Infrastructure + Security: Noteworthy News (Ignite Edition)



AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at (hosted at Please bear with us while we are still under construction!

We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either as you do today, or at our new site Please feel free to update your bookmarks accordingly!

Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.

If you have never visited the TechCommunity site, it can be found at On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.

NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at!

As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!


Hi there! Stanislav Belov here to bring you an out-of-band Microsoft Ignite edition of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!

Microsoft Azure
Inside Microsoft Azure datacenter hardware and software architecture with Mark Russinovich
Microsoft Azure has achieved massive, global scale, with 40 announced regions consisting of over 150 datacenters, and it is growing fast. It delivers the promise of cloud computing, including high-availability, extreme performance, and security, by custom designing software and hardware to work best together. Mark takes you on a tour of Azure’s datacenter architecture and implementation innovations, describing everything from Azure’s reliable clean-energy datacenter designs, to how we are using FPGAs to accelerate networking and machine learning, to how we design storage servers to deliver ultra-low latency and high throughput, and more.
Manage Microsoft Azure at enterprise Scale: The Microsoft Internal Story
Hear about how Microsoft’s internal IT team went through the process of onboarding to Azure and the management tools they use to manage and secure their numerous Applications and Resources in Azure. You will see demos of the tools Microsoft IT uses to make Azure easier to adopt by application teams while providing a secure and compliant environment that meets Microsoft’s organizational standards. Speaking together, representatives from Microsoft IT’s management team and the Azure Management Engineering team to discuss their experiences running on Azure and the steps Microsoft IT took to help transform the way they operate.
Digital transformation with Microsoft Azure and Azure Stack
Come join the lead architects for Azure and Azure Stack as they discuss digital transformation and how you can harness Microsoft’s cloud technologies as you embark on that strategy.
Related sessions:

Azure Compute: New features and roadmap

A can’t-miss DEMO HEAVY session for everyone working with or considering their strategy for the cloud! We take a look at some of the newest features and upcoming capabilities in the Azure Compute platform. We show some new sizes, new experiences, and new integration technology available during Microsoft Ignite or coming soon across VMs, Azure Service Fabric, Azure Container Service, Azure Functions, and more.

The new planned maintenance experience in Microsoft Azure
While we perform most of the hosting environment maintenance without any impact to virtual machines in Azure, there are rare cases where we end up impacting our customers and rebooting their VMs. In this session we describe the brand new experience around VM restarting maintenance operations and guide you on how to better prepare for the next wave of planned maintenance in Azure. Stop by to learn how to set alerts for planned maintenance, discover the scope and timeline relevant to your VMs, control the exact time of the maintenance, and proactively react from within the VM to any VM impacting events.
Data on Azure: The big picture
Microsoft Azure provides a broad range of services for working with data. Using these services well requires knowing at least a little bit about all of them. In this session, David Chappell provides a big-picture survey of Azure data offerings. The technologies he covers include SQL Database, Azure Cosmos DB, SQL Data Warehouse, HDInsight, Azure Data Lake, Azure Machine Learning, and more. The goal is to help you understand the breadth of Azure data offerings, letting you know what’s available and what problems each one addresses.
What’s new in Azure Active Directory Domain Services

Azure AD Domain Services enables you to effectively administer your Azure virtual machines by joining them to a fully managed Active Directory domain in Microsoft Azure. You do not have to worry about deploying, managing, patching, or monitoring domain controllers and can focus on running your workloads in Azure. Users can sign in using their Active Directory credentials and can access resources seamlessly. Azure AD Domain Services provides Group Policy, an easy, familiar way to apply and enforce security baselines on all of your Azure virtual machines. See what’s new in Azure AD Domain Services and explore how you can leverage this service to secure your Azure virtual machines

Optimize Azure for Disaster Recovery
Every organization today is either looking at implementing DR or optimizing their DR solution, but it can be very complex and expensive for something that will hopefully never be used. The consumption-based nature of Azure makes it the ideal DR target for organizations, but how should it be used? In this session, the different types of replication are explored including host, in-guest, and application in addition to integrating with other technologies such as Azure Automation, ARM templates for a one-click recovery plan. There are many options and considerations related to DR, this session equips you with what is needed to understand what is the right level of protection for workloads to optimize DR without sacrificing resiliency.
Related sessions:

Implement governance in Microsoft Azure at scale with policy-based management
Like any IT investment, the use of cloud resources must be governed within your enterprise to attain maximum cloud benefits with proper control and compliance. Come learn about Azure’s new Policy-based Management, a powerful governance platform that lets you govern your entire Azure enterprise environment at scale without sacrificing agility. See how it can help you drive compliance and enforce standards across all subscriptions easily.
Implement a secure and well-managed strategy for your Azure resources
As you put your resources in Azure, you need to consider how to secure, backup and monitor them. In the past, you needed additional security, backup or monitoring tools to secure and well manage your resources. In this demo-heavy session, Scott Woodgate, Director in Azure Security and Operations Management, will share how Azure provides a built-in support to enable a secure and well-managed production VMs.
Windows devices in Azure Active Directory: Why should I care?
Why should you care about bringing your devices to Azure AD? How about giving your users great productivity experiences while keeping your organizational resources fully protected? Users in Windows 10 will enjoy single-sign-on, consistent settings across devices, bio-metric sign-in to Windows and org. resources with Windows Hello for Business, to name a few. Benefits like Azure AD device- and app-based conditional access and Azure AD Identity Protection will give you the peace of mind you need while enabling productivity in a mobile world. New modern management experiences will enrich your IT experience with devices. Come and learn how to excel as you deploy Windows 10 and manage device identities in your organization.
Related sessions:

Master VMs in Microsoft Azure Resource Manager
Over the last two years Microsoft, partners, and community members have published hundreds of multi-VM Azure Resource Manager (ARM) templates through both the community GitHub repo and publishers through the Azure Marketplace. In this session we break down these templates to show how you can use them as-is, customize them for your specific needs, or even publish new templates into the Marketplace or to the community repo. We also show how you can migrate classic VMs over to Azure Resource Manager so that you can make use of the great functionality provided through ARM.
Related sessions:

Windows Server
Windows Server: What’s new and what’s next
Windows Server 2016 is a key milestone for innovation in software defined infrastructure, security, and application development. Join us to hear about the roadmap and future of Windows Server and experience what customers and partners are delighted about. In this session we also share the release cadence of Windows Server and what’s coming in the next few months.
Windows Server and hybrid cloud
The path to hybrid cloud is paved with good intentions. But it’s easy to get off-track if you don’t begin by making some important decisions about existing applications and infrastructure. Fortunately, you have several great options—so how do you choose the right strategy for your unique workloads?
Everything you need to know about the new Windows Server release cadence
In this session, we walk you through the details of the new Windows Server release cadence and provide guidance and examples so that you can make a decision on how to best take advantage of the new opportunities within your environment.
Windows Server Fall Release technical foundation
Windows Server 2016 is a tour de force release and we haven’t slowed down one bit. The Windows Server Fall Release is upon us and now’s a great time to take a high-level view of the technology investments across the board. This session looks across security, management, software defined technologies, and more.
Nested Virtualization: A game changer in Hyper-V and Azure
With nested virtualization not only a consultant’s dream comes true. Now you can build complex scenarios and fantastic training environments on a single Hyper-V box or even a laptop. More importantly, nested virtualization opens new possibilities in Microsoft Azure. Now an IT administrator can build complex IaaS environments in the public cloud that matches what they have on-premises. Imagine your Hyper-V clusters or Hyper-converged Storage Spaces Direct deployments with your backup solutions and Storage Replica running in the public cloud. Don’t you think this is a game changer? In this session we explore some of these scenarios and show how you can get started with it!
Windows 10 and Windows Server 2016: Next generation networking
Windows 10 Creators update and Anniversary Update, as well as RS3, brought an exciting array of new transport features. TCP-based communication is used ubiquitously in devices from IoT to cloud servers. Performance improvements in TCP benefit almost every networking workload. The Data Transports and Security (DTS) team in Windows and Devices Group is committed to making Windows TCP best in class. This session covers these new capabilities. Windows is introducing new TCP features for Windows 10 and Windows Server 2016 releasing summer 2016. In this session we describe key features designed to reduce latency, improve loss resiliency, and to promote better network citizenship.
What’s new in Windows Server clustering and storage: Hyper-converged SHAZAM!
Hyper-converged infrastructure is the next revolution happening to your on-premises cloud. In this session we cover all the new features and innovation coming for failover clustering, storage, Storage Spaces Direct, and the overall software-defined storage story in the fall semi-annual cadence release of Windows Server. These features all come together to empower the Windows Server hyper-converged story, and beyond. Faster than a speeding bullet… more simplistic management than a locomotive… hyper-scale greater than tall buildings… Look up in the sky, it’s not a bird or a plane; it’s HCI.
Discover what’s new with Windows Server management experiences
Last year we previewed our Azure service “server management tools” and you told us loud and clear what you really wanted instead. Come hear how customer input has directly shaped product direction and investments as we unveil a brand new preview release of next-generation management experiences for Windows Server. We discuss tools and capabilities launching in the new preview release for core troubleshooting, configuration, and maintenance scenarios. We cover the architecture and local deployment options, and share what’s coming, including highly-requested partner extensibility.
Windows Server feature release: How to maximize developer efficiency today and tomorrow
Windows Server 2016 was the most advanced server platform ever built, making way for Windows Server fall feature release! All the great innovation in Windows Server 2016 including containers, Docker Enterprise support, nested virtualization, shielded VMs, improved Linux support, .NET Core, and many others are now with even more powerful additions like Linux container support, optimized container images, .NET Core 2.0, BASH support and more. This session focuses on how developers can be maximizing their productivity using Windows and Windows Server with containers.
Securing virtual workloads in less than 60 minutes: A live guarded fabric deployment
This session takes you through a brick-by-brick live deployment of a guarded fabric capable of running shielded VMs. This includes setting up the Host Guardian Service in Azure, collecting the information necessary to authorize a host to run shielded VMs, preparing the VM artifacts needed to create a shielded VM, and finally deploying a shielded VM. We also demonstrate how you can convert existing workloads to shielded VMs and how to deploy shielded VMs running a Linux-based OS.
Windows Client
How Microsoft deploys Windows 10 and implements Windows as a service internally
Learn how Microsoft adopted and deployed Windows 10 internally using Enterprise Upgrade as the primary deployment method. This approach reduced the deployment overhead by using System Center Configuration Manager Operating System Deployment (OSD) and upgrade which resulted in significant reductions in helpdesk calls. In addition, we share how we are leveraging some of the new enterprise scenarios to delight users while securing the enterprise. You can realize similar benefits in your enterprise by adopting these best practices as you migrate from Windows 7 and 8.x to 10.
Microsoft Edge: What’s new in Fall Creators Update
This session is geared towards those already familiar with the basics of Microsoft Edge. The browser has made significant improvements in the last year, and is a crucial part of the secure modern desktop story. In this session, we focus the discussion on Creators Update features and roadmap including manageability and key elements for secure enterprise browser deployment.
Deploying Windows 10: An overview of what’s new and future direction
The process for deploying Windows 10 continues to evolve. In this session, we look at recent improvements that have been introduced, as well as the future direction with new modern deployment techniques.
Architect a modern and secure desktop for your organization
Windows 10 and Office 365 ProPlus are optimized for the cloud and deliver value to enterprise organizations beyond any competing client. Learn how to architect end-to-end solutions for deployment, protection, and change management of your modern desktop, including Microsoft Enterprise Mobility + Security (EMS). Learn about the new update model for client updates including types of releases and cadence for both Windows 10 and Office 365 ProPlus. Test and manage client releases while taking advantage of up-to-date features and protecting against the latest security threats.
Servicing Windows 10: Understanding the Windows as a service process and improvements
Windows 10 makes significant changes to the way Windows is deployed and kept up to date; this new process is called “Windows as a service.” In this session, we explore what this means, including concepts, terminology, and processes. We also review recent improvements that have been made, and look at the roadmap forward.
Related sessions:

Saying goodbye to passwords
A world without passwords is possible. In the identity division at Microsoft, we don’t like passwords any more than you do! So we’ve been hard at work creating a modern way to sign in that protects from phishing attacks and doesn’t require upper and lowercase letters, numbers, a special character, and your favorite emoji. Join us to learn more on phone sign-in, Microsoft Authenticator, Windows Hello, FIDO and everything else that will make passwords a thing of the past.
Related sessions:

How Microsoft uses Windows Defender ATP: Welcome to a SecOps world! ​

See how Microsoft IT uses Windows Defender Advanced Threat Protection (ATP) – day in, day out, to protect, detect and investigate threats, and respond to suspicious activities on endpoints.

Related sessions:

Windows Defender Exploit Guard: Reducing the Attack Surface while balancing productivity & security
Windows Defender Exploit Guard enables enterprise admins to smartly manage the configuration and behaviors of the operating system and their applications, thereby limiting the attack surface of their apps and the OS, stopping exploits/raising the cost for exploitation, and containing damage. Learn everything about Windows Defender Exploit Guard.
Enhance your security posture on Windows 10
You’ve successfully deployed Windows 10, but the next step is to configure it to provide all of the security promises that it’s capable of! In this session, we deep dive on a roadmap for securely configuring, managing, and monitoring Windows 10 devices for even the most sensitive user scenarios. In the end, you’ll be able to develop an iterative roadmap to continue to enhance your security and leverage the capabilities of Windows 10!
Learn About Microsoft Advanced Threat Analytics Futures
In this session, you will learn about the exciting new features and capabilities of Microsoft Advanced Threat Analytics. We will discuss how it can help detect malicious activity using behavioral analytics, as well as bring new security and advanced threat detection capabilities to your organization.
Related sessions:

Ransomware: Don’t pay the ransom
In this session we will walk through Microsoft’s comprehensive Ransomware protection stack, explore case studies of recent outbreaks, demo some of the protections built into Windows 10 that stop Ransomware, and understand how you can protect your machines from future outbreaks.
Next-Gen AV: Windows Defender Antivirus unleashed
Windows Defender Antivirus is a next-gen enterprise-grade antivirus solution, built into Windows. WD AV uses the power of the cloud, wide optics, machine learning, and behavior analysis to rapidly respond to emerging, sophisticated threats and protect your devices against them.
Windows Defender Application Guard making Microsoft Edge the world’s most secure browser
Attacks on devices achieve success through exploits that either begin in the user’s inbox or in the browser. As a result browser security is one of the most important vectors of attack to secure. With Windows Defender Application Guard we completely change the game using virtualization-based security and containers which make Microsoft Edge the world’s most secure browser!
Credential protection in Windows: An overview
Protecting organizations from APTs using credential theft is a critical and challenging problem. This session provides an overview of credential protection in Windows. We go over how Credential Guard and Remote Credential Guard help against credential theft. We also discuss challenges in credential protection and how we are looking to address them.
How Microsoft IT used Windows 10 and Windows Server 2016 to implement privileged access workstations
As part of the security strategy to protect administrative privilege, Microsoft recommends using a dedicated machine, referred to as PAW (privileged access workstation), for administrative tasks; and using a separate device for the usual productivity tasks such as Outlook and Internet browsing. This can be costly for the company to acquire machines just for server administrative tasks, and inconvenient for the admins to carry multiple machines. In this session, we show you how MSIT uses shielded VMs on the new release of Windows client to implement a PAW.
Related sessions:

What’s new in Windows 10 security? Raising your security bar with the Fall Creators Update!
Disrupting the revolution of cyber-threats requires a platform with revolutionary security capabilities and the Windows 10 Creators Update raises to the occasion. In this session, we talk about each of the security improvements in the Windows 10 Creators Edition and how Windows 10 security capabilities dovetail with the security capabilities in Office 365, our Server and Tools products, and Microsoft Azure.
Related sessions: