RunAs Radio

How can Security Copilot help you secure your applications? Richard talks to Ari Schorr about assessing application risk with Microsoft Security Copilot - a new feature in preview in Security Copilot that focuses on application roles and entities. Ari talks about the sheer array of resources that applications depend on, and the many security risks that exist in that space - how do you even get started on the problem? Security Copilot helps to sort through potential risks and help a sysadmin focus in on the most significant risks, especially the low-hanging fruit weak authentication and unused resources. The conversation also explores some of the future potential of a tool like this to detect supply chain attacks, find ways to strengthen and simplify applications so their attack surface is smaller. It's a great time to get familiar with these tools!LinksMicrosoft Security CopilotMidnight Blizzard Attack on MicrosoftSecure Future InitiativeAssess Application Risk with Microsoft Security CopilotMicrosoft SentinelRecorded February 18, 2025

What can GitHub Copilot do for SysAdmins in 2025? Richard talks to Jessica Deen from GitHub about her experiences using Copilot for her work. Jessica talks about Copilot being the first stop for most tasks - describing the task to Copilot helps you think through the problem, and often the tool can generate code or information to get that task done fast. Today's GitHub Copilot can handle everything from explaining existing code to writing something new, debugging a problem, or even writing documentation!LinksGitHub CopilotChanging the AI Model for Copilot ChatVisual Studio Code InsidersAzure ExtensionsGitHub SparkLaunch DarklyRecorded March 13, 2025

How do you write better PowerShell? Richard talks to Jeff Hicks about his latest book, Behind the PowerShell Pipeline, and his efforts to promote writing PowerShell scripts that are easy to understand, use, and maintain! Jeff talks about how making a script work is not enough anymore - you can use GitHub Copilot. The goal is to make the output as usable as possible, whether that is consistent output that is pipe-able or using color coding and column controls to make the results as actionable as possible. This is especially true as your team grows and more than one person works on scripts. Now, you'll want testing and source control, too!LinksPowerShell 7.5Behind the PowerShell PipelineGitHub CopilotPesterPowerShell SummitRecorded February 20, 2025

In this engaging conversation, Sonja Cuff, a Senior Cloud Ops Advocate on the Azure engineering team, shares her expertise in managing AI costs. She clarifies that AI encompasses more than just large language models. The discussion dives into practical strategies for measuring AI expenditures and improving sustainability using FinOps models. Topics like aligning IT spending with business benefits and the intricacies of app development optimization are explored, while the significance of realistic expectations in the evolving AI landscape is emphasized.

Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!LinksKB5015754: Certificate-based Authentication Changes on Windows Domain ControllersRichard's Blog Post on Strong Certificate Mapping EnforcementActive Directory Certificate ServicesCreate and Assign SCEP Certificate Profiles in IntuneHeartbleedRecorded February 17, 2025

What does it mean to be secure by design? Richard chats with Karinne Bessette about the scope of the problem around making more secure software. Karinne talks about the US government's Cybersecurity and Infrastructure Security Agency (CISA) push to promote more secure software products. The conversation digs into some of the more famous exploits in recent years and some of the challenges of dealing with development tools that require super-user privileges, getting security testing done promptly and responding to exploits effectively when they happen.LinksWomen in TeamsCISA Secure by DesignAzure Kubernetes ServiceMicrosoft Security Response CenterRecorded February 21, 2025

What is it like to take care of an Exchange Server in 2025? Richard chats with Michel de Rooij about his work with Exchange, including the many scripts he has written and published over the years to help sysadmins solve problems. Michel discusses how staying on-premises with Exchange is getting harder - the new version will be subscription-based! The conversation also digs into the new version of Outlook, the challenges of securing email, and Michel's latest book Pro Exchange Administration.LinksRemove DuplicateItems ScriptUnarchive ScriptPro Exchange AdministrationOffice 365 for IT ProsMicrosoft Defender for Office 365Recorded January 9, 2025

How do you manage your CI/CD pipeline resources? Richard chats with Eliza Tarasila about Managed DevOps Pools in Azure DevOps. Eliza tells the story of discovering that teams were using Azure DevOps internally at Microsoft but would need to build their tooling to stand up the resources for testing and deployment. Managed DevOps Pools became the standard way to specify resources like virtual machines and assign them to projects so that they would start up automatically. The resources in the pool can be custom resources in Azure or even on-premises servers! And, more importantly, you don't need to care and feed for the infrastructure used in the pipelines, Azure DevOps will do it for you.LinksAzure DevOpsCreate and Manage PoolsManaged DevOps Pool Origin StoryAzure DevOps PricingAzure Spot Virtual MachinesManaged DevOps Pools DocumentationRecorded January 6, 2025

Ready to upgrade to Windows Server 2025? Richard talks to Robert Smit about his experiences doing an upgrade—with a few important dos and don'ts! Robert talks about dusting off your Active Directory setup and ensuring you're at the Server 2016 functional level. The conversation also dives into the new-build-versus-upgrade options, taking advantage of SMB over QUIC and SMB Compression, and much more!LinksWindows Server 2025Upgrading to Windows Server 2025Azure ArcWindows Admin CenterSMB CompressionWindows ToolsRemote Server Administration ToolsConfiguration ManagerAzure Arc-enabled System Center Virtual Machine ManagerLive Migration with Workgroup ClusterRecorded January 7, 2025

How can Entra ID Protection help keep your organization resist security breaches? Richard talks to Corissa Koopmans about thinking beyond authentication and authorization and into conditional access - knowing what is normal and abnormal behavior for your users. Corissa recommends looking at the Entra ID Protection Dashboard - whether you have configured anything or not - to see what potential risks you have today. Whether it's logins from places where you have no workers or some "impossible travel" or weird browser connections, ID Protection detects and identifies those events. When combined with conditional access, Defender for Cloud, or even Microsoft Intune - you get a "better together" effect that makes it easier to know when something bad is happening!LinksMicrosoft Entra ID ProtectionAzure Active Directory Conditional AccessEntra ID Protection DashboardLog Analytics AgentMicrosoft IntuneMicrosoft Defender for CloudMicrosoft SentinelRecorded December 10, 2024