What does Windows Server 2025 bring to Active Directory? Richard chats with Orin Thomas about the new version of Windows Server coming and what to expect around Active Directory. Orin talks about how mature the Windows Server space is, so only incremental improvements are warranted, but they are important ones - like retiring NTLM once and for all. And when it comes to Active Directory, there are new secure features you're going to want, but you do need to up your functional level to get them, and that means getting to at least Server 2016 functional level first... then moving everything else. When was the last time you transferred a FSMO role? Orin also digs into the new certification practice options available, where instead of answering questions, you do the work and get evaluated - cool!LinksWhat's New in Server 2025SandwormActive Directory FSMO Roles in WindowsWindows Server Hybrid Administrator AssociateWindows LAPSRecorded August 6, 2024
Do you know how asymmetric encryption works? While at the Kansas City Developers Conference, Richard sat down with Eli Holderness to discuss many of the encryption technologies being used today—and the new options coming in the future! Eli talks about how symmetrical encryption and public key encryption have been the focus of modern encryption, especially on the web. But the ongoing security arms race means we have to keep tweaking encryption—what if we made a bigger leap? Asymmetric encryption offers huge potential - but there's still a long way to go!LinksPasswordless Identity with Eli HoldernessElliptic-Curve CryptographyShor's AlgorithmIsogeny Key ExchangeLearning with ErrorsChrome and Hybrid Kyber KEMliboqsLets EncryptRecorded June 27, 2024
What can you do to Microsoft 365 with PowerShell? Turns out - almost anything! Richard talks to Tony Redmond about his ongoing efforts to educate sysadmins about the vast array of capabilities in M365, including all the PowerShell cmdlets that can let you retrieve and control everything in M365. There's now so much information that Tony and his team have created a separate book explicitly focused on automating M365 with PowerShell. The conversation also turns to the role of Copilot - GitHub Copilot- in helping you write better PowerShell and the challenges around M365 Copilot. The goal is to take advantage of the Microsoft Graph - all that information about your M365 Tenant and what is happening inside it.LinksOffice 365 for IT ProsPractical 365 BlogAutomating Microsoft 365 with PowerShellMicrosoft Graph SDKCopilot for Microsoft 365Microsoft Entra PowerShellGitHub CopilotOverview of Microsoft GraphRecorded August 8, 2024
How is generative AI evolving, and what can we do about it? While at NDC in Oslo, Richard chatted with Alison Cossette about her work as a data scientist before the ChatGPT explosion in November 2022 and what life has been like since the LLM came to town. Alison talks about the rigor of building AI models using generative AI before ChatGPT and how many of those efforts have diminished when confronted with a friendly, confident language model. Eventually, this rigor will be needed - as the dangers of not managing language models cause problems, and the need for rigor will re-appear. Alison describes steps you can take today to understand how the LLMs you are using are trained and how they are tested. Generative AI is evolving, and you can be part of making it better!LinksGitHub CopilotFairly TrainedRecorded June 12, 2024
Leadership wants to get on the AI bandwagon - what are the security risks? While at the Kansas City Developers Conference, Richard sat down with Steve Poole to talk about his experiences helping companies manage the risk of bringing AI into the company. Steve talks about the impact of introducing a new development stack, especially open-source stacks where you aren't sure of the providence of the code - sometimes there's malware in there! The conversation also moves to the various sources of language models and the potential risks. There's an urgency to move quickly on this technology, but don't allow that urgency to shortcut the safety your company will need - you can do this properly!LinksHugging FaceRecorded June 27, 2024
What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of threats - open-source libraries with backdoors, even down to development tools with malware. There are a lot of threats - but when you look, there are often great solutions as well. You'll need to collaborate with development to secure things, but security isn't optional and is worth fighting for.LinksCloud-Native Application Protection PlatformArgoVSCode Malicious Extention ThreatsRecorded June 12, 2024
Are you ready for passkeys? Richard talks to Tarek Dawoud from Microsoft about the evolution of passwordless access with passkeys. Tarek talks about the FIDO alliance and the ongoing effort to create authentication strategies that are mathematically impossible to phish - no password stuffing under the covers that might get exploited by a man-in-the-middle attack. The conversation also dives into the passkeys name and how it's a rebranding of passwordless authentication to make it easier for everyone to understand that you'd rather have a passkey than a password. The products involved are still evolving, but there's plenty you can take advantage of today and make your organization more phishing-resistant than ever!LinksFido AllianceYubicoWindows Hello for BusinessMicrosoft Digital Defense Report 2023Accenture Passwordless JourneyConditional AccessTemporary Access PassEnable Passkeys For Your OrganizationWeb AuthenCTAPMicrosoft Password GuidanceRecorded June 3, 2024
What does it cost to recover from a disaster? While at NDC Oslo, Richard chatted with Natalie Serebryakova about her work helping companies understand their disaster recovery costs and what that process can teach you about your infrastructure. Natalie talks about different types of disasters, from the deletion of a production server to a major outage caused by a fire at a data center - and the power of working through the scenario to determine what needs to be backed up and what it takes to recover. The conversation also dives into the scrutiny of implementation - often, decisions are made that are no longer understood, or systems have changed enough that they could be improved. The result can be lowering DR costs, improving performance, and reducing operating overhead! LinksSOC2DataDogRecorded June 12, 2024
Ready to move your device certificate authority to the cloud? Richard chats with Richard Hicks about Microsoft Cloud PKI - certificate management for devices and people as part of the Intune Suite. Richard talks about it being early days for Cloud PKI, so not everything you want is there yet. The only way to get a certificate onto a device is through Intune, so some devices, like servers, don't have a way to play yet. However, there is a bridge between Active Directory certificates and Cloud PKI, so you can bring your new devices in through Intune and ultimately unload a lot of your on-premises certificate infrastructure. And that will make everyone's lives easier and more secure!LinksConditional AccessActive Directory Certificate ServicesMicrosoft Cloud PKIMicrosoft IntuneIntune and SCEPCertificate Connector for Microsoft IntuneBring Your Own CA in Cloud PKISCEPmanKeytosMicrosoft Entra Certificate-Based AuthenticationPKINIT in KerberosminikatzNetwork Policy ServerRecorded June 3, 2024
How are you protecting your organization's data? Richard chats with Joanne Klein about her work with Microsoft Purview to help with data protection, management, and governance. Joanne talks about a spike in data protection concerns from Microsoft Copilot - if you have been securing data through obscurity, you're in for a nasty surprise! Copilot has a knack for finding every nook and cranny of data. Proper data protection also means effective archiving - getting rid of out-of-date or irrelevant data. And then there are the security concerns around data retention - how do you need to keep, and for how long? Microsoft Purview can help with all these problems, but you must work with leadership to get things right!LinksMicrosoft PurviewAdaptive Prevention in PurviewRecorded June 10, 2024
How has the cloud transformed the way we work with data? While at Build in Seattle, Richard sat down with Arun Ulag, Microsoft CVP of Azure Data, to discuss how the cloud has transformed how we work with data. The pre-cloud practice of extract-transform-and-load into OLAP cubes has given way to the data lake - you don't need to pre-process data if you have all the compute you need on demand. Arun goes further into empowering analysts using tools like PowerBI - but the key is access to data. With Microsoft Fabric, data lives in OneLake - or anywhere through links! Today, the data analytics landscape spans different product stacks and clouds - but all are available to learn more about your business!Links:PowerBIPivot Tables in ExcelOne LakeApache IcebergSnowflakeDatabricksRecorded May 22, 2024
What hardware runs Azure today and into the future? While at Build in Seattle, Richard sat down with Rani Borkar to discuss the hardware that makes up Azure Compute, including examples of the new Cobalt and Maia processors! Rani talks about Cobalt first, Microsoft's ARM processor designed for workloads in the cloud. Then, a look at the Maia processor, which focuses on neural net workloads like large language models. As Rani explains, the scale of the work coming to the cloud today allows for specialized hardware - you would likely not want to buy a machine this specialized for yourself, but you can rent it by the minute in Azure!Links:Azure Cobalt ProcessorAzure MaiaRecorded May 22, 2024
More application platform pieces make your life better! While at Build in Seattle, Richard sat down with Buu Lam of F5 to discuss F5's latest offering, NGINX as a Service in Azure. Buu discussed how F5's products have evolved to run in the cloud, not just on their hardware. While you could run them as virtual machines or containers, providing them as services in Azure is better. You purchase the service in the marketplace and as part of your Azure billing. The conversation digs into the advantages of the services model in terms of updating and instrumentation, as well as reducing the complexity of your infrastructure as code. LinksNGINXKubernetesBIG-IP NextF5 Distributed CloudNGINX as a Service on AzureDevCentral at F5Recorded May 21, 2024
What are the hard parts of machine learning? Richard chats with Lynn Langit about her work helping the Mayo Clinic improve patient outcomes using machine learning to understand patient data better. Lynn talks about the challenges of multi-modal data analytics - taking all the different data collected from a patient, like an X-ray or video, along with treatment notes, to create an overall picture of treatment and outcome. Then multiply that by thousands of patients, making a complicated data problem with huge challenges in testing and validation. How do you know that the machine learning model is correct? The key to practical machine learning is in the fundamentals - working on each step before you jump to the more complex goals!LinksLynn on GitHubBiomedCLIPEvaluation Metrics and Statistical Tests for Machine LearningGitHub Copilot WorkspaceGemini in BigQueryBasic Bioinformatics for ITHistoGPTRecorded May 17, 2024
Have you rolled out Microsoft Defender for Cloud? Richard chats with Yuri Diogenes about the bundle of tools under the Defender for Cloud moniker. Yuri describes Defender for Cloud as a Cloud-Native Application Protection Platform (CNAPP). This Gartner term covers the various elements that go into a cloud-native application, including APIs, servers, containers, storage, resource manager, and more! Defender for Cloud integrates with Microsoft Purview to understand data sensitivity, and Microsoft Sentinel helps detect breaches or data misuse. It also offers attack path analysis and remediation so you can get ahead of the attackers to close off potential breach risks before they happen! Check the links in the show notes for great resources, including an ebook on CNAPP strategy!LinksDefender for CloudOWASP Top 10 API Security RisksDefender for APIsMicrosoft SentinelData Security DashboardAttack PathsMicrosoft PurviewCloud Security Posture ManagementMicrosoft Copilot for SecuritySecurity Remediation with GovernanceDefender for Cloud ServiceNow IntegrationCNAPP Strategy EbookRecorded May 13, 2024
How can Microsoft Copilot make your intranet better? Richard chats with Susan Hanley about her experiences adding Copilot into the intranet via the Copilot Studio and Viva Engage. Susan talks about the challenges of getting your intranet data in order - most notably, archiving old information so that it doesn't clutter up a Copilot with out-of-date and inaccurate data. The conversation explores making smaller Copilots focused on specific domains, like company policy. It's still the early days for copilots, so there are some challenges to getting things done right, but the potential is there!LinksRestricting SharePoint SearchCopilot with Commercial Data ProtectionM365 CopilotMicrosoft Copilot StudioCopilot for Viva EngageViva ConnectionsViva SuiteAnswers in VivaRecorded May 10, 2024
How are your company's Apple devices connected to the enterprise? Richard talks to Michael Epping about the recent additions in Entra that support the authentication of Apple MacOS and iPadOS devices. Michael discusses Apple's Secure Enclave as the equivalent of Trusted Platform Management in Windows. With Entra Platform SSO, you can now use that authentication to access Azure resources and, ultimately, on-premises Kerberos-secured resources! These features are still in public preview but fully supported, and more is coming!LinksMicrosoft IntuneWindows AutopilotMicrosoft Entra HybridMicrosoft Entra SSO Plug-in for Apple DevicesApple Secure EnclaveIntegrate Apple Devices with Microsoft Entra IDApple Automated Device EnrollmentEntra Conditional AccessmacOS Platform Single Sign-onJoin a Mac device with Microsoft Entra IDRecorded May 13, 2024
How can you use PowerApps to extend the functionality of other apps? Richard talks to Christina Wheeler about her efforts to teach folks to use PowerApps to add the functionality they need to Dynamics 365 and elsewhere! Christina talks about her move to Microsoft, shifting from SharePoint to PowerApps, but still essentially doing the same thing - finding customer solutions. The conversation ranges over the power of the Dataverse to provide access to all sorts of data and the emerging role of the Microsoft Copilot Studio to build custom copilots for your organization. LinksDataverseConnect to Dynamics 365 from Power AppsXrmToolboxModel-Driven Apps in Power AppsCanvas Apps in Power AppsMicrosoft Power FxMicrosoft Copilot StudioMicrosoft Bot FrameworkAI CopilotPower Up ProgramPower Platform ConferenceRecorded April 26, 2024
Two old guys talk about Windows AGAIN? Richard brings back Paul Thurrott for the tenth time to discuss Windows more. This time, the discussion focuses on the end of life for Windows 10 - currently October 2025. Paul discusses how it used to be April 2025, but that's not enough time. Is it enough time now? The conversation spans other Windows-related topics, including alternative versions like Windows 365 and Azure Virtual Desktop. And what about Windows 12? There is a bit of speculation at the end of a longer show - weigh in with your thoughts on what's next for Windows!LinksEnd of Support for Windows 10, 8.1, and 7Windows AutopilotWindows CopilotMicrosoft IntuneWindows 365Microsoft EntraAzure Virtual DesktopRecorded April 26, 2024
Machine learning models need updating - what's the reliable way to do it? While in Romania, Richard sat down with Annie Talvasto to talk about her work helping to build DevOps practices around machine learning: Building repeatable processes for data ingestions, cleaning, organization, model building, and deployment. The challenges are the arrays of skilled people needed to operate and evaluate the pipeline - it takes domain experts to know if the machine learning results are accurate and valuable. Tooling can help, but it is only in the early days. If your organization is keen to get machine learning into the company, you need to do some careful planning!LinksJupyter NotebookPandasMLFlowAzure Machine LearningRecorded April 20, 2024