mountainss Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !

Advertisements


Leave a comment

#Microsoft MAP Toolkit 9.6 Now Available! #Winserv #SQL2016 #Azure #Office365 #Cloud #Tool

maptoolkit-9-6

Microsoft MAP Toolkit 9.6

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop, server and cloud migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments. More information about MAP Toolkit can you find here

Software Requirements:
        • Operating system. Any of the following:
          • Windows 10 (Professional, Enterprise and Ultimate editions only)
          • Windows 8.1 (Professional and Enterprise editions only)
          • Windows 8 (Professional and Enterprise editions only)
          • Windows 7 with Service Pack 1 (Professional, Enterprise, and Ultimate editions only)
          • Windows Server 2012 R2
          • Windows Server 2012
          • Windows Server 2016
          • Windows Server 2008 R2 with Service Pack 1
        • .NET Framework 4.5 (download from http://go.microsoft.com/fwlink/?LinkId=389161)
        • Installation of all updates for the operating system. Note: In some cases updates may not install automatically. To download updates for your computer manually, go to http://update.microsoft.com/.
        • By default, the MAP Toolkit will install SQL Server 2012 Express LocalDB during setup. You may also use an existing installation of SQL Server 2008, SQL Server 2008 R2, or SQL Server 2012 if you create an instance named “MAPS” before running the MAP Toolkit installer. The MAP Toolkit requires the collation order of the database engine to be set to “SQL_Latin1_General_CP1_CI_AS”.

Notes:

        • Some of these prerequisites require restarting your computer. You may have to restart multiple times if all the prerequisites are not met prior to running Microsoft Assessment and Planning Toolkit setup.

Scenario-dependent requirements:

    • For machines that will be used to run the Forefront Endpoint Protection Usage Tracking, Lync Usage Tracking, Exchange Server Usage Tracking, or Volume Licensing scenarios, please note: PowerShell 2.0 or higher must be installed.
    • For machines that will be used to collect Oracle schema information, please note: The 64 bit Oracle client must be installed on the MAP machine to collect the schema information. If the 64 bit client is not installed, MAP will only be able to collect instance information. MAP will not collect schema information if the 32 bit Oracle client is installed.

windows-server-2016-assessment

Export results in Excel for Windows Server 2016 Assessment Example

azure-virtual-machine-sizing

Microsoft Azure Virtual Machine Sizing Example in Excel

map-toolkit-training

With MAP Toolkit Training available 😉

You can download MAP Toolkit 9.6 here

microsoft-mvp-cdm-azure-advisor-banner


Leave a comment

Happy Holidays and Thank you ! #MSOMS #Azure #AzureStack #Hyperv #Sysctr #HybridCloud

merry-christmas-and-happy-new-year-2017

Thank you for following me @Jamesvandenberg
Thank you Community 😉
Thank you Microsoft
Wish you all the Best !
#MVPbuzz


Leave a comment

#Microsoft #Linux Integration Services Version 4.1 for #HyperV Available

HyperV Linux Integration

Linux Integration Services (LIS) 4.1 allows Linux guests to use Hyper-V virtualization on the following host operating systems:

 Windows Server 2008 R2 (applicable editions)

 Microsoft Hyper-V Server 2008 R2

 Windows 8 Pro and 8.1 Pro

 Windows Server 2012 and 2012 R2

 Microsoft Hyper-V Server 2012 and 2012 R2

 Windows Server Technical Preview

 Microsoft Hyper-V Server Technical Preview

 Microsoft Azure.

Current version: 4.1.0 Please refer to the Linux Virtual Machines on Hyper-V topics for up to date information on the LIS feature set, all supported Linux distributions, availability and download locations.

New with Linux Integration Services 4.1:

•Expanded Releases: now applicable to Red Hat Enterprise Linux, CentOS, and Oracle Linux with Red Hat Compatible Kernel versions 5.2, 5.3, 5.4, and 7.2.

•Hyper-V Sockets.
•Manual Memory Hot Add.
•SCSI WNN.
•lsvmbus.
•Uninstallation scripts.

When installed in a supported Linux virtual machine running on Hyper-V, the Linux Integration Services provide:

•Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.

•Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.

•Time Keeping: The clock inside the virtual machine will remain accurate by synchronizing to the clock on the virtualization server via Timesync service, and with the help of the pluggable time source device.

•Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command.

•Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor.

•Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive.

•KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server.

•Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.

•Live Migration: Linux virtual machines can undergo live migration for load balancing purposes.

•Jumbo Frames: Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload.

•VLAN tagging and trunking: Administrators can attach single or multiple VLAN ids to synthetic network adapters.

•Static IP Injection: Allows migration of Linux virtual machines with static IP addresses.

•Linux VHDX resize: Allows dynamic resizing of VHDX storage attached to a Linux virtual machine.

•Synthetic Fibre Channel Support: Linux virtual machines can natively access high performance SAN networks.

•Live Linux virtual machine backup support: Facilitates zero downtime backup of running Linux virtual machines.

•Dynamic memory ballooning support: Improves Linux virtual machine density for a given Hyper-V host.

•Synthetic video device support: Provides improved graphics performance for Linux virtual machines.

•PAE kernel support: Provides drivers that are compatible with PAE enabled Linux virtual machines.

Here you can download Linux Integration Services Version 4.1 for Hyper-V 

Hyperv and Linux

 


Leave a comment

Wish you all Merry Christmas & Happy New Innovative Year 2016 !

Merry Christmas and Happy New Year

Wow a lot has happened in 2015, I don’t even know where to begin with a recap of 2015 in a Mobile and Cloud first world ! What I have learned that’s it’s all about
applications on your Mobile Phone, Tablet, or any Device to Work, Learn in any environment you want. Sharing Microsoft technology with the Community and in Education via Social media is what I love to do on a daily bases. I hope you enjoyed the information in 2015 with Microsoft Products like :

I wish you all a Healthy Life and a lot of Success in 2016 !

Microsoft is transforming Datacenters with New Technology and making Hybrid Cloud possible for your Applications.
What I personally like is the Microsoft Hololens this is something different, but very Cool to be in a Virtual Reality World with
awesome possibilities in 2016 and in the Future 🙂

Thank you Community, Followers, Microsoft Product Teams, MVP Award Program, MVP’s, Developers, ITpro’s, Students, for Sharing !

Best Regards, James van den Berg.

System Center 2016 TP4Windows Server 2016 TP4nanoserver

Microsoft Azure Banner

 


Leave a comment

#Microsoft Active Directory Replication Status Tool #Winserv for #ITpro #Administrators

ADREPLStatus Tool01

ADREPLStatus Tool02

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.

Specific capabilities for this tool include:

    • Expose Active Directory replication errors occurring in a domain or forest
    • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
    • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
    • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

Here you Can download the Microsoft Active Directory Replication Status Tool

Any Time Any Where


Leave a comment

#Microsoft Debug Diagnostic Tool v2 Update 2 for #ITPro #DevOps #MVPbuzz #Developers

Diag06

Microsoft Debug DiagTool

The Debug Diagnostic Tool (DebugDiag) is designed to assist in troubleshooting issues such as hangs, slow performance, memory leaks or memory fragmentation, and crashes in any user-mode process. The tool includes built-in analysis rules focused on Internet Information Services (IIS) applications, web data access components, COM+, SharePoint and related Microsoft technologies. Debugdiag 2.0 introduces a new analysis engine host with built-in reporting framework that can be accessed from .NET. This new analysis engine simplifies analysis rule development in .NET. Starting with Debugdiag 2.0, the analysis engine relies on Microsoft.Diagnostics.Runtime for .NET analysis.

Diag07

Add your Data files to Analyse

Diag09

Use ? for Help to get the job done

Diag10

Collect your Information for Trouble shooting

Diag11

Make your Own Debug Diag Rules

Diag12

The Help Function in the Tool can Help you understand the DiagTool

Here you can download the Microsoft Debug Diagnostic Tool v2 Update 2