanted to create a solution that not only leverages technology but also actively involves the community in promoting safety.
The Tech Behind the Vision
Developing “Watch Out” involved several Microsoft AI technologies. The core of the project is Microsoft’s Custom Vision, a tool that enabled me to train an AI model to recognize various safety hazards with high precision.
Favorite Microsoft AI Technology
Among all the technologies I explored, Microsoft’s Custom Vision stood out. Its user-friendly interface and powerful capabilities made it not just a tool for development, but a learning experience that was both challenging and rewarding.
Looking Ahead: My Future Vision and Aspirations
Looking towards the future, my goal is to blend my coding skills with my enthusiasm for meaningful projects. “Watch Out” is a stepping stone into a world where technology serves humanity. I am excited about refining this project and exploring new technological frontiers. My aspiration is to create solutions that leave a lasting, positive impact on society.
Join me in this journey of innovation and discovery, where we’re not just coding for the sake of technology, but for building a smarter, safer, and more connected world. My story is one of a young mind’s passion for technology and a heart for community service, and I believe this is just the beginning.
Feeling inspired? The Microsoft Learn AI Skills Challenge may have ended but the learning never stops! Get started with an AI Learning Path and find a new Microsoft Learn Cloud Skills Challenge to join. Transform your innovative ideas into reality with Azure credits through the Founders Hub. And for the students who dream of making an impact, the Imagine Cup is currently underway!
Microsoft Tech Community – Latest Blogs –Read More
Benefits of moving to Azure Monitor SCOM managed instance
In this blog, let’s highlight the cost-benefit of moving from your existing SCOM on-prem to Azure Monitor SCOM MI.
If you are using System Center Operations Manager (SCOM) to monitor on-premises and hybrid cloud environment, you might be wondering whether you should migrate to Azure Monitor SCOM managed instance or keep your SCOM on-premises deployment. In this blog, we will compare the two options in terms of cost benefits (up to 44% when fully migrated to SCOM MI), and help you make an informed decision based on your specific needs and goals.
What is Azure Monitor SCOM managed instance?
Azure Monitor SCOM managed instance is a cloud-based service that provides the same functionality as SCOM on-premises, but without the hassle of managing and maintaining the infrastructure. You can use SCOM MI to monitor your resources on and off Azure, as well as integrate with other Azure services such as Log Analytics, Azure Managed Grafana, and Power BI. SCOM MI is fully compatible with your existing SCOM management packs and agents*, so you can migrate your existing monitoring configuration and data with minimal disruption.
What are the cost benefits of Azure Monitor SCOM managed instance?
Azure Monitor SCOM MI offers several cost benefits over SCOM on-premises, such as:
Reduced infrastructure & maintenance costs: You don’t need to bother about maintaining infrastructure such as server racks, network cables, electricity, cooling, physical security, datacenter lease. Moreover, hardware infrastructure is a depreciation cost. SCOM MI runs on Azure’s scalable and reliable infrastructure, which means you only pay for what you use, and you don’t have to worry about downtime or performance issues.
You can save additionally on Azure Infrastructure with savings and reserved plans.
Reduced IT labor costs: SCOM MI is fully managed by Microsoft, which means you get updates, patches, scalability, and security. Since you don’t need to retrain your staff on SCOM management packs and, the efforts required to provision, patch and scale SCOM MI service is significantly less, we estimate ~40% reduction in time (labor cost) required to maintain & operate SCOM MI.
Optimized licensing costs: You don’t need to purchase, renew, or manage any licenses for your monitoring solution. SCOM MI is offered as a PAYG model, which means you only pay a monthly fee based on the number of monitored objects and the amount of data ingested. You also get access to all the features and capabilities of Azure Monitor, which can enhance your monitoring experience and provide additional insights and value.
For more information on SCOM MI licensing, refer here.
To illustrate the cost benefits of SCOM MI, we have created a comparison table of the estimated annual costs for a typical scenario of monitoring 500 VMs. The table does not include optional SCOM MI integration i.e., data ingestion to Log Analytics, usage of Grafana.
Disclaimer: Below table includes representative numbers only. For accurate Azure costs, refer to Pricing Calculator | Microsoft Azure. Also, we assume that the duration of migration between SCOM to SCOM MI is completed quickly (<3 months) and not as a long-term migration project.
Cost category
SCOM on-premises
Azure Monitor SCOM managed instance
Infrastructure
(Hardware + Software)
To monitor 500 VMs, you need 2 SCOM servers with Windows OS, 1 SQL server with Windows OS, server racks, storage disks etc.
$13,812 (annually)
$27,780 (no discount)
$12,586 (max discount)
Maintenance cost
(Security, lease, electricity, network, etc.)
$4,443 (annually)
$0 (included under infra cost)
IT labor cost
(administration)
$116,800 (annually)
$70,080 (annually)
Licensing
System Center license to manage 500VMs is $75,747. If you are using all SC products, the operating license cost for SCOM will be least ($12,625).
SCOM MI license is $6/VM/month.
$12,625 (If all SC products used)
$75,747 (If SCOM only used)
$36,000 (annually)
Annual cost range
$147,680 to $210,802
$118,666 to $133,860
Costs savings
(once you move to SCOM MI to monitor 500VMs)
20% if SCOM onprem only used & No Azure discounts applied
36% if all SC products used, max Azure discounts applied
44% if SCOM onprem only used, maximum Azure discounts applied
As you can see, Azure Monitor SCOM managed instance can save you up to 44% of the total costs of SCOM on-premises, considering you migrate to SCOM MI quickly. Of course, your actual costs may vary depending on your specific requirements and preferences, but the table gives you a general idea of the potential savings you can achieve by migrating to Azure Monitor SCOM managed instance. If you are interested in moving other System Center products to Azure and want to know the cost analysis, we recommend you build a Business case with Azure Migrate | Microsoft Learn.
How to get started with Azure Monitor SCOM managed instance?
If you are interested in trying out Azure Monitor SCOM managed instance, you can start here. You should talk to your Microsoft sales representative for clarity on plausible discounts and actual cost savings.
If you have any questions or feedback, you can leave your comments below. We would love to hear from you and help you with your monitoring needs.
*SCOM 2022 Agent (as of Feb’24).
References
Pricing Calculator | Microsoft Azure
Microsoft System Center | Microsoft Licensing Resources
Microsoft Tech Community – Latest Blogs –Read More
Drive customer engagement with the power of AI
According to a recent IDC study commissioned by Microsoft, “For every $1 a company invests in AI, it is realizing an average return of $3.5X.” Because organizations realize a return on their AI investments within 14 months, customers are highly motivated to find partners with the necessary knowledge and skill set to deploy AI solutions today.
The Microsoft AI Partner Training Roadshow is a single-day, in-person event focused on driving customer engagement with the power of AI. The roadshow provides an exceptional opportunity to engage with Microsoft experts, hear about the latest trends in AI from Microsoft executives, and participate in technical or sales training.
Attend one of the six roadshow events
The Microsoft AI Partner Training Roadshow is scheduled in six cities across the globe, so there are only a few opportunities for deep learning on Microsoft generative and responsible AI technologies, cloud-scale data, and modern application development platforms, including Azure AI services and Microsoft Copilot.
The first event will be on March 1, 2024, in Hyderabad, India, followed by a second event in Bengaluru, India, on March 19. You don’t want to miss this opportunity. Register for an event near you.
Acquire generative and responsible AI knowledge from Microsoft experts
In a recent blog, Judson Althoff outlined four major opportunities where organizations can empower AI transformation:
Enriching employee experience
Reinventing customer engagement
Reshaping business processes
Bending the curve on innovation
Microsoft is focused on developing responsible AI strategies grounded in pragmatic innovation and enabling AI transformation to meet our customers’ needs. The Microsoft AI Partner Training Roadshow provides expert-led sessions and hands-on experiences to enhance your sales, pre-sales, and technical deployment capabilities across these impact areas.
Prepare technical and sales teams for AI success
Open to our Global Systems Integrator (GSI) and System Integrator (SI) partners, the Microsoft AI Partner Training Roadshow offers learning across multiple skill levels and interests. Alongside a keynote address by a Microsoft leader, there are four distinct learning paths for individuals with technical or sales backgrounds:
Sales Excellence with Microsoft AI Services: Master skills to confidently pitch Microsoft AI solutions by diving into solution use cases, exploring responsible AI commitments, and highlighting incentives to increase customer business value.
Technical Excellence with Azure AI: Build your own “Intelligent Agent” copilot to answer customer questions on products and services: Learn to build an “Intelligent Agent” that helps users find products, user profiles, and sales order information. This interactive experience features theoretical and lab sessions that prepare your technical teams to use Azure OpenAI and Azure AI Search.
Technical Excellence with Azure AI: Build a scalable data estate with a custom copilot for conversational data interaction: In this hands-on track, learn how to create a payments and transactions solution. Key subjects explored include business rules for data governance, patch operations for data replication, and customizing copilots for conversational AI.
Technical Excellence with Microsoft 365: Deep dive into the use and deployment of Copilot for Microsoft 365: Gain a fuller understanding of Copilot for Microsoft 365 with technical sessions on architecture, deployment, security, and compliance.
Bridge skill gaps in AI
Because AI is rapidly developing, there is a growing skills gap as employees work to keep up. In fact, 52% of participants of this IDC survey report that the lack of skilled workers is their biggest barrier to implementing and scaling AI. Much of the challenge isn’t simply adopting technology but also providing ample opportunities for employees to explore and learn.
To reconcile this divide, the Microsoft AI Partner Training Roadshow is committed to providing recent, up-to-date content for participants to study during and after the event. In addition to live keynote addresses and Q&A sessions, participants will have the chance to interact with and learn from technical and sales subject matter experts on topics that span generative and responsible AI technologies, cloud-scale data, and modern application development platforms, Azure AI services, and Microsoft Copilot
Prepare for the future
2023 introduced the world to the power of generative AI. Businesses are ready to deploy AI-based solutions as quickly as possible. The Microsoft AI Partner Training Roadshow places developers, solution architects, implementation consultants, and sales & pre-sales consultants at the forefront of AI transformation.
Because there will be no on-demand delivery post-event, we invite you to join us in Hyderabad, Bengaluru, or one of the other four cities across the globe that’s conveniently located near you.
Visit the Microsoft AI Partnership Roadshow website and register today to get started.
Microsoft Tech Community – Latest Blogs –Read More