What the Heck is Microsoft Azure? Worksighted Webinar
You’ve heard of the cloud, you’ve likely begun your journey to the cloud by moving from on-prem software to ones that are hosted in the cloud. Maybe you’ve already moved to Microsoft 365, great work! What’s next? It’s time to make some decisions. If you are already aligned with the Microsoft ecosystem, you need to take a look at Microsoft Azure. It’s possible that you are actually already utilizing some of the power of Azure through your Microsoft licensing, but it can be so much more.
Check out our recent webinar as we cover the basics of Azure and how to know if it’s right for your business. Here at Worksighted we utilize both Azure infrastructure services as well as Azure Active Directory but is that right for your org? We’ll dig into this and so much more.
Rebecca Zaagman:
Welcome. Funny morning here at the Worksighted offices. Our AC is also out, so if we’re looking a little sweaty… Adam’s got his tissues. So, thank you for being here everyone. Thanks for sticking through with those technical difficulties. I am going to try to pull up that video a different way really quick. Even though we’re a tech company, we still have tech problems. So, let me go ahead and load that up and go ahead and let me-
Adam Devereaux:
Yeah, that was just a little video we wanted to open with. Microsoft said some things better than we can say it, so get your ideas flowing out.
Rebecca Zaagman:
Yeah, and showed some just like the global spiel.
Adam Devereaux:
Exactly.
Rebecca Zaagman:
Yeah. Microsoft Azure said, “Today, we’re talking about what the heck is Microsoft Azure?” How do you even say, Microsoft Azure? Is it Azure?
Adam Devereaux:
Well, there’s no perfect answer because Azure as a name is a Microsoft brand name, right? So, that’s one of the things we’re going to talk about. It’s really a brand of services, right?
Rebecca Zaagman:
Yep.
Adam Devereaux:
So, Microsoft in the U.S. has their way of saying it, and it’s Azure. So, you think you’re from the South and it’s like Azure. It’s Azure.
Rebecca Zaagman:
I feel like they’ll be like Michigan like, “Azure, Azure, Azure.”
Adam Devereaux:
Well, people from Alaska say things funny too. However, when you talk to some people from Europe at Microsoft, they’ll say Azure.
Rebecca Zaagman:
Azure.
Adam Devereaux:
Azure. So, it’s like Azure, Azure.
Rebecca Zaagman:
I prefer Azure.
Adam Devereaux:
Azure.
Rebecca Zaagman:
Azure. Azure.
Adam Devereaux:
Anyway, it’s Azure.
Rebecca Zaagman:
Regardless however you pronounce it.
Adam Devereaux:
We’re not talking about color. We’re talking about cloud services.
Rebecca Zaagman:
Yeah, and we’ve noticed there’s just a lot of confusion around what Microsoft Azure is. What can it do for our companies? What can do it for a company our size or our client’s size? So, we just wanted to distill that information today, and we’re going to talk about what is Microsoft Azure and take it back a little bit, of course, because it’s the bigger picture with Adam Devereaux, but the history of Azure a little bit, and the history of cloud services even. So, we’re going to go back and do a little bit of that just to lay a foundation and then we’ll get into Azure and what it can do specifically for small to medium businesses like we probably have on the call today. So, that’ll be things like Azure infrastructure services, Azure identity and security, as well as Azure software as a service. So, those are the three parts we’re going to get into today. Yeah, anything else before we jump in, Adam?
Adam Devereaux:
Well, I think just going back to that concept of Azure is not a thing, right?
Rebecca Zaagman:
Yes. Mm-hmm (affirmative).
Adam Devereaux:
Microsoft Azure is a brand of services really. So, it’s like Microsoft’s cloud. So, there’s a whole suite of different services and products that fall under that brand.
Rebecca Zaagman:
Yeah, and I think one thing we talked about was just the struggle that some of our clients and even ourselves are facing when we think about going to the cloud because if we were to start a brand new business today, we probably would start out 100% cloud, but as organizations have been around 20, 50 years, you’ve got all this infrastructure, all these-
Adam Devereaux:
Legacy software.
Rebecca Zaagman:
Legacy software and hardware that you’ve spent a ton of money and time and resources on deploying and figuring out how to make your business work. So, it’s not just like you can flip on a switch and go to the cloud. So, even here at Worksighted, we have to figure out what applications can go to the cloud and what have to say on-prem here. So, we do have a server still that we run two of our main applications on and luckily we’ve got some awesome engineers that can take care of that for us.
Adam Devereaux:
It’s what we do, right? Yeah, at some degree.
Rebecca Zaagman:
It makes sense for us, but that’s the kind of conversations that Adam and his team on the cloud services team are having with customers. How do you know when and what to bring to the cloud? Is it right for my company today? What do I want my company to look like in 10 years and then how do we get there?
Adam Devereaux:
Yeah, so again, like you said, we’re going to take it back. We’re going to make some generalizations here, right?
Rebecca Zaagman:
Oh, yeah.
Adam Devereaux:
This is a complicated topic. So, don’t take any particular thing too literally, but we’ll try to be as precise as possible without being overwhelming. The first question I think we have to answer a little bit is like, “Well, what do we mean by cloud?” Where do you think the term cloud computing came from?
Rebecca Zaagman:
Well, this morning, Adam asked me, “What is a cloud in general made up of?” I was like, “Water?”
Adam Devereaux:
Yeah, exactly. So, a cloud, like you look in the sky. You look at a cloud.
Rebecca Zaagman:
There’s been a lot of clouds lately.
Adam Devereaux:
There’s been a lot of clouds lately and dropping their water on us here in West Michigan. So, it’s actually not a thing. A cloud is a massive collection of water droplets, but when you zoom out, you can no longer see the individual points of water droplets. Instead, it looks like a thing, and that’s the analogy here is that the cloud is essentially a metaphor. It’s a buzzword. It can have a lot of different meanings and definitions, but it originated from the idea that if you look at the internet and all of these different servers and connections and how they connect together, at a certain point, you zoom out and it just looks like this cloud of connections, right? Like this point cloud of everything that’s out there, and a lot of times one of the most succinct definitions is the cloud or cloud services are services you access over the internet, but I think we even have to take it a step back and really this is all about software.
Adam Devereaux:
This is about software and how we as individuals and organizations do things, do the things that we need to do, right? So, there’s this history of the software and we have a few slides on that here, but really when we look at, like it wasn’t that long ago at least to me that software and computing, it was a thing that you had.
Rebecca Zaagman:
That’s real old school.
Adam Devereaux:
You bought software. So, this was your computer, your compute, your memory, your storage. You bought software and it came, and I remember a software that came on the big floppy disk, right? The five-
Rebecca Zaagman:
Bigger than that.
Adam Devereaux:
Right, yeah. The five and a quarter.
Rebecca Zaagman:
It’d been before my time. Sorry, I don’t mean [crosstalk 00:12:03].
Adam Devereaux:
So, this is three-and-a-half inch. I’m definitely dating myself. You put it in the drive and you boot the computer up. It boots up that software, loads the software, and then you can utilize the software. So, when we look at this history that’s developed, there’s these generations and there’s this increasing complexity and of platforms and capabilities, these abstraction layers between us and the services we use and the underlying computing hardware, right? So, when you went from… Literally, I remember the first computer I ever had was an Apple II Plus, right? It was my grandpa’s computer. They handed down to me and then an Apple Iie, and in those days, you didn’t boot into an operating system first necessarily, right? You could put the CD in. It would boot right off from it. It would load the operating system, which was really just a way of loading the rest of the programs.
Adam Devereaux:
So, you would boot right into one piece of software. Then as they developed, you would boot into an operating system and then you could launch software from there, and that’s the way that we typically think of a Windows computer now. You boot into windows. You install software into your computer and then you use that software.
Rebecca Zaagman:
Right. Windows 10, things like that.
Adam Devereaux:
Yeah, exactly.
Rebecca Zaagman:
Soon to be Windows 11.
Adam Devereaux:
Soon to be Windows 11. We’ll talk more about that soon. Yeah, exactly. Then when you think about when the internet came out, initially, it was just these static web pages that you could go to. You launched a web browser application and then you would access those things, and it grew in complexity and complexity and then so much of the modern world is defined by really software as a service, right? So, even as an organization, not that many years ago, really, your only choice if you wanted to deploy some new piece of software, like let’s say you wanted some financial software. You wanted an ERP system. If you wanted some customer relationship management system, you would have to install that on something and in that world, it was typically the server client architecture. You’d install something on your server environment and then your computers would have some software that would connect to that server environment, right?
Rebecca Zaagman:
Yep. Is the slide that you’re talking about here?
Adam Devereaux:
Yeah, exactly.
Rebecca Zaagman:
Okay.
Adam Devereaux:
So, what’s really developed, just to summarize, is the ability for me now when I want to get a piece of software, am I loading it on a floppy disk or am I even buying it in the sense of buying physical medium and getting the software that’s on here and loading it? No. I go to an app store, which is a platform. I pick the app that I want to pay for it if I need to pay for it and now I have access to it, and it almost doesn’t matter which device I’m on in most cases. Once I’m signed into my iCloud, I have access to all of my apps, and that’s where really when we start talking about cloud services, we all use cloud services now, right? It’s they’re abstracted from the underlying hardware and everything else that it runs on. They don’t just run literally in the cloud.
Adam Devereaux:
There’s data centers all over the world, these giant buildings full of server racks with thousands of servers and storage and compute and all of these other things, and if you access a service, that information has to live somewhere, but you don’t really care where it lives. You don’t have to think about that it’s just accessible from whatever device you’re on. We’re all used to how Gmail works. We’re all used to how things like Netflix work, right? Whatever device you sign into your Netflix account, there’s your profiles. It resumes the thing that you were last watching, and that’s really the typical what we understand cloud services to be. It doesn’t matter as much what device I’m accessing it from. I just need a web browser or whether it’s like a mobile app, and really, that’s this hybrid thing, right?
Adam Devereaux:
When we think about software as a service, a lot of times, you can just access it through any web browser or any compliant web browser, but sometimes you do have a client that installs on your computer or on your phone, right? So, there is software that’s running on my phone and it is running. It is using the edge compute resources that I have here, but the reality is that it’s a combined hybrid thing, right? The app on my phone really is pretty useless generally if it weren’t for all of the cloud services behind it that were connecting it to these data repositories and where the information’s stored and all those things.
Rebecca Zaagman:
Yeah, I want to jump over to how to connect this to Microsoft Azure a bit and just explore the vastness that is Azure.
Adam Devereaux:
I’m going to put this back here.
Rebecca Zaagman:
Okay. Yeah, good luck. So, up on the screen right now, I’ve just got a map of all the different data centers that Azure has across the world, and these sometimes even… These dots represent multiple data centers as well and ones that are about to come… Oops, looks like our video. Yep. Yeah, so you can see they’re all over the world. There’s quite a few here in the U.S. Looks like Chris just put a link to this map in the chat. Thanks, Chris. Other thing that I thought was super interesting about Microsoft Azure is that they are actually creating sinking data centers in the ocean next to big metropolitan cities so that they can get closer to the cities. I know there’s a better way to say that Adam, but this was just fascinating to me looking at these pictures where-
Adam Devereaux:
I think it’s Project Nautilus is what they call it. So, it’s this sealed data center. They load all of the servers and everything into it and they have a cable that runs into it with all the fiber optics and power, the short trunk cable, basically. They can drop it just on the ocean floor just outside of a major metro area and rapidly spin up more resources that are really low latency to that region.
Rebecca Zaagman:
Because one of the big problems with a data center is cooling, right?
Adam Devereaux:
Cooling, yep.
Rebecca Zaagman:
So, you also have the power of the water helping with that aspect as well, right?
Adam Devereaux:
Exactly, exactly.
Rebecca Zaagman:
So, that’s pretty cool. Other fun facts, the fiber that is connected to Azure can go to the moon three times and back. That’s insane. We’ve also got Microsoft’s commitment to carbon negativity by 2030. I believe they are carbon neutral with Azure right now, but they are on a path to being carbon negative by 2030. So, that’s pretty amazing. You can see they’re decreasing their carbon emissions and also increasing their carbon removal to make that happen. That’s pretty interesting.
Adam Devereaux:
Yeah, and at the same time, it’s interesting that we’re getting this centralization of all of these computing resources in these buildings and it creates these economies of scale, but then the devices we’re using are also still getting more and more powerful, right? The edge computing. So, it’s this combination of both, but the scope, the scale, the size of these cloud data centers. I mean, it’s just phenomenal. I mean, just inside of one data center, there’s something like two million miles of fiber in the typical Microsoft Azure data center.
Rebecca Zaagman:
How many servers or blades?
Adam Devereaux:
Tens and hundreds of thousands depending on the size of the data center.
Rebecca Zaagman:
Wow.
Adam Devereaux:
Yeah, I mean, each rack could hold 24 to 48 and you’ve got thousands of racks. So, it’s a lot. It’s a lot of processing power, a lot of capability.
Rebecca Zaagman:
Yeah, and we’ve got this cool graphic. Do you want to share your screen really quick, give it up, Adam?
Adam Devereaux:
Yeah.
Rebecca Zaagman:
I’m talking like what is Azure. Azure is a lot of things. Adam’s pulling up a graphic right now that just shows the vastness of what you can do with Azure. Like he said in the beginning, Azure is a brand of services, not just a specific thing. So, that’s what’s hard to talk succinctly about Microsoft Azure because it is a lot. It can do a lot.
Adam Devereaux:
but we can simplify it, right? Because-
Rebecca Zaagman:
That’s what we’re hoping to do today. Yep.
Adam Devereaux:
I’m going to try to simplify it in the way that I think about it and that again it’s a simplification, but it falls into a couple categories of areas, and there’s a way that Azure connects into Microsoft 365 from a brand name perspective as well as an interconnection of services, and that’s in Azure Active Directory, which we’re going to talk about, but that really falls under the identity side of things, right?
Rebecca Zaagman:
Yep.
Adam Devereaux:
So, the three main categories in my mind are infrastructure as a service, your identity and access management, and then third is really the services platform that allows companies, organizations to host a service that they offer to someone else on top of that. So, you can think of that as software as a service supporting architectures because if you’re a company and you’re going to create software-as-a-service platform, you have to basically run that software on something still and so that’s when you use cloud platforms like AWS and Azure and Google Cloud.
Rebecca Zaagman:
Cool.
Adam Devereaux:
If you use this service… This isn’t an official Microsoft website, but it’s managed by Microsoft engineers. You can flip between and scale or filter on some of those particular areas as well.
Rebecca Zaagman:
That’s just a quick view at all the things that Microsoft Azure can do and I just put the link into the chat. All right, so moving forward, we wanted to just… We showed these slides in the cloud webinar that we did, but this one is you move to the cloud. So, it used to be where all of this software lived on a server in the building. So, you’ve got email, security policies, active directory, your business applications, endpoint management, telephony and files, and then gradually a lot of people have a hybrid approach right now where some of those are living in the cloud and some are still on a server in the building.
Adam Devereaux:
Yeah, exactly.
Rebecca Zaagman:
Now, we’re moving all the way up. That’s the goal-
Adam Devereaux:
Well, it’s the reality for a lot of organizations and part of that just comes about naturally from the standpoint that generally when you look for a new piece of software to do some function that your organization needs, they’re pretty much all software as a service and there’s actually a reason for that. That’s a fairly good reason, right? There’s this, like everything’s going to become a subscription. Everything’s a subscription. We yearn for the days of being able to buy that piece of software and just have it, but there are always problems with that because it doesn’t change then, right?
Rebecca Zaagman:
Yeah.
Adam Devereaux:
If you look at it, if you link it back to the way that that company works, so any software company that’s out there, they don’t just pay for employees just to make the software and then they let them all go, right? Their costs are continual and they’re growing and they need to support the platform and it was actually really difficult for software companies to manage that whole fleet of software when you look at… Let’s say you’re a software company. You have these different releases, version 12, version 13, version 14. You’ve got some customers on 12, some customers on 13. You’re trying to get them to upgrade. They’re hosted in all of these different customer environments themselves. They’re managing them. Some of them aren’t doing as good of a job, or others, they’re frustrated. It doesn’t perform well. Other ones don’t have a problem. You’re like, “What’s going on here?” You just can’t control the whole ecosystem there, right?
Rebecca Zaagman:
Right.
Adam Devereaux:
So, when you look at software as a service, the advantage is the revenue you’re getting is continuous just like your costs are because you have to pay for your employees, and you’re able to just release updates and security updates, which is a really important thing too as you go along. You don’t have to worry about, “Oh, I’ve got this patch. I need to try to get all 10,000 of my customers to apply right away because it could be a huge problem.” We saw that with exchange servers. There was a huge vulnerability around exchange servers not that long, about two months ago, and it affected when companies were hosting an exchange server within their environment.
Adam Devereaux:
So, when we talk about software and servers and where things… I’ll use the word host a lot because it’s essentially you have three models. If you have software in that older model where you have to self-host it, you either self-host that in hardware that you own in your building, host it in hardware that you own in someone else’s building, or you use a cloud provider like a public cloud provider like Amazon or Microsoft Azure, right? In that instance, you’re not paying for the hardware. You’re just paying for the resources that you consume and I think there’s going to be questions around cost is always one of the big things, but when we’re talking about why would I want to use Azure infrastructure as a service, it goes back to your software and your software ecosystem.
Adam Devereaux:
The question often comes up of like, “Hey, I want to get rid of my server.” Okay, do you have software running on your environment that you still have to self-host? Right?
Rebecca Zaagman:
Yeah.
Adam Devereaux:
If yes, then you still need to provide a server and access to that software. There’s new awesome ways to do that that are more secure and more convenient, but you still have to host that in a server that you manage, and that’s where you can decide, “Do I want to keep it on a server that’s in my building or do I want to go down the route of putting it in the public cloud, putting it in Azure?” I still have to manage or somebody has to manage that server because you’re still self-hosting it, but you have options and then if the answer is, “No. I don’t have any more software. It’s just hosting files and active directory and things like that,” then the answer is yes. You can get rid of that server at this point. There’s a pathway to do, a road map to do so, and your software ecosystem is really centered around SaaS applications at that point.
Adam Devereaux:
Sometimes, when you start looking at server replacements and you realize like, “Well, all of our software but one has moved to be cloud-hosted SaaS-based software. Do we really need to spend all this money on another server just for that piece of software?” You have to ask yourself, “Okay, is the path to get away from this still using this software and self-hosting it and moving it to the cloud or is the path let’s get rid of the software and adopt something new that is SaaS-based?”
Rebecca Zaagman:
Yeah, so what we’re talking about right now is Azure infrastructure services. So, that’s one of three areas that we’re going to cover today. So, Azure infrastructure services. That’s when you’re getting rid of the server in your building and moving whatever software you’re hosting on it to the cloud to host it in the cloud in Azure and the second thing we’re going to talk about is identity and security and the third one is software, hosting in the cloud. So, Adam, you were already talking about infrastructure services. You want to go through this part?
Adam Devereaux:
Yeah, absolutely. So, in this context, when you look at the three big categories, again, a simplification, but it’s useful here. It’s compute, storage, and networking, right? So, within a building environment where I’ve got servers, I have a server. I’ve got the network that that server connects into. I’ve got the storage within that environment that my information lives within and so when you adopt Azure infrastructure services, you can create the same thing. Where you create a virtual machine, you define the amount of compute that you need. You define the storage and the speed that you need. You create your virtual network and then there’s a whole suite of security and management services like backup and site recovery and log analytics and Azure Sentinel and things along those lines.
Adam Devereaux:
It may be worth talking a little bit about or just quick showing you the portal too once we go through this as well just so we can make that tangible, but this is an older slide, an older metaphor that’s been in place around these cloud models, and if you search pizza as a service, there’s some good content out there.
Rebecca Zaagman:
It’s lunch time. Be careful.
Adam Devereaux:
Yeah, exactly.
Rebecca Zaagman:
We’re going to lose some people to go get some pizza.
Adam Devereaux:
They use the pizza metaphor, that on-prem is a little bit making your own pizza from scratch. Infrastructure as a service is a little bit like buying freezer pizza. Platform as a service is like-
Rebecca Zaagman:
Delivery.
Adam Devereaux:
… delivery and then software as a service is going to the restaurant.
Rebecca Zaagman:
So, like virtual pizza where it makes you feel like you’re eating pizza.
Adam Devereaux:
I think there’s some virtual pizza games, but I don’t think I like that future very much.
Rebecca Zaagman:
No, we need like…
Adam Devereaux:
So, if you think about it, you go to the restaurant. You’re just consuming the good itself, the pizza, right?
Rebecca Zaagman:
Right, yeah.
Adam Devereaux:
You don’t have to provide any services. You don’t have to manage the oven and the table and the silverware and all those things. They handle all of those things for you.
Rebecca Zaagman:
Got you. So, this slide right here is showing that but with software.
Adam Devereaux:
Yeah, exactly. So, in the infrastructure as a service and the software as a service model, that’s where infrastructure is where you’re still managing the OS and the software that runs on top of it and the applications and the data and things like that. When you’re using a software as a service platform, like let’s say we use HubSpot for our CRM, right?
Rebecca Zaagman:
Yep.
Adam Devereaux:
We don’t have to install any software on a server. We don’t have to really even install a client necessarily, or generally, you just access it through a web browser.
Rebecca Zaagman:
Yep, exactly. So, yeah, I think now it’d be awesome to pop into the Azure Portal, check that out, how quick and easy it is to spin up a VM. Adam was showing it to me. I don’t really know what that means, but it was very cool to see how easy it is and I can imagine that that is just mind-blowing.
Adam Devereaux:
Yeah, so it’s a little bit familiar to those who’ve worked in hyper-V and VMware, right?
Rebecca Zaagman:
Yeah.
Adam Devereaux:
Where you’re dealing with virtualization, and we were talking about that earlier. Virtualization is this concept that’s nebulous for people, but you can think of virtualization as the matrix for servers where they’re living in this pretend server in software. You’re dividing up a physical server and then you’re creating these virtual servers that live inside of that. So, the operating system thinks it’s in a server essentially, but it’s inside of this software that’s running on the actual server that divides it up and says, “You get two CPUs and it gives a ram. You get four CPUs and 16 gigs of ram,” and it allows you to scale those up and down and move them to different pieces of hardware without the virtual machine really knowing that it’s there and that’s a fundamental principle when we talk about something like this, right?
Rebecca Zaagman:
So, right now, you went to portal.azure.com.
Adam Devereaux:
Portal.azure.com. Yep. I can create a resource. There’s, again, all of those different resources that we talked about here, but if I click on server 2019 data center, I can go in and I-
Rebecca Zaagman:
Sorry. Pause really quick. So, what would be the use case? Why would somebody need to come in and create a VM?
Adam Devereaux:
Yeah, so if you need a Windows server to do something or a Linux server to host a piece of software to do some sort of service for you that you need to install it on there, that’s when you would do something like this.
Rebecca Zaagman:
Okay, so I’m implementing this new software or the software has grown and I can’t fit it on my previous VM. I’m going to go in and add to that or create a new one.
Adam Devereaux:
Correct, and when you start thinking about this, it gets a little more complicated. There’s an adoption pathway here because you have to look at what is the application, what are the resources that it needs, how is it going to talk back to my users or my existing infrastructure. So, creating VPN connectivity between the network and it’s a topic that’s probably outside of what we have time for here-
Rebecca Zaagman:
We’re going to cover today.
Adam Devereaux:
… or what we’re going to cover today, but we can go into that more in the Q&A if that’s an item of discussion here too. So, the thing I just wanted to highlight here is you can create a free account now. So, any one of you can go to portal.azure.com, create a free account, or you can log in with your Office 365 credentials, and then you can create a subscription with a $200 credit for 30 days.
Rebecca Zaagman:
Interesting.
Adam Devereaux:
So, you can play around with it at no cost.
Rebecca Zaagman:
Love that.
Adam Devereaux:
So, once you’ve created the VM, you get the choice to pick what is the amount of memory, the amount of CPUs. There’s all of these different families of virtual machines that you can pick from. It creates your virtual network and you have to figure out how to access that, how do you remote into it. It’s all fairly straightforward, but it does require some knowledge and that’s the kind of thing that we’re here to help you guys with, but yeah, feel free to essentially sign up now and give it a try.
Rebecca Zaagman:
Start playing around. So, make sure to use the Q&A or the chat function. If you guys have any questions along the way, we know that this is a pretty complicated subject and topic, and it also can be customized in a million ways to meet your organization’s needs. So, make sure to pop that in the Q&A and I will plug it right now. We are doing a follow-up workshop, small group limited to 10 people on July 15th. So, I just want to make sure that you guys know about that. I will follow up with an email where you can sign up and also drop it in the chat here so you can sign up today. It’ll be at 11:30 on July 15th and we’re going to be digging into what is your next step with Microsoft Azure and how can you continue on your cloud journey and we had a workshop after our Power Platform Webinar recently and it was just awesome. Customers were able to really learn a lot from each other and it was highly interactive and just turned out great. So, that’s on July 15th. More info about that.
Adam Devereaux:
Yeah, looking forward to that.
Rebecca Zaagman:
Yep. So, now, we’re going to jump into the identity and security side of Microsoft Azure.
Adam Devereaux:
Yeah, so the reason why we separate these out here is because when you look at infrastructure that we talked about and then all of the array of services that Microsoft has in Azure to help organizations essentially publish a service for consumption by others, that fits into this true Azure bucket. At least that’s how I think about it, right? That’s the real world of Azure.
Rebecca Zaagman:
Yeah, I thought it’s the cloud. You send stuff to the cloud. The files go there. The software goes there, but it’s more than that.
Adam Devereaux:
It is and the reason why we now talk about identity is because Microsoft decided to call the identity and access management platform that they created in the cloud Azure Active Directory, right? So, just to make it simple. It is absolutely a part of most organizations already. If you’re using Microsoft 365, you’re using Office 365, you have it now because it’s the underlying identity directory that serves Office 365. So, if you just implement office 365, simply, you end up creating two different user accounts. If you have an on-prem active directory server, you have your classic Active Directory and then you have your Azure Active Directory.
Rebecca Zaagman:
Yeah, and we actually did a poll. Who is currently using Azure in some capacity? 61% of people said, “I am,” and 39% of people said, “Not yet,” and I wonder if we redid this poll, now knowing that if you have Microsoft 365, you’re already using Microsoft Azure, those numbers might change a little bit.
Adam Devereaux:
Exactly.
Rebecca Zaagman:
So, why does this matter? Why is identity a challenge for today’s organizations?
Adam Devereaux:
Yeah, I think the first thing we want to start with that is understanding what do we mean by identity, right? So, what is one of the first things you do when you get a new employee, right? You give them their identity, their username-
Rebecca Zaagman:
A badge, a username, an email.
Adam Devereaux:
Yep, some way of credentialing that they are now this new employee because you don’t want somebody just walking in the building and pretending they’re an employee and you don’t want just anyone on the internet to log in and see all your information, right?
Rebecca Zaagman:
Right. Yep.
Adam Devereaux:
So, we have this-
Rebecca Zaagman:
The keys to the castle.
Adam Devereaux:
Exactly. So, there’s this explosion of applications. We talked about the application ecosystem has gotten more complicated, has grown in complexity. There’s this whole world of applications that we’re using. I think I saw there’s some average enterprise has something like 129 applications that they use, and I think that may seem like a lot, but if you went through the process of doing a full catalog and accounting of all the apps you use, I think every organization would be shocked, right?
Rebecca Zaagman:
Yeah.
Adam Devereaux:
All these different employees are signing up for different services and you get this sprawl of information and access and every application that you have, somebody has to manage that, manage that identity, give those user accounts, delete those user accounts, reset passwords, and that identity is so critical because the majority of cyber attacks that are out there these days, successful cyber attacks, numbers-wise are on users identities. If an attacker compromises one of your users’ identities, there’s this whole array of ways that they can attack your organization and cause damage to you. So, people think like, “Oh, so what if some attacker gets in just the average Joe Schmo employee’s email, right? Well, one of the ways that we’ve seen is then they figure out how to submit an ACH payroll deposit request change, and they hide that email and they email HR and say, “Hey, can you update my deposit information? Here’s my new account.”
Adam Devereaux:
One payroll cycle goes through, the whole paycheck is gone, and now the employee doesn’t have their money and they’re trying to figure out what went on and that’s just a way that you can see damage from even just any average employees access.
Rebecca Zaagman:
So, identity and security are very tightly linked especially within the Microsoft ecosystem.
Adam Devereaux:
Yeah, because-
Rebecca Zaagman:
I read one place, identity is the new firewall.
Adam Devereaux:
Yes, the identity plane is really your control plane, your security plane around how are you granting access to the things that we care about now.
Rebecca Zaagman:
So, your company is only as secure as your identities are secure.
Adam Devereaux:
Yeah, and then there’s evolving compliance regulation requirements. We know that there’s privacy laws. We’re not talking full GDPR here in the U.S., but it looks like the California rules are going to be very similar to GDPR, and they’re probably going to class lead and you can see other states ultimately adopt very similar regulations. So, you need in a way to get your arms around all the information that’s out there. How do you comply with your data retention requirements and data on retention requirements, right? The need to get rid of information, and there’s a problem in IT. I don’t want to go into the whole spiel on it, but basically there’s been a challenge where IT departments increasingly feel like put upon to be faster, to make things happen faster. People have this app mindset, right?
Adam Devereaux:
Again, you can just download these apps. It’s so easy. Everything looks so easy. We don’t think about the millions or billions of dollars in development and all of the things that make this be so easy, right? Software is not easy. Software is one of the most important things that’s eating the world as Mark Andreassi famously had put it some time ago.
Rebecca Zaagman:
You must be hungry talking about food and eating a lot-
Adam Devereaux:
Pizza-
Rebecca Zaagman:
… and pizza.
Adam Devereaux:
… software.
Rebecca Zaagman:
I mean, we do this all the time, shadow IT. I guess start using a new piece of software. Don’t even tell our IT people until I need to, and then they put up the red flags like, “Oh, do you have MFA on it? Who’s managing the user accounts? What if someone leaves? What’s the subscription going?” So, we have potentially multiple teams at the same company paying for a similar subscription. There’s all these different problems security-wise, but also even just from a financial perspective as well. So, identity management in Azure makes it easy, right? A little bit easier at least.
Adam Devereaux:
Well, you need to have an identity platform. A lot of organizations don’t really have an identity platform that they realize right now, right? So, the traditional model has been built around what we call the walled garden approach, and primary identity that we were giving to users was for most orgs that we’re probably talking to, active directory that’s running on a Windows server environment, inside of your firewalled environment, right? If you’re multi-site, your VPN connecting them together, but the building and the security perimeter are intrinsically linked in the way that we think about this. All of our users and information and stuff, they’re protected behind this perimeter, the security perimeter of the firewall out to the public, the private network, right?
Rebecca Zaagman:
Mm-hmm (affirmative).
Adam Devereaux:
Well, there’s a lot of security flaws with this private network concept because once you’re in that walled garden, there weren’t really many security guards at that point, right? It’s just not the reality that we have now these days as well because now what we’ve seen is this explosion to this perimeter model where apps and information, you’ve got computers at home. You’ve got all of these applications that you may not be aware of. A lot of times this sense of security that organizations have is ignorance or it’s blissful ignorance. We don’t want to hear about it. Fine. You’ve adopted some piece of software. We’re too busy just keeping the lights on with everything else and that whole shadow IT, it’s a mixed thing, right? I don’t really like that term that much because the reality is for most orgs, the software is not the point of it. It’s to enable the business to achieve its goals, to improve its time to value, to be able to achieve what it’s trying to do, which for a lot of orgs is make money
Adam Devereaux:
So, rightfully so, a lot of times users sometimes feel, like the IT department can feel like a barrier to them being successful in doing their job, and the IT department is trying to keep people from just going out there and putting the organization at risk, and really, we have to move to more this enablement mindset where we’re meeting in the middle. We understand that there’s important qualities and an identity and access management platform can be really key to making that happen. So, how do we get our arms around this perimeter of all of these different identities that are out there? Then the key thing is really to switch to what we call a zero trust architecture, right? That’s buzzwordy, but the idea here is that there’s lots of different information, lots of different systems, and rather than going to just a simple implicit trust model right where it’s like, well, once you sign into your computer, you put your password in. You’re good to go. You can access whatever you need.
Adam Devereaux:
We’re moving to a model where there’s information in lots of different systems. There’s different levels of access that are necessary and we may want to have granularity around that, like what device are they accessing it from? What location are they accessing it from and what are they accessing? It can make constant real-time determinations these security policies that really decide, “Are they going to be allowed to do that?” Before you get to that, let’s look at some details. Is your device compliant? Maybe we need to have you do MFA. Are you coming from some location geographically that you shouldn’t be? Things along those lines.
Adam Devereaux:
We need an identity and access management platform. Azure Active Directory, which we’ve talked about is something that you may already have, but it’s probably way more powerful than what you’re utilizing now. It’s the world’s largest cloud identity service. You’re in hundreds of thousands of organizations that utilize it. I think this is somewhat a little bit older too. I think it’s well over 300 million active Azure AD monthly active users, 30 billion authentication requests a day.
Rebecca Zaagman:
In comparison to…
Adam Devereaux:
Well, some of the other big names that are out there like Okta/OneLogin. They’re in the billions of authentications a year. So, there’s almost no comparison in terms of the scale of Microsoft’s identity platform, and it allows you to connect your workforce to those various applications, and we’re going to probably do a video, a deeper dive on single sign-on and how an identity and access management platform allows you to really enable your users to be much more efficiently accessing those applications and give you more information and control, but control in an efficient way, and it really starts at a root of you already are giving them this business identity, right? This Office 365 log on is how we think about it. It’s that your Azure Active Directory account. You should 100% right now have that protected with MFA, right? Absolutely, you should have MFA protecting that user account.
Adam Devereaux:
Once you have that MFA in place and you have some security rules around that particular identity, we can leverage that account to access other services that support single sign-on and not every application out there supports single sign-on, and not every subscription tier always supports it. There’s actually a website out there that allows you to it. It lists these different cloud providers out there that gate single sign-on behind some premium subscription and a name and shame, but whatever larger cloud platform. We’re already talking about well over 10,000 gallery applications and I’m going to show I think the-
Rebecca Zaagman:
Hold on. We’ve got a quick question from Todd. Can you break down abbreviations for us? MMFA, MMA. So, MFA is multi-factor authentication. So, that’s going to be when you get the little ding on your phone when you try to log in so that it can verify your identity in more than one way. Your password is the first way. The second way would be with your phone and your location.
Adam Devereaux:
Yes, exactly. Multifactor ultimately just means, and one of the ways I’ve heard it described is saying something like something you know and something you have, right?
Rebecca Zaagman:
Yep.
Adam Devereaux:
That’s one. So, in the case of typical MFA where you’re using Microsoft authenticator, you know your password and then you have your phone with the app installed on it. So, it’s hard for an attacker to replicate that because even if they get your password, they don’t have your phone with the app on it, right?
Rebecca Zaagman:
Except for when your phone dies, then you can’t log into anything.
Adam Devereaux:
Well, you’ve got to plug it in. Who doesn’t have their phone? I mean, at this day and age, if you don’t have your phone, if your phone’s dead-
Rebecca Zaagman:
The whole phone’s dead.
Adam Devereaux:
You can’t even travel at that point, right?
Rebecca Zaagman:
Yeah.
Adam Devereaux:
Because getting in a car is dangerous if you don’t have your phone, but there are other ways, and we start looking at the future, password lists and the ability to sign in, utilizing physical tokens, the use of Windows Hello for Business so that your device is authenticating you in and of itself.
Rebecca Zaagman:
Is there anything specific to Microsoft Azure that makes their identity and security platform different than what else is out there? I’m assuming it’s around… just that the integration with Microsoft 365, a lot of our clients are on Microsoft 365.
Adam Devereaux:
That’s a huge part of it. Yeah, yeah. Absolutely.
Rebecca Zaagman:
So, we were using Duo for a bit, but now we’re almost completely over to Microsoft Authenticator, and I’m assuming just because it makes sense, right? It’s all in the same ecosystem. The more that you get ingrained into that ecosystem, the better you’re going to be.
Adam Devereaux:
Well, it’s a powerful identity and access management platform. It’s very cost-effective and you probably already have it. So, that’s some of the big advantages right out of the gate. Okta/OneLogin, those are great platforms as well, and there may be specific reasons as an organization that that works right for you, but the reality is Microsoft Azure Active Directory already is a huge capable platform that you probably already have.
Rebecca Zaagman:
And integrations into other Microsoft tools as well like the Power Platform. Adam was talking recently about the ability to do user provisioning and that ties in Power Platform as well as Microsoft Azure to deploy a process that is really manual right now, but you can automate it.
Adam Devereaux:
Correct. Yeah, both from a computer deployment standpoint as well as a user identity creation standpoint. There’s a lot of focus right now on being able to drive that out of your HR processes and really what we call zero touch deployment, which is when computers are joined to Azure AD and you can just sign into the computer, and using Microsoft Endpoint Manager, get all your apps and policies.
Rebecca Zaagman:
Don’t let them go, man. He’s going to keep going. We actually have a video coming out about that pretty soon, so keep your eye out for it.
Adam Devereaux:
I just wanted to show the admin center here. Again, if you’re an administrator in your environment, you log in. You would see this. Now, you can go into the Microsoft Azure Active Directory Admin Center, the AADAC, speaking of-
Rebecca Zaagman:
Acronyms.
Adam Devereaux:
… letter salad and acronyms here. You may see slightly different things depending on your licensed level. There’s some things in here like the secure score for identity. That’s worth checking out. I just want to call your attention over on the left. We have users and groups and we have roles and we have enterprise applications and devices. So, those are some of the key things I want to point out. What is at the root? What is at the beginning of Azure Active Directory? Well, it’s a list of all of your user accounts, right? Your employees that have a user account. They’re in here.
Rebecca Zaagman:
What makes this a little confusing is that non-Azure Active Directory is just called Active Directory.
Adam Devereaux:
Active Directory, yes. I never have claimed that Microsoft is genius at their naming.
Rebecca Zaagman:
Their naming schemes. They are not so good, not so good.
Adam Devereaux:
What’s interesting is there used to be a lot of talk around active directory and Microsoft Azure Active Directory. I remember there’s this post that people will still point to nowadays that somebody from Microsoft seven or eight years ago was like, “Well, Azure Active Directory is not a direct replacement for Active Directory,” right? People just took that and they’re like, “Okay, that’s just it,” right? It’s like, “Well, yes, it’s not a direct replacement because it’s not the same thing. It’s been rebuilt from the ground up to be a cloud scale identity and access management platform, right?
Rebecca Zaagman:
So, it’s better.
Adam Devereaux:
They added capabilities over the years, and now, the reality is it’s for many organizations out there. You don’t need Active Directory and that comes with costs because active directory is self-hosted generally. There are some ways you can do Azure Active Directory Services, which is another thing that worth its own thing that we don’t want to get into right now, but the reality is what we’re talking about is self-hosted Active Directory. That was your directory of users and groups and everything else, and I just wanted to note, it’s the same thing here. You have your users. Many organizations, the two are synchronized, so the same users in Active Directory show up in Microsoft Azure Active Directory and the password is synchronized between the two of them as well, but you do still have two user accounts, and this is where you have groups, your different groups with different people in them, and this is a big part of how you’re assigning different access levels.
Adam Devereaux:
But I just wanted to point out this enterprise applications section. A lot of people don’t utilize this, and you’ll note that on this test tenant, they already have a bunch of different applications in here like Box and Salesforce. So, what that allows you to do is access those applications directly through your Microsoft identity, and when you have an Microsoft Azure AD join device and you’re signed into it, it’s all pretty much a seamless single sign-on.
Rebecca Zaagman:
Got you. So, if I log into LinkedIn in this case, I’m already going to be logged in because it is linked to my Microsoft Azure Active Directory account.
Adam Devereaux:
Correct, yes, and if you want to add… I mentioned there’s 10,000-plus apps in the gallery. Well, that’s right here, right? So, if we look, here’s some different applications that they list out here, but you can also search and there’s tons of different gallery applications that are in there. You can even request a new gallery application.
Rebecca Zaagman:
Interesting.
Adam Devereaux:
But if you have an on-prem app, you can use the app proxy. So, it’s a way you can modernize a self-hosted app. If you have an application like a cloud-hosted app that does support single sign-on like SAML single sign-on, S-A-M-L, which is another acronym, but it basically refers to the way in which a cloud software can use the authentication in Microsoft Azure AD. What that means is for most of these apps, you may not even have to create a user account in that platform, right? You can essentially do on-time provisioning or use another integration that when a user account is created in Azure AD and it has the right group for example, it automatically gets access to that application.
Rebecca Zaagman:
Is that similar when I’m signing for something new and it says sign in with your Gmail? Sign in with your Facebook?
Adam Devereaux:
Yes, sign in with Apple. So, you might ask, “Well, how do people get to these things?” If you go to office.com, Portal at office.com, Outlook at office.com, you see this little waffle up here. Here’s all the different applications and these aren’t just the Microsoft applications, but these can potentially be the other apps like SharePoint and the like that are provisioned to me, right?
Rebecca Zaagman:
Mm-hmm (affirmative).
Adam Devereaux:
You can also use the My Apps integration or go to My Apps at microsoft.com and see all of the applications that you have access to, and you can even group these as an organization or an individual. I could say like core apps and you can add your specific applications that you want in there so that you have a nice, simple, clean interface, and then to get to one of those other external applications, you just click on it and it takes you right to it.
Rebecca Zaagman:
All right. That was a lot. I want to make sure we save some time for some questions, but the one area that we just wanted to touch on quick was hosting software in Microsoft Azure and that was something we didn’t spend a ton of time on because that’s going to be companies that are geared specifically that make their own piece of software and need to host it somewhere. We just didn’t see that many people on the call registered that might be applicable to, but feel free to put in the chat if you would like more information about that, or we can follow up more, but any notes on that quickly?
Adam Devereaux:
Yeah, I mean, that’s where you start getting into the more complicated set of services and also the conversation around what makes software as a service work? Well, they still need some way to compute for the software to run. They still need somewhere for the information to be stored and that’s a whole set of services that allow you to do that, and you start getting into other functions, Azure functions and things that can work, the AI platform that’s within that that is going to be more and more relevant for all of us as well, but if that’s you, we’re probably not necessarily the experts on that area as well. That’s not what we deal with as much as software development companies. I think that a lot of people tend to be in one camp or the other. They’re familiar with AWS or they’re familiar with Microsoft Azure or whatever the case may be.
Adam Devereaux:
There are a lot of reasons to consider Microsoft’s platform, but it’s not really the subject of this discussion, but know that if we just look at that chart of all of these different things, really the majority of those go towards app services and cloud app development and the ability to host applications and things in your environment or on that environment and then serve them up to people-
Rebecca Zaagman:
Got you.
Adam Devereaux:
… all over the globe.
Rebecca Zaagman:
So, if we put a tiny bow on this, what the heck is Microsoft Azure?
Adam Devereaux:
It’s a brand of a whole bunch of stuff, but for most organizations, it’s typically what’s relevant to you is if you have to self-host applications and virtual desktop is a big part of that as well. Self-host applications or information and you want to make it accessible to people within your organization in a secure way. Infrastructure as a server, Microsoft Azure infrastructure services are really a fantastic way to do it and very affordable because there are some specific cost capabilities. If you go into portal.azure.com… This is important. I want to touch on this part here. If you go there and you sign up, you might say, “Oh my gosh. This virtual machine is going to be $150 a month. That’s way too expensive,” right?
Adam Devereaux:
Well, I’d encourage you to check out the Azure pricing calculator and there’s a couple of things to look at in that world where you can look at reservations and your hybrid benefit capabilities and so what that allows you to do is cut the reoccurring cost for running a server in that environment, and this is something we’ll dive into during the workshop that can represent a massive savings for you if you know you’re going to be running that that service, that server for a one-year or three-year time frame because you basically get charged by the hour for virtual machines in Microsoft Azure. So, there’s a couple different cost strategies, but one of them is just to shut them down when you don’t need them because then you’re not. That meter isn’t ticking up that cost.
Adam Devereaux:
So, infrastructure as a service, a subset of you may have need for that, but I would argue that every organization should be looking at or planning for identity as a service, an identity and access management platform that really allows them to have a cohesive user experience, and it really does ultimately tie into the endpoints. A lot of you saw the Windows 11 announcement or that’s going to be coming out. That’s even further down this pathway of what I would almost define as a cloud thin client in a way where your windows device acts like a lot a Chromebook in the best ways where a lot of you may have some experience with a Chromebook. You sign into it with your Google account. You have access to all of your stuff, right? Your user state lives in the cloud and then it gets synchronized down to that that device and that’s essentially the world when we look at Windows 11 especially, but even now with Windows 10, the specific computer becomes more fungible, right?
Rebecca Zaagman:
Fungible.
Adam Devereaux:
Meaning I can just sign in. Fungible. I can sign into whatever computer that’s a part of my organization and my apps and my files and policies get pushed down to me.
Rebecca Zaagman:
Fungible, able to be replaced or be replaced by another identical item. Manually interchangeable.
Adam Devereaux:
Yes, exactly.
Rebecca Zaagman:
Fungible.
Adam Devereaux:
So, we’ve had some webinars on that topic specifically. We’ll have more videos and more topics. We love to talk about identity and access management, but security around the identity, absolutely critical, and using a robust identity platform as that control plane to make it more efficient for you to launch applications, more secure for you to provide access to those applications, and really just give you a lot more capability around knowing what information is out there and how you’re granting access to it.
Rebecca Zaagman:
Yep, absolutely. Well, we are nearing 12:30 and does anyone have-
Adam Devereaux:
That flew by.
Rebecca Zaagman:
I know it really did. We could talk forever, but I would love to answer a few questions. I think the webinar automatically shuts off at 12:30, but we have time for a couple questions if anybody wants to pop them in the chat or the Q&A.
Adam Devereaux:
Thanks, Chris for being in the background there. Chris [inaudible 00:57:53], our colleague has been a big help obviously. You’ve seen him in the chat answering questions as we go along. If you have more in-depth questions especially about the Microsoft Azure infrastructure services discussion, more specifics about costing, how to adopt, how to connect, ways that you can make that easy and simple for your users to get to those and why there’s advantages over self-hosting it within your own hardware that you have, join that, and we’ll deep dive.
Rebecca Zaagman:
Yeah, the workshop.
Adam Devereaux:
The workshop.
Rebecca Zaagman:
The workshop, July 15th, 11:30 AM. There, I’ll post the link again in the chat, and I did want to quick note. Jeff a little while ago said, “Google is deploying drive encryption such that keys are held only by end users so that content can’t be decrypted server side. Is similar security in the works for Microsoft Azure?” Chris responded, “You can manage Bitlocker Drive Encryption keys with Azure.” Is there anything else you wanted to note on that?
Adam Devereaux:
Yeah, I would say in terms of security services, so I think in the video Microsoft mentioned, cloud services are built on trust. I think that’s absolutely true. Personally, the two companies that I trust most in terms of my personal and business information are apple and Microsoft, just personal opinion. They really don’t have a model that’s built around selling access to me and my information to outside parties. So, that’s a huge advantage right there. When we look at the encryption, obviously, that’s a complicated topic that we can’t fully dive into, but Microsoft has layers of security and encryption capabilities that you can utilize to basically even lock Microsoft out from your environment that you basically have to grant them access to get into it, but you can have encrypted in memory so that the information’s not only encrypted at storage, but encrypted in memory, some leading cryptographic capabilities in that regard.
Adam Devereaux:
So, definitely, in my opinion, one of the most secure platforms out there, but it’s an arms race, right? The big three, we were talking about tens of billions of dollars in revenue a quarter or hundreds of billions of dollars of revenue. It’s a huge part of their development. Every time somebody’s creating a service, somebody else is creating a competing service, and it’s just growing and growing in capability and scope. The future is bright and exciting. It’s definitely an adventure that it doesn’t seem like it was that long ago that we were buying floppy disks and getting them in the mail and installing apps, but yet the world’s changed right before our eyes.
Rebecca Zaagman:
Yep. This is an operating system right here in a disc.
Adam Devereaux:
Yeah, exactly, and it took hours to install it.
Rebecca Zaagman:
Awesome.
Adam Devereaux:
Great. So, we should wrap. Again, if you have more questions, feel free to join us during the workshop, and we’ll be talking more about these subjects in future webinars and videos.
Rebecca Zaagman:
Sounds great. Thanks everyone.
Adam Devereaux:
Thanks for joining us.
Worksighted Team
We are a team of over-enthusiastic people, ready to help our clients utilize technology to spur growth! We love technology and come to work every day eager to solve problems and find ways to impact our clients.
