Check This Out! (CTO!) Guide (March 2025)
May 10, 2025Automate Extraction of Microsoft Sentinel Analytical Rules from GitHub Solutions
May 10, 2025
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide.
Our goal with these posts is to guide you toward content that piques your interest, whether it’s for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet.
If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging.
Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Azure Training Maps
Team Blog: Azure Architecture
Author: Ilan_Nyska
Published: 04/10/2025
Summary: The Azure Training Maps are detailed visual guides aiding students in navigating the Azure ecosystem by integrating course materials into one comprehensive diagram. Available in PDF, Visio, Excel, and Video formats, each icon on the map links to relevant documents in the learning path. Layer filters allow focus on specific modules, aiding comparison between courses like SC-100 and AZ-305. Benefits include defined learning goals, streamlined study areas, and progress tracking. Trainers can enhance their course with custom diagrams. These maps facilitate deeper understanding of Azure components and are valuable for advancing skills.
An Update on Bicep Azure Verified Modules for Platform Landing Zone (ALZ)
Team Blog: Azure Tools
Author: jtracey93msft
Published: 04/24/2025
Summary: The article discusses the progress of integrating Azure Verified Modules (AVM) into Azure Landing Zone (ALZ) Bicep implementations. Following the completion of similar work for Terraform, the ALZ Bicep team is preparing a preview release of the Bicep Azure Verified Modules by Q4 (June/July). The team has introduced the `avm/ptn/alz/empty` module, crucial for ALZ deployments, available in the Public Bicep Registry. Eleven modules, aligned with ALZ architectures, are being developed. The article encourages users to test the new module, share feedback, and highlights future plans for resource management via Deployment Stacks.
You did it! We’re GUINNESS WORLD RECORDS™ title holders
Team Blog: Microsoft Learn
Author: jeanaj
Published: 04/28/2025
Summary: Microsoft Learning achieved a GUINNESS WORLD RECORDS title for the most users participating in an online multi-level AI lesson within 24 hours, with 126,151 learners during the Microsoft AI Skills Fest kickoff on April 8, 2025. This accomplishment highlights the power of community, commitment to learning, and innovation. Participants will receive badges verifying their involvement and can share their status on social media. The AI Skills Fest continues until May 28, 2025, offering various learning opportunities in AI. Microsoft encourages ongoing skill development through expertly curated topics for diverse interests and experience levels.
Application Awareness in Azure Migrate
Team Blog: Azure Migration and Modernization
Author: SShastri
Published: 04/28/2025
Summary: The article discusses the benefits and new features of Azure Migrate, Microsoft’s platform for transitioning to the Azure cloud. Azure Migrate aids organizations in achieving cost-effective digital transformation, enhancing operational efficiency, and accessing secure innovations. Key features include application-aware migrations that allow customers to assess and migrate entire applications and their associated resources as a cohesive unit, optimizing performance and reducing costs. A new user experience guides users intuitively through the migration process, utilizing both Microsoft and third-party tools. Azure Migrate provides a sustainable path for organizations pursuing security and AI transformation goals while supporting net zero sustainability efforts.
Generally available: Enhanced Cost Management exports
Team Blog: FinOps
Author: jozfjon
Published: 04/28/2025
Summary: Azure has made its enhanced Cost Management exports generally available, improving data accessibility and offering deeper insights into cloud costs. This update, designed for FinOps professionals, includes expanded datasets such as price sheets and reservation details, enabling comprehensive cloud cost analysis and optimization. The redesigned portal offers an intuitive interface for configuring exports, now supporting FOCUS format, which simplifies data processing. Features include schema version flexibility, efficient handling of large datasets, improved security, and historical data retrieval. These enhancements aim to streamline reporting, improve scalability, and support compliance for more informed financial operations across Azure regions.
Comparing deployment options of AKS enabled by Azure Arc 📃
Team Blog: Azure Arc
Author: PragyaDwivedi
Published: 04/29/2025
Summary: The article provides a detailed comparison of deployment options for Azure Kubernetes Service (AKS) enabled by Azure Arc: AKS on Azure Local, AKS Edge Essential, and AKS on Windows Server. It discusses various features such as supported infrastructure, Kubernetes management tools, networking, security, authentication, storage, and AI/ML capabilities. Each option offers distinct deployment environments and functionalities, with differences in support for networking, load balancing, and other integrations like Terraform and Azure Monitor. Pricing structures vary, and there is no Service Level Agreement (SLA) as these are on-premises solutions. Notably, AKS on Windows Server will be retired by March 2028.
Automating Data Management: Azure Storage Actions Overview
Team Blog: Azure Storage
Author: Shivani650
Published: 04/30/2025
Summary: The article discusses Azure Storage Actions, a serverless data management platform designed to automate the management of large volumes of data stored in Azure Blob Storage and Azure Data Lake Storage. It provides a flexible, scalable solution with features such as blob processing, data protection, cost optimization, and security management. The platform uses an Event-Condition-Action framework for task execution, allowing users to manage lifecycle, protection, and tagging operations through a no-code interface. Key use cases include retention management, version history maintenance, and one-off processing tasks, aimed at simplifying complex data operations and enhancing scalability.
What’s new in Microsoft Intune: April 2025
Team Blog: Microsoft Intune
Author: ScottSawyer
Published: 04/28/2025
Summary: In April 2025, Microsoft Intune introduced vital enhancements to improve device management and security. Key updates include custom naming templates for Android Enterprise devices, allowing consistent and informative device labeling by incorporating fixed text and device-specific variables. For Apple devices, new controls extend security to unmanaged iOS devices, such as blocking screen captures within the Apple Intelligence app, and managing Writing Tools and Genmojis via application protection policies. Additionally, integrating Apple Volume Purchasing Program API version 2.0 significantly reduces requests from 25,000 to 10 in high-volume scenarios, enhancing speed and efficiency for organizations.
Computer-Aided Engineering “CAE” on Azure
Team Blog: Azure High Performance Computing (HPC)
Author: Ahmed_Taha01
Published: 04/30/2025
Summary: The article presents Computer-Aided Engineering (CAE) and discusses the benefits of moving CAE workloads to the cloud, specifically to Microsoft Azure. It highlights Azure’s capabilities such as GPU acceleration, high-performance computing solutions, scalability, integration with industry tools, and its unique InfiniBand interconnect for ultra-low latency. Azure’s specialized virtual machines support various CAE applications, enhancing performance for tasks like CFD and FEA. Partnerships with Independent Software Vendors (ISVs) and a robust System Integrator network further bolster Azure’s offerings. The article showcases a real-world automotive use case and envisions a future of cloud-native CAE.
Azure Firewall and Service Endpoints
Team Blog: FastTrack for Azure
Author: cloudtrooper
Published: 04/14/2025
Summary: The article discusses the configuration of inspecting Azure service endpoints using Azure Firewall. Azure services, typically accessed via the public internet, can alternatively be accessed through Private Link or VNet Service Endpoints, with Microsoft recommending Private Link. Despite cost and latency concerns, some organizations prefer using service endpoints. The article explains how to set up Azure Firewall to inspect service endpoint traffic, emphasizing the importance of application rules to ensure security. It provides configuration examples using different tools and highlights the nuances of firewall IP logging. The choice between service endpoints and private links often hinges on cost considerations.
Domain Join and Basic troubleshooting
Team Blog: Ask the Directory Services Team
Author: SiyaoLi
Published: 04/22/2025
Summary: The article, authored by Siyao Li (aka Janet), provides guidance on domain joining and troubleshooting related challenges. It covers the prerequisites for domain joining, such as ensuring network connectivity, adhering to naming conventions, and user credential management. The article explains the domain join process, including domain controller discovery, LDAP binding, and computer account creation in Active Directory (AD). It identifies common causes of domain join failures such as networking issues, non-unique hostnames, and security hardening changes from update KB5020276. Solutions include ensuring open ports, resolving name conflicts, and managing permissions. For in-depth troubleshooting, it advises reviewing network traces and the Netsetup.log file.
Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT)
Team Blog: Windows OS Platform
Author: Hilal_Asmat
Published: 04/01/2025
Summary: Microsoft has introduced Hypervisor-enforced Paging Translation (HVPT) in Windows 11 and Windows Server 2025 to enhance security by protecting guest virtual address (GVA) to guest physical address (GPA) translations. This silicon-assisted feature leverages Windows Hyper-V to guard against page-table-targeted attacks like aliasing and remapping. HVPT, requiring Intel Alderlake+ vPro-enabled hardware, works by adding secure-kernel-managed paging structures and new functionalities such as the Paging Write (PW) and Guest Paging Verification (GPV) bits. This advancement strengthens the OS against exploits, making Windows more secure by default.
AI Resilience: Strategies to Keep Your Intelligent App Running at Peak Performance
Team Blog: Azure PaaS
Author: fabiopadua
Published: 04/24/2025
Summary: The article discusses strategies for maintaining optimal performance of applications integrated with Azure OpenAI Services while managing potential usage spikes. It highlights using Azure API Management Service to handle 429 response codes caused by reaching the PTU threshold. A proposed solution involves setting policies to automatically redirect requests to another OpenAI instance in a different region. It suggests leveraging API Management’s native caching features, including semantic caching, to optimize costs and manage API requests effectively. The conclusion encourages exploring API Management features to enhance AI applications, with additional resources available for further learning.
Connect with Microsoft Entra at upcoming events
Team Blog: Microsoft Entra (Azure AD)
Author: Irina_Nechaeva
Published: 04/25/2025
Summary: The Microsoft Entra team is announcing significant advancements such as AI Agents and a Secure Access Service Edge (SASE) AI Gateway for FY25, alongside a series of events highlighting innovations in identity and network security. Events include the RSA Conference in San Francisco, European Identity Conference in Berlin, Microsoft Build in Seattle, and Identiverse in Las Vegas. These gatherings will offer product demos, expert sessions, and networking opportunities for developers and industry leaders to explore new strategies in secure access management and identity security with Microsoft Entra.
New RAMP process in the Cloud Adoption Framework to manage your Azure estate
Team Blog: Azure Governance and Management
Author: stephen-sumner
Published: 04/10/2025
Summary: The article discusses the introduction of the RAMP process within the Cloud Adoption Framework’s Manage methodology for overseeing Azure cloud environments. RAMP stands for Ready, Administer, Monitor, Protect, each addressing distinct aspects of cloud management. “Ready” focuses on understanding management responsibilities and enhancing performance, “Administer” deals with change management and efficiency, “Monitor” involves tracking service health and compliance, while “Protect” ensures reliability and security operations. A cloud management checklist helps implement these steps. The updated guidance, accessible via Microsoft Learn, aims to improve cloud management and align Azure estates with business objectives.
Managing PAC Script Configuration in Microsoft Edge
Team Blog: Core Infrastructure and Security
Author: hewagen
Published: 04/28/2025
Summary: The article by Helmut Wagensonner explores the management of Proxy Auto-Config (PAC) scripts in Microsoft Edge (Chromium-based) for enterprise settings. There are two primary scenarios: configuring PAC scripts via Microsoft Edge Group Policy, which bypasses system proxy settings, and configuring via system settings, which can use Windows Proxy Resolver. Scenario 1 is enforced with Group Policy Objects and cached within Edge, while Scenario 2 uses system-wide settings, allowing shared logic across WinHTTP applications. The article provides technical steps and implications, advising best practices based on enterprise needs for web traffic management and network efficiency.
How to use DSPM for AI Data Risk Assessment to Address Internal Oversharing
Team Blog: Security, Compliance, and Identity
Author: Andrew_Son
Published: 04/28/2025
Summary: The article discusses using Microsoft Purview Data Security Posture Management (DSPM) for AI to mitigate data oversharing risks within organizations. It defines oversharing as granting inappropriate access to sensitive information, which can be accidentally shared on platforms like SharePoint. DSPM for AI helps security teams scan for sensitive data, assess sharing permissions, and offer remediation actions. The article outlines the “Default Assessment,” an automated weekly tool targeting high-usage SharePoint sites, providing visual reports to identify oversharing risks. It suggests securing and monitoring each site using sensitivity labels, classification scans, and access reviews to prevent internal oversharing.
Public Preview of Azure WAF CAPTCHA Challenge for Azure Front Door
Team Blog: Azure Network Security
Author: andrewmathu
Published: 04/29/2025
Summary: Azure Front Door’s Web Application Firewall (WAF) has introduced a CAPTCHA challenge in its public preview to combat automated threats like bots, web scrapers, and brute-force attacks. This new security measure requires suspicious traffic to complete a CAPTCHA to verify human users, enhancing protection for login workflows against account takeovers and credential stuffing. CAPTCHA on Azure WAF prevents automated attacks, secures user accounts, and reduces spam and fraud while requiring minimal configuration. Administrators can easily deploy and manage this feature to fortify security measures. For more details, refer to the Azure WAF documentation.
Step-by-Step Guide : How to enable QR code authentication for Microsoft Entra ID (Preview) ?
Team Blog: ITOps Talk
Author: dishanfrancis
Published: 04/15/2025
Summary: The article provides a detailed guide on enabling QR code authentication for Microsoft Entra ID, targeting frontline workers using shared devices. It first lists Microsoft Entra ID’s varied authentication methods, emphasizing the balance between security and productivity. The setup process requires an account with Authentication Policy Administrator permissions. Once enabled, a unique QR code and temporary PIN are generated per user, which are essential for login. The QR authentication is intended for specific, not general, user bases and supports only iOS/iPadOS and Android devices. The article then walks through the steps of generating, distributing, and testing QR codes for user authentication.
Azure Compute Fleet – Generally Available
Team Blog: Azure Compute
Author: Varun Shandilya
Published: 04/28/2025
Summary: Azure Compute Fleet is now generally available, offering a service that simplifies management and deployment of thousands of virtual machines with various SKUs, VM types, and pricing models. It automates VM deployment and monitoring, handling Spot VM capacity to prevent eviction issues and ensure continuous operation. This service is beneficial for large-scale data systems, batch, stateless workloads, financial analysis, and image rendering. Azure Compute Fleet optimizes costs and performance by combining Standard and Spot VMs, offering a superior price-performance ratio through flexible pricing plans. Users can deploy up to 10,000 VMs, enhancing access to Azure’s compute capacity.
Host pool redirection defaults changing in Azure Virtual Desktop
Team Blog: Azure Virtual Desktop
Author: Derek_Su
Published: 04/28/2025
Summary: As part of the Microsoft Secure Future Initiative, Azure Virtual Desktop will enhance security by disabling clipboard, drive, USB, and printer redirections in newly created host pools to reduce data exfiltration and malware risks. IT admins can re-enable these features using the host pool Remote Desktop Protocol (RDP) properties or other methods like Microsoft Intune or Group Policy. A banner will notify admins of these changes in the Azure portal. Existing host pools remain unchanged, but admins are encouraged to review and disable unnecessary redirections. Detailed configuration guidance is provided in the Azure documentation.
Troubleshooting Zero Trust DNS
Team Blog: Networking
Author: AditiPatange
Published: 04/24/2025
Summary: The article discusses troubleshooting Zero Trust DNS (ZTDNS) for strengthening Zero Trust deployments, particularly on Windows 11 devices. It guides users through retrieving, updating, and debugging ZTDNS configuration, and accessing logs for connections managed by ZTDNS. Users can utilize commands in the command prompt to manage exceptions and delete configurations. Event Viewer provides logs for blocked, permitted, and operational connections. For debugging, verifying connectivity and trusted DNS server settings is advised. Feedback and bug reports can be submitted via the Windows Feedback Hub. Known issues include incompatibility with Chromium-based WebView2 applications, including Outlook and Teams.
Introducing Layer 7 Network Policies with Advanced Container Networking Services for AKS Clusters!
Team Blog: Azure Networking
Author: KhushbuP
Published: 04/30/2025
Summary: The article announces the public preview of Layer 7 (L7) Network Policies for Azure Kubernetes Service (AKS) with Advanced Container Networking Services. This new feature enhances security by allowing precise management of application layer traffic using protocols like HTTP(S), gRPC, and Kafka. L7 policies enable fine-grained API access control, Zero-Trust implementation, and microservice isolation within AKS clusters. Traffic is evaluated using eBPF probes and processed by the Envoy Proxy according to L7 policy criteria. The update includes enhanced observability through tools like Hubble and Azure Managed Grafana dashboards. Users are encouraged to explore these advanced security controls.
From the frontlines: Accelerating retail worker shared device experience (Part two)
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 04/23/2025
Summary: In part two of the Microsoft Intune series “Accelerating retail worker shared device experience,” Vignesh Mitsume explores how Intune optimizes device management in the retail sector by enabling multi-app kiosks on Android and iOS platforms. This functionality empowers companies like Contoso Eateries and Contoso Pastries to enhance operations and customer experiences by restricting devices to specific apps such as POS and inventory management. Utilizing features like device enrollment and configuration profiles, Intune allows streamlined control over shared devices, ultimately boosting frontline worker productivity and ensuring effective customer engagement in modern retail environments.