Everything You Need to Know About Azure Infrastructure – November 2018 Edition
If you look at the below content and compare it to previous months you might find that there are not as many technical articles and releases by Microsoft. This is because we have entered one of the quiet periods in the Azure calendar. The holiday season is approaching and much of Microsoft will shut down for an extended period – introducing changes at this time of year is not normally considered a good thing! But we still do have some news.
In the cloud world, November 2018 will be remembered for Multi-Factor Authentication (MFA), an Azure AD feature that requires users to prove who they are when they attempt to sign in. The user does the usual keyboard dance of entering a username and password, and then MFA requires the user to enter a code (via SMS or the Microsoft authenticator app), confirm a sign-in attempt (the app) or answer a phone call. If you cannot prove your identity with MFA then you cannot sign in.
So, MFA would be considered a critical service. On November 19th, MFA suffered a serious outage that lasted for up to 14 hours for some customers. A series of issues, stemming from an update to Azure AD MFA, caused the outage. What made it worse was:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
- Microsoft’s own monitoring wasn’t detecting the issues correctly
- The official status page was overloaded by customers and wouldn’t load for many of us.
A root cause analysis was released, promising fixes to the faults, the monitoring, and the status page. And a day or so later, on November 27th, MFA broke down again.
I’m a bit of a pragmatist with this stuff. IT breaks – that’s a fact of life. Imagine if you deploy some RSA solution, or some other on-premises MFA solution that has been pwned by the Chinese military, and that broke down. How quickly would you fix that? Wouldn’t you have an outage that damages the business?
What I don’t like about what we’re seeing from Microsoft is the quality, or lack of, in recent releases. Fail fast has a habit of failing frequently. I expressed my feelings in Microsoft Needs A Quality Review – I am convinced that Microsoft needs to re-think how it views quality control. The death of the tester role in Microsoft has expanded a drive in lower quality releases that started under Satya Nadella before his rise to CEO.
A resource that I find not enough people are using is the Microsoft Azure Architecture Center. Here you will find a number of design patterns for Azure solutions that Microsoft has created for many scenarios using different features of Azure. In particular, the reference architectures are extremely valuable, especially if you are learning Azure. I can read about different pieces, but unless I see how the thing is built, the words mean little. And I can read about individual components, but unless I see them together, there is little value.
The reference architectures share the design, the reasoning behind the design, a diagram in Visio format that you can download, and links to the JSON template(s) for deploying the depicted solution.
Other Announcements from Microsoft
Here are other Azure IaaS headlines from the past month:
- Microsoft Azure portal November 2018 update
- Mission critical performance with Ultra SSD for SQL Server on Azure VM
- Leverage Azure Security Center to detect when compromised Linux machines attack
- Static Data Masking for Azure SQL Database and SQL Server
- Microsoft Azure is now certified to host sensitive health data in France
- Holiday season is DDoS season
- Protect Linux containers running in IaaS with Azure Security Center
- Four operational practices Microsoft uses to secure the Azure platform
- New H-series Azure VMs for HPC workloads are in preview
- SQL Server on Azure Virtual Machines resource provider
- Azure Hybrid Benefit for SQL Server on Azure Virtual Machines
- Improving Azure Virtual Machine resiliency with predictive ML and live migration
My Azure Posts on Petri
Here are my Azure posts from the month of November:
- Azure Launches DC-Series Confidential Compute VM Preview
- Customer Lockbox Preview for Azure VMs
- Cross-Platform Azure Az PowerShell Modules
And Now for Something Different
You have probably heard of Windows Admin Center, the relatively new HTML5 admin toolset for Windows Server. You might not have considered that Windows Admin Center can be used to integrate your on-premises machines with Azure or to manage your Windows servers that are running in Azure:
- Deploy or configure Azure Site Recovery, Azure Backup, Azure Update Management – Azure File Sync support is coming.
- Integrate with Azure AD authentication
- Connect on-premises WS2019 servers quickly and easily to Azure virtual networks using the Azure Network Adapter.
- Manage your Azure Windows servers as if they were on-premises.
All of the above is available now in the 1809 release of Windows Admin Center.