Azure World Newsletter – Issue 3.04

March 9, 2021

Welcome to the fourth edition of the Azure World Newsletter in 2022.

Of course, we must first acknowledge that there have been some very distressing world events unfolding since the last newsletter. As I write this, it’s still a rapidly changing situation in Ukraine. It is estimated that 1.5 million people have had to flee their homes, and no doubt thousands have died in just the last two weeks.

If you’ve been personally touched by these events – have had to flee yourself or have family/friends trapped in a war zone – my heart goes out to you. My heart aches thinking about the tragedy that is unfolding in Ukraine.

Alongside the human tragedy we see on the nightly news, we’re likely entering a new era of “cyber war” in which powerful state hackers try to take down or impede critical infrastructure on the other side. Be ready to patch systems once new vulnerabilities are discovered.

The unsubscribe link is at the bottom if you want to stop receiving these emails.


ONE.

Recently, a security researcher reported a rather serious bug in Azure, and the team has patched the issue.

Security team Orca reported a bug with Azure Automation to Azure on December 6, which apparently would have allowed scripts to “gain full control over the resources and data of a targeted account”. Basically, a classic privilege escalation exploit.

This flaw only affected customers that used Managed Identities for authorization for Azure Automation jobs running in Azure Sandbox.

There’s no evidence, according to Azure, that this was used in the wild by any malicious actors. But this just shows once again that, due to the complexity of these systems, there are thousands of possible vectors that need to be protected against.

Microsoft responded within a few days of the report by ensuring tokens were only used to access the Sandbox that they legitimately had access to.

https://www.zdnet.com/article/cloud-computing-microsoft-fixes-azure-flaw-that-could-have-allowed-access-to-other-accounts/


TWO.

Microsoft is trying to lay a case for migrating databases on-premises into the cloud, and they’ve taken an interesting angle with it.

They’re saying that companies intentionally provision databases larger than they need to be. Some of this is to leave room for future growth. And there is also some built-in skepticism in the estimates causing DBAs to add buffer themselves to save from future performance problems that may not even happen.

Their recently released white-paper even went on to say that database servers sometimes get left behind when it comes to hardware refresh budgets. So administrators know that they should request a larger server than they need now, because it could be years before the company budgets money again for database hardware.

So what results is some fairly obvious waste that could be turned into cost-savings from migrating to the cloud.

Imagine a brand new database server is provisioned to be twice as big as it needs to be, to accommodate the future growth expected over the next couple of years. As well, even the estimate is made to be a bit high because a two year projection can turn into three or four years before the hardware is upgraded.

Microsoft estimates that around “85% of Oracle workloads” are actually over-provisioned. The cloud implementations would only use a fraction of the CPU power given to it on-prem.

Oracle is pretty good at blocking it’s customers because it’s licensing costs is not optimized to virtual CPU environments.

Oracle also has it’s own cloud, and I’m sure they’d MUCH rather you migrate to their cloud than to Microsoft.

If you’re interested in the white paper, a link to it can be found in this Register article.

https://www.theregister.com/2022/03/07/oracle_cloud_migration_microsoft_advice/


AZURE PLATFORM UPDATES.

The following announcements were made in the last two weeks: 

  • You can now export Log Analytics workspace data
  • Direct enterprise agreement (EA) customers now have expanded access to Cost Management and Billing within the Portal
  • App Service has now enhanced options for hosting WordPress, in Preview
  • Azure Backup can now backup Azure Files multiple times per day
  • Subscribe to daily, weekly, or monthly email updates of your saved cost views in Azure Cost Management, in Preview

Be sure and check out the Azure Updates page if any of these affect you.

https://azure.microsoft.com/en-us/updates/


COMING UP FOR ME.

I’ve now got all my studio equipment set up in Portugal, and can more easily produce video content. It’s taken a while to get to this point, but I’m excited to be working from my new home office.

I’ll continue updating existing courses, and should be in a better position to talk about new courses in the coming weeks.


WHERE TO FIND ME.

And that’s it for issue 3.04. Thanks for reading this far.

What is your favorite platform to be on? Perhaps we can connect there.

Facebook Page: https://www.facebook.com/getcloudskills/ 

LinkedIn: https://www.linkedin.com/in/scottjduffy/

Instagram: https://www.instagram.com/getcloudskills.ca/

Twitter: https://twitter.com/scottjduffy

Udemy: https://www.udemy.com/user/scottduffy2/

LinkedIn Learning: https://www.lynda.com/Scott-Duffy/1993589682-1.html