RunAs Radio

Tim Warner, a principal author at PolarSight and a recognized Microsoft MVP, discusses the disruptive potential of agentic AI for IT professionals. He highlights how technologies like Cursor AI and GitHub Copilot are evolving, allowing for automated script writing and execution. The conversation dives into the importance of context when using these tools and the need for human oversight. Warner explores the transformative effects of AI in security, workflow management, and the cloud era, emphasizing the vital balance between productivity and responsible technology use.

Are some of your team members starting to hate PowerShell? Richard talks to Barbara Forbes about her experiences with teams frustrated by PowerShell. Barbara talks about overcomplicating PowerShell scripts—the kind the most senior folks can create but no one else can maintain. Eventually, nobody will want to touch those scripts. Then there is the question of business value—does everything need to be automated? And by how much? Often, the appropriate solution solves 80% of the cases; the other 20% are best done by hand because the cost and complexity of the last 20% are too high. Focus on the return on investment for the business, and you'll keep the love of PowerShell alive! LinksPowerShellPester TestingGitHub CopilotBicepRecorded February 24, 2025

How can Security Copilot help you secure your applications? Richard talks to Ari Schorr about assessing application risk with Microsoft Security Copilot - a new feature in preview in Security Copilot that focuses on application roles and entities. Ari talks about the sheer array of resources that applications depend on, and the many security risks that exist in that space - how do you even get started on the problem? Security Copilot helps to sort through potential risks and help a sysadmin focus in on the most significant risks, especially the low-hanging fruit weak authentication and unused resources. The conversation also explores some of the future potential of a tool like this to detect supply chain attacks, find ways to strengthen and simplify applications so their attack surface is smaller. It's a great time to get familiar with these tools!LinksMicrosoft Security CopilotMidnight Blizzard Attack on MicrosoftSecure Future InitiativeAssess Application Risk with Microsoft Security CopilotMicrosoft SentinelRecorded February 18, 2025

What can GitHub Copilot do for SysAdmins in 2025? Richard talks to Jessica Deen from GitHub about her experiences using Copilot for her work. Jessica talks about Copilot being the first stop for most tasks - describing the task to Copilot helps you think through the problem, and often the tool can generate code or information to get that task done fast. Today's GitHub Copilot can handle everything from explaining existing code to writing something new, debugging a problem, or even writing documentation!LinksGitHub CopilotChanging the AI Model for Copilot ChatVisual Studio Code InsidersAzure ExtensionsGitHub SparkLaunch DarklyRecorded March 13, 2025

How do you write better PowerShell? Richard talks to Jeff Hicks about his latest book, Behind the PowerShell Pipeline, and his efforts to promote writing PowerShell scripts that are easy to understand, use, and maintain! Jeff talks about how making a script work is not enough anymore - you can use GitHub Copilot. The goal is to make the output as usable as possible, whether that is consistent output that is pipe-able or using color coding and column controls to make the results as actionable as possible. This is especially true as your team grows and more than one person works on scripts. Now, you'll want testing and source control, too!LinksPowerShell 7.5Behind the PowerShell PipelineGitHub CopilotPesterPowerShell SummitRecorded February 20, 2025

In this engaging conversation, Sonja Cuff, a Senior Cloud Ops Advocate on the Azure engineering team, shares her expertise in managing AI costs. She clarifies that AI encompasses more than just large language models. The discussion dives into practical strategies for measuring AI expenditures and improving sustainability using FinOps models. Topics like aligning IT spending with business benefits and the intricacies of app development optimization are explored, while the significance of realistic expectations in the evolving AI landscape is emphasized.

Are you using strong certificate mapping in Active Directory? Richard Hicks returns to the show to talk about the impacts of KB5015754, issued way back in 2022, and how it turned into an enforcement event on February 11, 2025 that might have caused some serious problems for folks trying to authenticate to Active Directory. For most sites, the upgrade to strong certificates was pretty much automatic. But if you're using Intune SCEP, you needed to do some configuration - and if that was missed, there is trouble. There are workarounds for now, but come September 2025, enforcement will be mandatory and everything gets harder, so it's worth looking into it now!LinksKB5015754: Certificate-based Authentication Changes on Windows Domain ControllersRichard's Blog Post on Strong Certificate Mapping EnforcementActive Directory Certificate ServicesCreate and Assign SCEP Certificate Profiles in IntuneHeartbleedRecorded February 17, 2025

What does it mean to be secure by design? Richard chats with Karinne Bessette about the scope of the problem around making more secure software. Karinne talks about the US government's Cybersecurity and Infrastructure Security Agency (CISA) push to promote more secure software products. The conversation digs into some of the more famous exploits in recent years and some of the challenges of dealing with development tools that require super-user privileges, getting security testing done promptly and responding to exploits effectively when they happen.LinksWomen in TeamsCISA Secure by DesignAzure Kubernetes ServiceMicrosoft Security Response CenterRecorded February 21, 2025

What is it like to take care of an Exchange Server in 2025? Richard chats with Michel de Rooij about his work with Exchange, including the many scripts he has written and published over the years to help sysadmins solve problems. Michel discusses how staying on-premises with Exchange is getting harder - the new version will be subscription-based! The conversation also digs into the new version of Outlook, the challenges of securing email, and Michel's latest book Pro Exchange Administration.LinksRemove DuplicateItems ScriptUnarchive ScriptPro Exchange AdministrationOffice 365 for IT ProsMicrosoft Defender for Office 365Recorded January 9, 2025

How do you manage your CI/CD pipeline resources? Richard chats with Eliza Tarasila about Managed DevOps Pools in Azure DevOps. Eliza tells the story of discovering that teams were using Azure DevOps internally at Microsoft but would need to build their tooling to stand up the resources for testing and deployment. Managed DevOps Pools became the standard way to specify resources like virtual machines and assign them to projects so that they would start up automatically. The resources in the pool can be custom resources in Azure or even on-premises servers! And, more importantly, you don't need to care and feed for the infrastructure used in the pipelines, Azure DevOps will do it for you.LinksAzure DevOpsCreate and Manage PoolsManaged DevOps Pool Origin StoryAzure DevOps PricingAzure Spot Virtual MachinesManaged DevOps Pools DocumentationRecorded January 6, 2025