Microsoft_Ignite_2019_Cover

Terry Headshot

 

In his role as Senior Systems Engineer, Terry Lynch has been focused on using the full suite of Office 365 and Azure tools to improve productivity and collaboration within iQ3 while maintaining security of online services. Having a deep understanding of how modern teamwork looks allows us to better advise and work with our customers on solutions with these products.

Every year Microsoft travel the world and introduce the technical community to their latest products and innovations. As a Microsoft Partner, iQ3 sent Terry Lynch to learn what’s new and identify trends for the near future.

 

Securing your Clouds

Just because you’ve moved your VM’s and app services to a hosted solution this doesn’t mean you’ve absolved yourself of all responsibility for the systems. In an IAAS or PAAS environment you still need to manage and maintain your systems, this also includes making sure they’re kept secure.
Azure Security Centre gives you an overview of your environment and recommends actions you can take to increase your “Secure Score” to improve your security posture.

Covering settings like Virtual Firewalls, SSL certificates, security logging, multi-factor for user accounts and much more, these guidelines can give you a clear checklist of changes which can positively affect your score and make your environment more secure against various threats.
If your organisation has regulatory compliance requirements such as ISO27001 or PCI DSS 3.2, these frameworks can easily be applied to your environment and alerts raised if new services do not comply.

Securing your Endpoints

With BYOD and the Post-PC era of computing, enabling your users to be productive from any device in any location while still maintaining the integrity of your corporate information is a huge challenge and one which Microsoft’s suite of productivity applications can help you manage.

Intune, Microsoft’s Mobile Device Management (MDM) system has several ways of securing information across iOS, Android, Windows and MacOS devices. The simplest of these is “App Protection Policies” where your users can access corporate information from their own devices using Microsoft apps like Outlook, Word and OneDrive while Intune preventing users from copying data out of their corporate accounts.

Securing your Users

As we have spoken about previously, making sure your user credentials remain private is an ongoing battle with weak passwords, data breaches and  phishing attacks regularly resulting in security incidents.

Recent guidance now suggests that passwords should be made extremely long and complex but changed infrequently and bolstered with second factor authentication. Using this methodlogy with some of the new password-free access methods such as Windows Hello for Business, Microsoft Authenticator and FIDO2 security keys means your users may never need to enter their password manually again.

Automating the Boring Stuff

No one likes doing the same tasks over and over. We all want to come in at 9am on Monday safe in the knowledge that our environment has been running without issue and, if something were to happen, intelligent actions were automatically taken to try and resolve the issue.

Using Azure automation and runbooks you can trigger actions from several types of events to perform all sorts of activities. An easy example of this would be to restart a failed service on a hosted VM and send an email alert if the service is still stopped after 5 consecutive attempts. Azure automation and runbooks can grow to self-manage an entire environment and leave you to enjoy your weekends and sleep peacefully.

Azure Resource Manager templates (ARM templates) are code-based, deployable environments which can be spun up repeatedly with consistent outcomes.

If you are an app developer and wish to create an Azure offering, you can build your environment of servers, storage, networking and any other resources you need and convert this into an ARM template for easy deployment. If you are an infrastructure engineer, build your environment then save the ARM template to redeploy to another resource group or geographic region. As the ARM templates are all code, you can easily open them up and change variables or settings before saving the ARM templates for deployment.

 

Azure Software Update takes the WSUS servers of old and moves update management into Azure where you can easily see an overview of your environment and the update status of all your servers. As Azure Software Update also supports Linux machines you can Configure multiple schedules, classifications and maintenance hours for your entire fleet and let Azure do the hard work of keeping your servers patched, secure and up to date.