Episode 360 – Who owns your data in Azure?

November 16, 2023

Episode Transcript

In Episode 360, Ben laments about a change in the data processing for Azure Sentinel and Scott contributes some suggestions around Microsoft’s data processing policies and how customers can keep up to date on them along with some suggestions for how to manage your personal data in Log Analytics and Application Insights. Then they close out the show talking about how to track resource ownership over time for your Azure resources.

It’s also the season of giving and we’re raising money for Girls Who Code. Donate today at https://give.girlswhocode.com/msclouditpro!

Like what you hear and want to support the show? Check out our membership options.

Show Notes

About the sponsors

Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.

See full episode transcriptTranscript is autogenerated by AI

1 00:00:03,365 --> 00:00:05,735 - Welcome to episode 360 2 00:00:05,795 --> 00:00:08,255 of the Microsoft Cloud IT Pro podcast 3 00:00:08,895 --> 00:00:11,575 recorded live on November 3rd, 2023. 4 00:00:12,285 --> 00:00:14,815 This is a show about Microsoft 365 5 00:00:14,815 --> 00:00:17,055 and Asher from the perspective of it pros 6 00:00:17,055 --> 00:00:20,295 and end users where we discuss a topic or recent news. 7 00:00:20,395 --> 00:00:22,615 And how about relates to you today, 8 00:00:23,315 --> 00:00:26,215 Ben Laments about a change in the data processing 9 00:00:26,275 --> 00:00:29,175 for Azure Sentinel, which side note 10 00:00:29,725 --> 00:00:32,215 less than two weeks later has now been reversed. 11 00:00:32,635 --> 00:00:35,295 And then Scott provides some suggestions 12 00:00:35,295 --> 00:00:37,215 around Microsoft's policies 13 00:00:37,235 --> 00:00:38,775 and how to keep up to date on them. 14 00:00:39,325 --> 00:00:41,895 Then they wrap up the show by talking about ways 15 00:00:41,955 --> 00:00:44,095 to track resource ownership over time 16 00:00:44,275 --> 00:00:45,695 for your Azure resources. 17 00:00:48,065 --> 00:00:49,695 Scott, I feel like we're maybe sort 18 00:00:49,695 --> 00:00:51,135 of back on schedule for a little bit. 19 00:00:51,185 --> 00:00:53,695 We've been kind of recording all over the place lately. Uh, 20 00:00:53,995 --> 00:00:54,995 - It is what it is. 21 00:00:54,995 --> 00:00:56,575 We'll get there. Holidays are coming 22 00:00:56,615 --> 00:00:57,615 - Up. 23 00:00:57,615 --> 00:00:58,135 Yeah, that'll throw us for a loop. 24 00:00:58,345 --> 00:00:59,895 We're only 15 minutes late today, 25 00:01:00,535 --> 00:01:01,495 - . Oh 26 00:01:02,005 --> 00:01:05,695 - Yeah, I got caught in a meeting about some stuff coming 27 00:01:05,795 --> 00:01:09,255 to the business, future announcements coming down the road, 28 00:01:09,555 --> 00:01:10,815 but I have an announcement. 29 00:01:11,025 --> 00:01:12,095 Let's just dive right into it. 30 00:01:12,095 --> 00:01:14,175 Scott, I have an announcement I got from Microsoft 31 00:01:14,175 --> 00:01:15,975 that actually was kind of disturbing 32 00:01:16,275 --> 00:01:19,775 and it was a little ironic 33 00:01:20,125 --> 00:01:22,015 with some other conversations I was having. 34 00:01:22,315 --> 00:01:24,695 So the other day I should find, I don't know 35 00:01:24,695 --> 00:01:28,295 where this conversation was, I was talking to a friend 36 00:01:28,295 --> 00:01:30,575 of mine and we were discussing, 37 00:01:31,215 --> 00:01:33,735 I think we were actually discussing browsers 38 00:01:34,275 --> 00:01:36,415 and our preference for browsers 39 00:01:36,415 --> 00:01:41,335 with Firefox versus Edge versus A and Safari 40 00:01:41,555 --> 00:01:43,895 and all the options. Brave all 41 00:01:43,895 --> 00:01:45,175 - Those, all the fun things. Yes. 42 00:01:45,315 --> 00:01:47,815 - And he made a comment about trying 43 00:01:47,835 --> 00:01:50,175 to start transitioning from Edge to Firefox. 44 00:01:50,795 --> 00:01:53,215 One, he's been having some issues playing videos and Edge, 45 00:01:53,475 --> 00:01:55,775 but the other comment he made was he's, I'm starting 46 00:01:55,775 --> 00:01:59,175 to get a little worried about this AI stuff with some 47 00:01:59,175 --> 00:02:01,455 of these companies training LLMs, 48 00:02:02,035 --> 00:02:05,775 and them using my data to train their models 49 00:02:05,775 --> 00:02:08,575 because there's also been some debate that we've had 50 00:02:08,575 --> 00:02:12,935 around this, about like training models off of website data. 51 00:02:13,315 --> 00:02:15,375 If some of these companies, 52 00:02:15,515 --> 00:02:17,735 not necessarily specifically Microsoft 53 00:02:17,875 --> 00:02:22,015 but the OpenAI models the bar, like all of these, 54 00:02:22,355 --> 00:02:23,775 how they're learning is are they 55 00:02:24,405 --> 00:02:27,855 potentially scraping like copyrighted material off 56 00:02:27,855 --> 00:02:31,095 of websites to train these Lang large language models? 57 00:02:31,765 --> 00:02:35,255 Like who owns the stuff on my blog if they start using my 58 00:02:35,685 --> 00:02:39,535 blog and answers for these large language models? 59 00:02:39,715 --> 00:02:42,575 All of that. So it was kind of a security discussion 60 00:02:42,575 --> 00:02:45,575 around AI and access to data and who you trust 61 00:02:45,635 --> 00:02:46,975 and who you don't trust and all of that. 62 00:02:47,285 --> 00:02:49,095 This was literally like three 63 00:02:49,095 --> 00:02:53,575 or four hours later I got an email titled Microsoft 64 00:02:53,695 --> 00:02:57,455 Sentinel will begin collecting security research data on 65 00:02:57,765 --> 00:02:59,525 forward December, 2023. 66 00:02:59,585 --> 00:03:00,925 So December 4th of this year, 67 00:03:01,305 --> 00:03:04,565 and this is not for my tenant, this is actually for one 68 00:03:04,565 --> 00:03:05,765 of my customer's tenants, 69 00:03:06,065 --> 00:03:07,845 but it says we're changing 70 00:03:07,905 --> 00:03:09,565 how we collect data Starting on this date. 71 00:03:09,865 --> 00:03:11,045 You are receiving this message 72 00:03:11,045 --> 00:03:13,845 because one of your Microsoft Sentinel workspaces, 73 00:03:13,905 --> 00:03:17,765 so log analytics essentially is opted out 74 00:03:18,145 --> 00:03:20,765 to share the data with Microsoft security research. 75 00:03:21,195 --> 00:03:23,125 This was turned on for a reason. 76 00:03:23,665 --> 00:03:26,285 We did not want this particular data being 77 00:03:26,305 --> 00:03:27,685 shared to Microsoft Research. 78 00:03:27,925 --> 00:03:30,765 . Turns out Microsoft security research protects our 79 00:03:30,965 --> 00:03:32,285 customers against threats and attacks 80 00:03:32,285 --> 00:03:34,325 by delivering built-in state-of-the-art detections, 81 00:03:34,765 --> 00:03:36,525 investigating tools, attack disruptions 82 00:03:36,865 --> 00:03:38,205 and mitigations, 83 00:03:39,125 --> 00:03:42,005 building more accurate models, AI models. 84 00:03:42,565 --> 00:03:44,405 I am reading between the lines there. 85 00:03:44,425 --> 00:03:47,805 It doesn't specifically mention AI requires diverse data 86 00:03:47,805 --> 00:03:49,525 sets and signals because of this. 87 00:03:50,245 --> 00:03:51,925 Starting December 4th, 2023, 88 00:03:52,285 --> 00:03:55,765 Microsoft security research will have access to your data 89 00:03:55,785 --> 00:03:57,725 to help build, test and optimize analytics 90 00:03:57,725 --> 00:03:58,765 models and detections. 91 00:03:59,195 --> 00:04:02,405 Okay, so I turned this on specifically 92 00:04:02,405 --> 00:04:04,365 because I wanted this data to stay private 93 00:04:04,705 --> 00:04:05,965 and now you're telling me 94 00:04:06,225 --> 00:04:07,805 - And by turned it on, you mean turned 95 00:04:07,805 --> 00:04:11,205 - It off - Explicitly opted out Out of this thing. Yeah, 96 00:04:11,425 --> 00:04:12,425 - Out of this. 97 00:04:12,705 --> 00:04:16,125 And now they're just saying, sorry, too bad. We don't care. 98 00:04:16,185 --> 00:04:17,165 We need to build our models 99 00:04:17,225 --> 00:04:18,445 so we're gonna go grab your data. 100 00:04:18,445 --> 00:04:20,565 Anyways, they do go on to say, 101 00:04:20,665 --> 00:04:23,005 so then they have some more information 102 00:04:23,065 --> 00:04:26,925 and I haven't dug into this too far yet, but it's privacy 103 00:04:27,025 --> 00:04:28,445 and data handling commitments 104 00:04:28,505 --> 00:04:30,485 and the Microsoft online services terms 105 00:04:30,625 --> 00:04:33,445 and online services data protection addendum, 106 00:04:33,495 --> 00:04:34,845 their legally applies. 107 00:04:35,385 --> 00:04:39,405 It also says customers using customer managed keys CMK won't 108 00:04:39,405 --> 00:04:40,605 be affected by this change. 109 00:04:40,945 --> 00:04:43,685 So I am theorizing that by 110 00:04:43,685 --> 00:04:45,725 that single sentence down towards the bottom 111 00:04:45,725 --> 00:04:48,445 that if I go switch everything to customer managed keys, 112 00:04:48,915 --> 00:04:50,205 it's not gonna get shared 113 00:04:50,205 --> 00:04:53,165 because potentially this is encrypted then 114 00:04:53,185 --> 00:04:54,725 beyond their ability to grab it. 115 00:04:54,825 --> 00:04:55,925 And then it also has a help 116 00:04:55,925 --> 00:04:58,125 and support if this change affects your environments. 117 00:04:58,515 --> 00:05:02,205 Well yeah, 'cause you're actually changing settings on me 118 00:05:02,585 --> 00:05:03,925 and you'd like to learn more about it. 119 00:05:04,145 --> 00:05:05,445 Please contact support 120 00:05:05,585 --> 00:05:08,805 and then it just walks through like the path to go 121 00:05:08,805 --> 00:05:11,445 through under your issue type and support NA Azure. 122 00:05:11,445 --> 00:05:13,805 Yep. And then it gives the account information, 123 00:05:14,165 --> 00:05:15,205 subscription name, all of that in the 124 00:05:15,205 --> 00:05:16,685 Azure subscription that this is using. 125 00:05:17,025 --> 00:05:18,045 I'm not a big fan of this. 126 00:05:18,685 --> 00:05:21,045 I get if they wanna do this and they send an email 127 00:05:21,185 --> 00:05:26,125 and ask permission or say would you like to help? 128 00:05:26,785 --> 00:05:29,205 Or even saying, 129 00:05:29,605 --> 00:05:32,005 I mean it would probably be borderline is if you don't do 130 00:05:32,205 --> 00:05:33,365 anything, this will be turned on. 131 00:05:33,385 --> 00:05:34,525 But you can go back in 132 00:05:34,525 --> 00:05:36,725 and toggle this checkbox to leave it off 133 00:05:36,905 --> 00:05:38,725 or something along those lines. 134 00:05:39,185 --> 00:05:42,485 But just kind of blatantly saying, we don't care 135 00:05:42,485 --> 00:05:44,405 what you said before about sharing this data, 136 00:05:44,405 --> 00:05:45,605 we're gonna go get it anyways 137 00:05:45,605 --> 00:05:48,245 because we want to train our large language models better. 138 00:05:48,765 --> 00:05:50,765 I totally get the how it helps with security, 139 00:05:50,865 --> 00:05:52,085 how it helps building the models 140 00:05:52,515 --> 00:05:54,445 with security co-pilot coming out. 141 00:05:54,625 --> 00:05:57,290 I'm assuming that also has something to do with this this, 142 00:05:57,585 --> 00:05:59,605 but just going in and blatantly saying 143 00:06:00,305 --> 00:06:01,405 now we're gonna access it. 144 00:06:01,575 --> 00:06:04,125 Especially when they do tend 145 00:06:04,125 --> 00:06:06,565 to focus a little bit more on security than maybe some 146 00:06:06,565 --> 00:06:07,765 of the other big players. 147 00:06:08,315 --> 00:06:11,325 I've tended to trust Microsoft more than Google when it 148 00:06:11,325 --> 00:06:14,645 comes to keeping my data secure and the privacy of my data. 149 00:06:15,145 --> 00:06:16,605 But this just kind of, 150 00:06:17,065 --> 00:06:19,205 it rubbed me the wrong way when I saw this 151 00:06:19,765 --> 00:06:20,765 - . 152 00:06:22,075 --> 00:06:25,245 Yeah, so I'm, I'm over here shaking my head and 153 00:06:25,305 --> 00:06:26,325 and just rubbing my eyes. 154 00:06:26,785 --> 00:06:29,245 So there's a couple of things. 155 00:06:30,065 --> 00:06:33,325 So um, I think part of it is the 156 00:06:34,115 --> 00:06:37,125 just abject fear that's been instilled in everybody. 157 00:06:37,235 --> 00:06:41,205 Like I would not want an LLM hallucinating on top 158 00:06:41,205 --> 00:06:43,565 of my data either back to me 159 00:06:43,865 --> 00:06:46,525 or certainly in context of potentially like my data 160 00:06:46,995 --> 00:06:49,245 with other customer usage, things like that. 161 00:06:49,945 --> 00:06:51,725 So like reading between the lines 162 00:06:52,345 --> 00:06:53,565 and I'm not a lawyer, 163 00:06:54,085 --> 00:06:56,045 I don't work on the sentinel team, anything like that. 164 00:06:56,405 --> 00:06:59,085 A lot of sentinel isn't necessarily AI driven 165 00:06:59,225 --> 00:07:02,605 but it is ML driven which ultimately like these large 166 00:07:02,885 --> 00:07:05,325 language models Yeah those are actually ML as well. 167 00:07:05,325 --> 00:07:06,485 Like we've conflated the whole 168 00:07:07,045 --> 00:07:08,685 ML AI thing, blah blah blah, all that stuff. 169 00:07:08,705 --> 00:07:11,565 Yep. I think it's good to have the signals in there. 170 00:07:11,685 --> 00:07:14,405 I think it's bad to kind of revert on a decision like that. 171 00:07:14,795 --> 00:07:19,285 It's a good reminder to everybody that when you sign up 172 00:07:19,305 --> 00:07:23,765 for these services, like there is a just absolute 173 00:07:24,275 --> 00:07:27,325 crap ton of legalese under underneath the covers 174 00:07:27,435 --> 00:07:28,965 that drives these things 175 00:07:29,625 --> 00:07:31,885 and I don't think enough customers 176 00:07:32,485 --> 00:07:34,845 actually go and read those. 177 00:07:35,515 --> 00:07:39,125 I've had the opportunity a couple times in over the course 178 00:07:39,185 --> 00:07:41,205 of my time at Microsoft to actually have 179 00:07:41,205 --> 00:07:45,245 to go read up on the legal agreement for 180 00:07:45,965 --> 00:07:49,525 Microsoft customers when it comes to the what's known 181 00:07:49,525 --> 00:07:53,965 as the mosa or the Microsoft Online subscription agreement. 182 00:07:54,705 --> 00:07:58,525 So that governs things for MCA customers, sorry, 183 00:07:58,965 --> 00:08:00,285 Microsoft customer agreement MCA 184 00:08:00,785 --> 00:08:04,165 and you know EA customers enterprise agreement customers 185 00:08:04,165 --> 00:08:05,685 have a slightly different set 186 00:08:05,685 --> 00:08:07,645 of terms even if you don't use Azure, 187 00:08:07,645 --> 00:08:10,645 there's always just the general like Microsoft terms of use 188 00:08:10,645 --> 00:08:14,485 that you're using in tools, things like that along the way. 189 00:08:14,785 --> 00:08:16,205 So there's really two things 190 00:08:16,435 --> 00:08:18,645 that even if you're not into the legalese 191 00:08:18,645 --> 00:08:20,125 of the stuff you're doing, it's kind 192 00:08:20,125 --> 00:08:21,125 of interesting if you can go 193 00:08:21,125 --> 00:08:22,205 and stomach your way through it. 194 00:08:22,945 --> 00:08:26,205 One is that most Microsoft online subscription agreement 195 00:08:26,465 --> 00:08:30,605 and then the thing that everybody always forgets is the DPA, 196 00:08:30,815 --> 00:08:34,125 which is the data protection addendum. 197 00:08:34,745 --> 00:08:39,565 So the DPA in many cases is actually the thing 198 00:08:40,155 --> 00:08:42,965 that drives the contract. 199 00:08:43,075 --> 00:08:44,885 Like the legal contract between you 200 00:08:44,885 --> 00:08:48,005 and Microsoft particularly with regard to 201 00:08:48,945 --> 00:08:52,765 the processing and the security of your customer data 202 00:08:52,945 --> 00:08:54,685 and your personal data in there. 203 00:08:55,225 --> 00:08:57,765 In your case here. Yeah, you've got a couple options. 204 00:08:58,425 --> 00:09:02,245 One is go familiarize yourself with the DPA. 205 00:09:02,745 --> 00:09:05,245 And again I encourage every customer to actually do that. 206 00:09:05,275 --> 00:09:07,445 Like not just your lawyers but folks should go 207 00:09:07,445 --> 00:09:08,885 and read it, go read the DPA 208 00:09:08,885 --> 00:09:10,805 and see what Microsoft does with your data. 209 00:09:10,845 --> 00:09:13,885 I don't think Microsoft is like, they're definitely not 210 00:09:13,885 --> 00:09:15,285 as clear as companies like 211 00:09:15,285 --> 00:09:16,445 Apple when it comes to this stuff. 212 00:09:16,715 --> 00:09:19,725 Like Apple's very clear, hey we do processing on device, 213 00:09:20,025 --> 00:09:23,685 here's why we do it on device, blah blah blah privacy, all 214 00:09:23,685 --> 00:09:27,085 that kind of stuff with providers like Google, Microsoft, 215 00:09:27,625 --> 00:09:30,565 Amazon, like all that stuff happens in the cloud 216 00:09:31,185 --> 00:09:34,605 or the the other option like you said is yeah flip over 217 00:09:34,785 --> 00:09:36,085 to CMK. 218 00:09:36,385 --> 00:09:38,205 So CMK is customer managed key 219 00:09:38,335 --> 00:09:41,565 where effectively you're managing your encryption key 220 00:09:42,275 --> 00:09:45,525 including things like rotation of that encryption key 221 00:09:46,025 --> 00:09:49,725 inside something like Azure key vault so that you are in 222 00:09:50,835 --> 00:09:54,165 full control end to end and you have that capability. 223 00:09:54,305 --> 00:09:56,805 So I run into a lot of customers, I don't, 224 00:09:56,805 --> 00:09:58,005 like I said I don't work on cental 225 00:09:58,005 --> 00:09:59,525 but particularly in like storage land, 226 00:09:59,525 --> 00:10:01,725 like people are very sensitive to this kind of thing. 227 00:10:02,105 --> 00:10:04,725 So we do like customer provided key. 228 00:10:04,945 --> 00:10:06,845 So we actually we we do customer managed key 229 00:10:07,015 --> 00:10:10,605 where customers can manage keys inside of KeyVault 230 00:10:10,865 --> 00:10:12,845 but we also have this capability called customer 231 00:10:13,205 --> 00:10:15,485 provided key where per request, 232 00:10:15,795 --> 00:10:19,325 like per upload you can actually send a different encryption 233 00:10:19,345 --> 00:10:23,525 key for every single object if you're like really 234 00:10:23,735 --> 00:10:27,285 super kind of paranoid about that thing 235 00:10:27,545 --> 00:10:30,325 and how it comes together and what that looks like. 236 00:10:30,705 --> 00:10:34,445 The other thing that the DPA is helpful for 237 00:10:35,185 --> 00:10:39,325 is it also doesn't just govern how Microsoft uses your data. 238 00:10:39,785 --> 00:10:43,045 It governs how things like data destruction go 239 00:10:43,625 --> 00:10:44,765 and you know 240 00:10:44,765 --> 00:10:48,405 what happens when you know you issue a delete request 241 00:10:48,625 --> 00:10:50,605 or you delete a particular resource 242 00:10:50,945 --> 00:10:53,285 or something like that along the way. 243 00:10:53,945 --> 00:10:57,125 And then for this one you're actually kind of lucky in 244 00:10:57,155 --> 00:11:00,925 that you are in maybe like an Azure service here. 245 00:11:01,155 --> 00:11:02,885 Like your encryption capabilities 246 00:11:02,885 --> 00:11:04,925 between services are going to vary. 247 00:11:05,555 --> 00:11:09,285 It's a little bit different over in Office 365 M 365 land. 248 00:11:09,435 --> 00:11:11,205 It's different over in Dynamics land. 249 00:11:11,825 --> 00:11:14,525 You might not necessarily be able to come to 250 00:11:15,045 --> 00:11:17,325 consensus across all of those things, 251 00:11:17,695 --> 00:11:19,525 especially when it comes to some 252 00:11:19,525 --> 00:11:21,285 of the large language models you were talking about. 253 00:11:21,355 --> 00:11:24,565 Like those rolling out and getting to where they need to be. 254 00:11:24,565 --> 00:11:27,085 Like they're just gonna be baked into experiences in some 255 00:11:27,085 --> 00:11:31,965 places and customers might not have the level of control 256 00:11:32,235 --> 00:11:34,205 that they necessarily want there upfront. 257 00:11:34,985 --> 00:11:37,445 And that becomes part of the rationalization exercise 258 00:11:37,465 --> 00:11:39,365 of just trying to figure out like is this 259 00:11:39,585 --> 00:11:40,725 the thing that I want to do? 260 00:11:40,945 --> 00:11:42,445 Is it the right thing 261 00:11:42,945 --> 00:11:46,365 for me at this given place time? That kind of thing. 262 00:11:46,365 --> 00:11:48,765 - Definitely and maybe it has this 263 00:11:48,865 --> 00:11:52,765 and I have not probably spent as much time reading these 264 00:11:53,765 --> 00:11:57,765 DPA and legalese as I should, 265 00:11:57,865 --> 00:12:00,925 but the other thing that would've been nice to include 266 00:12:01,505 --> 00:12:02,845 in either the email 267 00:12:02,865 --> 00:12:07,645 or have a link to it is what data is actually being sent? 268 00:12:07,955 --> 00:12:10,165 Like is it row for row 269 00:12:10,795 --> 00:12:13,005 data from my tables in Sentinel 270 00:12:13,185 --> 00:12:17,525 or is it things like when Sentinel detects a brute force 271 00:12:17,585 --> 00:12:21,125 attack, the IP addresses of a potential brute force attack 272 00:12:21,705 --> 00:12:25,725 and where is it almost anonymized I guess in sense 273 00:12:25,785 --> 00:12:29,685 or sent a summary of the data that's coming in versus 274 00:12:30,715 --> 00:12:35,085 this is sending like IP addresses and usernames 275 00:12:35,425 --> 00:12:37,485 and countries 276 00:12:37,625 --> 00:12:42,485 and I don't know 100% at least from this email, 277 00:12:43,035 --> 00:12:45,285 what does it mean when this data's being 278 00:12:46,205 --> 00:12:50,085 provided now to the Microsoft security research in terms 279 00:12:50,085 --> 00:12:53,565 of the level of data or the details around what that is. 280 00:12:53,625 --> 00:12:54,845 - That's an interesting one. 281 00:12:55,205 --> 00:12:59,325 I actually, I pulled up the DPA while you were chatting just 282 00:12:59,325 --> 00:13:01,965 to see is there anything specific to 283 00:13:02,865 --> 00:13:04,645 to Sentinel in there two that's called out 284 00:13:04,825 --> 00:13:08,125 and yeah there's not anything in that one. 285 00:13:08,385 --> 00:13:11,165 The other thing it's gotten kind of harder over time 286 00:13:11,265 --> 00:13:14,245 to find some misinformation like the DPA a used 287 00:13:14,245 --> 00:13:15,445 to be like an online thing 288 00:13:15,985 --> 00:13:18,285 or one of 'em did the online service terms 289 00:13:18,585 --> 00:13:20,165 and even like SLAs 290 00:13:20,165 --> 00:13:21,965 and things now they're like turning into like PDFs 291 00:13:21,965 --> 00:13:24,645 and word docs so you have to like explicitly go out 292 00:13:24,745 --> 00:13:28,805 and download them and figure all that stuff 293 00:13:28,905 --> 00:13:29,905 - Out. 294 00:13:29,905 --> 00:13:30,245 Yeah it's interesting. 295 00:13:30,245 --> 00:13:34,165 And then this is a conversation kind of going along side 296 00:13:34,165 --> 00:13:37,685 of this in Discord too is you mentioned this is Azure, 297 00:13:37,755 --> 00:13:39,445 this also comes into play as 298 00:13:39,675 --> 00:13:41,845 what this would mean potentially 299 00:13:41,905 --> 00:13:43,925 for Microsoft 365 down the road. 300 00:13:44,435 --> 00:13:47,885 This particular case isn't applicable to Microsoft 365 301 00:13:48,065 --> 00:13:51,685 and Azure the customer managed key 302 00:13:52,215 --> 00:13:56,085 isn't necessarily a expensive paid 303 00:13:56,105 --> 00:13:59,925 for service versus Microsoft 365 I believe if you wanna do 304 00:13:59,925 --> 00:14:03,085 like a customer managed key and Microsoft 365 305 00:14:03,465 --> 00:14:05,965 but you need to be on an E five license 306 00:14:06,185 --> 00:14:08,525 and I can't remember which E five it is, 307 00:14:08,665 --> 00:14:10,165 if it's the EMSE five 308 00:14:10,225 --> 00:14:12,045 or the Office 365 E five, 309 00:14:13,005 --> 00:14:15,085 Microsoft 365 E five would definitely cover it 310 00:14:15,205 --> 00:14:16,525 'cause it has both of those in there. 311 00:14:16,945 --> 00:14:18,205 But if I remember right, 312 00:14:18,525 --> 00:14:21,045 customer managed keys in Microsoft 365 or E five. 313 00:14:21,345 --> 00:14:23,445 So if you ended up in this boat 314 00:14:23,515 --> 00:14:26,885 with say Microsoft 365 copilot as that's coming out 315 00:14:26,885 --> 00:14:29,245 where you got an email saying you've elected 316 00:14:29,385 --> 00:14:33,605 to not share certain information with the Microsoft 365 317 00:14:34,285 --> 00:14:36,205 security research and the only way 318 00:14:36,205 --> 00:14:37,645 to block it is customer managed keys. 319 00:14:38,105 --> 00:14:41,445 You could find yourself in a position where the only way 320 00:14:41,445 --> 00:14:44,765 to stop that would be to upgrade from like 321 00:14:44,765 --> 00:14:46,925 that E three five plan 2 85 plan. 322 00:14:47,345 --> 00:14:49,325 The whole large language model. 323 00:14:50,055 --> 00:14:52,125 Again, to your point, it it's my data 324 00:14:52,425 --> 00:14:54,245 but it isn't Microsoft's data center. 325 00:14:54,515 --> 00:14:55,685 They're hosting it all. 326 00:14:55,945 --> 00:14:58,445 And again I haven't read all of the legalese 327 00:14:58,445 --> 00:15:00,845 around when they can or can't do this type of stuff 328 00:15:00,865 --> 00:15:05,125 but it definitely does lead to some interesting things 329 00:15:05,465 --> 00:15:09,805 to consider as everybody is now scrambling for data 330 00:15:10,105 --> 00:15:12,165 for these large language models where 331 00:15:12,265 --> 00:15:15,365 before part of my thing was Google always wanted your data 332 00:15:15,425 --> 00:15:17,205 and I'm gonna call out Google specifically 333 00:15:17,205 --> 00:15:19,125 because they're in the advertising business. 334 00:15:19,965 --> 00:15:21,725 Facebook or Meta always wanted your data 335 00:15:21,965 --> 00:15:23,405 'cause they're in the advertising business. 336 00:15:23,475 --> 00:15:26,725 They benefit from getting as much data as they can about you 337 00:15:27,105 --> 00:15:29,525 to better advertise and market to you. 338 00:15:29,855 --> 00:15:32,085 Where let's face it, that wasn't Microsoft's business 339 00:15:32,425 --> 00:15:33,645 but now with AI 340 00:15:33,705 --> 00:15:35,525 and everybody kind of battling 341 00:15:35,525 --> 00:15:37,285 for these large language models 342 00:15:37,425 --> 00:15:40,085 and the training of 'em, all of a sudden 343 00:15:40,645 --> 00:15:44,245 I find Microsoft wanting a lot more data than maybe they did 344 00:15:44,245 --> 00:15:46,645 before so that they can train these models. 345 00:15:46,815 --> 00:15:50,325 Which definitely leads to, like someone said, 346 00:15:50,325 --> 00:15:51,965 it's some interesting days, interesting times 347 00:15:52,185 --> 00:15:54,765 to think about some of the implications of this 348 00:15:54,765 --> 00:15:57,485 beyond just copilot can help me with my work. Now 349 00:15:57,685 --> 00:15:59,485 - I hate to be a stickler for language 350 00:15:59,545 --> 00:16:02,205 but I, I kind of would continue to encourage you to 351 00:16:03,385 --> 00:16:06,365 not think of everything in ML land as 352 00:16:06,885 --> 00:16:08,045 a large language model. 353 00:16:08,465 --> 00:16:11,965 So like large language models are specific things like in 354 00:16:11,965 --> 00:16:15,005 many cases like in the case of chat GPT we're dealing 355 00:16:15,005 --> 00:16:16,645 with language transformers. 356 00:16:16,705 --> 00:16:19,205 So these are things, these are machine learning models 357 00:16:19,795 --> 00:16:22,685 that are built around natural language processing. 358 00:16:23,145 --> 00:16:26,085 So if you're ever played around with say like Lewis 359 00:16:26,425 --> 00:16:29,525 and sorry the language understanding intelligence service 360 00:16:30,065 --> 00:16:33,165 and building out like chatbots in Azure 361 00:16:33,165 --> 00:16:34,605 or something like that, you're dealing 362 00:16:34,605 --> 00:16:35,925 with natural language processing. 363 00:16:36,075 --> 00:16:41,045 There's all sorts of other ML models that can 364 00:16:41,385 --> 00:16:43,845 and do exist out there. 365 00:16:44,505 --> 00:16:48,565 So that could be things like you said like maybe maybe I'm a 366 00:16:49,005 --> 00:16:53,525 somebody like Google and I'm trying to figure out spread of 367 00:16:54,285 --> 00:16:56,245 advertising and cohorts of customers 368 00:16:56,465 --> 00:16:59,365 and so I can give my advertisers the best experience 369 00:16:59,365 --> 00:17:00,405 where they can target their ads 370 00:17:00,405 --> 00:17:01,965 to people in a certain demographic. 371 00:17:01,995 --> 00:17:06,685 Like I only want to target 25 to 30 year olds that live 372 00:17:07,225 --> 00:17:09,965 in Spain or even a certain region. 373 00:17:10,115 --> 00:17:12,085 Like you can get down to that level 374 00:17:12,085 --> 00:17:13,165 of granularity sometimes 375 00:17:13,195 --> 00:17:14,485 depending on what's going on out there. 376 00:17:14,485 --> 00:17:17,725 And that's very different than hey I'm gonna throw a large 377 00:17:18,085 --> 00:17:19,405 language model against this thing 378 00:17:19,785 --> 00:17:22,845 or some type of transformer against it so it can ingest 379 00:17:22,845 --> 00:17:24,725 and do a bunch of natural language processing. 380 00:17:24,725 --> 00:17:27,805 So I would bet in the case of something like Sentinel, 381 00:17:28,525 --> 00:17:29,605 'cause Sentinel is a product 382 00:17:29,605 --> 00:17:32,645 that like you can bring your own ML models to as well. 383 00:17:32,715 --> 00:17:36,085 Like you can do your own inference on top of it even on top 384 00:17:36,085 --> 00:17:37,445 of like your own custom data 385 00:17:37,755 --> 00:17:40,205 that you potentially bring into Sentinel, 386 00:17:40,385 --> 00:17:42,445 say you're doing like taxi or things like that 387 00:17:42,505 --> 00:17:44,765 and kind of side curing your own data in there. 388 00:17:45,065 --> 00:17:46,165 So I would bet 389 00:17:46,165 --> 00:17:48,925 that it's more about all up signals especially 390 00:17:49,205 --> 00:17:51,685 'cause if you look at the way things have been going 391 00:17:51,715 --> 00:17:55,645 with security in general like across the tech companies, 392 00:17:56,045 --> 00:17:57,765 I don't think Microsoft's any exception here. 393 00:17:58,065 --> 00:18:00,845 The more signals you have the better off you can be. Yep. 394 00:18:01,185 --> 00:18:04,205 What's the sensitivity like just a devil's advocate, 395 00:18:04,205 --> 00:18:08,365 like what's the sensitivity to a signal in Sentinel versus 396 00:18:09,515 --> 00:18:13,845 something in your sign-in logs in Azure AD like being 397 00:18:14,015 --> 00:18:17,445 anonymized and correlated across the service, right? 398 00:18:17,885 --> 00:18:19,125 Microsoft always talks a lot about 399 00:18:19,825 --> 00:18:22,045 hey why does security work so well in 400 00:18:22,745 --> 00:18:24,965 ID the artist formerly known as Azure ad? 401 00:18:25,315 --> 00:18:27,925 It's because they have billions of logins 402 00:18:27,985 --> 00:18:31,125 and billions of signals that they can run that inference on 403 00:18:31,185 --> 00:18:33,565 and figure out the next thing there. 404 00:18:37,305 --> 00:18:38,925 - Do you feel overwhelmed by trying 405 00:18:38,925 --> 00:18:41,005 to manage your Office 365 environment? 406 00:18:41,105 --> 00:18:42,885 Are you facing unexpected issues 407 00:18:42,885 --> 00:18:44,965 that disrupt your company's productivity? 408 00:18:44,995 --> 00:18:47,805 Intelligent is here to help much like you take your car 409 00:18:47,805 --> 00:18:50,485 to the mechanic that has specialized knowledge on how 410 00:18:50,485 --> 00:18:53,245 to best keep your car running Intelligent helps you 411 00:18:53,245 --> 00:18:54,965 with your Microsoft cloud environment 412 00:18:54,965 --> 00:18:56,565 because that's their expertise. 413 00:18:56,675 --> 00:18:58,005 Intelligent keeps up 414 00:18:58,005 --> 00:18:59,845 with the latest updates in the Microsoft cloud 415 00:18:59,865 --> 00:19:01,845 to help keep your business running smoothly 416 00:19:01,945 --> 00:19:03,085 and ahead of the curve. 417 00:19:03,115 --> 00:19:05,005 Whether you are a small organization 418 00:19:05,005 --> 00:19:07,485 with just a few users up to an organization 419 00:19:07,485 --> 00:19:10,765 of several thousand employees they want to partner with you 420 00:19:10,785 --> 00:19:14,205 to implement and administer your Microsoft Cloud technology, 421 00:19:14,775 --> 00:19:18,045 visit them at intelligent.com/podcast, 422 00:19:18,425 --> 00:19:23,085 that's I-N-T-E-L-I-G-I-N 423 00:19:23,165 --> 00:19:26,765 k.com/podcast for more information 424 00:19:26,825 --> 00:19:28,405 or to schedule a 30 minute call 425 00:19:28,425 --> 00:19:29,765 to get started with them today. 426 00:19:30,605 --> 00:19:33,245 Remember intelligent focuses on the Microsoft cloud 427 00:19:33,345 --> 00:19:35,165 so you can focus on your business. 428 00:19:37,645 --> 00:19:40,765 I think that's the part that I get where to your point, 429 00:19:40,765 --> 00:19:44,285 Sentinel would absolutely, I was trying to find a tweet 430 00:19:44,285 --> 00:19:46,685 but I think I lost it in our chats, being able 431 00:19:46,685 --> 00:19:47,685 to just pull those signals 432 00:19:47,685 --> 00:19:50,325 and if they're anonymized enough, I totally get it. 433 00:19:50,355 --> 00:19:53,525 Like you look at the amount of signals that Microsoft gets 434 00:19:53,625 --> 00:19:57,685 and I've talked to red team companies 435 00:19:57,685 --> 00:20:01,405 before that are actually writing viruses trying 436 00:20:01,425 --> 00:20:02,965 to bypass things like 437 00:20:03,685 --> 00:20:05,845 Microsoft Defender from an antivirus perspective 438 00:20:06,545 --> 00:20:08,485 and they've told me, 439 00:20:08,585 --> 00:20:10,485 and I don't have any validation 440 00:20:10,485 --> 00:20:12,445 for this other than just word of mouth talking 441 00:20:12,465 --> 00:20:15,565 to these people that Microsoft Defender antivirus is one 442 00:20:15,565 --> 00:20:19,405 of the hardest antivirus software to bypass 443 00:20:20,035 --> 00:20:22,085 when they're just writing a virus from scratch 444 00:20:22,545 --> 00:20:24,805 and that once they are able to write one 445 00:20:25,405 --> 00:20:27,365 Microsoft Defender is also one of the ones 446 00:20:27,435 --> 00:20:29,125 that shuts it down the quickest. 447 00:20:29,125 --> 00:20:31,565 They said I essentially get one shot at it, I deploy 448 00:20:31,565 --> 00:20:34,605 that virus, I use it, I get in, I never works again. 449 00:20:35,425 --> 00:20:38,365 And I think some of that is to your point of 450 00:20:38,885 --> 00:20:40,525 Microsoft is able to take all 451 00:20:40,525 --> 00:20:43,605 of these different signals from their products 452 00:20:44,145 --> 00:20:48,485 and they use them to protect other tenants. 453 00:20:48,585 --> 00:20:52,485 So myself, anybody else listening to this podcast 454 00:20:52,595 --> 00:20:55,805 that uses Microsoft 365 is benefiting from the signals 455 00:20:55,805 --> 00:20:58,685 that these Microsoft security products are getting from 456 00:20:58,685 --> 00:21:01,205 people also trying to attack Microsoft. 457 00:21:01,785 --> 00:21:04,405 You look at what Microsoft 365 is, 90% 458 00:21:04,405 --> 00:21:06,565 of the Fortune five hundreds, how many 459 00:21:06,565 --> 00:21:09,045 of them are deploying Defender Sentinel? 460 00:21:09,045 --> 00:21:11,885 Some of those. But there's signals coming in from those 461 00:21:11,885 --> 00:21:14,925 that Microsoft uses to protect the small guys as well. 462 00:21:15,105 --> 00:21:19,445 So I also do understand that if those are anonymized enough, 463 00:21:19,445 --> 00:21:21,125 if they can figure out those signals 464 00:21:21,265 --> 00:21:23,885 and this is where I, maybe you have 465 00:21:24,125 --> 00:21:26,565 to trust Microsoft a little bit that they're not 466 00:21:27,085 --> 00:21:29,605 grabbing a bunch of PII type of data 467 00:21:29,865 --> 00:21:33,005 or really sensitive internal data 468 00:21:33,225 --> 00:21:34,805 but looking at some of those signals 469 00:21:34,825 --> 00:21:36,285 to really help strengthen that. 470 00:21:36,645 --> 00:21:40,005 I think there absolutely is a benefit to that. 471 00:21:40,525 --> 00:21:41,605 I think it was a tweet from Merrill 472 00:21:41,605 --> 00:21:43,925 that I saw about the amount of signals 473 00:21:43,925 --> 00:21:45,925 that Microsoft does get and analyze a day 474 00:21:45,945 --> 00:21:49,605 and it's like in the trillions I believe 475 00:21:49,825 --> 00:21:53,805 of signals a day that Microsoft gets around 476 00:21:54,345 --> 00:21:58,965 people trying to breach the Microsoft products essentially. 477 00:21:59,025 --> 00:22:01,165 Or maybe it was even specific to Entra. It's 478 00:22:01,445 --> 00:22:02,445 - A ton of data, right? 479 00:22:02,445 --> 00:22:04,805 If you consider like particularly in the case of intra 480 00:22:04,945 --> 00:22:09,605 and login data 'cause Microsoft is able to aggregate 481 00:22:09,625 --> 00:22:13,085 and correlate signals across the public service as well. 482 00:22:13,425 --> 00:22:16,805 So like your endpoint when you log to enterra 483 00:22:17,535 --> 00:22:21,045 login do microsoft online.com, like that's the same thing 484 00:22:21,045 --> 00:22:25,005 that MSAs and all that use and all that use as well. 485 00:22:25,565 --> 00:22:27,565 I don't know if you have any options here so 486 00:22:28,075 --> 00:22:29,725 I'll put a link in the show notes. 487 00:22:29,825 --> 00:22:31,805 So one thing that does come up from time 488 00:22:31,805 --> 00:22:34,685 to time is handling personal data in things 489 00:22:34,715 --> 00:22:35,805 like log analytics. 490 00:22:35,995 --> 00:22:38,085 Like I haven't seen specific guidance for Sentinel 491 00:22:38,085 --> 00:22:40,565 and I've been kind of like binging Duck Tuck going 492 00:22:40,585 --> 00:22:42,165 and then googling in the background here. 493 00:22:42,365 --> 00:22:43,405 uh, I couldn't find much 494 00:22:43,425 --> 00:22:46,685 but there is specific guidance out there for log analytics 495 00:22:46,985 --> 00:22:48,485 and app insights customers. 496 00:22:48,665 --> 00:22:50,645 So maybe you want to take a look through that as well. 497 00:22:50,685 --> 00:22:52,765 I don't know if there's things that can potentially like 498 00:22:52,835 --> 00:22:55,245 make it a little bit better by potentially getting 499 00:22:55,245 --> 00:22:58,205 that data over to a different log analytics workspace once 500 00:22:58,205 --> 00:23:00,525 you're done with analysis in sentinels 501 00:23:00,525 --> 00:23:02,005 so you can still retain it for yourself. 502 00:23:02,105 --> 00:23:05,925 Are there potential retention things you wanna do At the end 503 00:23:05,925 --> 00:23:08,085 of the day the data's the data though, right? 504 00:23:08,145 --> 00:23:09,165 So you've gotta kind 505 00:23:09,165 --> 00:23:11,645 of figure out your path to navigate through there. 506 00:23:11,645 --> 00:23:14,645 Whether that's saying well sentinels not the service 507 00:23:14,745 --> 00:23:18,485 for me given a set of constraints that exist 508 00:23:19,065 --> 00:23:21,725 or it it is and I'm gonna live with it 509 00:23:21,865 --> 00:23:24,685 or sentinel's not the thing for me in its current form. 510 00:23:24,905 --> 00:23:26,045 So I need to do something 511 00:23:26,045 --> 00:23:28,045 and potentially upgrade to some form 512 00:23:28,045 --> 00:23:30,405 of my own encryption key like customer managed key 513 00:23:30,905 --> 00:23:34,365 and then live with any licensing implications that come 514 00:23:34,365 --> 00:23:38,325 with it to have that associated level of privacy. Yeah 515 00:23:38,605 --> 00:23:40,965 - I found the tweet, it was not about signals, 516 00:23:41,075 --> 00:23:43,605 this was just about password attacks per second 517 00:23:44,275 --> 00:23:48,445 blocked 4,000 password attacks per second this year. 518 00:23:48,675 --> 00:23:52,645 Like that's just an insane amount of data coming in 519 00:23:52,645 --> 00:23:54,325 because it's not just that they blocked 'em, 520 00:23:54,345 --> 00:23:55,965 I'm sure they were looking where they're coming 521 00:23:55,995 --> 00:23:57,245 from, all of that. 522 00:23:57,465 --> 00:24:01,485 But any who, I'll have to go look through that article 523 00:24:01,545 --> 00:24:06,045 as well and if we want to make any changes to log analytics 524 00:24:06,585 --> 00:24:08,485 and how that data's in there, the 525 00:24:08,485 --> 00:24:10,285 - Nice thing on your side is that you work 526 00:24:10,285 --> 00:24:13,405 with enough customers that it's also like the all learning 527 00:24:13,405 --> 00:24:16,205 that you can carry forward for them as well 528 00:24:16,705 --> 00:24:20,005 and say okay here's potential considerations. 529 00:24:20,625 --> 00:24:22,845 We might wanna think about this as we're turning it on. 530 00:24:23,225 --> 00:24:25,685 So you can kind of front load the conversation 531 00:24:25,995 --> 00:24:30,125 with new customers in this like crazy always 532 00:24:30,275 --> 00:24:31,725 ever changing landscape. 533 00:24:32,075 --> 00:24:35,085 - Exactly. So interesting scenario. 534 00:24:35,305 --> 00:24:36,525 Do you have other, you had 535 00:24:36,525 --> 00:24:37,725 something else you wanna talk about today? 536 00:24:38,065 --> 00:24:39,325 We spent a long time on that 537 00:24:39,665 --> 00:24:41,925 but let's dive into your topic. We 538 00:24:41,925 --> 00:24:45,525 - Did, so mine's a little bit of a a logging thing as well. 539 00:24:46,065 --> 00:24:47,845 So this is one that came up 540 00:24:47,845 --> 00:24:51,125 with in in a customer conversation with me recently 541 00:24:51,225 --> 00:24:54,845 and I think it impacts a lot 542 00:24:54,845 --> 00:24:57,205 of customers in Azure or 543 00:24:57,205 --> 00:25:00,125 or there's the potential for customers to ask this question. 544 00:25:00,165 --> 00:25:01,725 I don't know, it's like a big impacting issue 545 00:25:01,785 --> 00:25:05,645 but so have you ever been in the boat where you're working 546 00:25:05,835 --> 00:25:08,205 with somebody and you sit there 547 00:25:08,425 --> 00:25:09,845 and you do a bunch of deployments 548 00:25:10,065 --> 00:25:11,845 and you kind of turn stuff on 549 00:25:11,845 --> 00:25:13,765 and then you walk away from it for a while 550 00:25:13,865 --> 00:25:16,085 and then you move on to the next thing 551 00:25:16,345 --> 00:25:18,085 and then the next person comes in behind you 552 00:25:18,085 --> 00:25:20,525 and they say, huh, what is this thing? 553 00:25:20,825 --> 00:25:22,925 Who created it? Do I still need it anymore? 554 00:25:23,235 --> 00:25:26,045 Does it need to be on, can I delete it? 555 00:25:26,745 --> 00:25:29,005 And it's one of those things that you came up I, 556 00:25:29,125 --> 00:25:31,365 I was talking with a customer funny enough about some 557 00:25:31,365 --> 00:25:33,165 storage accounts and they're like, Hey I have all these, 558 00:25:33,435 --> 00:25:35,605 they had a couple hundred different accounts out there 559 00:25:35,985 --> 00:25:37,325 and they're like, can I delete them? 560 00:25:37,595 --> 00:25:39,765 Like well do they have activity ? 561 00:25:40,115 --> 00:25:41,765 Have you checked just the metrics 562 00:25:41,985 --> 00:25:45,125 to see if you're driving any transactions in there? 563 00:25:45,825 --> 00:25:48,845 Oh no I haven't done that. All right, well let's go do that. 564 00:25:49,015 --> 00:25:50,685 Let's spin up an easy mod workbook 565 00:25:50,825 --> 00:25:52,325 and uh, Azure monitor workbook 566 00:25:52,325 --> 00:25:53,765 and we'll look at some of this stuff and 567 00:25:53,825 --> 00:25:55,045 and see what's going on. 568 00:25:55,425 --> 00:25:57,285 Oh I see these 10 accounts over here 569 00:25:57,335 --> 00:25:58,645 don't have any activity. 570 00:25:58,715 --> 00:26:00,165 They go can I delete 'em? 571 00:26:00,405 --> 00:26:03,165 I don't know what, what data's in there. Well I don't know. 572 00:26:03,335 --> 00:26:06,845 Maybe I should go and talk to the person who manages it. 573 00:26:06,985 --> 00:26:08,325 So the crux of the question is 574 00:26:08,625 --> 00:26:10,565 who actually manages your re Yeah, 575 00:26:10,565 --> 00:26:12,525 who manages resources in Azure 576 00:26:13,025 --> 00:26:14,565 and how do you go back in time 577 00:26:15,065 --> 00:26:17,765 and figure that out for resources that 578 00:26:18,595 --> 00:26:23,285 have potentially existed for years and years and years? 579 00:26:23,645 --> 00:26:25,845 - A hundred percent. And it's funny you bring this up 580 00:26:26,005 --> 00:26:28,885 'cause I had a customer doing this exercise as well 581 00:26:28,885 --> 00:26:32,765 that I'm supposed to actually go do some work trying to sort 582 00:26:32,765 --> 00:26:36,725 through resources and figure some of this out 583 00:26:36,725 --> 00:26:37,805 because they're in the boat 584 00:26:37,805 --> 00:26:39,485 where they have everything in five subscriptions 585 00:26:39,625 --> 00:26:42,245 and we need to break it out into 14 subscriptions 586 00:26:42,505 --> 00:26:45,005 but we don't wanna move stuff that's not being used anymore. 587 00:26:45,325 --> 00:26:46,845 I mean this is not an insignificant 588 00:26:46,845 --> 00:26:47,965 amount of resources either. 589 00:26:48,015 --> 00:26:50,245 We're talking like thousands of resources. 590 00:26:50,715 --> 00:26:52,085 It's not quite, I don't think it's 591 00:26:52,085 --> 00:26:53,205 up in the tens of thousands. 592 00:26:53,425 --> 00:26:55,445 It might be definitely not hundreds of thousands 593 00:26:55,465 --> 00:26:58,005 but to your point it's okay we have these five 594 00:26:58,285 --> 00:27:01,605 subscriptions, thousands and thousands of resources first 595 00:27:01,985 --> 00:27:03,765 before even who owns them 596 00:27:03,785 --> 00:27:07,365 or who would know is how do we even go through 597 00:27:07,365 --> 00:27:10,525 and figure out which of these resources are still used, 598 00:27:10,525 --> 00:27:13,285 which can be deleted, which maybe can we archive? 599 00:27:13,905 --> 00:27:17,765 Are there resources that we could change the SKU on, 600 00:27:17,835 --> 00:27:20,565 have SKUs changed so that we can get some price savings 601 00:27:20,745 --> 00:27:22,285 by making some changes to 'em? 602 00:27:22,585 --> 00:27:25,765 And to your point then, who actually is in charge 603 00:27:25,765 --> 00:27:27,005 of making those decisions? 604 00:27:27,005 --> 00:27:30,405 Because some of these are production services, some 605 00:27:30,405 --> 00:27:32,605 of those are dev, some of those are test 606 00:27:32,785 --> 00:27:34,205 and what's going on. 607 00:27:34,385 --> 00:27:37,845 So since I have that question, what's the answer Scott? I 608 00:27:37,845 --> 00:27:39,365 - Had a couple of thoughts here 609 00:27:39,585 --> 00:27:42,245 and some of it is we're eventually we're gonna hit a 610 00:27:42,245 --> 00:27:44,125 roadblock and we can't go back in time all the way. 611 00:27:44,425 --> 00:27:48,285 So first thing is, is this resource being 612 00:27:48,805 --> 00:27:50,045 actively used right now? 613 00:27:50,805 --> 00:27:52,845 I think one of the best ways to do that is 614 00:27:53,655 --> 00:27:56,245 start over in Azure Monitor. 615 00:27:56,745 --> 00:28:00,565 So I often refer to that in shorthand as azon 616 00:28:01,345 --> 00:28:05,685 and over in Azon there's a bunch of built-in workbooks 617 00:28:05,945 --> 00:28:08,405 around kind of core service metrics. 618 00:28:08,505 --> 00:28:10,085 So if you're dealing with a core service, 619 00:28:10,505 --> 00:28:14,245 so I'm thinking things that fall into kind of compute, 620 00:28:14,245 --> 00:28:17,925 networking, storage, many of the data analytics services, 621 00:28:17,925 --> 00:28:20,165 things like that, they all have a set 622 00:28:20,165 --> 00:28:24,365 of default metrics which often drive back to things 623 00:28:25,035 --> 00:28:27,685 like transactions in the service, right? 624 00:28:27,685 --> 00:28:30,165 If I'm dealing with a storage account, am I seeing puts 625 00:28:30,165 --> 00:28:31,965 and gets actively to that storage account? 626 00:28:32,265 --> 00:28:36,085 And if I am, I I I know somebody out there is using it 627 00:28:36,085 --> 00:28:39,045 and potentially that helps me take the next step 628 00:28:39,305 --> 00:28:40,805 to go and answer the question. 629 00:28:41,035 --> 00:28:44,445 Okay, now I know it's on who is using it 630 00:28:44,665 --> 00:28:47,605 and who is using it can go a couple different ways. 631 00:28:47,985 --> 00:28:50,925 If I'm dealing say with if virtual machine 632 00:28:51,305 --> 00:28:55,245 and who is using it, I might want to go 633 00:28:55,585 --> 00:28:58,245 and just check out the activity log for that VM 634 00:28:58,465 --> 00:29:00,085 or spit out some diagnostics 635 00:29:00,085 --> 00:29:01,525 and do something like log analytics 636 00:29:01,545 --> 00:29:05,485 or a storage account, some service like that and take a look 637 00:29:05,485 --> 00:29:07,485 and see okay great, I know this thing's powered up 638 00:29:07,485 --> 00:29:09,805 and it's on am I seeing active logins to it? 639 00:29:10,185 --> 00:29:14,085 Can I actually infer anything from a login name 640 00:29:14,225 --> 00:29:16,245 or like we talked about baston last week, 641 00:29:16,445 --> 00:29:18,245 a bastion connection, things like that. 642 00:29:18,865 --> 00:29:21,005 If it's a storage account I have resource 643 00:29:21,115 --> 00:29:22,125 logs that I can turn on. 644 00:29:22,555 --> 00:29:25,205 Most customers tend to complain once we get down 645 00:29:25,205 --> 00:29:26,245 to this step 646 00:29:26,245 --> 00:29:28,325 where we're saying like well go look at like the fine 647 00:29:28,325 --> 00:29:30,245 grained resource logs for the thing. 648 00:29:30,805 --> 00:29:32,645 'cause they go Oh well I gotta turn that on, 649 00:29:32,685 --> 00:29:34,125 I gotta configure it and it costs me money 650 00:29:34,125 --> 00:29:35,125 for the logs . 651 00:29:35,125 --> 00:29:36,405 Yeah I get it. Time is money 652 00:29:36,665 --> 00:29:38,845 and turns out when you use additional 653 00:29:39,045 --> 00:29:40,365 resources, those cost money as well. 654 00:29:40,615 --> 00:29:41,805 We're not, not talking about keeping 655 00:29:41,805 --> 00:29:43,045 this stuff on forever, right? 656 00:29:43,105 --> 00:29:46,005 You could even turn on diagnostic logs on a service for 657 00:29:46,785 --> 00:29:48,645 10 minutes, whatever a period of time is 658 00:29:48,785 --> 00:29:50,925 and just kind of see what you get in there. 659 00:29:50,945 --> 00:29:54,045 It doesn't need to be like tens of thousands of dollars 660 00:29:54,385 --> 00:29:57,285 or hundreds or even tens of dollars to to spend 661 00:29:57,285 --> 00:29:59,245 that stuff up and turn it on 662 00:29:59,985 --> 00:30:01,325 if none of that gets you anywhere. 663 00:30:01,945 --> 00:30:06,365 The next place that I would kind of go off to is 664 00:30:06,945 --> 00:30:09,125 the Azure activity log. 665 00:30:09,705 --> 00:30:14,645 So by default at the subscription level there is a set 666 00:30:14,645 --> 00:30:17,805 of information that's retained when management 667 00:30:17,965 --> 00:30:19,325 plane operations happen. 668 00:30:19,625 --> 00:30:22,725 So basically when you like fire off a request against the 669 00:30:22,725 --> 00:30:25,565 arm APIs, which the portal is doing all the time, 670 00:30:25,755 --> 00:30:28,205 like a create event for a resource, an update event 671 00:30:28,205 --> 00:30:29,325 for a resource, things like that. 672 00:30:29,815 --> 00:30:33,445 Those will all be in the activity log there. 673 00:30:33,445 --> 00:30:34,605 There's some limitations there. 674 00:30:34,995 --> 00:30:37,725 Like the activity log only logs three months 675 00:30:37,725 --> 00:30:38,845 of data by default. 676 00:30:38,945 --> 00:30:40,165 Unless you've gone ahead 677 00:30:40,165 --> 00:30:42,845 and configured like diagnostic export for that 678 00:30:43,145 --> 00:30:45,605 and potentially sent it out to another place. 679 00:30:45,785 --> 00:30:48,285 But I look at that as a little bit of a learning exercise. 680 00:30:48,705 --> 00:30:50,525 Hey here's another opportunity for you to go 681 00:30:50,525 --> 00:30:52,125 through if this is something that's important for you 682 00:30:52,125 --> 00:30:54,405 to audit in your environment, you really might want 683 00:30:54,405 --> 00:30:57,405 to think about turning on activity log exporting 684 00:30:57,585 --> 00:31:00,605 for the actual Azure monitor activity log 685 00:31:00,945 --> 00:31:02,205 and getting that data out 686 00:31:02,225 --> 00:31:05,325 to something like a log analytics workspace so 687 00:31:05,395 --> 00:31:07,925 that you can have a richer interaction 688 00:31:08,185 --> 00:31:11,485 to go back in time over that resource. I would 689 00:31:11,485 --> 00:31:12,485 - Agree. 690 00:31:12,485 --> 00:31:13,805 And that's kind of the approach we've taken 691 00:31:13,945 --> 00:31:16,645 as like you said it's log analytics, 692 00:31:16,835 --> 00:31:19,285 it's Azure activity logs, it's really just going 693 00:31:19,285 --> 00:31:22,085 through all the logging and looking at what's there. 694 00:31:22,555 --> 00:31:23,965 This is gonna help with the activity. 695 00:31:24,485 --> 00:31:26,925 I don't know that it always helps with the owner 696 00:31:27,445 --> 00:31:28,525 and I think this is a, 697 00:31:28,665 --> 00:31:32,765 - So the nice thing is with activity often comes identity 698 00:31:32,995 --> 00:31:34,925 because users have to authenticate 699 00:31:34,925 --> 00:31:36,645 to these things like hey we have 700 00:31:36,645 --> 00:31:37,965 to figure out if you're authorized and 701 00:31:37,965 --> 00:31:38,885 before we figure out if you're 702 00:31:38,885 --> 00:31:40,125 authorized we need to know who you are. 703 00:31:40,125 --> 00:31:43,325 Yep. To do it. So lots of that stuff is just happening in 704 00:31:43,425 --> 00:31:44,445 inside of OAuth 705 00:31:44,585 --> 00:31:47,365 and it's all authenticated against Azure AD anyway. 706 00:31:47,665 --> 00:31:51,285 So AD potentially becomes a source of logs for you. 707 00:31:51,355 --> 00:31:53,485 Okay, am I seeing sign in logs like 708 00:31:53,485 --> 00:31:55,165 during a a given period given time 709 00:31:55,825 --> 00:31:59,165 but as long as you have the log like it'll have a goid 710 00:31:59,185 --> 00:32:02,205 or something else in it that ties you back to 711 00:32:02,725 --> 00:32:06,805 a user identity over in Azure active directory which 712 00:32:07,325 --> 00:32:09,485 ultimately like in inferences and 713 00:32:09,585 --> 00:32:13,485 and gets you down to ownership Now all this stuff only helps 714 00:32:13,485 --> 00:32:15,245 you like if you have the data there. 715 00:32:15,705 --> 00:32:18,045 The other thing that I had mentioned 716 00:32:18,225 --> 00:32:20,445 and it came up in the chat over here on Discord 717 00:32:21,145 --> 00:32:22,205 was there's other things 718 00:32:22,205 --> 00:32:23,765 that you should just think about maybe from like a 719 00:32:23,765 --> 00:32:26,645 governance perspective, like there's some best practices 720 00:32:26,665 --> 00:32:29,525 around things like tagging your resources, 721 00:32:30,225 --> 00:32:32,005 be it either tagging a resource group 722 00:32:32,545 --> 00:32:35,805 or tagging individual resources in resource groups in Azure. 723 00:32:36,075 --> 00:32:38,285 Like you might wanna tag those with a, 724 00:32:38,455 --> 00:32:39,885 maybe not an individual user 725 00:32:40,065 --> 00:32:42,645 but like a responsible group for it. 726 00:32:43,225 --> 00:32:45,365 Or quite often like I encourage a lot 727 00:32:45,365 --> 00:32:47,245 of customers in like multi-home departments, 728 00:32:47,355 --> 00:32:48,765 like they run multiple departments, 729 00:32:48,765 --> 00:32:50,405 they wanna do chargebacks and stuff like that. 730 00:32:50,705 --> 00:32:52,365 Hey let's rationalize not just the 731 00:32:52,365 --> 00:32:53,445 environment this thing sits in. 732 00:32:53,545 --> 00:32:56,085 Is it prod, is it dev test, is it staging? 733 00:32:56,745 --> 00:32:58,485 But let's actually tie this back 734 00:32:58,485 --> 00:33:00,565 to something like an IO code 735 00:33:00,905 --> 00:33:04,765 or some type of like internal finance code that you have 736 00:33:04,825 --> 00:33:07,485 or even like just a department, does this belong to finance? 737 00:33:07,675 --> 00:33:09,605 Does it belong to you Azure? 738 00:33:09,915 --> 00:33:12,805 Does it belong to finance, hr, anything like that. Yeah, 739 00:33:12,965 --> 00:33:15,165 - I was gonna bring that up as well. 740 00:33:15,165 --> 00:33:16,605 Going through this exercise 741 00:33:16,705 --> 00:33:18,925 and what we talked about logs helps you maybe find 742 00:33:19,035 --> 00:33:20,405 what happened before. 743 00:33:20,795 --> 00:33:23,605 This is also a good opportunity I think to go through some 744 00:33:23,605 --> 00:33:26,485 of what you just said is maybe this is a good time 745 00:33:26,485 --> 00:33:28,645 to start thinking about tagging 746 00:33:28,645 --> 00:33:31,645 and even using Azure policies to enforce that 747 00:33:32,605 --> 00:33:35,245 a certain resource is tagged with a owner. 748 00:33:35,345 --> 00:33:39,045 And again whether that be a person, a department tagged with 749 00:33:39,045 --> 00:33:41,245 what type of resource this is this something 750 00:33:41,245 --> 00:33:43,165 that's getting stood up for test or dev 751 00:33:43,185 --> 00:33:45,765 or is this a production level resource? 752 00:33:46,155 --> 00:33:50,205 I've seen customers tag dates of when this was created, 753 00:33:50,825 --> 00:33:54,005 but thinking through maybe some of that additional metadata 754 00:33:54,005 --> 00:33:55,605 that you should start adding 755 00:33:55,625 --> 00:33:58,845 or do wanna be adding onto your Azure resources so that 756 00:33:59,065 --> 00:34:01,325 as you encounter this scenario again 757 00:34:01,345 --> 00:34:03,565 or as you move down the road 758 00:34:03,585 --> 00:34:05,405 and you wanna six months from now, 759 00:34:05,565 --> 00:34:08,045 a year from now do a regular type 760 00:34:08,045 --> 00:34:09,405 of audit of what's out there. 761 00:34:09,545 --> 00:34:11,445 Do we still need it? Is it still being used? 762 00:34:11,985 --> 00:34:16,005 Having some of those tags can also be very beneficial 763 00:34:16,305 --> 00:34:18,045 but you may not have them the first time you do. 764 00:34:18,045 --> 00:34:19,045 It might be something 765 00:34:19,045 --> 00:34:20,925 that says maybe we should start doing this. 766 00:34:21,165 --> 00:34:23,445 - I think it's one of those things like when you run into it 767 00:34:23,445 --> 00:34:24,725 you're like oh maybe I should start 768 00:34:24,725 --> 00:34:26,005 doing this now kind of thing. 769 00:34:26,025 --> 00:34:28,525 Yep. I see a lot of customers when it comes to tags 770 00:34:28,715 --> 00:34:33,365 that they tend to just get stuck in the rutt 771 00:34:33,385 --> 00:34:36,645 of trying to rationalize like all the options. 772 00:34:36,965 --> 00:34:39,485 'cause it's basically just name value pairs 773 00:34:39,745 --> 00:34:41,605 and you can be right, 774 00:34:41,715 --> 00:34:43,765 very freeform in your name values, things like that. 775 00:34:43,835 --> 00:34:46,405 There's actually some decent guidance out there in the cloud 776 00:34:46,645 --> 00:34:49,565 adoption framework about just like getting started with tags 777 00:34:49,565 --> 00:34:51,365 and like defining your strategy 778 00:34:51,415 --> 00:34:52,965 where it calls out a lot of these things. 779 00:34:53,275 --> 00:34:56,645 Okay, you might want to tag like the uh, department 780 00:34:56,645 --> 00:34:59,085 that owns the resource you might wanna tag like the 781 00:34:59,135 --> 00:35:00,885 operations team that owns it. 782 00:35:01,245 --> 00:35:02,845 I think that's very helpful like in the context 783 00:35:02,985 --> 00:35:05,205 of even if I don't have the individual owner, 784 00:35:05,355 --> 00:35:07,165 hopefully the people who operate the 785 00:35:07,285 --> 00:35:08,405 thing have a contact right? 786 00:35:08,405 --> 00:35:09,405 And they can get back to it 787 00:35:09,405 --> 00:35:12,645 and do it cost codes as well, like whether 788 00:35:12,645 --> 00:35:14,205 that's like an IO code 789 00:35:14,205 --> 00:35:16,565 or so like you know whatever it is that ties you back 790 00:35:16,565 --> 00:35:18,965 to a cost center within your 791 00:35:18,965 --> 00:35:20,485 organization is also super helpful. 792 00:35:20,585 --> 00:35:21,605 Not just for like chargeback 793 00:35:21,605 --> 00:35:24,525 but for hey where's the throat that I need to go choke 794 00:35:24,665 --> 00:35:27,365 to figure out the answer to this thing. 795 00:35:27,875 --> 00:35:29,805 I've also seen customers that do things 796 00:35:30,305 --> 00:35:32,005 and it is in the adoption framework 797 00:35:32,005 --> 00:35:35,365 where they tag things like the owner, the requester 798 00:35:35,365 --> 00:35:37,165 and they actually put email addresses in there. 799 00:35:37,665 --> 00:35:39,605 I'm kind of sensitive to that stuff sometimes. 800 00:35:39,805 --> 00:35:42,325 I don't know that you should 'cause then you're pumping like 801 00:35:42,445 --> 00:35:44,125 PII out potentially into things 802 00:35:44,665 --> 00:35:46,445 and then we're back to that whole 803 00:35:46,635 --> 00:35:48,205 what does Microsoft do with my data? 804 00:35:48,355 --> 00:35:51,725 Like did I pump those activity logs out to log analytics? 805 00:35:51,865 --> 00:35:53,525 Are there like Sam a company 806 00:35:53,625 --> 00:35:54,765 and I'm doing business in Europe. 807 00:35:54,865 --> 00:35:57,485 Are there GDPR implications for me or 808 00:35:57,545 --> 00:35:58,845 or things like that there. 809 00:35:58,945 --> 00:36:01,845 So your mileage may vary in like how far 810 00:36:01,945 --> 00:36:03,445 and how granular you wanna go, 811 00:36:03,825 --> 00:36:05,765 but I think it's definitely a good idea to sit down 812 00:36:05,825 --> 00:36:08,685 and just do that initial rationalization. 813 00:36:09,105 --> 00:36:10,525 And if you haven't done it today 814 00:36:10,545 --> 00:36:12,965 and you're just onboarding, hey now's a great time to do it. 815 00:36:13,385 --> 00:36:14,405 If you haven't done it 816 00:36:14,405 --> 00:36:15,325 and you're already onboarded, 817 00:36:15,625 --> 00:36:17,005 hey now's a great time to do it. 818 00:36:17,325 --> 00:36:18,445 - . Sounds good. I don't think 819 00:36:18,445 --> 00:36:19,525 I have anything else on that topic. 820 00:36:20,045 --> 00:36:21,685 Anything else you wanna cover on tagging, 821 00:36:21,965 --> 00:36:24,365 cleaning up Azure resources, deleting everything. 822 00:36:24,445 --> 00:36:26,725 I mean there's always the approach of you delete it all 823 00:36:26,725 --> 00:36:27,885 and see who screams, right? 824 00:36:28,115 --> 00:36:29,885 Make sure you backups on delete it 825 00:36:29,945 --> 00:36:31,965 and whoever screams is the owner there 826 00:36:31,965 --> 00:36:32,965 - Is that as well? 827 00:36:32,965 --> 00:36:34,925 Yeah, to just take it and 828 00:36:35,025 --> 00:36:37,205 and turn this thing over a different 829 00:36:37,205 --> 00:36:38,325 way and see what happens. 830 00:36:39,065 --> 00:36:41,805 And you might have some options there if you're dealing 831 00:36:41,835 --> 00:36:44,565 with a website, like you might not have to delete it, 832 00:36:44,565 --> 00:36:46,285 you can just shut it off or a database. 833 00:36:46,545 --> 00:36:49,205 That's certainly a way to do those kinds of things. 834 00:36:49,275 --> 00:36:51,325 Just make sure you leave it off long enough 835 00:36:51,915 --> 00:36:54,325 that you give people enough time to scream. 836 00:36:54,395 --> 00:36:58,085 Like I've seen people do things like shut off a database 837 00:36:58,545 --> 00:37:00,405 and they leave it off for a day or two 838 00:37:00,405 --> 00:37:01,285 and they're like, well nobody 839 00:37:01,285 --> 00:37:02,525 said anything so I'll delete it. 840 00:37:02,525 --> 00:37:04,965 But it turns out that database was only used on like month 841 00:37:04,975 --> 00:37:07,125 close or like closing out a quarter, even the end 842 00:37:07,125 --> 00:37:10,925 of the year and three months later they get, they get 843 00:37:10,925 --> 00:37:11,725 that pinging that says, 844 00:37:11,725 --> 00:37:12,885 oh hey, what happened to blah blah blah. 845 00:37:12,885 --> 00:37:14,365 And you're like, oh crap, I deleted that. 846 00:37:14,365 --> 00:37:15,565 Nobody ever talked to me. 847 00:37:15,625 --> 00:37:17,005 So yeah, you do kind of have 848 00:37:17,005 --> 00:37:18,525 to think about those things as well 849 00:37:18,625 --> 00:37:19,625 - For sure. 850 00:37:19,625 --> 00:37:20,525 Awesome. Well thanks Scott. 851 00:37:20,825 --> 00:37:23,485 It was interesting discussion today. 852 00:37:24,005 --> 00:37:25,205 - I got one more for you. Yes. 853 00:37:25,205 --> 00:37:29,965 If anybody stuck around this long, we are back in November. 854 00:37:30,225 --> 00:37:32,965 So last November we did this thing where we tried 855 00:37:32,985 --> 00:37:35,645 to raise some money for Girls Who code. 856 00:37:35,745 --> 00:37:38,205 - Oh yeah. - And we had uh, a bunch 857 00:37:38,205 --> 00:37:42,085 of awesome listeners donate and we raised $1,500 this year. 858 00:37:42,085 --> 00:37:45,405 I'd like to see if we can raise 2000 and get out there 859 00:37:45,985 --> 00:37:49,725 and help the next generation of IT pros 860 00:37:49,825 --> 00:37:51,725 or developers, whatever that happens to be 861 00:37:52,035 --> 00:37:53,525 with Girls who code. 862 00:37:53,665 --> 00:37:55,405 So I'm gonna be harping on this one 863 00:37:55,505 --> 00:37:57,885 for the next couple weeks just 864 00:37:57,885 --> 00:37:58,885 to see if we can get people 865 00:37:58,885 --> 00:38:00,445 going during this season of giving. Yes. 866 00:38:00,585 --> 00:38:01,725 - So we should do that. Should we 867 00:38:01,725 --> 00:38:02,925 extend this longer than November? 868 00:38:02,925 --> 00:38:07,245 Because we are also recording with some of our schedule 869 00:38:07,625 --> 00:38:09,325 for those that are still sticking around. 870 00:38:09,945 --> 00:38:12,645 You actually won't hear this until November 871 00:38:13,475 --> 00:38:16,125 16 if I'm doing my date math right. So 872 00:38:16,125 --> 00:38:18,645 - Here's the thing, it's open all year , so 873 00:38:18,645 --> 00:38:19,965 - Should, that's true. You 874 00:38:19,965 --> 00:38:21,565 - Don't have to wait and come in. But we 875 00:38:21,565 --> 00:38:23,045 - Need to set a sense of urgency. 876 00:38:23,105 --> 00:38:26,165 We need to set a time like we wanna get it by this time. 877 00:38:26,385 --> 00:38:28,205 Should we see if end of the year, 878 00:38:28,345 --> 00:38:29,845 should we go through the end of the year? 879 00:38:30,085 --> 00:38:31,885 - I forgot about the lag in release. 880 00:38:31,885 --> 00:38:33,845 Yeah, we'll go to the end of the year. That works for me. 881 00:38:34,025 --> 00:38:37,285 - See if we can get $2,000 by the end of 2023. 882 00:38:37,585 --> 00:38:41,485 By the time people first hear this, that gives you a month 883 00:38:41,485 --> 00:38:45,005 and a half through the Thanksgiving holiday season. Yep. 884 00:38:45,145 --> 00:38:47,005 - Should you celebrate, but yes, 885 00:38:47,005 --> 00:38:48,045 during November, December, 886 00:38:48,325 --> 00:38:49,405 whatever that happens to be. So yes, 887 00:38:49,405 --> 00:38:50,405 - That's true. 888 00:38:50,405 --> 00:38:51,645 Thanksgiving, I was talking to my kids about that. 889 00:38:51,675 --> 00:38:55,125 They were like, what holidays are worldwide versus just the 890 00:38:55,185 --> 00:38:59,085 us And there's really only a couple I can think of that are, 891 00:38:59,515 --> 00:39:01,765 well there's no, there's a handful, 892 00:39:02,225 --> 00:39:04,525 but there's a lot of them that are just localized 893 00:39:04,945 --> 00:39:06,245 to countries. 894 00:39:06,245 --> 00:39:09,005 Thanksgiving being one of those. Yes. Yeah. 895 00:39:09,005 --> 00:39:11,765 Anyways, we do not need to go on the holiday rabbit hole 896 00:39:11,965 --> 00:39:14,445 today, but through the end of 2023, 897 00:39:14,545 --> 00:39:16,885 $2,000 for Girls Who Code. Sounds good. 898 00:39:17,105 --> 00:39:18,205 - All right, let's do it. 899 00:39:18,205 --> 00:39:19,645 Alright, thanks as always for the time. 900 00:39:19,865 --> 00:39:23,685 - Yes, thank you. And we will talk to you again next week. 901 00:39:23,905 --> 00:39:25,205 - All right, perfect. Thanks Ben. Yep. 902 00:39:25,205 --> 00:39:29,125 - Bye-Bye Scott. If you enjoyed the podcast, 903 00:39:29,745 --> 00:39:31,845 go leave us a five star rating in iTunes. 904 00:39:32,025 --> 00:39:33,365 It helps to get the word out 905 00:39:33,385 --> 00:39:36,925 so more IT Pros can learn about Office 365 and Azure. 906 00:39:37,665 --> 00:39:40,205 If you have any questions you want us to address on the show 907 00:39:40,345 --> 00:39:42,805 or feedback about the show, feel free 908 00:39:42,825 --> 00:39:45,725 to reach out via our website, Twitter, or Facebook. 909 00:39:45,985 --> 00:39:48,085 Thanks again for listening and have a great day.

Digital Dispatch Podcast Podcast Artwork Image

Microsoft Cloud IT Pro Podcast

Ben Stegink, Scott Hoag

On the MS Cloud IT Pro Podcast, Scott and Ben discuss the Microsoft Cloud with a focus on IT Pros. They'll discuss the latest in Microsoft 365 and Office 365 News, Azure news and talk about their experiences with managing the Microsoft Cloud as well as interview industry experts on various cloud technology. They'll cover things such as SharePoint, Exchange, Microsoft Teams, PowerShell, Azure, Azure AD, Security, Networking, Storage, and the many other technologies and products that have made their way into the Microsoft 365 suite and Azure. To stay up-to-date on the latest in Microsoft Cloud news and gain some valuable knowledge as you deploy it within your own organization, make sure to tune in every week! Find out more at msclouditpropodcast.com.

Contact Show