Episode 359 – Microsoft Applied Skills and Azure Bastion Developer SKU

November 09, 2023

Episode Transcript

In Episode 359, Ben and Scott discuss Microsoft Applied Skills – a new skilling platform for Microsoft customers to get hands-on in a live, on-demand lab environment to validate their skills in a specific area and how Applied Skills compares to the existing role-based certification exams. Next up, it’s a quick review of an upcoming roadmap item that impacts Microsoft-managed conditional access policies and how to monitor and keep up to date with Message Center messages that are applicable to your tenant. Then it’s time to wrap up with a Developer SKU that was recently launched for Azure Bastion, offering lower cost to Bastion at the expense of some of the bells and whistles in the Basic and Standard SKUs.

It’s also the season of giving, and we’re raising money for Girls Who Code. Donate today at https://give.girlswhocode.com/msclouditpro!

Like what you hear and want to support the show? Check out our membership options.

Show Notes

About the sponsors

Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.

See full episode transcriptTranscript is autogenerated by AI

1 00:00:03,165 --> 00:00:08,055 Welcome to episode 359 of the Microsoft Cloud IT Pro Podcast 2 00:00:08,655 --> 00:00:11,335 recorded live on October 31st, 2023. 3 00:00:11,725 --> 00:00:16,295 This is a show about Microsoft 365 and Azure from the perspective of it pros and 4 00:00:16,295 --> 00:00:20,535 end users where we discuss the topic or recent news and how it relates to you. 5 00:00:21,415 --> 00:00:25,855 Microsoft applied skills as a new skilling platform to get hands-on experience 6 00:00:25,855 --> 00:00:29,175 in a lab environment that Ben and Scott dive into today. 7 00:00:29,485 --> 00:00:33,535 They also discuss an upcoming roadmap item related to conditional access 8 00:00:33,975 --> 00:00:38,535 policies as well as ways to keep up with these messages in the Microsoft 365 9 00:00:38,535 --> 00:00:39,895 message center. Finally, 10 00:00:40,005 --> 00:00:43,695 they wrap up the show with a new SKU coming to Azure Bastion, 11 00:00:44,055 --> 00:00:48,975 a Microsoft developer SKU that offers a lower cost option for Bastion with a few 12 00:00:48,975 --> 00:00:51,015 less features than the standard SKUs. 13 00:00:53,095 --> 00:00:56,255 I had something I was gonna start off with but now I can't even remember what it 14 00:00:56,255 --> 00:01:01,135 was because it's just been that type of a week where we've meant to record 15 00:01:01,135 --> 00:01:03,855 like three different days and finally got around to it. . 16 00:01:04,635 --> 00:01:07,095 It happens, you know, life comes at you fest. 17 00:01:07,395 --> 00:01:10,695 It does, yeah. There was something I was thinking of that I was like, oh, 18 00:01:10,695 --> 00:01:12,335 I should kick off with that, but it's gone. 19 00:01:12,515 --> 00:01:16,615 So we might as well just jump into whatever else we wanna talk about. 20 00:01:17,535 --> 00:01:20,135 Whatever else we wanna talk about. I have some stuff for you if I. 21 00:01:20,205 --> 00:01:22,015 Yeah, we have like a bunch of random news. 22 00:01:22,285 --> 00:01:24,015 This is gonna be a random news episode. 23 00:01:24,195 --> 00:01:26,175 If I can be so bold as. 24 00:01:26,175 --> 00:01:26,885 To Okay. 25 00:01:26,885 --> 00:01:28,655 Take over your show for just a moment. 26 00:01:29,075 --> 00:01:33,415 So we've talked a bunch about certification and 27 00:01:34,095 --> 00:01:39,015 skilling in the past and just overall changes in certs and 28 00:01:39,015 --> 00:01:40,255 role-based certs and all that stuff, 29 00:01:40,255 --> 00:01:44,215 particularly in the context of Microsoft 365 and the Azure certs, 30 00:01:44,215 --> 00:01:48,295 things like that. So a couple of observations. 31 00:01:48,555 --> 00:01:49,575 So one, 32 00:01:49,955 --> 00:01:54,455 you and I had to recently renew our Azure 33 00:01:54,455 --> 00:01:56,175 infrastructure cert . 34 00:01:56,175 --> 00:02:00,615 One of the most interesting things to me about that beyond like how overjoyed I 35 00:02:00,615 --> 00:02:02,095 am, that the new certification process, 36 00:02:02,315 --> 00:02:07,215 no recert process no longer necessitates me going into a facility 37 00:02:07,435 --> 00:02:10,855 or sitting online with a proctor. Like I very much like that, 38 00:02:11,075 --> 00:02:12,535 but I was kind of surprised, 39 00:02:12,895 --> 00:02:16,255 I don't know if you've kind of had this same thought, 40 00:02:16,835 --> 00:02:21,655 but the score to pass on research has been dropping and 41 00:02:21,895 --> 00:02:23,455 dropping and dropping over time. 42 00:02:23,995 --> 00:02:28,295 You and I did that on the same day and you know, 43 00:02:28,295 --> 00:02:31,535 we chatted afterwards and it was something like crazy. 44 00:02:31,595 --> 00:02:36,495 It was like you only needed like a 40% score to pass it. Yeah. Like not 60, 45 00:02:36,715 --> 00:02:37,548 not 70. 46 00:02:37,835 --> 00:02:42,695 It was extremely low on the 47 00:02:42,915 --> 00:02:45,015 bar. So I thought that was kind of interesting, 48 00:02:45,015 --> 00:02:49,815 like is that because certs are becoming too hard? I can't say I was a, 49 00:02:49,955 --> 00:02:51,375 you know, without getting too deep into it, 50 00:02:51,375 --> 00:02:53,335 I can't say I was a fan of many of the questions. 51 00:02:53,405 --> 00:02:57,175 Like I would say 50% of them didn't make any sense anyway. So, 52 00:02:58,115 --> 00:03:00,405 you know, good luck if you can score 50%. 53 00:03:00,515 --> 00:03:02,285 Like maybe that's the thinking , 54 00:03:02,305 --> 00:03:05,605 but I thought it was kind of interesting that it was a low number of questions 55 00:03:06,385 --> 00:03:11,365 and it was potentially a low bar to pass on that side and 56 00:03:11,365 --> 00:03:15,845 I've seen people talking about it in other places to MAs it on and and 57 00:03:16,115 --> 00:03:19,445 threads and, and Facebook and, and all the socials, 58 00:03:20,055 --> 00:03:21,525 let's just say things like that. 59 00:03:21,665 --> 00:03:25,085 So I don't know what your thoughts are on the certification side of it, 60 00:03:25,105 --> 00:03:28,645 but really weird kind of strange experience. Like what, what's the bar? 61 00:03:28,675 --> 00:03:33,365 Does the bar drop to 20%? Does it just drop to 0% in research go away? 62 00:03:33,845 --> 00:03:35,125 I don't know that that's valuable. 63 00:03:35,195 --> 00:03:37,845 Yeah, so 42% like I can't remember. It's, 64 00:03:38,005 --> 00:03:40,085 I wanna say it was like 25 to 30 questions. 65 00:03:40,255 --> 00:03:43,885 42 percent's like getting 10 out of 25 questions, right? 66 00:03:44,075 --> 00:03:46,285 Like that would be failing in most cases. 67 00:03:46,865 --> 00:03:51,765 And I saw some other people like you that were talking about it and I think 68 00:03:51,965 --> 00:03:54,645 I did see, and I can't remember where, 69 00:03:54,665 --> 00:03:58,805 so I don't have the source that there was some 70 00:03:59,845 --> 00:04:04,765 fluctuation in what that required percentage was based on the different exams. 71 00:04:05,115 --> 00:04:09,725 Like the one we just renewed was the Azure solution associate or something like 72 00:04:09,725 --> 00:04:10,485 that. It's the. 73 00:04:10,485 --> 00:04:12,645 Infrastructure one, yeah, the 1 0 4. Yeah. 74 00:04:13,125 --> 00:04:17,685 I wonder if the expert ones have a higher passing score, but I'm with you. 75 00:04:17,965 --> 00:04:19,165 Anything that has a 42%, 76 00:04:19,165 --> 00:04:21,285 like does it really mean anything at that point in time? 77 00:04:21,345 --> 00:04:26,125 If you can get more questions wrong than you do, right, like , 78 00:04:26,435 --> 00:04:28,325 that doesn't seem like you could be certified. 79 00:04:29,005 --> 00:04:29,045 , 80 00:04:29,045 --> 00:04:32,645 especially when you have access to the internet while you take it like 81 00:04:32,645 --> 00:04:35,845 like right. There's not much of a timing or a pressure component here. 82 00:04:35,875 --> 00:04:40,285 Like you can just whip open a web browser and do whatever you need to get done 83 00:04:40,285 --> 00:04:40,945 there. So. 84 00:04:40,945 --> 00:04:44,085 I'm with you. It seems to be very much diluted. 85 00:04:44,445 --> 00:04:48,325 I love the new certification process. I love the, or the renewal process. 86 00:04:48,445 --> 00:04:51,885 I love the fact that you can use learn in the exams. 87 00:04:52,005 --> 00:04:54,925 I haven't actually gone and tried one yet with that, but I agree. 88 00:04:55,045 --> 00:04:59,045 I feel like if you have an open, essentially an open book policy, 89 00:05:00,065 --> 00:05:04,565 the level required to pass should be going up not 90 00:05:04,835 --> 00:05:05,885 down because I do, 91 00:05:05,885 --> 00:05:10,605 I think it just dilutes the value of all these exams that anybody can go get a 92 00:05:10,605 --> 00:05:14,165 42% um, search through the answers and all that. 93 00:05:14,185 --> 00:05:17,245 But I would agree some of the questions were just like, 94 00:05:18,185 --> 00:05:19,525 here's a problem with open book. 95 00:05:19,955 --> 00:05:23,165 They have to write 'em so you can just do a quick search and find the answer. 96 00:05:23,585 --> 00:05:26,045 So I feel like they try to throw a trickery in there, 97 00:05:26,375 --> 00:05:30,565 which just leads to some very convoluted type questions. 98 00:05:30,965 --> 00:05:31,805 I don't know, the. 99 00:05:31,925 --> 00:05:33,245 Questions have always been convoluted. 100 00:05:33,485 --> 00:05:36,565 I feel like this has reached a new level of convolution though It. 101 00:05:36,565 --> 00:05:39,685 Was an eye-opening experience for sure. But anywho, 102 00:05:39,745 --> 00:05:42,925 not to like rabbit hole too much on certs, 103 00:05:43,105 --> 00:05:45,605 but I don't know if you saw these, so there's, 104 00:05:45,605 --> 00:05:50,285 there's a new offering out there from Microsoft in the 105 00:05:50,945 --> 00:05:51,605 um, 106 00:05:51,605 --> 00:05:56,485 skilling credential space and it is called Microsoft 107 00:05:56,755 --> 00:05:58,885 Applied Skills. Have you heard of these yet? 108 00:05:59,065 --> 00:06:01,445 The name rings a bell but I don't remember where, 109 00:06:01,525 --> 00:06:04,885 I don't remember if we've talked about 'EM before as they were coming or if 110 00:06:04,885 --> 00:06:08,325 there were some other calls that I was on somewhere. These. 111 00:06:08,385 --> 00:06:10,085 Are brand, brand new. 112 00:06:10,085 --> 00:06:13,605 They came out in between the time you and I last talked. 113 00:06:13,865 --> 00:06:18,605 So this is kind of a hot off, hot off the presses thing. 114 00:06:19,345 --> 00:06:23,325 So applied skills are a new 115 00:06:24,325 --> 00:06:25,645 skilling credential. 116 00:06:26,365 --> 00:06:29,965 I would say they're a skilling credential and not a certification. 117 00:06:30,285 --> 00:06:31,125 I think there's some, 118 00:06:31,515 --> 00:06:35,885 there's some nuance there in in the way they're positioned and 119 00:06:36,635 --> 00:06:40,685 what they are meant to do. But broadly, 120 00:06:40,845 --> 00:06:42,445 I think if you take a step back and you think about it, 121 00:06:42,585 --> 00:06:46,485 so the role-based certifications are there to 122 00:06:48,725 --> 00:06:53,525 validate and verify technical proficiency or technical proficiency 123 00:06:54,345 --> 00:06:58,445 in the context of concepts. So conceptually, 124 00:06:58,825 --> 00:07:03,445 you know like in the case of like an IS exam, what's AVA versus a vm, 125 00:07:03,585 --> 00:07:08,325 how do those compose And then maybe some down in the weeds kind of nitty gritty 126 00:07:08,325 --> 00:07:13,205 like what's a constraint of deploying a fashion host or a firewall in 127 00:07:13,205 --> 00:07:17,085 this kind of vnet or peering these kinds of things or what does container 128 00:07:17,085 --> 00:07:19,365 storage do with blah blah blah kind of thing. 129 00:07:19,825 --> 00:07:24,805 But I think that's more high level even though it can get down into specific 130 00:07:25,085 --> 00:07:27,765 questions, it it's still broad, 131 00:07:28,115 --> 00:07:32,805 it's very wide and maybe not as deep as it can be due to the 132 00:07:32,805 --> 00:07:35,805 breadth that's there. So certifications, 133 00:07:35,955 --> 00:07:40,685 when you pass the certification exam they come with a certificate that says 134 00:07:40,825 --> 00:07:45,765 hey we have validated and we being Microsoft in this case has validated 135 00:07:45,765 --> 00:07:50,485 your technical proficiency in in this given 136 00:07:50,875 --> 00:07:53,685 area. Like within this set of skills, again, 137 00:07:53,685 --> 00:07:57,845 we're thinking like kind of like width or breadth of over depth kind of thing. 138 00:07:58,185 --> 00:08:01,205 And applied skills kind of come at it from another angle. 139 00:08:01,705 --> 00:08:04,845 And I actually really like this 'cause I've been kind of pining for this 140 00:08:04,845 --> 00:08:09,045 potentially in Microsoft exams for a long time in that 141 00:08:09,475 --> 00:08:14,325 applied skills validate your technical proficiency 142 00:08:14,985 --> 00:08:19,085 in a specific skillset or area. 143 00:08:19,745 --> 00:08:24,445 So where a certification exam today for the most part, 144 00:08:24,475 --> 00:08:27,805 most of the certs that are out there are role-based certifications. 145 00:08:28,135 --> 00:08:31,805 There are some specialty ones but even those don't get you like hands-on 146 00:08:32,005 --> 00:08:36,845 keyboard to validate applied skills are project-based and they get you 147 00:08:36,845 --> 00:08:41,765 hands-on keyboard in an interactive lab like a real live in the case of 148 00:08:41,895 --> 00:08:43,645 Azure, Azure environment. 149 00:08:43,785 --> 00:08:47,845 Not like one of the goofed out faked out environments like in a certification 150 00:08:47,955 --> 00:08:52,245 exam. But more like an honest to goodness like hey we're gonna spin this up and 151 00:08:52,565 --> 00:08:54,885 validate that you can do A, A, B, 152 00:08:55,265 --> 00:09:00,105 C and D along the way and accomplish a specific 153 00:09:00,245 --> 00:09:03,025 set of tasks in you know, 154 00:09:03,025 --> 00:09:06,785 kind of a prescriptive amount of time to validate that you know what you're 155 00:09:06,785 --> 00:09:10,785 doing. So rather than validating technical proficiency for 156 00:09:11,795 --> 00:09:13,265 width and not depth, 157 00:09:13,935 --> 00:09:17,505 this is kind of like going the other way and saying hey let's pull it in and 158 00:09:17,505 --> 00:09:21,505 ringfence it and get super specific like maybe we talk about 159 00:09:22,455 --> 00:09:27,065 storage versus just Azure Monitor and those are both 160 00:09:27,065 --> 00:09:31,305 different applied skill things that you can go and take. 161 00:09:31,445 --> 00:09:33,305 So they're all on demand. 162 00:09:33,695 --> 00:09:36,825 Like it's not like a certification exam where you need to sign up online, 163 00:09:37,085 --> 00:09:41,745 go find a Pearson Center or schedule time with a proctor like just on 164 00:09:41,745 --> 00:09:45,385 demand in a web browser through the portal through clouds shell, 165 00:09:45,775 --> 00:09:48,585 through whatever kind of tooling you have along the way. 166 00:09:49,205 --> 00:09:51,505 And they have a whole bunch of these out. 167 00:09:51,505 --> 00:09:54,585 Like there's not a lot but I actually consider it like a pretty good set to 168 00:09:54,585 --> 00:09:58,785 start with. So there's securing your storage with Azure files and blob storage, 169 00:09:59,495 --> 00:10:02,345 there's an applied skilling course Azure Monitor, 170 00:10:02,775 --> 00:10:05,505 there's deploying containers using AKS, 171 00:10:05,505 --> 00:10:08,185 there's implementing security through Azure DevOps, 172 00:10:08,735 --> 00:10:13,625 there's even one on configuring your C and and your security 173 00:10:13,625 --> 00:10:17,225 operations doing like all your SecOps using Microsoft Sentinel. 174 00:10:17,415 --> 00:10:19,345 Keep forgetting all the renames that they have in here. 175 00:10:19,775 --> 00:10:21,145 There's one on power Automate, 176 00:10:21,165 --> 00:10:25,185 create and manage automated processes by using Power Automate. 177 00:10:25,325 --> 00:10:30,025 And then there's a whole bunch more of them that are supposedly coming and 178 00:10:30,125 --> 00:10:35,065 are going to be announced at Ignite in November along the 179 00:10:35,065 --> 00:10:35,805 way. 180 00:10:35,805 --> 00:10:40,345 And just like a certification gives you sitting down for a role-based 181 00:10:40,585 --> 00:10:45,345 certification and passing it gives you like a piece of paper a a cert that says 182 00:10:45,405 --> 00:10:49,945 hey you've done this thing and applied skilling course when you get out the 183 00:10:49,945 --> 00:10:50,405 other side, 184 00:10:50,405 --> 00:10:54,865 should you meet all the requirements of the project that you're given, 185 00:10:55,565 --> 00:10:59,945 you too will get a verifiable credential on that side to say like Hey I went 186 00:10:59,945 --> 00:11:00,778 tinted this thing, 187 00:11:00,865 --> 00:11:05,825 I don't know in like I'm kind of 50 50 on it but in many cases, you know, 188 00:11:05,865 --> 00:11:09,265 I think it's really kind of cool like I might actually look for people with 189 00:11:09,265 --> 00:11:12,465 hands-on keyboard experience in the case of a verified credential and applied 190 00:11:12,465 --> 00:11:17,025 skilling over sometimes the width that comes with a 191 00:11:17,025 --> 00:11:18,585 role-based certification exam. 192 00:11:18,585 --> 00:11:18,865 Yeah, 193 00:11:18,865 --> 00:11:21,585 we'll have to go give some of these a try because like you said there's eight of 194 00:11:21,705 --> 00:11:25,865 'em right now primarily in the Azure space. Uh, 195 00:11:25,945 --> 00:11:30,905 I think there's one GitHub that you could argue asp.net core web 196 00:11:31,005 --> 00:11:34,545 app that consumes an API with GitHub if that's Azure or not. 197 00:11:34,545 --> 00:11:36,305 There's the one Power automate one, 198 00:11:36,535 --> 00:11:41,385 there's one for Microsoft Defender for cloud which is still kind of Azure 199 00:11:41,605 --> 00:11:44,745 and then there's like six Azure ones. So it is, 200 00:11:44,885 --> 00:11:47,145 I'm gonna have to go give one or two of these a try. 201 00:11:47,455 --> 00:11:52,185 There's nothing really around Microsoft 365 yet unless you consider 202 00:11:52,195 --> 00:11:54,125 Power automate Microsoft 365. 203 00:11:54,545 --> 00:11:58,765 And I'm wondering if that's just a harder environment to create one of these in. 204 00:11:59,085 --> 00:12:02,445 I feel like standing up an Azure resource or doing some stuff with Azure 205 00:12:02,935 --> 00:12:04,485 networking or core web apps, 206 00:12:04,485 --> 00:12:08,565 that's a lot easier to spin up like a hands-on keyboard skilling environment 207 00:12:08,565 --> 00:12:13,405 with that than like a brand new Microsoft 365 tenant with the right data 208 00:12:13,545 --> 00:12:15,965 and stuff to actually do anything meaningful. 209 00:12:16,285 --> 00:12:18,685 A couple of things to watch for with this one. 210 00:12:18,965 --> 00:12:21,085 I would encourage folks to go and take some of them. 211 00:12:21,765 --> 00:12:26,645 I think Microsoft has been overly ambitious maybe in their 212 00:12:26,645 --> 00:12:29,205 categorization of some of these and maybe I'm, I'm, 213 00:12:29,205 --> 00:12:33,165 maybe I'm too close to some of it. Like I will fully admit that. 214 00:12:33,265 --> 00:12:37,965 So like I went and took the the blob and files one 215 00:12:38,465 --> 00:12:43,125 and it's tagged as an intermediate and it's really more like level 100 216 00:12:43,275 --> 00:12:46,525 like hey beginner. Yeah getting hands on with these kinds of things. 217 00:12:46,665 --> 00:12:50,365 So that's okay. I think, you know, that gets figured out over time. 218 00:12:51,305 --> 00:12:56,125 One of the other kind of thoughts that I had and I saw it pop up a lot 219 00:12:56,185 --> 00:13:00,885 in the comments on the tech community post about this one as well was does 220 00:13:00,955 --> 00:13:05,845 this dilute the value of certifications like those role-based certs in 221 00:13:05,845 --> 00:13:06,565 some way? 222 00:13:06,565 --> 00:13:09,645 'cause you're gonna see folks that are gonna go out much like they do with 223 00:13:09,845 --> 00:13:12,205 certifications today where they take like 10 certs. 224 00:13:12,825 --> 00:13:17,405 You're gonna see somebody go out and take like 50 applied skilling things and 225 00:13:17,405 --> 00:13:19,205 just bang, bang, bang, bang, bang, bang bang, 226 00:13:19,275 --> 00:13:23,525 like do them all and all of a sudden you're gonna walk out the other side with 227 00:13:23,585 --> 00:13:28,525 having a hundred Microsoft credentials inside 228 00:13:28,525 --> 00:13:30,565 of a inside of a week kind of thing. 229 00:13:30,905 --> 00:13:33,125 And I've actually seen some of that on LinkedIn already, 230 00:13:33,155 --> 00:13:36,845 like a whole bunch of like, hey I did this, I did this, I did this. Like yeah, 231 00:13:37,085 --> 00:13:40,085 I, okay, you took a hands-on lab, I got it . Right, all good. 232 00:13:40,195 --> 00:13:42,645 Glad that you did it kind of thing. Glad you did it in general. 233 00:13:42,725 --> 00:13:47,125 I I like kind of the, the diversity that comes from this like you know, 234 00:13:47,225 --> 00:13:48,405 for the folks that need it, 235 00:13:48,725 --> 00:13:52,125 I would also potentially look at it as a way for people who are looking at the 236 00:13:52,325 --> 00:13:52,795 certifications. 237 00:13:52,795 --> 00:13:56,405 Like if you're looking for other ways to get hands-on and validate before you 238 00:13:56,405 --> 00:13:57,238 take a cert, 239 00:13:57,315 --> 00:14:01,205 potentially good for that as well because I think that's one of the things that 240 00:14:01,205 --> 00:14:03,805 often misses in certification land, 241 00:14:03,805 --> 00:14:08,285 particularly in like the weird era we're in now where brain dumps and things are 242 00:14:08,285 --> 00:14:13,285 accessible and people do do those kinds of things right? Like you know, 243 00:14:13,285 --> 00:14:18,045 maybe you have less motivation to do that if you can just go get hands-on in 244 00:14:18,045 --> 00:14:21,245 what is today a free way to do it. 245 00:14:21,715 --> 00:14:25,365 Like they're free for now I have to imagine these cost money at some point 246 00:14:25,675 --> 00:14:30,285 because they are running up services and compute 247 00:14:30,995 --> 00:14:32,885 just to get them done. Like you're, 248 00:14:32,885 --> 00:14:35,925 you're in a real Azure environment when you're doing it. 249 00:14:36,585 --> 00:14:41,445 One last kind of thing to watch for with these is certification still, 250 00:14:41,705 --> 00:14:42,965 and I think you're mindful of this, 251 00:14:43,535 --> 00:14:48,485 still count towards things like partner requirements and meeting the bar to be 252 00:14:48,485 --> 00:14:49,318 in the, 253 00:14:49,345 --> 00:14:54,005 the partner network or one of the ISV programs at Microsoft 254 00:14:54,705 --> 00:14:58,885 and these credentials from Applied Skilling 255 00:14:59,435 --> 00:15:04,205 currently do not apply to things like the partner 256 00:15:04,205 --> 00:15:04,665 program. 257 00:15:04,665 --> 00:15:08,805 So if you're in say like the cloud partner program and and you're an ISV in 258 00:15:08,805 --> 00:15:13,605 there or you're doing kind of the legacy MPN thing and haven't fully rolled over 259 00:15:13,625 --> 00:15:15,325 to one of the new partner programs yet, 260 00:15:16,055 --> 00:15:19,605 these do not count for, 261 00:15:20,115 --> 00:15:21,325 they do not count for that. 262 00:15:21,475 --> 00:15:22,805 Well and I don't know if you mentioned this, 263 00:15:22,965 --> 00:15:26,445 I didn't realize when you were saying to the assessments that these are also 264 00:15:26,615 --> 00:15:30,645 still timed. So if you go in to sign up for one of these assessments. 265 00:15:30,755 --> 00:15:31,395 Yeah they are. 266 00:15:31,395 --> 00:15:36,325 Yeah it gives you a learning path similar to the certification like for the sim 267 00:15:36,345 --> 00:15:37,178 for Sentinel, 268 00:15:37,315 --> 00:15:41,925 they have a learning path through Microsoft to learn that they recommend you go 269 00:15:41,925 --> 00:15:46,645 through for Sentinel and then the assessment it does say you will have two hours 270 00:15:46,785 --> 00:15:47,618 to complete it. 271 00:15:47,625 --> 00:15:52,125 So it's not like you can just go in and take this assessment and take your time 272 00:15:52,125 --> 00:15:55,685 working your way through it and looking for all the answers and how you do 273 00:15:55,685 --> 00:15:56,565 stuff. And again, 274 00:15:56,605 --> 00:15:59,285 I haven't taken one yet so I don't fully know what the experience is, 275 00:15:59,345 --> 00:16:04,085 but you do have a time limit in order to complete it and I can imagine one, 276 00:16:04,085 --> 00:16:08,165 it's maybe to validate that you do know it but to your point also is that 277 00:16:08,165 --> 00:16:09,485 they're spinning up resources, 278 00:16:09,835 --> 00:16:14,565 they just don't want a bunch of these running for 5, 6, 7 hours 279 00:16:14,705 --> 00:16:16,325 if you take a day to complete it. 280 00:16:16,325 --> 00:16:21,085 They wanna be able to spin up resources and spin them back down to 281 00:16:21,635 --> 00:16:23,725 save on their backend cost for. 282 00:16:23,765 --> 00:16:24,605 These over time. 283 00:16:24,765 --> 00:16:29,725 I imagine these almost have to cost money and and I think that's even weirder 284 00:16:29,725 --> 00:16:33,005 when you try to position them like now where do they sit in the world of, 285 00:16:33,395 --> 00:16:35,725 well I already have an Azure environment, 286 00:16:35,725 --> 00:16:39,805 like maybe I'm like a visual studio subscriber or I get access to Azure through 287 00:16:39,805 --> 00:16:44,085 my employer or M 365, like wherever these things end up baking out. 288 00:16:44,085 --> 00:16:46,525 Like if you have access to power automate licensing, 289 00:16:46,595 --> 00:16:51,325 like is the credential the important thing or is the hands-on time with it 290 00:16:51,325 --> 00:16:53,645 important? I have seen some things, 291 00:16:54,425 --> 00:16:57,325 you know on the socials as well about them potentially being a little bit buggy 292 00:16:57,325 --> 00:17:00,445 and like timing out kicking you out of the environment and you can't get back in 293 00:17:00,605 --> 00:17:03,565 for a couple days so your mileage may vary. Yeah, 294 00:17:03,635 --> 00:17:07,205 it's relatively new like this totally came across as kind of like a 295 00:17:07,225 --> 00:17:10,925 pre-announcement like hey here's a little bit that we have going on just to give 296 00:17:10,925 --> 00:17:15,485 you a tease and you know there should be some more about it at 297 00:17:16,005 --> 00:17:16,385 Ignite. 298 00:17:16,385 --> 00:17:20,645 Huh? We'll have to watch Ignite and see what comes out. But that is interesting. 299 00:17:20,745 --> 00:17:23,325 I'm gonna have to go take at least one of these and see what it's like. 300 00:17:23,505 --> 00:17:23,885 You should. 301 00:17:23,885 --> 00:17:27,485 Do the power automate one, do one that like you're familiar with, like I said, 302 00:17:27,485 --> 00:17:31,325 I I did the blob one, do the power automate one just to see, 303 00:17:31,635 --> 00:17:34,885 just to see what you think about the way it's frame framed up or if there's 304 00:17:34,885 --> 00:17:35,285 another one in there. 305 00:17:35,285 --> 00:17:38,045 I know you've been spending a bunch of time on Sentinel and a couple other 306 00:17:38,045 --> 00:17:38,275 things. 307 00:17:38,275 --> 00:17:40,045 Yeah I might do Sentinel too. Yeah. 308 00:17:40,265 --> 00:17:45,165 But go go in blind like definitely take it blind and see how it goes. 309 00:17:48,785 --> 00:17:52,765 Do you feel overwhelmed by trying to manage your Office 365 environment? 310 00:17:52,905 --> 00:17:56,565 Are you facing unexpected issues that disrupt your company's productivity? 311 00:17:56,595 --> 00:18:00,525 Intelligent is here to help much like you take your car to the mechanic that has 312 00:18:00,525 --> 00:18:04,765 specialized knowledge on how to best keep your car running Intelligent helps you 313 00:18:04,765 --> 00:18:08,165 with your Microsoft cloud environment because that's their expertise. 314 00:18:08,315 --> 00:18:12,245 Intelligent keeps up with the latest updates on the Microsoft cloud to help keep 315 00:18:12,245 --> 00:18:14,645 your business running smoothly and ahead of the curve. 316 00:18:14,675 --> 00:18:19,045 Whether you are a small organization with just a few users up to an organization 317 00:18:19,045 --> 00:18:23,005 of several thousand employees they want to partner with you to implement and 318 00:18:23,005 --> 00:18:25,685 administer your Microsoft Cloud technology, 319 00:18:26,375 --> 00:18:29,725 visit them at intelligent.com/podcast. 320 00:18:30,225 --> 00:18:34,645 That's I-N-T-E-L-L-I-G-I-N 321 00:18:34,765 --> 00:18:39,645 k.com/podcast for more information or to schedule a 30 minute 322 00:18:39,645 --> 00:18:40,965 call to get started with them today. 323 00:18:41,965 --> 00:18:46,365 Remember intelligent focuses on the Microsoft cloud so you can focus on your 324 00:18:46,685 --> 00:18:51,685 business. Alright Scott, so I have another question for you. 325 00:18:51,715 --> 00:18:55,805 Yeah. Have you ever wanted, I don't know if I wanna do that roadmap item, 326 00:18:56,175 --> 00:18:59,405 let's do this roadmap item, that roadmap item's a little ranty. 327 00:18:59,405 --> 00:19:03,405 This one is a little interesting and I think something that 328 00:19:04,025 --> 00:19:08,725 people should be aware of is I saw this one come 329 00:19:08,825 --> 00:19:13,445 across and I'm curious to see how it comes to fruition 330 00:19:13,665 --> 00:19:15,885 and how it gets rolled out because this is, 331 00:19:16,755 --> 00:19:20,245 it's almost going back to something Microsoft used to did used to do. 332 00:19:20,665 --> 00:19:25,485 So this was added to the roadmap back on October 24 and 333 00:19:25,685 --> 00:19:26,518 starting in November. 334 00:19:26,745 --> 00:19:30,325 So I mean it could start already tomorrow from when we're recording, 335 00:19:30,325 --> 00:19:31,525 we're recording on the 31st. 336 00:19:31,745 --> 00:19:34,005 By the time people hear us this may be well underway. 337 00:19:34,605 --> 00:19:38,765 Microsoft is gonna start automatically protecting customers with 338 00:19:39,365 --> 00:19:42,845 Microsoft managed conditional access policies. 339 00:19:43,265 --> 00:19:46,485 So what it sounds like Microsoft is doing, 340 00:19:46,585 --> 00:19:51,525 and we just spent a little time digging through this and looking through what we 341 00:19:51,525 --> 00:19:52,358 could find, 342 00:19:52,525 --> 00:19:57,285 I cannot find any docs on it like un [email protected] 343 00:19:57,625 --> 00:20:02,565 or any official announcement in tech community or any of 344 00:20:02,565 --> 00:20:03,025 that. 345 00:20:03,025 --> 00:20:07,765 But Microsoft is going to create and enable a 346 00:20:08,145 --> 00:20:09,965 and this, I found this on Twitter, 347 00:20:10,025 --> 00:20:13,205 you told me to get off Twitter but I'm still on it and this is where I found it. 348 00:20:13,205 --> 00:20:17,245 They're gonna create a Microsoft managed and MFA for admin portals. 349 00:20:17,425 --> 00:20:20,885 So forcing MFA for accessing all your admin portals, 350 00:20:21,565 --> 00:20:25,325 MFA for per user MFA users. 351 00:20:26,065 --> 00:20:30,925 So I think this may be in kind of advance of maybe trying to get 352 00:20:31,035 --> 00:20:34,845 away from the per user MFA that's considered legacy at this point in time. 353 00:20:35,425 --> 00:20:38,645 And then MFA for high risk sign-ins, 354 00:20:38,695 --> 00:20:43,605 which high risk sign-ins is a Azure ADP 355 00:20:44,145 --> 00:20:47,805 two feature. Mm-Hmm . So I'm assuming that. 356 00:20:47,805 --> 00:20:48,435 It is. 357 00:20:48,435 --> 00:20:49,845 They're also gonna look at a. 358 00:20:49,845 --> 00:20:51,205 Little bit of upsell in there, right? 359 00:20:51,385 --> 00:20:56,045 I'm assuming like maybe they look at your licensing if you don't have 360 00:20:56,425 --> 00:20:57,565 any Azure AD premium, 361 00:20:57,855 --> 00:21:01,445 maybe they're still doing security defaults and if you have P one you'll get 362 00:21:01,445 --> 00:21:06,165 like the first two admin portals and per user MFA and if you have PE two 363 00:21:06,175 --> 00:21:10,725 maybe they'll add and enable the MFA for high risk sign-ins. 364 00:21:11,105 --> 00:21:16,045 But if you aren't paying attention and someday you randomly go in and you have 365 00:21:16,045 --> 00:21:20,805 all these new Microsoft managed conditional access policies or M FFA starts 366 00:21:21,085 --> 00:21:22,205 behaving differently in your tenant, 367 00:21:22,955 --> 00:21:27,885 this could be what's happening And they do say in the Microsoft 368 00:21:27,885 --> 00:21:32,685 365 roadmap that all eligible tenants will be notified prior to this 369 00:21:32,685 --> 00:21:35,405 rollout. So you should get a notification. 370 00:21:35,905 --> 00:21:40,685 The other thing I have not seen anything about is like I already have some of 371 00:21:40,685 --> 00:21:45,325 these policies or policies that meet this criteria enabled in my tenant. 372 00:21:45,865 --> 00:21:50,405 So if you already have these, will Microsoft just not add them? 373 00:21:50,515 --> 00:21:52,485 Will they kind of intelligently look at, 374 00:21:52,585 --> 00:21:56,405 oh they already have an MFA policy that covers admin portals so we're not going 375 00:21:56,505 --> 00:22:00,165 to deploy it. Will they still push it out there but not enable it? 376 00:22:00,705 --> 00:22:05,085 If you disable one of these, will they automatically get re-enabled? 377 00:22:05,315 --> 00:22:09,845 There's a lot of interesting things because of the effects conditional access 378 00:22:09,985 --> 00:22:14,845 can have on your tenant as to how this will actually function 379 00:22:14,895 --> 00:22:15,765 going forward. 380 00:22:16,205 --> 00:22:20,645 TBD, so there's some, there's some weird language in the roadmap side of things. 381 00:22:21,305 --> 00:22:24,565 So it says all eligible tenants will be notified. 382 00:22:25,265 --> 00:22:29,205 I'm imagining that like in the back of my head I'm thinking great, 383 00:22:29,345 --> 00:22:32,325 you're gonna have to go and watch the message center. 384 00:22:32,795 --> 00:22:36,365 Like that's how you're gonna be notified if you are eligible, right? 385 00:22:36,425 --> 00:22:41,245 So hopefully they are looking at those licensing components 386 00:22:41,475 --> 00:22:45,925 like and figuring that out like the whole ADP one versus P two 387 00:22:46,305 --> 00:22:50,965 and and kind of how that manifests. So like makes sense, right? 388 00:22:51,365 --> 00:22:55,765 I think they that they should do that but really, really weird. 389 00:22:56,075 --> 00:22:59,245 Like what are they gonna consider eligibility here? 390 00:22:59,785 --> 00:23:03,605 Is it going to be based on your licensing? 391 00:23:03,985 --> 00:23:08,365 Is it gonna be based on some kind of like minimum threshold for 392 00:23:08,435 --> 00:23:09,115 licensing? 393 00:23:09,115 --> 00:23:13,605 Like not a ton of clarity in how that one, 394 00:23:14,345 --> 00:23:17,165 how that one manifests itself. So yeah, 395 00:23:17,215 --> 00:23:20,845 especially with kind of the broad coverage right between MFA for admin portal 396 00:23:21,725 --> 00:23:26,525 MFA for per user MFA and then like you said the MFA for high 397 00:23:26,525 --> 00:23:27,805 risk sign-ins as well. 398 00:23:27,875 --> 00:23:31,605 Yeah. And the fact that it technically could start hitting tenants tomorrow and 399 00:23:31,605 --> 00:23:35,725 there's no, again, there's no documentation that I could find. 400 00:23:35,905 --> 00:23:40,485 The only thing I've found from Microsoft official is 401 00:23:41,025 --> 00:23:42,245 the roadmap item. To. 402 00:23:42,245 --> 00:23:45,765 Be fair, the roadmap does, item does say you'll be notified, right? 403 00:23:46,245 --> 00:23:49,645 I speculatively think that hey, 404 00:23:49,675 --> 00:23:53,565 that means you're gonna get a message in the admin center. My concern there is, 405 00:23:53,985 --> 00:23:58,645 and and I've seen this time and time again as Microsoft 406 00:23:58,815 --> 00:24:03,565 rolls out these new things is people don't read the admin center 407 00:24:03,865 --> 00:24:07,325 no matter how many times they've sent you the message, you don't see it there. 408 00:24:07,865 --> 00:24:11,645 So I get that's not Microsoft's fault that you know, 409 00:24:11,665 --> 00:24:16,645 we as customers aren't following along and that they're doing everything they 410 00:24:16,705 --> 00:24:21,405 can to enter into this world of kind of secure by default posture. 411 00:24:21,955 --> 00:24:24,685 Like hey really can't fault anybody for that. 412 00:24:24,985 --> 00:24:29,725 It would be great to see them do more messaging about how to and more kind of 413 00:24:29,925 --> 00:24:32,685 prescriptive guidance about how to stay up to date with these things. 414 00:24:32,915 --> 00:24:35,045 Like I would love to see, you know, 415 00:24:35,045 --> 00:24:39,685 like a targeted campaign going out to M 365 416 00:24:40,045 --> 00:24:44,925 subscribers, particularly tenant uh, admins or service admins, uh, 417 00:24:44,925 --> 00:24:48,485 who are also potentially gonna be going in and looking at those things or the 418 00:24:48,485 --> 00:24:52,325 folks who are responsible for change management in an organization just to get 419 00:24:52,325 --> 00:24:56,725 them up to speed and help them understand things like best practices for 420 00:24:57,155 --> 00:24:59,245 cadence to check the message center. 421 00:24:59,775 --> 00:25:03,685 Where do those emails come from to make sure that you know, they're, 422 00:25:03,685 --> 00:25:07,885 they're not being black hole someplace in your spam filter or something else. 423 00:25:08,115 --> 00:25:11,885 Like, you know, I think Microsoft is really good about telling you like, uh, 424 00:25:11,985 --> 00:25:15,805 hey we run this service under these ipss or you know, 425 00:25:15,805 --> 00:25:20,645 these are the FQ DNS that you need to potentially whitelist in your 426 00:25:20,925 --> 00:25:22,645 firewall for outbound communication. 427 00:25:22,645 --> 00:25:26,205 Like you need to be able to go for like M 365 to like this blob storage account 428 00:25:26,205 --> 00:25:27,525 to be able to download this thing. 429 00:25:27,875 --> 00:25:31,445 They give you all that knowledge in the docs but they don't necessarily give you 430 00:25:31,505 --> 00:25:32,965 the other side of it, 431 00:25:32,965 --> 00:25:36,645 which is like what should I as a customer be looking out for and how often 432 00:25:36,645 --> 00:25:40,405 should I be doing it and what's the right cadence for me to be doing it? 433 00:25:40,505 --> 00:25:43,605 All right, so like should I be looking at the message center daily, weekly, 434 00:25:43,755 --> 00:25:44,588 monthly, 435 00:25:44,675 --> 00:25:48,525 what are the email addresses these come from and how do I make sure that they're 436 00:25:48,625 --> 00:25:53,245 not sent into the black hole abyss of a spam filter? 437 00:25:54,235 --> 00:25:56,885 Heck, what's the email address you send it to? 438 00:25:57,355 --> 00:26:01,405 Like we've talked in the past about like the whole like Azure thing with 439 00:26:02,105 --> 00:26:05,405 admins versus COAD admins and how like, you know, 440 00:26:05,405 --> 00:26:08,565 service alerts and resource health alerts and things like that come out. 441 00:26:08,755 --> 00:26:13,245 Like it's a bit ambiguous about who gets emailed when these things happen and 442 00:26:13,245 --> 00:26:17,965 whether the folks getting emailed even have like valid mailboxes, . So, 443 00:26:18,025 --> 00:26:21,205 and I'd love to see Microsoft just do a little bit more on that side. 444 00:26:21,275 --> 00:26:25,485 Yeah. And the message center in Microsoft 365 since we're talking about this, 445 00:26:25,865 --> 00:26:28,525 has gotten a little bit better in terms of email. 446 00:26:28,525 --> 00:26:33,365 Like if you go into the preferences you can go customize your view and 447 00:26:33,365 --> 00:26:37,365 choose which messages you wanna show or which services you wanna show messages 448 00:26:37,385 --> 00:26:37,985 for. 449 00:26:37,985 --> 00:26:41,845 And then they do have an email tab where you can receive email notifications to 450 00:26:41,905 --> 00:26:46,565 the primary email and it'll tell you which one it is or other email addresses 451 00:26:46,865 --> 00:26:50,565 and then choose which emails you want to get emails for major updates. But. 452 00:26:50,565 --> 00:26:51,805 You have to go in and do that stuff. 453 00:26:51,865 --> 00:26:53,365 But you do have to go in and do it if. 454 00:26:53,365 --> 00:26:57,085 Nobody ever tells you to do it, how do you know to do it True? Like it's a, 455 00:26:57,155 --> 00:27:00,845 it's a little bit of a chicken egg problem there and over time, 456 00:27:01,035 --> 00:27:05,685 like as they've adjusted the message center and they've kind of opened it up 457 00:27:05,825 --> 00:27:07,765 to you know, 458 00:27:08,045 --> 00:27:12,245 restricting certain admin roles from having access to it and then opening up 459 00:27:12,245 --> 00:27:15,165 like specific roles that have access to it for like folks in your change 460 00:27:15,165 --> 00:27:16,605 management organization or things like that. 461 00:27:16,635 --> 00:27:20,925 Like I don't always know that that next click stop happens of actually 462 00:27:21,245 --> 00:27:22,078 communicating like, great, 463 00:27:22,085 --> 00:27:26,525 I gave you access now here's what I expect you to do with that access. Yeah. 464 00:27:26,625 --> 00:27:29,365 So that everything goes down the happy path. 465 00:27:29,435 --> 00:27:31,725 There's also something I've played with this before, 466 00:27:32,085 --> 00:27:33,965 I don't use it because it's really just me, 467 00:27:33,965 --> 00:27:37,885 but another interesting feature that they do have in the Microsoft 365 message 468 00:27:37,905 --> 00:27:41,285 center is planner syncing. So if you do use planner, 469 00:27:41,425 --> 00:27:45,845 you have like an IT team that you want watching all of these, 470 00:27:46,255 --> 00:27:48,525 while they may not have access to the message center, 471 00:27:48,585 --> 00:27:53,565 you can set up planner syncing so that you can sync tasks into planner 472 00:27:53,695 --> 00:27:58,525 based on these updates to the message center, assign people, handle them, 473 00:27:58,675 --> 00:28:03,085 archive them off, know that somebody's seen them, et cetera, et cetera. Yeah. 474 00:28:03,115 --> 00:28:04,805 Then you need to use planer. . 475 00:28:05,105 --> 00:28:07,965 That's tough that that's a tough hill to climb. . 476 00:28:08,345 --> 00:28:08,565 Is. 477 00:28:08,565 --> 00:28:11,605 True. I'd never seen that one that that one's actually, that one's interesting. 478 00:28:11,635 --> 00:28:12,005 Yeah. 479 00:28:12,005 --> 00:28:16,885 I tried it and again for me it was just too much because I'm the 480 00:28:16,885 --> 00:28:17,925 only one that caress about 'em. 481 00:28:17,945 --> 00:28:21,325 For me it's just as easy to go into my message center but to your point about 482 00:28:21,325 --> 00:28:24,325 how often I don't do it as often as I should. 483 00:28:24,785 --> 00:28:27,885 If you are running Microsoft 365, you should absolutely be doing it daily. 484 00:28:28,195 --> 00:28:32,445 There's usually at least a handful per day. And then other days, 485 00:28:32,765 --> 00:28:35,565 I was just flipping through mine October 26th, 486 00:28:36,315 --> 00:28:38,245 they must have gone through and updated a bunch of items. 487 00:28:38,255 --> 00:28:43,045 There were 27 updates or messages to the message 488 00:28:43,045 --> 00:28:44,725 center on October 26th. 489 00:28:44,905 --> 00:28:49,245 It looks like it was maybe seven or eight of the new 490 00:28:49,525 --> 00:28:54,525 messages and then they updated like 20 of 'em. Which could be timelines, 491 00:28:54,785 --> 00:28:59,525 it could be usually it's just timelines updated. Yeah, 492 00:28:59,805 --> 00:29:00,645 a lot of these are just, 493 00:29:00,645 --> 00:29:03,125 we updated the rollout timeline of when it's gonna happen. 494 00:29:03,195 --> 00:29:06,245 It's going slower than we thought, faster than we thought, et cetera. 495 00:29:06,385 --> 00:29:10,165 But absolutely Microsoft 365 message center. If you're not doing it daily, 496 00:29:10,225 --> 00:29:13,805 you should be doing it daily if you care or if you just wanna live on the edge, 497 00:29:13,805 --> 00:29:16,165 just wait until something random pops up. . 498 00:29:16,875 --> 00:29:21,005 Wait until one day you log into your tenant and purple is green and it's all 499 00:29:21,005 --> 00:29:22,325 just upside down. Exactly. 500 00:29:22,745 --> 00:29:24,005 One other news, Scott, 501 00:29:24,205 --> 00:29:27,565 I have another roadmap item but I might get ranty on that one. . 502 00:29:27,835 --> 00:29:28,325 Depends. 503 00:29:28,325 --> 00:29:29,885 On if you want me to rant. Sure. If. 504 00:29:30,005 --> 00:29:31,325 You you wanna rant, you can rant. 505 00:29:31,505 --> 00:29:34,565 Or do you wanna actually do news? What are you highlighting over here? We. 506 00:29:34,565 --> 00:29:36,405 Can go back to Agile land for a little bit if you want. 507 00:29:36,495 --> 00:29:39,365 Let's go back to this one 'cause this one intrigues me and I hadn't seen this 508 00:29:39,365 --> 00:29:40,925 one yet. Deploy Bastion. 509 00:29:41,345 --> 00:29:45,605 Yes. So, so we've talked about Bastion in the past. I think one of the, 510 00:29:46,585 --> 00:29:51,005 one of the friction points with a lot of Azure SKUs 511 00:29:51,625 --> 00:29:56,365 is pricing. Like how do you get hands-on with these things with 512 00:29:57,715 --> 00:29:59,485 like minimal experience? 513 00:29:59,585 --> 00:30:04,205 What's the right way for you to get in and not spend the absolute 514 00:30:04,435 --> 00:30:06,325 most money possible upfront? 515 00:30:07,065 --> 00:30:11,005 And some services like Bastion can do that they can, 516 00:30:11,005 --> 00:30:12,885 they can run away from you a little bit. Like, you know, 517 00:30:12,885 --> 00:30:14,605 you've got a bunch of different things going on there. 518 00:30:14,865 --> 00:30:18,765 So one of the new things that happened with 519 00:30:19,395 --> 00:30:24,125 Bastion is they recently announced a new developer 520 00:30:24,405 --> 00:30:27,805 SKU that's available. So it's, it's out in preview, you know, 521 00:30:27,805 --> 00:30:29,325 preview comes with restrictions. 522 00:30:29,625 --> 00:30:34,445 So it's only in a couple end user acceptance regions that are 523 00:30:34,465 --> 00:30:37,725 out there. North central us, west Central us, 524 00:30:38,195 --> 00:30:43,005 west Europe and North Europe to kind of go ahead and 525 00:30:43,005 --> 00:30:46,205 get started with it. But I didn't see pricing published with it. 526 00:30:46,205 --> 00:30:50,645 But it's called out in the doc like the pricing page on like azure.com hasn't 527 00:30:50,645 --> 00:30:51,765 been updated with the new SC U yet, 528 00:30:52,185 --> 00:30:55,205 but all the docs are out there on Microsoft Docs. 529 00:30:55,325 --> 00:31:00,085 So TBD what the cost is but it's gonna be lower cost than anything else 530 00:31:00,465 --> 00:31:04,805 that's out there for bastion today. So it's a dku, 531 00:31:04,995 --> 00:31:07,885 it's missing a couple things, particularly like scaling, 532 00:31:08,235 --> 00:31:11,765 like you're not gonna have any kind of scale out operations in there. 533 00:31:11,765 --> 00:31:15,765 You're not gonna have any kind of advanced security features, 534 00:31:16,245 --> 00:31:20,685 anything like that. You absolutely are still going to need, 535 00:31:21,425 --> 00:31:24,165 you know, bastions for accessing your virtual machines in a vnet. 536 00:31:24,465 --> 00:31:29,365 So you still need V nets and virtual machines and the right roles and the right 537 00:31:29,495 --> 00:31:33,925 ports and protocols and just all those kinds of things 538 00:31:34,905 --> 00:31:38,405 set up and ready to go for you. 539 00:31:38,545 --> 00:31:43,005 So I think the big differences with the 540 00:31:43,005 --> 00:31:46,285 developer SKU and there's some really interesting differences in here. 541 00:31:46,685 --> 00:31:50,525 the developer SKU can't RDP to a Linux machine. 542 00:31:50,985 --> 00:31:53,805 But then again neither can the basic SKU of Bastion, 543 00:31:54,055 --> 00:31:58,285 which honestly I never realized this and explains a whole lot about the last 544 00:31:58,285 --> 00:32:02,285 couple times I've deployed Bastion and have not been able to RDP to my Linux 545 00:32:02,285 --> 00:32:02,995 host . 546 00:32:02,995 --> 00:32:07,045 Like that makes a whole lot of sense now and it's never told me that in the 547 00:32:07,045 --> 00:32:11,845 portal it will not do SSH again or does the basic 548 00:32:12,085 --> 00:32:16,365 sku. There's no customization around things like ports. 549 00:32:16,825 --> 00:32:21,525 So customizing, import, customizing, inbound ports, anything like that. 550 00:32:22,175 --> 00:32:25,125 Funny enough from an authentication side, like we, 551 00:32:25,125 --> 00:32:28,005 we should talk in the future about how Microsoft has been doing a bunch of 552 00:32:28,005 --> 00:32:32,245 messaging around to like the future of NTLM versus BERROS and things like that. 553 00:32:32,865 --> 00:32:36,085 But even though you can only connect to Windows hosts, 554 00:32:36,185 --> 00:32:40,365 you can't do any type of curb off end to that. So I, 555 00:32:40,485 --> 00:32:42,965 I thought that was kind of interesting. 556 00:32:43,425 --> 00:32:46,525 You also don't have the ability to do some of like the advanced security 557 00:32:46,605 --> 00:32:49,725 controls like disabling copy paste, 558 00:32:50,605 --> 00:32:51,885 anything like that along the way. 559 00:32:52,025 --> 00:32:54,645 And then I think I called it out but no scaling either. 560 00:32:55,265 --> 00:32:59,765 You can't also connect to VMs that are across peered fee nets. 561 00:33:00,305 --> 00:33:05,245 So you can do that with both the basic and standard SKUs. So like I said, uh, 562 00:33:05,405 --> 00:33:07,885 TBD to see where pricing falls for this one. 563 00:33:08,425 --> 00:33:11,925 But in general like I really do like to see these kinds of things come up 564 00:33:11,925 --> 00:33:16,085 because the less friction and less cost you put in place of getting hands-on 565 00:33:16,165 --> 00:33:17,205 with these types of services, 566 00:33:18,205 --> 00:33:22,445 ultimately the broader deployment you can kind of drive downstream. 567 00:33:23,205 --> 00:33:27,805 I think it is a really nice like carrot to hang out there and get customers 568 00:33:27,805 --> 00:33:30,925 comfortable with it and say they just get comfortable with it through the portal 569 00:33:30,985 --> 00:33:34,645 or whatever and then they're ready to move on to you know, 570 00:33:34,735 --> 00:33:36,965 PowerShell for deployment or arm templates, 571 00:33:36,965 --> 00:33:40,525 things like that because it's just a skew of bastion. 572 00:33:40,915 --> 00:33:43,925 It's not like a whole net new resource provider or anything like that. 573 00:33:44,035 --> 00:33:48,965 Like it's kind of immaterial and and trivial to go ahead and do things 574 00:33:48,995 --> 00:33:53,085 like move from the portal to a deployment script using PowerShell or the CLI 575 00:33:53,775 --> 00:33:57,445 bicep arm templates, any kinds of those, 576 00:33:57,905 --> 00:33:58,845 any kinds of those things. 577 00:33:59,725 --> 00:34:04,445 Interesting enough you can also upgrade from the developer SKU to the 578 00:34:04,445 --> 00:34:09,125 basic or standard tiers. So that's very nice to see as well. Like you can start, 579 00:34:09,185 --> 00:34:10,085 you can get started with it, 580 00:34:10,085 --> 00:34:13,565 maybe you find there's some friction or a limitation there and now that you're 581 00:34:13,565 --> 00:34:17,965 comfortable with the service you just want to go ahead and upgrade and get 582 00:34:18,125 --> 00:34:18,958 yourself to where you need to be. 583 00:34:19,305 --> 00:34:24,005 But it's really just bastion with a lower cost and a lower set of 584 00:34:24,285 --> 00:34:27,045 features that are associated with, like I said like all the other prerequisites, 585 00:34:27,235 --> 00:34:30,725 they all stay the same. Like need to make sure you have enough address space, 586 00:34:30,795 --> 00:34:33,045 need to make sure you've got a vnet with uh, 587 00:34:33,205 --> 00:34:36,645 a subnet with enough address space for that bastion host. 588 00:34:37,145 --> 00:34:39,725 You know you gotta be using standard port, standard protocols, 589 00:34:40,145 --> 00:34:41,045 all those kinds of things. 590 00:34:41,385 --> 00:34:42,205 Yes, 591 00:34:42,205 --> 00:34:46,405 I like this one as well 'cause I think you talk about 592 00:34:46,995 --> 00:34:51,805 getting familiar with it but I also see this as a way 593 00:34:51,905 --> 00:34:55,005 for you to better secure your infrastructure. 594 00:34:55,425 --> 00:35:00,245 It helps maybe Microsoft from a security standpoint because if you ever wanna 595 00:35:00,245 --> 00:35:02,805 have some fun turn on a VM you don't care about, 596 00:35:03,105 --> 00:35:06,005 you're too cheap or you don't want to deploy Bastion. 597 00:35:06,005 --> 00:35:10,445 So you just leave port 33 89 open to the internet and don't bother like limiting 598 00:35:10,505 --> 00:35:14,925 it to just your IP address or something and watch how long it takes for that 599 00:35:14,925 --> 00:35:19,805 server to start getting uh, hammered with people trying to log into it remotely. 600 00:35:20,115 --> 00:35:23,405 It's incredible. So by turning on something like Bastion two, 601 00:35:23,705 --> 00:35:25,845 you reduce that risk, 602 00:35:26,395 --> 00:35:30,565 make it a little bit more secure from that remote access standpoint. 603 00:35:31,065 --> 00:35:33,485 And a lot of these already servers are already ping into, 604 00:35:33,715 --> 00:35:36,485 tend to be kind of in line with the developer skew. 605 00:35:36,485 --> 00:35:40,485 They tend to be to be developers that need ARDP into a server to deploy 606 00:35:40,485 --> 00:35:42,005 something, to set something up. 607 00:35:42,545 --> 00:35:47,525 So having a lower cost skew to just get Bastion going and 608 00:35:47,595 --> 00:35:52,565 have some additional security around that remote access to VMs for your 609 00:35:52,565 --> 00:35:56,765 developers is going to be a nice option because Bastion does 610 00:35:57,385 --> 00:35:58,285 add up quickly. 611 00:35:58,795 --> 00:36:02,845 It's one of those services that you look at the pricing and you don't think it's 612 00:36:02,845 --> 00:36:03,445 a big deal, right? 613 00:36:03,445 --> 00:36:07,965 It's 19 cents per hour for the basic 29 cents for standard, 614 00:36:08,385 --> 00:36:11,965 but then you start reading all the fine print that it is billed hourly from the 615 00:36:11,965 --> 00:36:14,885 moment it's deployed until the is deleted. 616 00:36:15,225 --> 00:36:18,605 So if you're turning this on for unlimited access to your vm, 617 00:36:18,605 --> 00:36:23,605 it's 19 cents an hour per hour every day you're paying $4 and 50 cents 618 00:36:23,685 --> 00:36:26,405 a day times what? 30 ish days? 619 00:36:26,905 --> 00:36:31,845 It adds up to $135 a month or so for Bastion 620 00:36:31,845 --> 00:36:36,765 unless you're actually going in and creating it and deleting it every time you 621 00:36:36,765 --> 00:36:37,645 need to access the server. 622 00:36:37,885 --> 00:36:41,645 I wanna see where the pricing lands for this one because even the developer sku, 623 00:36:42,225 --> 00:36:45,645 at least from the documentation side, is still gonna be priced at the, 624 00:36:45,645 --> 00:36:46,805 that per hour price. 625 00:36:46,915 --> 00:36:48,085 That way per hour. 626 00:36:48,085 --> 00:36:52,685 Pricing. So you know, if it comes in at 15 cents versus 19 cents, 627 00:36:53,325 --> 00:36:57,205 I don't think that's a material thing that's gonna move, move the needle. 628 00:36:57,655 --> 00:37:02,565 We'll see how low it can go given it doesn't have any needs for auto scale 629 00:37:02,625 --> 00:37:03,458 or anything like that. 630 00:37:03,545 --> 00:37:06,365 If I was to guess, even looking at like standard basic, 631 00:37:06,365 --> 00:37:07,685 it's a 10 cents per hour. 632 00:37:07,685 --> 00:37:11,565 If they could get it down to like nine or 10 cents per hour, 633 00:37:11,835 --> 00:37:15,365 kind of half the cost or literally move it down, 634 00:37:15,805 --> 00:37:18,605 I would love to see that where it's in the ballpark of like 60, 635 00:37:18,935 --> 00:37:21,045 $65 per month. 636 00:37:21,245 --> 00:37:24,605 I wonder if I go deploy one and just crank it up like I see if it shows up in 637 00:37:24,605 --> 00:37:27,285 cost management or something. Who knows if the meters are rolled out yet. 638 00:37:27,285 --> 00:37:28,118 We'll see. 639 00:37:28,405 --> 00:37:31,565 , I like that one. I'm going to maybe go turn that on too. 640 00:37:32,045 --> 00:37:33,165 'cause I have used Standard, 641 00:37:33,315 --> 00:37:35,845 I've used that quite a bit for different VMs that I deploy. 642 00:37:36,045 --> 00:37:40,125 I use Bash in a bunch of places and I feel like every time I use it, 643 00:37:40,155 --> 00:37:42,925 like I'm compelled to tear it down because of the price. 644 00:37:43,125 --> 00:37:45,685 'cause lots of the things I'm doing are dev test scenarios. 645 00:37:46,325 --> 00:37:48,165 I get that automation's there. 646 00:37:48,425 --> 00:37:51,765 But realistically like if I'm doing something to play around for a couple weeks, 647 00:37:51,955 --> 00:37:56,805 like it's way easier for me to just keep it on and just pay the cost of 648 00:37:56,805 --> 00:37:59,285 it and it would be way nicer if that cost was less. 649 00:37:59,465 --> 00:38:00,885 You do better than me. I'm even cheaper. 650 00:38:01,085 --> 00:38:05,965 I just don't deploy it and I go modify my NSG to only allow RDP access from my 651 00:38:06,025 --> 00:38:06,575 IP address. 652 00:38:06,575 --> 00:38:10,445 There are places that I have to deploy it like I'm compelled by policy. 653 00:38:10,785 --> 00:38:12,965 You must. Fair enough. Alright, 654 00:38:13,195 --> 00:38:15,805 well that maybe does it for the news for today. 655 00:38:16,565 --> 00:38:20,685 I think I've got stuff to go do that is Halloween today and 656 00:38:21,565 --> 00:38:26,325 I have pork to pull for dinner and stuff 657 00:38:26,505 --> 00:38:30,485 to set up outside because we are in Florida and we just hang out outside all 658 00:38:30,485 --> 00:38:31,165 evening , 659 00:38:31,165 --> 00:38:36,165 unlike those northerners that I talked to up in Chicago in Michigan today where 660 00:38:36,165 --> 00:38:37,405 it just snowing up there. It's. 661 00:38:37,405 --> 00:38:42,405 Gonna be another balmy 80 degree Thanksgiving here in Jacksonville, Florida. So. 662 00:38:42,475 --> 00:38:44,605 Halloween Thanksgiving's a few weeks away. Yeah. 663 00:38:44,605 --> 00:38:47,245 Halloween, Thanksgiving, they, they all, they all blend together after a while. 664 00:38:47,345 --> 00:38:49,685 One of those holidays, the fall holidays turns. 665 00:38:49,685 --> 00:38:52,045 Out they're both events where uh, 666 00:38:52,045 --> 00:38:54,725 people get dressed up and just eat a bunch of candy in the United States. 667 00:38:54,785 --> 00:38:55,405 So it's. 668 00:38:55,405 --> 00:38:59,045 True. I would argue though the Thanksgiving food is way better in the us It. 669 00:38:59,045 --> 00:39:01,125 Is. I'm in it for all the pies for dessert. 670 00:39:01,425 --> 00:39:03,725 Oh yes, absolutely. 671 00:39:04,125 --> 00:39:07,485 I need to go see which houses have good candy that I need to go trick or 672 00:39:07,565 --> 00:39:11,125 treating with my kids and grab some or bribe them to get me some extra. 673 00:39:11,295 --> 00:39:14,565 Yours are still young enough to do it. All right, well I'll let you go. 674 00:39:14,735 --> 00:39:17,285 Enjoy your Halloween. Thanks and we'll chat again. Alright. 675 00:39:17,415 --> 00:39:20,365 Enjoy your uh, Halloween as well and we'll talk again soon. Thanks. 676 00:39:20,385 --> 00:39:21,218 Ben. 677 00:39:22,825 --> 00:39:26,485 If you enjoyed the podcast, go leave us a five star rating in iTunes. 678 00:39:26,585 --> 00:39:31,285 It helps to get the word out so more it pros can learn about Office 365 and 679 00:39:31,295 --> 00:39:32,128 Azure. 680 00:39:32,425 --> 00:39:36,125 If you have any questions you want us to address on the show or feedback about 681 00:39:36,145 --> 00:39:40,645 the show, feel free to reach out via our website, Twitter, or Facebook. 682 00:39:40,905 --> 00:39:42,965 Thanks again for listening and have a great day.

Digital Dispatch Podcast Podcast Artwork Image

Microsoft Cloud IT Pro Podcast

Ben Stegink, Scott Hoag

On the MS Cloud IT Pro Podcast, Scott and Ben discuss the Microsoft Cloud with a focus on IT Pros. They'll discuss the latest in Microsoft 365 and Office 365 News, Azure news and talk about their experiences with managing the Microsoft Cloud as well as interview industry experts on various cloud technology. They'll cover things such as SharePoint, Exchange, Microsoft Teams, PowerShell, Azure, Azure AD, Security, Networking, Storage, and the many other technologies and products that have made their way into the Microsoft 365 suite and Azure. To stay up-to-date on the latest in Microsoft Cloud news and gain some valuable knowledge as you deploy it within your own organization, make sure to tune in every week! Find out more at msclouditpropodcast.com.

Contact Show