ESPC19 DAY 3

The important thing first. This is a live Blog Post, so during the writing and post, there are maybe some typos or grammatical issues. Days after the conference, I will correct this.

Great, let’s start with Day 3. I’m really early onside at the conference building today. The Day starts with a KeyNote about IAM again.

Session Name: Azure IAM Future and Best Practices

Speaker: Alex Simons

Level: 

Officially Agenda: Only video available 🙂 cool stuff.

He talk about the old traditional way to secure the environment. Build a Castle, define a DMS/Firewall and so on. If you communicate with other companies, you have to define a federation and web services. The comes the next steps VPN. Today we have many workspaces and have to define a way for conglomeration. This means we need a need security model. Slide:

The old vs the new world looks like:

The new principals are:

That principals are really important for the modern world.

Verify explicity:

We need to know who is that user, which Groups/Rols does he need excactly. He show for that part a demo about Identity Protection and User Risk policy. So if the User Risk goes to high, the user has to change his password. So if the SignIn Risk is medium or above, the User has to authenticate with Multifactor authentication once more. He also show a demo about when a user try to login with a tor browser.

That features are really cool but a part of Azure AD P2 license. Many of my customers only had P1 🙁 That feature has the following features:

The new generation about the authentication is “passwordless”. With fido2 keys we had a new oportunity

Fido2 Authentication

Key by YubiKey

Use least privilege access:

A big point here is the accouncement at Microsoft Ignite “Secure hybrid access

The big point is also Azure Conditional Access policies including InTune (marked as compliant). He show a really nice demo about that constraint.

He also show how you can use CA policies for third party applications like Salsforce and so on. Really impressive!

The new functionality Identity Governance (also a P2 functionality 🙁 ) including the first line workers is showen.

A big point here is also the least privileges for Administrators. The right answer here is the Azure AD PIM service (also a P2 license). He show a demo how you combine the functionality

  • Azure PIM
  • Azure Conditional Access
  • Azure PowerBi

In that demo, you create a Powerbi report which was blocked for everyone except a selection of user roles. The user tries to open the PowerBi report and get an error. After that he opens PIM and get the Role for a specified time. After that step the user can open the PowerBi report.

He show anotherone Demo with Condition Access policy and CASB and third party applications like DropBox. The User tries to login into dropbox and get the information, that that solution was monitored by CASB. The user tries to upload a Highly confidential document and get an “Access Denied” by MCAPS. Really cool stuff to get an extra protection layer for your company data!

Azzume Breach

The answer here is Azure Identiy Protection. You get the whole functionality when you had ……

…..

….

Azure Active Directory P2 License 🙂

The second answer here is the combination of Indentity Protection in combination with Azure Sentinel!


Session Name: The Great Azure Networking Tour 2019

Speaker: Morgan Simonsen

Level: 400

Officially Agenda:

Networking remains one of the most important areas for successful cloud adoption. Cloud computing is, by definition, network-based computing. To help you be successful join us in this grand tour of networking in Microsoft Azure, the 2019 version. We will cover it all, in as much technical detail as possible; Virtual Networks, Gateways, Express Route, Network Security Groups, Load Balancers, Application Gateways, Azure DNS, FrontDoor, Azure Firewall and more. This talk is based on real world experience from countless Azure projects, and we will give you tips and tricks and best practices. We will also have a look at the future of Azure networking.

Benefits of Attending this Session:

  • Overview of the entire Azure networking stack
  • Design advice
  • Based on real world projects

This session is an Level 400 session 🙂 Cool! With many best practice!

The Agenda in that Session:

The Microsoft Idea behind Azure networking is:

Express Route now support satellite connectivity. That feature was announced a few month ago, but it’s a really cool feature.

Azure Availability Zones are so important for High Availability (I also talk in my sessions)

Anycast aka. IP Anycast is also important when we talk about Availability Zones:

The magic behinde Software defined networking:

Application Access Patterns

An overview about Azure VirtualNetworks:

Cool Slide Deck!

We also talk about Azure LoadBlanacing on Layer 4 level.

We talk about Application Gateway

IPV6 Support is now available in Azure. Yes ist’s available but do you need it? IPV6 support for Azure Express isn’t supported yet!

Steps to update your VNet to IPV6:

So we had new S2S VPN Gateways available! The VPNGW5 now support 10Gbps.

He or show something about the new Functionality Azure P2S VPN and authentication over Azure AD. I’ve Blogged about that in one of my previews Blog Posts.

A big thing about global VNet is also the Azure Virtual WAN. I prepare at the moment new Blog Post who will be published as soon as possible.

Announced at Ignite a full mesh Azure Virtual WAN is now possible.

Azure Global Reach is a cool possibility for customers to use the Azure BackBone to connect all Offices without using any Azure ressources:

We also talk about Azure private link, a cool new feature. I’ve blogged about that feature in a previews Blog Post.

Zero Trust Network is a really important part of the network design.

One piece to archive a Zero Trust architecture is azure firewall:

Azure Firewall Manager is a new preview Feature:

A good DDOS protection is available but needs a good network architecture like Hub and Spoke:

We also talk about Azure Bastion, I’ve written about that feature in one of my last Blog Posts.

Multi-level Segmentation is an important point.

A cool scenario, but not really for the whole customers possible.

Best practice and recomendations when you got to the Cloud is:


Session Name: Triggers and Bindings – The Lifeblood of Azure Functions

Speaker: Fabian Williams

Level: 200

Officially Agenda:

Azure Functions is in part build on the idea of input and output bindings This make it very efficient to connect your functions to a variety of external resources. You will often find that your function has a need to post a message to a queue, or write a file to storage, or send an email, bindings can greatly reduce the amount of code that you need to write to achieve this. With the latest version of Azure Functions we have various ways to achieve this and a variety of data stores, SaaS, and entities that support one way and two-way bindings. In this choc-ful demo session we will see how to work with them individually as well as chaining them together to build a holistic solution. 

Benefits of Attending this Session: 

  1. Entrypoint into Cloud Development Technology 
  2. If you are managing developers this offers a new method of development using C# and traditional serverside code for cloud development 
  3. Work with Event driven triggers and bindings in order to respond to web events and write back to a variety of cloud data stores 

Okay now another new but really interesting point for me. I’ve tested something with Azure Function but not really in the deep.

The Agenda of that sessions:

Azure Function What it is?

What are you doing with Azure Function:

There are different laguages supportet:

  • .Net
  • NodeJS
  • Java
  • Powershell
  • Python

The popularest triggers for Azure functions are:

What are trigers explain:

Trigger Types:

Bindings Explained:

There are different plans available:

Levels of supportet Versions:

Long Running & State aware functions:

Cool session, with a bunch of new information. Great and exciting to learn more about that service.


Session Name: Manage Costs with Azure Budgets Deep Dive

Speaker: Nico Martens

Level: 300

Officially Agenda:

Moving from on-premises to the cloud helps you be more scalable and flexible. However, with all this flexibility comes great responsibility.  

It is so easy to create new resources in Azure but keeping control of costs can be challenging. By leveraging Azure Budgets and Automation Runbooks we can stop VMs when budgets are reached, all configurable on your organization’s requirements. During this session we will go over the possibilities when it comes to Azure Budgets, including creating Azure Automation Runbooks, Azure Logic Apps and more! 

I’m really curious because Azure Cost management including budget is a highly important part for each customer. I guess to read about Azure Budget one hour it’s not really easy but I will see and learn 🙂

UPDATE: Okay now I know, how you can handle the topic Azure Public over 1 hour 🙂

The session starts with a basic overview about Azure Architecture. So nothing new. The Azure Pricing calculator is also shown.

A small trip to Azure Governance also includes that session (Tagging, Management Groups, Policy, Policies, BluePrints,…).

Okay after a long warmup, we come into the CostManagement area.

Important, define a least privilage permission to check you actual Costs for you reviewing gyes

We talk about Azure Budget and Cost Management. Nothing new but good to see from another Consultant.

You can bind Azure Budget on Management, Subscription an Resource Groups. The only limitation, you cannot and an Action Group on Management Group base.

Okay great stuff.


Session Name: Logic Apps End-to-End

Speaker: Ahmad Najjar,

Level: 400

Officially Agenda:

Logic Apps is an Azure cloud-based service that enables us to develop and deliver integration solutions with ease. It also helps us build, schedule, and automate processes as workflows so we can integrate apps, data, systems, and services across enterprises or organizations. However, Microsoft Flow is a SaaS offering, for automating workflows across the growing number of applications and SaaS services that business users rely on. 

This session will tackle Logic Apps on so many levels, starting from the creation process (from both Azure portal and visual studio) to deployment.  

We’ll deep dive into the creation of the Azure Resource Manager (ARM) template for deploying Logic Apps, introduce the basic components of a logic app deployment template, parameterize/customize the deployment template and finally authorize OAuth connections during deployment. 

Benefits of Attending this Session: 

  1. Deep dive into Azure Resource Manager (ARM) templates for deploying Logic Apps 
  2. Contentious integration deployment in Logic Apps 
  3. Deploy ready-to-use services/apps using Logic Apps 

Okay, my last session for today and I guess one of the hardest but also one of the interesting sessions. I’ve implement some solutions in the past with Azure LogicApp, but I’m and exciting to see the developer perspective.

In that session we talk about vrom the development of LogicApps to the deployment.What I LogicApp:

Automation possibilities in the Cloud:

  • Power Automate
  • Azure Logic Apps
  • Azure Functions
  • Azure App Service WebJobs

Compare Power Automat vs LogicApps

Durable Functions vs. Logic Apps

In that session, we also saw a short demo to build a LogicApp. That Demo includes the following scenario

If in one of my local file share, I’ve add an new file. Azure Logic App is checking that file and read the content. Depending on that contend the file will be stored on a selected Sharepoint library. To archive that solution, you need an custom connector and an LogicApp Application Gateway too.

The important here, the trigger is a pull trigger not a push one.

I’m really amazed, that he create that solution in the Portal. For my point of view, the better solution is to create tat solution in Visual Studio.

UPDATE: okay, the first Demo shows the Portal integration and the second shows the Visual Studio integration. I’m not on the wrong way, so deploy everything in Visual Studio and for Continues integration publish the source to your repository (GitHub, Azure Devops,…)

He shows in a separate Demo the Visual Studio integration, including the following:

  • Template for create the LogicApp
  • LogicApp designer in Visual Studio
  • Show the content which i created at the json file
  • How the deployment steps are working from Visual Studio

A cool slide to understand the ARM json template:

That session includes a bunch of Demos. Really cool to see, but bad to Blog 🙂

So if you wan’t more informations about “How you develop and deploy a Azure LogicApp correctly” write me an E-Mail, I can help you.


Hard but good day, I’m really happy to come to my hotel, and prepare something for tomorrow. During the evening, I’ll also write on my next Blog Posts 🙂