This week, Alan and Sam Introduce season 7 and talk about new features and services that have gone into Public Preview or General Available status in the last month. We dive into a couple of these updates that peaked our interest.

Some of the Microsoft product features and update we covered:

• Key Microsoft Entra, Intune and Defender features and updates
• Lots of Azure changes and new features

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

This week we discussed Azure DDoS protection, a managed service from Microsoft in Azure to mitigate against DDoS attacks. DDoS or distributed-denial-of-service attacks are commonly used to overwhelm internet facing resources in the hope of disrupting their operation. Azure DDoS protection is a simple to use managed service which allows organisations to rapidly apply protection to their resources. Sam takes the lead with providing insights such as:

• What are DDoS attacks, and why do we need to mitigate them?
• What is Azure DDoS protection
• How do you set up Azure DDoS protection
• Pricing

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript

Alan and Sam discuss how passwordless authentication can help organisations to improve their authentication health and increase their security posture. Alan explains the concept and the solutions available. Alan also covers the rebrand of Azure AD to Microsoft Entra ID. Some of the areas we cover:

• What is passwordless authentication.
• What are the benefits of introducing passwordless to your organisation.
• What does Microsoft Entra ID provide for passwordless authentication.

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript

Alan and Sam explain 15 ways that you can save costs in Azure…. ssh…. don’t tell Microsoft! If you have workloads in Azure, we hope that you will find some ideas that will enable you to save some money, who doesn’t love doing the same for less?

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

This week, Alan and Sam talk about new features and services that have gone into Public Preview or General Available status in the last month. We dive into a couple of these updates that peaked our interest.

Some of the Microsoft product features and update we covered:

• Key Microsoft Entra, Intune and Defender features and updates
• Lots of Azure changes and new features

What did you think of this episode? Give us some feedback via our contact form, or leave us a voice message in the bottom right corner of our site.

Read transcript

In this episode, we explore Azure Bastion, Microsoft’s fully managed Platform-as-a-Service (PaaS) solution designed to provide secure Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to Azure virtual machines (VMs). This Q&A-style episode dives deep into how Azure Bastion strengthens cloud security by eliminating the need for public IP addresses on VMs, reducing exposure to external threats like port scanning or protocol exploits. Alan poses critical questions about Azure Bastion’s functionality, architecture, deployment options, and integration with Azure’s security ecosystem, while our consultant delivers actionable insights tailored for IT administrators, security professionals, and cloud architects.

We cover:

• Core Functionality: How Azure Bastion enables secure, clientless RDP/SSH access via the Azure portal or native clients, protecting VMs by removing public IP dependencies.
• Architecture Breakdown: The role of the dedicated AzureBastionSubnet, private IP connectivity, and TLS-based sessions, including support for zonal deployments for high availability.
• SKU Options: A detailed look at Developer, Basic, Standard, and Premium SKUs, highlighting features like session recording, Private Link integration, and host scaling for different organizational needs.
• Security Integrations: How Azure Bastion works with Microsoft Defender for Cloud, Microsoft Entra ID (with MFA and conditional access), Azure Private Link, and Azure Monitor to enforce Zero Trust principles and ensure compliance.
• Real-World Use Cases: Practical scenarios, such as secure admin access for global teams, compliance for regulated industries (e.g., healthcare, finance), and streamlined dev/test environments, with examples like Metinvest’s global VM management.
• Best Practices: Tips for deployment (e.g., subnet sizing, VNet peering), security (e.g., MFA, NSG configuration), monitoring (e.g., Azure Monitor logs), and cost management (e.g., SKU selection, scaling strategies).
• Limitations and Considerations: Key factors like SKU constraints, regional availability for zonal deployments, performance considerations, and cost implications, with guidance on mitigating challenges.

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript

Alan and Sam discuss how Azure Key vault can help secure your certificates, keys, and secrets. Alan goes though the types of vaults you can use and how you can secure the access to the secrets. They also cover the various uses for key vault within azure services and application development.

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Alan and Sam discuss the benefits and use cases of Security Copilot. Alan Dives into how Security Pilot works and what some of the capabilities are. Here are a few things we covered:

• What is Generative AI
• What is Security Copilot
• What are Agents
• How much does it cost?

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript