Sam: Hello and welcome to the Let's Talk Azure podcast with your host Sam Foote. And I'm strong. If you're new here, we're a pair of Azure and Microsoft 365 focused IT security professionals. It's episode seven of season seven. Alan and I in this week's episode will dive into the new releases in March and the news. And here are the things that we covered. Any key Microsoft Entra, Intune, Defender XDR, any features, updates and announcements? We also cover Azure, so any new features and also retirements in Azure as well. We've noticed that a large number of you aren't subscribed. So if you do enjoy our podcast, please do consider subscribing. It would mean a lot to us for you to show your support to the show. And it's going to be a really great episode. So let's just get started. Hey, Alan, how are you doing this week? Hey Sam, not doing too bad. How are you? Yeah, good. Thank you. Yeah, really good. Anything, ⁓ any. pre-news news that you want to cover. Um, yeah. Um, it's come up in the past few weeks. MVP, something was good. Oh yeah. Chatting since then. Oh yeah. Tell us all about it. What did you hear about Alan? What's new? Oh There's this, beep. Oh, well that's, that's great news. Right. Let's move on to the next topic then. Great Alan, you and your mates hung out and ate too much food in America for a week. No, honestly, you know, how was it? Was it good? No, it's really good. To be fair, I eat that much, surprisingly. But yeah, no, it was good. It was good to catch up product group, things like that. Go through some AMAs with them. have some decent discussions about some of the new stuff that's coming. Some of the- The frontier suite. Yeah. The pain points as well. What's the news on the ground with E7? How did that hit the, you know? To be fair, it wasn't mentioned too often because I think everyone- It's, it's one those, bear in mind, you know, ⁓ so yeah. Okay. So the, keynote was around, you know, agentic AI and that kind of thing, ⁓ that we had, ⁓ again, can't talk about what they talked about, yeah, agentic AI, know, watch out the stuff. So, and any someone was part of that, you know, of course, that bit, of course. Yeah. Of course. ⁓ There were some sessions that I had where it was sort of discussed around the security sides and the reasons for it. ⁓ but generally the other stuff wasn't really around the E seven licensing because we're talking about, you know, all the stuff pretty much in Eve, you know, E five and maybe not as much in the AI space at the moment. Cause there's still enhancements, things like that and need for the, you know, for the base stuff. Yeah. So, you know, so yeah, it wasn't mentioned too much, obviously. things like, it's an access, close to car access, that kind of stuff was obviously, you know, any of those sessions probably mentioned it because it's another way of elevating to that sort of licensing and that sort of functionality. But, but yeah. So yeah, it's a long week. So, so, but, um, yeah, I think I'm still partially recovering from sleep. Um, cause haven't really given, I think when I came, when I came back on the Saturday, I then had to go to an evening, a wedding reception. So it wasn't like my chance to, uh, recover. Yeah. It's like, what's up with you, Alan? You're just standing there like a sleep, you know, pretty much. So I can sleep on your feet. yeah. Nice. That's cool. Yeah. Good job. Nice. Right. Yeah. The things that's now as the, ⁓ MVP, renewals is now open. So got the fun of, ⁓ putting all, yeah. ⁓ putting away evidence stuff in for renewal and hoping it's July. ⁓ if I get to be an MVP for another year. Nice. Nice. But yeah. ⁓ Do you there's anything else news wise? I don't think. Um, there's a lot of stuff to talk about, I think in this one around some of the stuff that was released in, in March. Yeah. To be fair on the security side, there is quite a lot to be fair. So, yeah. Should we get started? Yeah, let's do it. Uh, should I go first? Yeah, go on now. Yeah. You give us. Okay. So. Let's go through, so yeah, I'm gonna go through all the sort of Defender XDR, Entra, Purview kind of stuff. So let's start with Defender XDR, sort of generally all the portal. So this kind of ties into Defender identity as well. A lot of this. But Microsoft have brought in a load of bits around identity under the identity sort of pain. So whilst we were always looking at, you know, Defender identity almost being. on-prem only, they're now sort of opening up a bit more as we've kind of seen over the months. But now we've got an identity security, well, they've got new enhancements now to ⁓ monitoring ⁓ human and non-human identities. So all of this is in preview, but you've got a new identity security dashboard, summary cards of providers. On-prem identity, SAS identities, PAM and IGA integrations, non-human identities, to be able to show you all of that kind of stuff. Courage and maturity page. So this is quite interesting in that it's telling you ⁓ that where it sees from Defender for Endpoint, I think, or Defender for Cloud apps, where it sees you using SAS services that can integrate with Defender for Cloud apps, it's saying, hey, get them hooked up. kind of thing. So you're protected from an identity perspective as well. So it's also showing you where you should be covering because you've got users accessing those services. Oh, that's cool. Yeah. Really good. Yeah. Yeah. That's what I thought. So again, some of that might be because like the example being like, get hubs on there, you might, you know, your use might just be referring to other repositories, things like that. And maybe it's not your own get hubs. There's a little bit of sort of fault. I suppose fast positive is a little bit there. around some of that, but you know, if you do have GitHub then and it's, you know, the enterprise version, then you can get it hooked up kind of thing. We've got the identity infantry. So some of this was here, ⁓ but now we're going to show human and non-human identities in separate tabs. I think they might've been all together. ⁓ Perhaps you classify critical assets, privileged identities, critical Active Directory service accounts, and a view of cloud application accounts. So again, it's trying to tie them all together so you can see which identity then has got multiple, I suppose, identities in those different services where it's like Entra. It's Entra enrolled, but it's just showing you where else they are. ⁓ that yeah, I said non-human identity. So, ⁓ Entra, ID apps, Act Directory service accounts, Google workspace apps, Salesforce apps as well. ⁓ the identity risk score. So there's new, ⁓ scoring there ranging from zero to a hundred. The likelihood of compromise and potential impact based on criticality and privilege roles. So that's quite interesting. The change, some of the metrics are starting to change as well. Domain investigation page. So based on your active directory, you'll now get a domain security page telling you about the actual configuration and start to show you some of the goods and the bads from a domain perspective, rather than just, you know, here's a list of stuff that some of the recommendations you've seen now put into a, it's own dashboard for a domain. That's quite cool in itself. So yeah, it's definitely worth looking. There's some other bits in here actually that aren't mentioned here but we'll mention them in the... Let's just see if they're here. They're not in the Defender Identity part. ⁓ there's a few other bits around, ⁓ from the XDR outside of that is that under advanced hunting, there's some new schemas in preview for cloud DNS events, ⁓ coming from a cloud infrastructure and cloud policy enforcement events, ⁓ to, so various cloud platforms, protection by organizations using defend for cloud. So it's going to be, you know, when, when policies have been hit. That kind of thing. So it's probably it for that one. That seemed quite a lot in itself to be fair. Yeah. Yeah. Like I say, I've, I've shown it to a couple of customers and checked a couple of our customers as well. Those pages. Cause it's quite interesting in itself, but, ⁓ moving on to Sentinel, ⁓ that's just bypass April. There's a lot of things in there. We don't talk about that yet. Okay, so it's not too much in here. The only one is there's a call to action. So update old Microsoft Sentinel content as code, Sentinel repositories, API versions before June the 15th, 2026. So on June the 15th, 2026, ⁓ our API version will no longer be supported. This will impact all source control and source control actions in the Microsoft Sentinel REST API. So if you are pushing content that way, you need to update. ⁓ so yeah, that's the main one for that. ⁓ looks like some interesting ones on the next or this month, but we'll keep them. ⁓ the federal cloud apps, ⁓ update to secure score category calculations for increased accuracy. So this, this kind of, I suppose it semi ties into the, that those bits were sort of identity cause it is all kind of. They're all related really. But prove actually and better protect organization identities. ⁓ Security recommendation categories as cloud apps recommendation are now considered identity related and grouped under identity, which is fair because they are identities in there. So, so just move some shifting around for that one. Moving on and into Defender for Identity. So the bits that were missing out of the other bit under the XDR was, done that one, password protection page. So the password protection page shows you ⁓ what's been deemed as leaked credentials, which ones are actually deemed as that. So I think some of the time we haven't been able to get that from the Microsoft view, it's more been around the identity protection user risk level being suggested that maybe their credentials have been leaked and that kind of thing. This is suggesting that it's gonna highlight which users have or where Microsoft have identified it as being leaked credentials for it, for one of the tabs of that page. You've also got password hygiene. So understanding current configurations within Active Directory or Okta and where some of your policy might or some of the config for some of the identities is not great. ⁓ Your password policies in Active Directory. So if you've got multiple domains, you can get a quick view about how you've got it configured and that kind of thing. ⁓ And you've also got a last tab which is exposed passwords. So again, within Active Directory, anything that is in plain, you know, anything that's been configured for, you know, a user object where they've got it set to reversible, um, reversible pat, yeah, reversible, um, passwords or plain text passwords that seem to be stored in there. Yeah. Nice. So, um, so yeah, not, not seen yet anything in the, in the leak credentials tab for, for any of my tenants that I've I've looked at, which is good, but it'd be interesting to see what actually looks like. exactly. So yeah, it's bad to see it, but it'd be good to see what actual detail you get. I think that's it. There's a sensor update in there and this, I don't know much is in the March. So in March, if you're on version two of the sensor for the active directory sensors, And you're on, it's on an operating system, that supports version three. There's now, you're now able to migrate or press a button in the portal to migrate. And in effect, the sensor version two sensor will stay on until version three is connected and then it will disable itself as a service. That's really good. Yeah. And then you, then you can do a cleanup later on because it will still be installed. won't activate kind of thing. Migration takes up to 20 minutes. So that's communication with the XDR pool to say, go migrate. And then yeah, it sent itself up in the background. So yeah, think that's a real good one. Obviously at the moment, if you've got certificate services or the Entry Connect or ADFS connectors, they're not currently supported by version three. So you'd still need version two, but the port will tell you when you can migrate or when that functionality comes in. Moving on to Defender for Endpoint. So there is... We've got, I talked about, was it last month or the month before, the library management for LiveResponse, being able to put your own scripts and stuff in there so you can pull them down. That's now gone GA in March. So that didn't take long. Yeah, was February. It was in preview. March has gone GA. Nice. So that was pretty quick. ⁓ There's some new Microsoft Secure Score recommendations, which are block ⁓ outbound network connections for Microsoft HTML application host. So that's to prevent mitigated attacks that leverage the MSHTA XE, which are trusted binary to execute malicious scripts. and be able to communicate with command and control from that side. So yeah, that's just one, it's in preview. Moving on to Defender for Office. So expanding the user reporting in Teams. So I think the time before we said we could report in Teams, it was moved to plan one, wasn't it? That's right. Reporting to include calls. So if you're now getting spam calls from Teams, because you allow external access, you can now report it. One-to-one calls teams from call history. That's malicious scam. Yeah. Nice. Or non malicious as well to, be specified reporting mailbox, Microsoft reporting, ⁓ as support for contextual teams, messages in user reporting. When user reports, Microsoft teams chat channel, standard shared private and meeting conversations to Microsoft as a malicious ⁓ security risk up to 15 messages before ⁓ before and after the response will be shared with the analyst to be analyzed. Sorry, not with the analyst. So yeah, adding more. So not just the message, just seeing how the conversation was going kind of thing. So that's quite good as well. Moving on, we go into unified security operations. So that's just the integration with, I say just, but the Sentinel and ⁓ XDR integration. So there's not been any updates since February on that. Swiftly moving on and into purview. ⁓ DLP as a preview for DLP support adaptive scopes for scoping SharePoint policies. So that's going to be, that's quite good. So you can specify, so it's, it's, you can specify the scopes in the back end about, I guess that's the SharePoint sites, things like that based on a criteria, you know, begin how, what happened, name of convention, that kind of thing. There's a load of stuff in data security investigations. You can now, let's just have a quick look. Now support for data security posture agent. All right, so there's a new agent, the data security posture agent can be part of the investigations. You can do audit search now generally available within the investigation. ⁓ There's a few others in there, but let's move on. So data security posture management, which is in preview, they're extending the coverage of data insights to third party SaaS and IaaS platforms by using Microsoft Sentinel with partner solutions to provide historic data insights against Google, GCP, Google Cloud Platform, Snowflake, and Databricks. So that's interesting. That's definitely bringing it into the, you know, purview into the XDR data, isn't it? At that point and sent it all. Cause it's not really had any, any interaction there, has it? all? No, no, not at all. ⁓ also in there, there's no, you can now use federated credentials as a more secure method to authenticate, to run fabric data risk assessments. ⁓ within that as well. Let's just check some of the other bits. is so inside a risk there is the bits around this of GA so Microsoft fabric indicators are now now include Lake house indicators again I think I mentioned those last month so they've come in a new quick policy template for detecting data theft from non-Microsoft 365 apps by users leveraging your organization So on there, GA for the page go reporting, usage reporting. So you can understand how much data you might be using under the page go. ⁓ and then let's just look at sensitivity labels. generally available, generally available, ⁓ manual labeling for one note. So yeah, I didn't know that you can start labeling and guessing, ⁓ supported at the section level. that's, that's really interesting actually, isn't it? So you could, want to know what workflow requires that. I just, I'd love to see that use case. I'd love to see. Yeah. I guess if you were sharing a workbook, you didn't want certain people to see certain ones. That's be the, yeah, I suppose. Yeah. But there must be teams that organize ⁓ different types of confidentiality and data in one note. I've just never seen it, but yeah, cool. Cool that you can do it. Yeah. In preview auto labeling policy to introduce new flow where you must decide whether you automatically apply a label or you remove a label. So if you've got some, if you've changed your labels and you need to retrofit, well, potentially retrofit a new one, you use auto labeling anyway. But if you change criteria, you need to declassify or remove labels, you can now do it. That's in preview still. Yep. ⁓ In preview Viva engaged communities now support labels being applied to them under 365 365 groups and connected SharePoint sites ⁓ Yeah, I think that's it for that one. Still quite a few bits there. Entra so there's a plan for change is marching yet plan for change agent registry consolidation into agent 365 so yeah this is the there was obviously a part where the the address station was part of was part of Entra sort of area where they spun it up as as the world was moving rapidly and now we've got agent 365 they're now In effect, retiring it. The H2S tree and agent collections blade in Entra admin portal will retire on the 1st of May, May 1st. No extra required. So in effect, you'll have to then look at agent 365. If you've got it. Got it. Yes. Yep. So that's that part. Public preview for Microsoft Entra backup and recovery. is now available. Built-in solution to restore tenants after accidental changes or malicious updates. Always on by default, it automatically backs up critical directory objects, including users, groups, applications, service principles, managed entities, conditional access policies, name locations, agent IDs, and authentication and authorization policies. So admins can quickly restore them to a previous known good state. That's cool. Yeah. Yeah. That's quite powerful. Public preview or make takes backups. P1 and entropy 1P2 one backups taken every day and retained for five days. And it's can be available snapshots, et cetera. Doesn't say if it can, if you go for longer for that, but I suppose we've taken once a day and there's no changes. Then you can have continuous update on you. So. Is that going to be the last five changes or? No, it's the last five days. Okay. So each backup is retained for five days, not last five changes. Uh, public review of Entra hybrid join using curb, uh, Entra Kerberos. So the new get paid today was winded. So I was become hybrid Entra joined immediately at provisioning time without waiting for Entra connect sync or requiring ADFS. Interesting. So say that again. I got to get my head around that. The new. The new capability enables a Windows device to become hybrid Entra joined immediately at the provisioning time without waiting for Entra Connect Sync or requiring ADFS. By leveraging Entra Kerberos, customers can modernize the hybrid identity architecture while reducing infrastructure complexity and dependency on legacy federation components. Nice. I need to look at that. Yeah. Yeah. That's why I asked. Yeah. That sounds good. Yeah. Yeah. As soon as it it said, uh, entry hybrid entry joined immediately. I immediately thought I needed to do that. I did not wait for a sync. I needed that immediately. Yes. Uh, generally available, uh, sync to pass, sync pass keys in Microsoft venture ID. Uh, can I have sync pass? ⁓ entry now supports synced pass keys as a general available authentication method. Synced pass keys are FIO two based credentials that can be stored in built in or third party key store or key pass providers, ⁓ across users devices. Administrators can manage the, the use of sync key passwords along device bound keys through key pass profiles. Cause there's a lot of key pass and profiles in there. ⁓ Existing key pass-configurations can be ⁓ managed using the same EntraID authentication policies and report service. That's quite good. ⁓ Generally available, the SCIM 2.0 API for Microsoft EntraID is now generally available. ⁓ It gives customers, developers, and partners a standard base option for managing users and groups in Entra using the system for cross-tenant domain. management ⁓ specification. So the other one is public preview for Microsoft Entra pass keys on Windows. So now available in my preview. This feature allows users to register device bound pass keys directly into the local Winners Hello container and uses them to sign into Microsoft Entra with Winners Hello biometrics. So that's quite good. So previously you'd have to go to the authentication app, hook up over the Bluetooth, I think it is to your device to get the keys. to use a pass key now saying winners. Hello. Can now support it. Yeah. Okay. That's good. So I guess that's an enhancement to what winners. Hello does from it's, ⁓ like MFA sort of tokens. Yeah. A level up we'll say from that. just take a look. There's a few others in here, I'm still thinking about the, ⁓ generally available Microsoft single sign on for Linux support for authentication with fishing resistant MFA credentials. That's cool. Don't know how many people sign into Linux today with single sign on. But there's, you know, there's going to be developers and things like that or services that may need that. So I think that's good as well. Yeah. think that's probably it. I am I still in March? Jesus. I'm still in March. I'm still scrolling. So yeah, okay. That's enough. There's definitely a lot more there, but, these other hundreds of product team members are like, why didn't you get to my thing? And Alan's just like, Nope, that's enough. No, I'm still stuck on hybrid join. Yeah. think we should just end this now and just jump into that. I'll look at it. Yeah. Right. Uh, moving on to Intune is my final one. Oh, you're okay. Right. Yeah. Okay. Yeah. Still, go. It's that little, that little thing left to go just in tune to go now. Just, just in tune. Yeah. That thing that everyone forgets about. Yeah. Uh, I mean, I think it comes under modern work, but does it come under security now? I don't know. I just try to, this is April, March. There's a recovery lock feature available for macOS devices. You can now configure recovery OS password that prevents you from booting company owned device into recovery mode without the password. There's some new settings in the Windows settings catalog. Connectivity, disable cross device resume. to read up on what that actually means because it sounds a bit hard. Windows AI, remove Microsoft Copilot app. See how to do that ⁓ as config now. There's some new Apple settings. ⁓ there's loads of Apple settings. ⁓ Allow sign in, allow workspace IDs as external as the external intelligent settings. There's quite a few AI ones in here, some Siri. You won't go through all of them, there's quite a few there. If you're using remote help, ⁓ there's connectivity update for it for Windows devices. They're just changing the URLs. Just check that if you've got any network restrictions on those devices that you update those. And there's support for ⁓ Red Hat, Linux 9 and later. 10 LTS support now within Intune, which is quite interesting. There's a new security baseline for Windows 11 25H2. in there and hot patching default enablement in Windows Auto Patch. So where it's supported, it's on my default. So yeah, again, there's a few more in there and it keeps going, but I think we'll leave that for there. One thing actually, there's a note at the beginning of this page now saying the order which updates go out in to which regions, which I didn't know. So like day one is Asia Pacific, APAC, then it's Europe, Middle East and Africa, EMEA, then North America, then in tune for government. ⁓ so it's like day one, day two, day three, day four plus kind of thing. So follows the sun, like over days, doesn't it? Yeah. Take up three days to roll out in the following order sort of thing. yeah, I didn't, I didn't know that's quite interesting to know that actually. So all good. But yeah, that is me, me done. You sure? Well, we could go back to the entry page and spend some more time there, but yes, I think we're done for now anyway. Okay. Yeah. On to you, Sam. Yeah. So, yeah, I mainly cover Azure focused changes. ⁓ not too much on the Azure side. There, there are a lot of updates, just not a lot of it. I felt we're excited enough for me to ramble on about, but yeah, there's, but I'm going to, I'll, I'll start with Defender for cloud. quite a few changes actually on this side. yeah, so yeah, now in preview, we've now got individual recommendation formats in Defender for Cloud. you might have, well, you would have seen before that some recommendations in Defender for Cloud are grouped together. ⁓ Things like software vulnerabilities on virtual machines are like grouped into like different criticalities and different types of machines, I think as well, like public facing assets, stuff like that. ⁓ Yeah. So they're, they're now, splitting them out. yeah. ⁓ they now show as individual recommendations. So the big thing here now is you're going to get a lot more recommendations, that is to be expected. Also, you are going to continue to get the combined, the grouped recommendations, sorry, ⁓ in your feed as well, duplicated for an amount of time. ⁓ it says. you know, it will, they will be deprecated in quotes several months. So you're going to get duplications in that list, ⁓ as well. So just. Yeah. If you opened a fender for cloud and you see this, then that is why, ⁓ don't well, yeah, don't worry about it, but do worry about it because you need to fix the recommendations. Now in preview on-demand malware scanning for Azure files in Microsoft Defender for storage. So I got very confused when I read this earlier. They're referring to Azure files, not ⁓ a blob storage. Sorry. Thanks, Alan. So, so yeah, so that we talked might've been last month or the month before about on-demand malware scanning, ⁓ where you can ⁓ click a button in the portal or you can do it via the REST API. Or you can automate it with, you know, which means you can automate it with like an automation playbook, logic apps, PowerShell, rah-le-rah-le-rah. ⁓ It allows you to trigger on demand malware scans. So yeah, scans, you know, full storage accounts. So it means you can time them if you want to ⁓ as well. So it gives you more flexibility on, on what you do with that. So that's, that's pretty cool. ⁓ what, ⁓ yeah, now in preview is a, ⁓ is a capability called code to runtime enrichment for recommendations. So essentially what this is ⁓ doing is for, is for development teams to understand more about their software development life cycle process. So it's, it's trying to add more enrichment as the name suggests, ⁓ to. any recommendations from a code perspective. So it's looking at your software development ⁓ chain visibility. it, it pipes, it glues together all of the different various sort of processes, I suppose, and registries and runtime environments that ⁓ you're utilizing. ⁓ It's adding blast radius analysis. So understanding how many assets are affected by a single code change, which is cool. ⁓ Runtime to source tracing. So navigating backwards from runtime recommendations to identifying the original source of security issues and actionable remediation. So fix issues at the source to prevent reoccurring regressions rather than addressing only runtime symptoms. So this seems more like ⁓ we're now seeing a, cause code Toad's threat protection really in Defender for Cloud was more, I would say, if that makes sense. It was more looking at your third party modules, the things you use, the open source packages you use, the misconfigurations in your IAC, your Terraform, your Ansible, your Open Tofus, blah, blah, blah. those types of things. I'm bicep, sorry. I shouldn't, should I say bicep? Who knows? So, so this is going one level deeper. So this is more like GitHub advanced security, I would say. So this is a really cool, ⁓ addition to see, I'd like to see how good that is. I'm not saying it's not going to be good, but there's quite a lot of like complex ⁓ logic there, to be honest with you. ⁓ Right. So there is now a change. So back to like sort of, ⁓ you know, ⁓ recommendations in Defender for Cloud. So if you are using Defender CSPM, you are going to get severity based risk assignments, right? So each recommendation is going to give you a risk score. ⁓ But ⁓ what's changing here is for For recommendations that previously appeared as not evaluated, they will now receive a risk level derived from the recommendation severity. So I... I don't really know what that is serving. I haven't really got my head around the benefit of doing that. I assume it's because what they want you to do is they want you to review it and to market as such. Does that make sense? Like not just ignore all of the not evaluated day one because Just because Defender for cloud can't see it doesn't mean it shouldn't be remediated in your environment. It's something that you should consider and review. So that's the only reason why I think they're doing this, but I haven't really delved into it too, too deeply. ⁓ but again, yeah, you need to defend the CSPM to do it. So, ⁓ there is that to sort of think about as well. So the, the main change day to day is, that you're going to have more in your list that you're going to notice. right, because it's not set to not evaluated anymore. What else did I want to? Okay, yeah, so some expanded multi-cloud coverage for AWS and GCP in Defender for Cloud, which is really cool. So ⁓ there are newly supported AWS and GCP assets which are now discovered and visible in the asset inventory experience. So I assume that they've expanded out those different types. There are now approximately 150 new recommendations across AWS and GCP as well for them. And the regulatory compliance frameworks have been refreshed to provide more complete compliance coverage in those environments. So that's pretty cool. ⁓ Defender for APIs is getting additional Azure region support and API security posture management. So Sweden, central and south, Germany, west and north, Italy, France, central, France, south, Norway, east and west, Switzerland, north and west, Korea, central and south, South Africa, north and west. So yeah, if you... If you are in those regions, you're going to get additional benefit there. And finally, back to Defender for storage. Sorry, they're not in product order. But now malware automated remediation Defender for ⁓ storage is now generally available. I think we might have talked about this, but it allows you to configure ⁓ automatic soft deletion of detection malicious blobs. ⁓ either during an on upload or on demand scanning. So it keeps it in a quarantine. So you could recover it if you wish after further investigation. So you can either do it at the subscription level, storage level, and you can apparently do it via the API as well. So yeah, quite a few updates there and some really good actionable changes. Okay, so onto Azure. So we spoke about this before, but draft and deploy on Azure Firewall. This is now generally available. We definitely talked about this. So this allows you to draft your changes to Azure Firewall and then commit them fully, ⁓ which then takes two... No. ⁓ Yeah, sorry. No. So any change to a policy update before would have taken two to four minutes to change, which would have caused a disruption on your firewall. But now with draft and deploy, you can draft those changes and deploy them in one shot. Just replacing existing policy. So that is a good, a good change. ⁓ Azure policy, I don't think I've spoken about Azure policy for like a long, long time. ⁓ so. So this is a retirement. ⁓ So Azure Policy, Policy Assignment and Creation, updates for ⁓ Resource Manager Mode policies now get enforced within five minutes. ⁓ so apparently they are also removing this workaround, which I haven't even heard of before, but this is cool. ⁓ they're removing the login log out workaround method that triggered faster propagation of policy changes in your environment. I didn't even know that was a thing, but if you're using that, ⁓ yeah, that will no longer be available. So it looks like they're decoupling. the speed of Azure policy enforcement. It doesn't seem to be tied to a user action. It seems to on a timer now of every five minutes. It's going to be like on a refresh loop, like log analytics or whatnot. So that kind of makes sense to me. now generally available is, ⁓ the Azure site reliability, ⁓ agent. ⁓ we have talked about this, ⁓ previously, ⁓ but it can use both, ⁓ it can use reasoning with both open AI and anthropic Claude models. ⁓ it can do built in Python code execution. and it's got a long-term memory as well. ⁓ so yeah, it's, it's there to help your, your SRE, ⁓ team members to, you know, help you to improve up time, produce incident impact, you know, gather diagnostics, that type of information. So, yeah, good luck if you've got, ⁓ if you're confident enough to connect that. yeah, crack on. To Claude, mean. Kind of an inside joke. So now in public preview. Um, is a query profiler for Microsoft SQL server, um, extension for visual studio code. This doesn't sound that exciting, but it is actually pretty cool. So now visual studio code itself has a quick query profiler, which essentially if you run a SQL query, it can tell you how long it's going to take. What the performance impact of that query is going to be typically, you know, query profiling has been a part of like, want to say like. enterprise visual studio and you know, ⁓ SQL server management studio. So it's really good to see that that's now being supported in a visual studio code. So I'm definitely going to check that out because that's a pretty cool, cool update. No, I won't talk about that one. Bit of a weird one. Not weird. I suppose it's not weird. Now in public preview is Entra ID based access for Azure Blob Storage SFTP access. So if you really do need to connect to Azure Blob Storage with SFTP, you can now enforce Entra ID based access to it. So yeah, all the good stuff that we know of, ⁓ entry ID, single sign on multi-factor conditional access policy. ⁓ yeah, X, Y and, and Z, ⁓ is now, ⁓ supported in preview. So, ⁓ yeah, I'd love to see how that, I love to see how that actually, ⁓ works in practice, like when you actually connect to it. So use case for that. Cool. Let me know if it works. HR connector, growing data from HR system. then, so yeah, that's true. Yeah. Yeah. Yeah. ⁓ you're talking about, ⁓ you're Mr. Purview, aren't you now? So anyway, moving on. ⁓ right. So, ⁓ another retirement. ⁓ so good to know. So Azure batch had already retired low priority VMs. Last September. Okay. And, what it will begin now is a system initiated migration to spot VMs starting from, well, it's already gone the 1st of March, 2026. So this is already happening. ⁓ so yeah, if you are using this workload and you haven't migrated from low priority VMs, well, you've already probably been affected by this, but yeah, this is why. everything broke that day that you were supposed to be on. PTO. ⁓ ⁓ I thought this was quite interesting as well. Another retirement, lots of retirements this month. Well, that I think are worth talking about. the, ⁓ emissions impact dashboard for Azure is going to be a retired. effective March, ⁓ 31st, the emissions impact dashboard for Azure, which is hosted by power BI is being, will be retired. ⁓ so yeah, they're telling you to report your export your data cause it's going to go. ⁓ so you should now be using Azure carbon optimizer in advance of the retirement day as an alternative solution, but March, 2027. you've got a bit of time, ⁓ before you got to deal with that. Yes, ⁓ Microsoft ⁓ now generally available. ⁓ Microsoft Azure is now available from a new cloud region in Denmark. Denmark East region provides Danish customers with local secure cloud infrastructure to support your local data residency requirements, low latency and access to advanced cloud services. So yeah, there you go. Crack on Denmark. They're doing loads of data sentence, aren't they? Yeah, it's ridiculous. ⁓ And I think. ⁓ yeah, this is quite cool. Yeah, last one. Sorry. But now generally available is user delegation of SAS tokens for Azure tables, Azure files, and Azure quick queues. So what this allows you to do is use, you can tie the SAS token to the delegator of this system. It allows users to set SAS tokens at the table. table entity, queue, queue entity, file container, and individual file level. Any SAS token set at a higher level will provide access to all table, queues, and file entries within. And any SAS token set at the base level will only be able to access that individual entity. There's no additional cost for using to use user delegation SAS. It's just standard read, write transactions of your storage account. So this is quite cool because one of the big problems with SAS is that it is very permissive, isn't it? Right. When you use one of them. So, ⁓ this allows you to scope SAS tokens down. So if you can't move away from it, you can at least make it better, I suppose. And that's, ⁓ yeah, that's it for me for this, for this week. So, or this month, sorry. So. Yeah. That's cool. There's definitely a lot. Yeah. They don't stop, do they? You know? Nope. I've, I've read up on the hybrid join and he's building it my lab. ⁓ same pre-reqs, which is going to be interesting. Okay. Yeah. All right. Is it requires one server 2025 domain controller? that's, devices or devices, ⁓ registering the initial onboarding have access to. Yeah. Okay. So, ⁓ well that was, well, we'll revisit that in three years. So I joke, I joke, I joke. Everybody that I talked to is fully up to date. All right. Yeah. Yes. Cool. Right. Did you enjoy this episode? If so, please do consider leaving us a review on Apple, Spotify or YouTube. This really helps us reach out to more people like yourselves. If you have any specific feedback or suggestions or there's something in the news that we've talked about, you want us to dive into more. There's a link in our show notes to get in contact with us. Yeah. And if you've made it this far, thanks ever so much for listening. We'll catch you the next one. Yep. Thanks all.