Lumagate NA

Our corporate blog
View these courses on Microsoft Cybersecurity Stack on LinkedIn Learning for FREE

View these courses on Microsoft Cybersecurity Stack on LinkedIn Learning for FREE

For a limited time, you can view these courses on the Microsoft Cybersecurity Stack for free. Lumagate partner and Microsoft MVP Pete Zerger developed these courses with LinkedIn Learning, and with the links below, you can watch each of them at no charge. At around 90-120 minutes each, this content is a great way to quickly familiarize yourself with the range of tools available in the Microsoft Cybersecurity stack.

Each of links below have no expiration, but only allow free viewing for 24 hours after you click the link. Enjoy!

Securing Windows 10 in the Enterprise
https://www.linkedin.com/feed/update/urn:li:activity:6536663990347591680

Shutting Down Shadow IT
https://www.linkedin.com/feed/update/urn:li:activity:6536356870326665217

Securing Enterprise Information
https://www.linkedin.com/feed/update/urn:li:activity:6542358019269812224

Customer Success Webinar: Moving to Intune in the Education Sector

Microsoft Intune delivers on the promise of a unified endpoint management experience for Windows, iOS, and Android devices and major savings in licensing savings for educational institutions.

Join us May 30th for this joint customer success webinar recounting the journey of the CSC Providence school district from AirWatch to Microsoft Intune, with help from Lumagate and our EDU App Catalog for Microsoft Intune to deliver a world class user experience in managing shared classroom iOS devices.

If you work with a school board ready to shed expensive 3rd party MDM licensing, register for the webinar HERE.

Free SIMON Subscription Benefit for MVPs

Lumagate is happy to offer Microsoft MVPs a free Production license for SIMON, the first AI-powered chatbot designed to help manage Microsoft cloud services. You can learn more about SIMON in the short 90-second video at https://lumagatena.com/simon.

And as the word “Production” indicates, you can use SIMON in your live environment where it will be most useful to you!

Eligible MVP Categories

Eligible MVP categories are active MVPs in the following categories, corresponding to cloud services SIMON interacts with (Azure, Azure AD, Office 365, and Intune):

  • Cloud and Datacenter Management
  • Enterprise Mobility
  • Microsoft Azure
  • Office Apps & Services

If you are an MVP in another category and still want to give SIMON a try, email us at “simon AT lumagatena.com” for an exemption. We’re happy to give ANY MVP truly interested a license so they can leverage SIMON.

Claiming your free license

SIMON can validate your MVP status and allow you to claim your free license automatically. Just follow the steps below.

Add SIMON to your Teams client, as explained in the SIMON QuickStart Guide.

Type “Show subscription” to get the Subscription Detail screen, shown below.

  1. Then click the Payment Details button, followed by the I’m an MVP button, as shown below.

Review the eligible MVP categories. If you are an MVP in an eligible category, click the I’m Eligible button.

You will then be prompted to sign in with the ID for your MVP Profile so SIMON can validate your MVP status with the MVP API.

NOTE: For most MVPs, SIMON will verify your status immediately. However, if your MVP sign-in does not match the primary email address on your MVP profile, the MVP API will not allow SIMON to validate your ID. But no worries, SIMON will ask you to paste the URL to your public MVP profile, as shown below. (Replace my public profile URL with your own of course!)

https://mvp.microsoft.com/en-us/PublicProfile/35593?fullName=Pete%20J.%20Zerger

SIMON will verify your MVP status and add your free license.

Your MVP benefit will be confirmed in the Discount field, as shown below. Your initial trial will end in 30 days, and 11 months will automatically be added to your subscription.

You are eligible to renew your free SIMON license benefit every year, as long as your MVP status is active!

Have feedback? Need help?

Enjoy SIMON, and be sure to let us know of any new features you would like to see in the SIMON Feature Request Form, which sends your suggestions straight to our backlog for discussion!

If you need help, email us at “simon AT lumagatena.com” or simply type “Help” in SIMON to initiate SIMON’s help dialogue.

 

Managing access to Azure Storage: Which option is most secure?

NOTE: While you’re here, check out SIMON, the AI-powered bot, built on the Microsoft Bot Framework, Designed for IT Operations. Learn more at http://lumagatena.com/simon

Need to share data hosted in Azure Storage? With two very different options for granting, you may ask “which option is best?”. It pays to know your options, and the capabilities (or limitations) of each.

Shared Keys

Shared Key is exactly what it sounds like: a key (in cryptographic terms, a string of bits used by an algorithm) you share with those to whom you would like to delegate access. This is equivalent to giving root access to a storage account. It grants all privileges to whomever has the key, from anywhere at anytime until the key is revoked or rolled over.

HOW-TO: Authorize with Shared Key

Shared Access Signatures (SAS)

Shared Access Signatures allow you to scope duration, privileges, and even which IP addresses are allowed to connect. By distributing a shared access signature URI to a client, you can grant them access to a resource for a specified period of time, with a specified set of permissions. You can scope access at the account-level SAS (one or multiple services in the storage account) or Service-Level SAS, which delegates access to resource in just one service (like Queues only, Files only, etc.). Additionally, a service SAS can reference a stored access policy that provides an additional level of control over a set of signatures, including the ability to modify or revoke access to the resource if necessary. SAS is the route that offers the tightest control over access scope and duration.

HOW-TO: Delegating Access with a Shared Access Signature

Which is best?

Given the option of these two GA mechanisms, you should probably always take the route of Shared Access Signatures.

Option 3: Azure AD Authentication (in Preview)

There is a new method currently in preview that allows using Azure AD to grant authorization. Unfortunately it’s only supported for Blob and Queue services, so if you use Table Storage, this wont help. For the services it supports, it’s no doubt going to become a preferred method of granting access.

Azure Data Plane security: https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide#data-plane-security
Authenticate access to Azure Storage using Azure Active Directory (Preview): https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad

So, next time you need to grant storage access to a developer, or a partner, or customer, choose the most secure option that supports the storage services you need to share.

 

4 Azure storage features that may ultimately replace the corporate SAN

NOTE: While you’re here, check out SIMON, the AI-powered bot, built on the Microsoft Bot Framework, Designed for IT Operations. Learn more at http://lumagatena.com/simon

In spite of the fact that many organizations have modernized their file sharing strategy through Office 365, SharePoint, and OneDrive, the old school file server backed by the corporate SAN persists in most organizations. However, innovations in cloud storage are rapidly bringing us closer to the day when we trade another hardware refresh for a move to the cloud. Fortunately, Microsoft’s recent work includes a number of features that allow enterprises to adopt a hybrid strategy, enabling a gradual, transparent transition to cloud storage.

Here are four Azure storage features that may ultimately replace the corporate SAN.

#1 Azure Files

Azure Files offers fully managed file shares in the cloud that are accessible via the familiar standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.

  • Replace or supplement on-premises file servers. Azure Files can be used to completely replace or supplement traditional on-premises file servers or NAS devices. Windows, macOS, and Linux can directly mount Azure file shares wherever they are in the world.
  • “Lift and shift” applications. Azure Files makes it easy to “lift and shift” applications to the cloud that expect a file share to store file application or user data
  • Simplify cloud development. Azure Files can also be used in numerous ways to simplify new cloud development projects

Read more on the capabilities of Azure Files HERE.

#2 – Azure File Sync

Azure File Sync tackles the challenges of the old school file server, for scenarios not already wiped out by modernization efforts in Office 365, SharePoint, and OneDrive. The primary function of Azure File Sync is to synchronize file shares, including both data and ACLs, to an Azure general storage account using the Azure Files service. It looks a lot like a modernized version of StorSimple functionality without the hardware.

Azure File Sync provides  secure, centralized file share management in the cloud. You install the File Sync agent on your Windows Servers, which can replicate and store less frequently accessed files in the cloud, while keeping more frequently accessed data on local file shares, and will be able to deliver consistent file share performance with no configuration or code changes. Centralizing file share management with File Sync could also lower the IT support requirements for branch or remote office locations including centralized backup and multi-site replication.

Learn more about Azure File Sync HERE.

#3 – Tiered Storage (hot, cool, & archive)

Azure storage offers three storage tiers for Blob object storage so that you can store your data most cost-effectively depending on how you use it. The Azure hot storage tier is optimized for storing data that is accessed frequently. The Azure cool storage tier is optimized for storing data that is infrequently accessed and stored for at least 30 days. The Azure archive storage tier is optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours), much like the AWS Glacier service.

Various enterprise data access scenarios benefit from a different storage tiers optimized for particular access patterns. With hot, cool, and archive storage tiers, Azure Blob storage addresses this need for differentiated storage tiers with separate pricing models to help manage costs.

Read up on the details of Azure storage tiers HERE.

#4 – Azure Import/Export Service

For the odd occasion you need to move a LOT of data to or from Azure, there is Azure Import/Export Service. This service enables you to transfer large amounts of data to and from Azure using hard disk drives, so it’s faster and more cost effective for moving big data sets than transferring the data over internet. It enables you to transfer data to Azure by the secure transport of hard disk drives to our data centers, and by using a high-speed, secure internal network.

Get the scoop on the Azure Import/Export Service HERE.

Have an Azure storage feature you’re leaning on to modernize your enterprise storage strategy? Tell us about it by leaving a comment below

Four Ways to Get Started with Azure Automation

While you’re here, check out SIMON, the AI-powered bot, built on the Microsoft Bot Framework, Designed for IT Operations. Learn more at http://lumagatena.com/simon

At this point, admins at most companies I work with are familiar enough with Azure Automation. Often, I find they just don’t have a great use case in mind. In general, there are a couple of ground rules for getting started:

  • Start small. Look for a quick win. Preferably, a project you can knock out on a Friday afternoon.
  • Start in Test/Dev. The quick win needs to be a win…not a black eye for the IT department because you took something down in production.
  • Pick something with an ROI story. Management loves to share ROI stories with corporate leadership. Get a win you can evangelize to your IT management org to fuel desire for additional automation work.

With that out of the way, here are four use cases where you can get started quickly (and safely) with Azure Automation.

Start/Stop VMs

We’re talking about Azure here, so this is the most obvious application to Azure Automation and it can save a lot of money! You can run VMs just during working hours, shutting them down and deallocating at the end of the day, or you can start VMs based on need – when a certain job is started, the VM can boot, process the data, then shut down when it’s not needed. This is great for end of period reporting, if there’s a lot of data to process, and for developer environments. There’s lots of ready-to-go runbooks with the ability to filter VMs based on tags, allowing you to schedule some, but not all VMs to shut down – this could be useful for applications that need many servers at certain times of the day, but fewer at off-peak times – provided you cannot set up the application in VM Scale Sets, of course.

Replace SQL Agent Jobs

Moving to Azure SQL Database is a great way to reduce server management tasks and costs when migrating to Azure. Unfortunately, the Azure DB service doesn’t have a SQL Agent available due to the nature of the service. You can migrate your SQL Agent jobs to Azure Automation, which can connect to your SQL Databases and easily run automated tasks. If the SQL Agent job needs to access VM data somewhere in your network, you can use Hybrid Runbooks to allow Azure to run the job locally, like a Task Scheduler job. The benefit to Hybrid Runbooks over Task Scheduler is that the job is more likely to run if a server is offline – provided you install more than one hybrid worker!

Manage Patches

Did you know that Azure Automation has a native Update Management capability? You can manage your VM updates from a single pane of glass, without needing to invest in a complex configuration management solution. You can quickly onboard VMs and see what patches are missing, triage the most critical patches, and apply them – without having to log into the VM itself. You can schedule regular installation of updates, or apply the specific updates just once. There’s a rich reporting system that can tell you at a glance the current compliance across your servers, and a quick view into whether the installation was successful. The solution can even give you an estimate for how long a given patch will take to install, based on other agents that have installed the same update – that can be tremendously helpful when setting expectations with your business!

Windows is, naturally, supported – using WSUS or public Microsoft update, and some flavours of Linux are supported as well.

Respond to an event alert

Azure Automation can start a runbook when a webhook is called. When an event occurs, the source makes an HTTP request to the URL configured for the webhook, containing some data, and Azure Automation can be configured to parse the data and make a change based on that information. An example could be (returning to the first point) starting a VM if an infrequent task relies on the VM running – when a user starts the process, a webhook containing the VM name and the action (Start) could be sent to Azure Automation, and the VM would boot up in a few minutes. Another example of handling events, which has a more direct application for InfoSec and ITPros, is to respond to an event – for example, if a critical service stops on a VM, Azure Automation can run to reboot the VM or restart the service, or if CPU use gets too high, Azure Automation can scale up the application one server at a time. This isn’t limited to Azure VMs; hybrid runbook workers can run scripts inside AWS or on premises just as easily (though the capabilities are limited to what’s possible on the system you’re connecting to).

That’s for this installment. Have a “win” from your Azure Automation journey you’d like to share? Share in the comments below.

CANADA

Lumagate Inc
117 Barrett Ave
Brantford, ON
N3S 0B3

+1 647.875.6835

USA

Lumagate Inc
1000 N West St. Suite 1501
Wilmington, DE
19899

+1 281.249.5915