Sam: Hello and welcome to the Let's Talk Azure podcast with your host Sam Foot. And I'm Stuart. If you're new here, we're a pair of Azure and Microsoft 365 focused IT security professionals. It's episode five of season seven. and I this week will dive into the new releases in February. Here are a few things that we're going to cover. Any key Microsoft's Entra, Intune and Defender XDR, their features, any updates and announcements. We'll also be talking about any changes to Azure, Defender for Cloud. So any new features, anything that's gone into preview or any potential retirements as well. We've noticed that a large number of you aren't subscribed. If you do enjoy our podcast, please do consider subscribing. It would mean a lot to us for you to show your support to the show. We've got loads to cover and it's going to be a great episode. So let's get started. Hey, Alan, how are doing this week? Hey Sam, not doing too bad. are you? Yeah, I'm good. Thank you. I think we need to talk about a bit of news, but it should be for a piece of news, but it's not that month's news. If you get why I'm it's, I've just got it up to make sure I know everything about it. It's, it's finally happened Alan after how long has it been since we've made this joke? How long has it been, Three, four years? What are we talking about, Alan? What is the big news from... Was it this week or was it last week? I can't remember. I think it was this week, wasn't it? Yeah, this week. Microsoft 365 E7. Whoa. frontier suite. For frontier organizations, I believe. Right? For people that... So it's E five with co-pilots and there's a new agent three, five and entry suite. Oh, and you get entry suite. Yeah. Okay. News to me. Okay. Cool. Oh, that's good. Yeah. I like that. Sweet. I think that's good. Yep. Retailed it $99 per user per month. Yes. Well, suppose when you, ⁓ well, okay. Forget about then what was it called agent three, six five. That's the new thing, isn't it? Right. And isn't that from tracking your agents, I believe, and how they're used internally, socialized governance visibility control. Cause I saw the stats on that, that Microsoft said that they had 500,000 agents that they were using internally and like 60,000 interactions per day. crazy. And I think they, I can't remember the exact thing they said, like 3 million have been created or something. Bonkers. Really good to see. ⁓ so forget about that part for a second. Is this cheaper if you had bought E5, Copilot and Entrasuite? I assume it would be already. It might be cost. Well, cost equivalent, I think, cause I think. They were saying, I'll come in where it is now. There's like $115 for all of it. I think, because, uh, Entra agent three, six, five is $15 a month. it? think, yeah, I think it's $15. which I, I'm going to say, I thought that seemed quite expensive because only because you enable the practice of creating agents and then you've got to pay to manage them. But anyway, I suppose they do need managing and. You know, that sort of scale, you don't want to have to try and manage that by hand, I suppose. You know, um, it just felt like, you know, um, it just felt, you know, quite a lot relative to like the cost of copilot. If you see what I mean, you know, um, yeah. And I guess you got the work IQ covering all of that as well. I think that's the idea. Yeah. Yeah. But I can't believe we're finally. finally here. ⁓ Do we know of anybody that's excited yet? It's coming May, is it May 1st? Yeah, around then, yeah. Well, I mean, most quite a lot of organizations have most of it apart from interest suite probably. Yeah, true. Yeah. And there's, there's probably people out there that do have a full, you know, tick box, suppose. So based on what we were just talking about, the, the suggestion is that three, six, five, E five with teams is $60. And just sweet is 12 co-pilot 30. Okay. So that's 102. Yeah. So yeah. If you've got those is more cheaper. Yeah. Yeah. And if you're not using, if you don't, if you weren't looking to get an entry suite and you're going to get the agent, which is $15, then it's yeah, that's why not the same price, but it's cheaper still when, you get all of it. Yeah. Okay. Yeah, okay. Yeah. Yeah. Interesting that we're finally there. It was almost like a joke for such a long time. Do you think E9 will bring, Intune Suite? What else have we got to tack on? Intune Suite is already in E5. ⁓ it is. Yeah. Yes, that's right. So actually, actually, okay. Yeah. Okay. Right. No, no, no. whoa, whoa, whoa, whoa. Right. So is this actually everything? The only thing we don't know is if it's got, ⁓ the Microsoft defendant vulnerability management add on in it, that little skew that they've probably might've left to the side that should be part of it really. Okay. I kind of almost want it to not be everything just so I can make the nine jokes for the next four years. No, I think it is. think we're at the point where we thought E five had everything. then the sweets came out. Yeah. But that, but from a product development perspective, it wasn't actually like a bad way to go really, was it? Because maybe they, maybe they created all the, well created acquired blood, you know, X, Y, and Z all of those additional products. Right. Cause what did we had? We had in tune suite, entry suite, co-pilot. You know, and, ⁓ you know, now agent three, six five. So it wasn't until all of those things that were in place. And like you said, what was it? Is it in tune suite moved to E five, didn't it? And yeah, earlier, ⁓ earlier before. So actually, you know, that did, did they just wait to bundle it? Did they just not feel like they had enough, you know, value there, you know, or, or a reason to have another tear. Yeah. Yeah, exactly. Yeah. Yeah. I forgot about that. That it had gone into there, right? Yeah. It's just the MDVM add on that's I think missing. But we want variety. Yeah. Technically, but not the, well, no, this is the enterprise side. So we shouldn't count that. Should we? No, you get enterprise IOT. Yeah, you do. Yeah. Yeah. We shouldn't get, no, we're not going to call that out. I'm just trying to find things. Yeah. Okay. Cool. That was really cool. Yeah. ⁓ great to see. Great to see. I, ⁓ yeah, it'd be interesting to see what the uptake is on it. I just, I, I'm not sure I know of an org that, that has, of one. Do you? Yeah. Okay. I'm just thinking that they're, ⁓ they're already E five and they're going to be getting an entry suite next and they already got co-pilot. Yeah. So it kind of make. It's gotta make sense to move. And you can be part of the press release and all sorts of county if you want to be, you know, so. Yeah. So yeah, no, really cool. I just thought those stats, copilot and agent stats were just crazy when I saw them like crazy in like a good way. I think, do you know what I mean? You know, Yeah, definitely. Right. Sorry. That was news that we shouldn't talk about because it's not news, is it? It is news, but not February news. It's not this news, but we had to, we couldn't not talk about it. Yeah. So yeah, if you're new here, every month we do an episode on the news from the previous month. We just go through the items that we think are cool and care about, I would probably say. So this is not everything. far from it. But Alan, do you want to kick us off from your side? Yeah, sure. So I'll go through the Defender Suite purview and Entra and all those sort of things, all the productivity sort of security, I guess. So let's go to Defender XDR itself. ⁓ So the following advanced hunting ⁓ schema tables are now generally available, which is identity account information, Entra ⁓ ID sign-in events, ⁓ Entra ID SPN sign-in events, and Graph API audit events. So that's quite good, because that means that potentially you don't need to ingest them into Sentinel, because they're in there, in the XDR pool. ⁓ unless you need them longer than the 30 days that you can query them. that is quite good on that part. Moving on, let's just check this. So the Unified Security Operations, so it's kind of the management part of all the interaction with the XDR pool with Sentinel and Defender all in the one place. There's a new content types for cross tenant distribution now generally available for the MTO. These allow you to dispute cross multiple tenants and it is analytic rules, automation rules and workbooks now. So bringing in more Sentinel stuff. Yeah. Do you think that's the same tag? Like workspace. Is it called workspace manager on the Sentinel side? Yeah. Yeah. Yeah. I mean, that's probably going to be going now and MTO is taking over now, isn't it? So yeah, I was just thinking that because there was only certain resources I think you could sync with that. Might've been the same list or it might have been more on that. can't remember, but yeah, no, cool. Really good. Moving on, Defender for Office. So the announcement is that they're expanding the user reporting in Teams to Defender for Office 365 plan one. So moving it from two, you know, minimum of plan two to plan one. Use can report external and intra-org Microsoft Teams messages for chats, standard, shared, and private channels, meeting conversations to Microsoft as malicious, you know, security risks. Uh, to, uh, report our auto reporting mailboxes. Nice. That's good. Bringing some of that tech down. Uh, not that, you know, not that matter really. Cause everyone's going to go East seven. So, um, uh, moving on, uh, defend for end points. So there was a interesting preview in library manager for live response. to be able to put your scripts and a few things like that in a central repository in Defender that you can then pull from ⁓ when you're in live response. So previously, if you wanted to run a... tool locally that wasn't part of the standard tool set, you had to go be able to grab it from a network shell, from a blob storage, using commands, et cetera, providing that you were allowed to go and get it. Now Microsoft have put in the URI repository to be able to upload stuff into there. So think that's really good as well, you can get your tool set. ⁓ Effective settings tab, so effective settings tab against the machines allows you to see what is actually configured on the endpoint rather than fully relying on ⁓ Intune saying that it's pushed the config in effect or yeah, I suppose it would be Intune or the MDE sort of integration. ⁓ This is good to understand what other mechanisms may be causing that conflict to be to be adrift. You might have GPO winning on that side. At least you can understand that sort of bit. Yeah, definitely. Moving on to Defender for Identity. Okay, so there's some new ⁓ identity security alerts. I will talk about the Active Directory ones and they are possible Golden Token Attack, Suspicious Ticket and possible Kerberos Key List Attack. Now I'm pretty sure Golden Ticket was... one already in the list, but I'm guessing they've upgraded it in the Active Directory space. And now there are some new Entra ID alerts. Suspicious user configuration change. ⁓ Activity from Entra ID sync application. Get my words out. Anonymous OAuth device code authentication activity. Suspicious graph API requests made from Entra ID sync application. Suspicious sign in. Observation from entry, decent application and suspicious sign in with CSRF, a speed bump trigger. Don't ask me what that is. Sorry. What is that? Yeah, I knew you. unsure what that, ⁓ last one is. I am quickly looking, ⁓ maybe I will look for it later when you're doing your bits. ⁓ but yeah. So that's, that's to help support the change to the entry ID sync, isn't it? To application. Yeah. So an extra alerts about how that app is being used. So that's good. ⁓ moving on to defender for cloud apps. And there wasn't a new news this month. ⁓ the last one was in January around a workday connector updates to least privileged. Now on to Microsoft Sentinel. Microsoft Sentinel UEBA behavior layer is now generally available. So whilst it was baked in to Sentinel itself, I think now this is feeding into the XDR sort of plane now. ⁓ There's a new UEBA behavior workbook to help SOC teams get value from behaviors from day one. ⁓ There is a new preview for generate playbook using AI in Microsoft Sentinel. So, it's all playbook generation creation, Python based authentication, automation workflows co-authed through a conversation experience with Klein, an AI coding agent. So not heard of that, that one, but yeah, I'm guessing that's going to be on the, ⁓ the notebook kind of side, isn't it? Maybe. Yeah. So sounds about right. Okay. So that is that there is something in March, but it's not much, well, it is March, but it's the March news. ⁓ we're now into purview. Right. ⁓ So under February, ⁓ under developers sort of scenario, ⁓ Microsoft Purview enabled software developer companies to integrate governance, governance, protect and compliance capabilities into their applications using the SDK and APIs. A new list of partner integration is now available with a link to it. So I did go and check that link out. ⁓ And the software development integration ones are around network data security. And that is the iBoss and Netscope integration into DLP. And then the only other one was ⁓ purview for Genitive AI app integration. And the only app that's in there that's outside of, I guess, Copilot and ChatGPT ⁓ is Miro. So as in the whiteboard thing, guess so. ⁓ I R O. Yeah. Yes. Yeah. It's like a collaborative whiteboard. ⁓ yeah, tall. It's probably, it's a lot more than that. I'm absolutely. Yeah. ⁓ but yes, that's got true integration. Well, it's got purview built into it in effect. Yeah. Cause it's probably quite a lot of, you know, ⁓ customer, ⁓ confidential information that gets put into a system like that. Yeah. Cool. Okay, insider risk preview, Microsoft fabric indicators are now included, now include ⁓ lake house indicators. In previous well, a new quick policy template for detecting data theft from non-Microsoft 365 apps by using, by users leaving your organization is now available. So that's gonna be around network traffic side of things. So that's the integration of IBOS, GlowScore access and the other one, Netscope that I was just talking about. So I think it was only AI that was kind of suggestive for that integration. So that's better. ⁓ Is there a new, ah, there's a new one. The one I'm thinking about is this month, so I can't talk about it. yeah, I think that's pretty much it. There's a few bits around data governance, but I don't really work in that space. So I don't want to do any, any disjustice. I think you do. I think you can. I'll probably give him pervy, this justice, but no way out. Never. Um, moving on. Okay. So. hitting the Entra side and we'll talk about GlobalScare Access Client itself. So the latest version in February, support for private access for Microsoft Edge, Microsoft Entra Registered Devices preview for bringing your own devices. So being able to allow a managed device to have access to your corporate network. using the pro access from an unmatched device. So you can do MFA and everything, except to make sure you're still a trusted. Yeah. Yeah. Nice. So that can be accessed to like, ⁓ your internal VDI, I suppose things that if you wanted to, or just as some web apps, maybe it can be more than that, of course, they've done some optimize Asian into the, ⁓ intelligent local, ⁓ access ILA detections by re-evaluating the status for each network change. There's also a, the trace cert includes 50 meg speed test as well now for that. ⁓ So yeah, not too bad on that. ⁓ Just need to work on multi-session for it. Moving on to Entra. There was a couple in here I found. Microsoft Entra Connect security update to block hard match for privilege roles. So with Microsoft Entra Connect or Cloud Sync, ⁓ adds a new, adds new objects from Active Directory. know when those Entra Connect or Cloud Sync add new objects from Active Directory. Microsoft Entra ID service tries to match the incoming objects with a Microsoft Entra Object D. Yeah, looking up by incoming objects, yeah, anchors, et cetera. If there's a match, Microsoft AntriConnect sync takes over the source authority of the object and updates it. That doesn't sound like what I thought it was. I definitely don't sound like what the. thought you were going to like come up with like a, um, a, you know, like, um, like a hybrid type, um, lateral jump. Do you know what I mean? Have a privilege role or something like that. thought you're going to lead up to some sort of. I'd have to look at it a bit more, but the idea, thought the idea was that basically when I first read it was that if it sees a privilege role, it won't sink it up to the cloud is what I thought it was going to be. Yeah, exactly. Something like that. Like. Well, strip it's yeah. Strip it. yeah. If the cloud managed user already has a mutable ID anchor and is set and is assigned a previous role, it will no longer be able to sync it over to change the source authority over. Right. Okay. Yeah. So there's a bit of that. Absolutely butchered that. Nevermind. If you just kept like skimming through it, you would have got to it. Yep. There's an upcoming change that jailbreak detections are going to be an authenticator app. ⁓ there's a public preview for BOD support for windows clients, windows clients using Microsoft entry registration. ⁓ that is the bit I talked about basically, ⁓ users and partners can access corporate resource from their own device. Admins can, ⁓ assign the private application traffic profile to internal accounts, including guests users. Yeah, we know. Yeah, that's cool. ⁓ there's a general available for a new block page. And Microsoft Entra ConnectSync is now supported on Windows Server 2025. Oh, nice. I always felt really awkward having to just having to say that when I'm talking about pre-reqs. And there's the type of people I work with that's not a disservice to them. They're just there for the banter. Do you know what mean? And then it just derails the conversation massively. But no, that's cool. That's good. Was it, what do you, what do you think that was? Did you think that was just QA? Like it seemed a bit weird. Yeah. Oh, yes. But I also think there's a deeper integration with Entra with 2025 and domain controllers as well. I've seen some stuff. can't remember where it was, where there's some, it sounds terrible. saying some things happen, but it's some things, you know, make some things better, but you know. ⁓ no, there is some integrations that, that, ⁓ I think make it almost close to, you know, some of that interact, the integration with venture itself. So I think they may have had to not re-engineer it, but maybe tweak it because of those, those new connections, maybe to maybe allow it to do less. Don't know. But yeah, I reckon it was around that. Um, so moving on to Intune and under the Intune Suite banner, uh, Entra, Entra, endpoint privilege management support for AVD. It's an interesting one. Uh, single session virtual machines. So we had to do it on, you know, um, just VDIs in that thing. That's quite good. Um, App management Lenovo device orchestration link into Intune Admin Center. There's a part, it's a basis integration to the partner pool to be able to, so this is probably to manage your, your, your autopilot's configuration with them as well. Yeah. As we were talking about another, another thing earlier, ⁓ newly available protected apps for in tune, ⁓ clarity express for in tune, ⁓ data dog, ⁓ quick analytics. and tier one for Intune by SS &C technology. So new ones there. ⁓ new settings for windows in the windows catalog, ⁓ Microsoft edge allow sharing tenant approval, approved browsing history with Microsoft co-pilot search, ⁓ and able Ram resource control. So you can actually stop edge taking all your, all your wrap. ⁓ that's, that's good and bad. think at that point, because, ⁓ definitely some of our colleagues. I'm thinking of Chris. Tabs, tabs, tabs. Chris with his tabs. You'll need a CSP for maximum tabs in there as well. Maximum tabs, Yeah. I'm going to look it up. I'm going to, I'm just going to go on mute and I'm going to see if that's possible. seconds. Yeah. Let's just take a look. There's don't think as much. More, more, so device management, more options for assignment filters, device mesh type property for managed apps and Android iOS. So you can say corporate owned with work pro. So yeah, in effect, just the different types there that you can see. Same thing for iOS. infantry, nope that's okay. No, I think that's probably it on this part. Yeah. ⁓ I think that is it for me for this time. Thanks over to you, Sam. Unless you found the tablet. I don't believe so. I can't, I can't see one. There is a, there is an extension. To limit you. Tab limiter, Microsoft Edge add-ons version 0.01. You should check that out. Not. Right. Okay. Sorry. Yeah. Onto my side. Yeah. So I typically cover Defender for cloud and Azure. So, okay. February. Yeah. We've got quite a few changes to... Yeah, we've got a few changes on Defender for Cloud. So we have a new preview for the threat protection for AI agents. ⁓ So this enables threat protection for AI agents that are built with Foundry. ⁓ The new collective area for AI building in Azure, previous cognitive services, et cetera, et cetera. ⁓ It's part of the Defender for AI Services plan. So it gives you security through development, understanding your actual threats following OWASP guidelines for LLM and agentic AI systems. So yeah, so if you are building AI agents, there's a Defender for Cloud plan for you there. Yeah, I'll definitely check that out at some point. Cloud Infrastructure Entitlement Management, I can't ever pronounce the acronym, ⁓ recommendations are now available as a native capability within Defender for Cloud across Azure, Web Services, and Google Cloud Platform. So let's just talk about the key changes. So inactivity, Identity detections now evaluate unused role assignments instead of sign-in activity. The inactivity look-back window has been extended from 45 days to 90 days. Identities created within the past 90 days aren't evaluated as inactive. The permission creep index, RIP, ⁓ is deprecated and no longer appears in recommendations. ⁓ Is it SIEM, SIAM? Who knows? Onboarding no longer requires elevated high-risk permissions. ⁓ yeah. So, ⁓ so, ⁓ on Azure inactivity, inactivity of, I, inactive identity recommendations include evaluation of read level permissions. AWS requires cloud log trails, cloud trail log, sorry, ⁓ to be enabled in the defender CSPM plant and also on the GCP side. Cloud logging ingested, ingestion is also required for it to work. So yeah, check that out. That's some quite big changes, I think, there ⁓ in, especially like the look back period is really good. Yeah. Now available are simulated alerts for SQL servers on machines. The alerts are now generally available so that you can simulate an alert to validate SQL protection, your detection and monitoring. responses without introducing actual real risk. It does give you a full SQL and machine context. So it does allow you to sort of, you know, test end to end your playbooks as well, because you actually get ⁓ data there. But yeah, it is simulated alerts. ⁓ Right, Microsoft Defender for SQL is now introducing a database level recommendations for the SQL vulnerability assessment. So this is now in preview. So it covers ⁓ all supported data types, PaaS and IaaS, both classic and express configurations as well. ⁓ And it is both available in Azure and Defender portals. ⁓ So it's the SQL vulnerability assessment rule will generate a separate assessment for each affected database assessments are displayed and manages recommendations in, the, the defender for cloud recommendations. So before, ⁓ when you saw recommendations for SQL databases, you know, in defender for cloud, they would have been rolled up, you know, into a singular item. So it would have said SQL databases should have vulnerability findings resolved or. SQL Server on machine should have vulnerability findings resolved. So essentially this database level experience keeps all the same capability, it gives it to you in a nicer way to consume that data essentially. yeah, check out the vulnerability assessment rules reference, see what's included now on those database level recommendations. as well. Now supported binary drift now supports blocking and preview. So you can now configure binary drift policies to not also detect, but block unauthorized changes to container images at runtime. ⁓ So it helps to prevent potential security breaches, stopping the execution of, of drifted binaries in containers that have been tampered with. So yeah, go and check that out. And our last one. ⁓ is another preview container runtime, anti-malware detection and blocking. ⁓ so yeah, so it pertains real, it provides real time protection and prevention of malware and containerized workloads across Azure, Azure Kubernetes service, Amazon elastic Kubernetes service and Google Kubernetes engine, ⁓ environments. create anti-malware rules and define conditions for generating alerts and blocking malware, helping you to protect your cluster from threats whilst minimizing false positives. We don't like malware, so that is a pretty good addition. So that's my Defender for cloud updates. Not too many in Azure actually. I thought we were going to have more than this in my favorited list, but yeah, like I said, we do only pick the stuff that sort of, yeah, we get excited about. Now generally available as the default rule set version 2.2. in web application firewall for Azure Application Gateway. So this is essentially an updated default rule set. It's now based on the OWASP core rule set 3.3.4. It brings enhanced detection capabilities for content that's declared outside the actual content type header and enhances remote code execution detections. and also they're bringing in Microsoft threat intelligence rules. They expand across SQL injection, cross-site scripting, and application security attack patterns. ⁓ The default rule set 2.2 ships at paranoia level one by default. It includes a higher signal, lower noise rules that rarely trigger false positives. So ⁓ paranoia level two rules are disabled by default because they're more aggressive. ⁓ You can keep ⁓ Paranoia Level 2 disabled or you can selectively enable ⁓ Paranoia Level 2 rules where warranted. So yeah, check that out. ⁓ Might reduce some of your false positives. ⁓ it's a bit of a random one. I don't think it is random, but there is a retirement and I thought I would include it because it sounds scary to some people. So for as your front door and as your CDN profiles, they will end support for DHE cipher suites on April 1st, 2026, which is not far away. ⁓ they will not support weak cipher suites such as ⁓ my days. I am not talking. I'm not saying these out loud. D H E R S A with AES two five six GMC, SHA three 48 and the same thing, but just AES one two eight and SHA two five six. Sorry. I'm not right reading out the whole thing. ⁓ if you do use D H E cypher suites, ⁓ please do check this and check your front doors as well. Sounds like it could be nasty. Right, ⁓ now in public preview, Azure Virtual Network routing appliance. So an Azure Virtual Network routing appliance offers private connectivity for workloads across virtual networks using specialized hardware. It delivers low latency and high throw-up and optimal performance compared to virtual machines. Deploy it into a private subnet where it will act as a managed forwarding router. Traffic can be routed using user-defined routes, enabling spoke-to-spoke communication in traditional hub-and-spoke topologies. Configured as Azure resource, it integrates seamlessly with Azure's management and governance model. So super fast routing, high throughput. Okay, here we go. Maximum connections per second, baby. There's multiple bandwidth tiers, 50 gigabits per second, 100 gigabits per second, and 200 gigabits per second. Maximum connections per second starts at 250,000, then 600,000, and then 1.5 million. Crazy. So yeah. If you, feel like if you have that sort of problem, then yeah, you've, probably got other problems as well. ⁓ AMD version six, think we talked about these VMs previously, maybe in last month, confident, the confidential versions of those VMs, ⁓ in new regions. So, ⁓ which ones do we sort of care about? No, no UK West, West US, West US three, Germany, West central. That's good for us. Norway, East and West, ⁓ Canada, central Canada, East Italy, North German, Germany, North France, South. ⁓ I wonder if that says more about, you know, different countries and their requirements for, you know, confidentiality. Who knows? but always good to see rollouts of that as well. Now in public previews Azure Monitor Pipeline Transformations. I kind of feel like we talked about this. Yeah, okay, I do remember this, but it's actually gone into public preview now. It was in private preview November 25. So this allows you to ⁓ shape the telemetry that is ingested into Azure Monitor before it's actually ingested. So I did actually go and have a look at this. Yeah. So it supports, what's the support? It supports aggregation. ⁓ yeah. Aggregation filtering, ⁓ schema, schema, tization. That's hard one to say functions, string string functions and conversions as well. Yeah. So if you want to, ⁓ you know, ingest a little less than, yeah, maybe use that. the next one and probably the biggest thing I, I don't know. It's hard to say, but yeah, there's now a private preview for vaulted backups for Azure disk. So what this does is it gives you a vaulted tiered backup structure that is technically off site. ⁓ so it, it enforces, you know, it's got vault based isolation. ⁓ so it extends of disk level protection with vault vault based isolation, independent access controls and immutability. You know, so this is highly important, you know, during like ransomware attacks or tenant compromises. ⁓ you know, ⁓ there, there are, there is regional disaster recovery as well. So you can restore disk backups to paired Azure regions. ⁓ so there are sort of DR strategies and, ⁓ and scenarios there as well. If you were to be unlucky enough to be hit by ransomware and your primary region to be down. ⁓ I feel sorry for you if you're in that state. Pretty small one. Azure Kubernetes service has been updated to support Kubernetes version 1.34. Um, right. Just a couple more to go. Now there's a new public preview of web app application gateway, web application firewall insights. Um, so it now offers Waf insights, the application gateway WAF, um, to give you an interactive view of logs and metrics. Um, so yeah, it, it allows you quick investigation of block requests and analysis of attack patterns. and easy access to details like, you know, the rule IDs that you're using and client IPs. You can enable enhanced filters and visualizations. Well, you know, you've got enhanced filters and visualizations that make troubleshooting more efficient to help identify false positives. Streamlining WAF tuning. So that's cool if you're using Application Gateway and you've struggled with that in the past. And finally, and ⁓ my days, too many acronyms, but... Right, we have a new next generation of confidential virtual machines. So I think these are the V6, no, no, no. They're version six confidential machines that use fifth generation Intel Xeon processors. So I think we talked about these in the last episode, but these are the new confidential. virtual machine skews that go along with them. DCESV6, DCEDSV6, ECESV6 and ECEDSV6, confidential virtual machines are available to you. Yeah. So as we know with any new generation of, ⁓ you know, family or skew within side of Azure, it's typical that you will get an uplifting performance for a relatively similar amount of cost. Or if there is a jump, is a there's a potential for you to drop a, you know, skew size, potentially, it really depends on your workload as well. And I think these, when we talked about them last time, I think these new instances enable like insane topologies of resources and compute, right? It's like, I can't remember what it was like 384 cores and like two tibby bytes of date of RAM, do you know what mean? Like scale that we've just never seen. ⁓ Yeah, too much. ⁓ no. Okay. So these ones can ⁓ quotes only go ⁓ to 128 virtual CPU cores and 512 gig of memory in their standard gigabytes of memory in their standard configuration. But the memory optimized ones can do up to 64 virtual CPU cores. Yeah, can go see 64 virtual CPU cores for that maximum of 500 gigabytes of memory. Okay, so maybe these aren't what the insane ones that we talked about last time. But we do like confidential VMs. do. Intel especially has a lot of enclave and and security protections there as well. yeah, and I do believe these new SKUs do allow CPU based confidential AI workloads as well. I wonder how they perform, but you know, be interesting to see, you know, how they, how they work. Right. Yeah. So sorry, some more random stuff, I think, collection of stuff. No, you know, no chaos studio, no data box. You know, where are we? Come on, come on guys. Let's do it. ⁓ yeah, that's, it for me this month. I think, I think you had some really good changes, ⁓ your side, would say some quite a few things. was like, Ooh, that's exciting. Yeah. There's a couple of things, isn't there? ⁓ yeah, I think there's, there's, there's definitely a few things coming that seem interesting that I can't talk about, but, yeah, it's, it's always changing. mean, like you said, we, you we've not even, can you imagine how much change there is on the co-pilot side? Yeah. If we actually, yeah, if we dive, just looked, just peered over sort of thing. ⁓ So yeah, cool. didn't have anything else. I did find out what that acronym was in the end. ⁓ God, where is it? I've even lost the page for it. CSRF is cross site request forgery. Yes. CSRF. Yeah. Yeah. Nice. Cool. ⁓ Right. Did you enjoy this episode? If so, please do consider leaving us a review on Apple Spotify or YouTube. This really helps us reach out to more people like yourselves. If you do have any specific feedback or suggestions, have a link in our show notes to get in contact with us. Yeah. And if you made it this far, thanks ever so much for listening. We'll catch you on the next one. Yeah. Thanks all.