Infrastructure Saturday 2015 Social Media Stats #infrasat

We’ve just done another successful Infrastructure Saturday event. It takes a lot of time and passion to setup personal time aside and to organize such an event. This is an annual event totally built and sponsored by the community, so the people you find there (attending, organizing or presenting) are 100% committed to the cause. Big shout for the guys organizing: Alan Burchill and Shane Hoey

Below are some of the social media stats collected during the last week up to the event day. This years top contributors were: JustBroady, superedge, david_obrien, pzerger, cloudtidings, bneusergroup, alanburchill, twalex2, blkchninstitute, reecestewart4

If you’ve been to the sessions, thank you very much. I hoped you enjoyed and see you next year.













Top Links about the #infrasat Infrastructure Saturday 2015 Event


Azure DevTest Labs Now in Preview

Busy week for Microsoft Azure. Another feature comes in preview today: Azure DevTest Labs


What it is ?

Azure DevTest Labs gives developers on-demand self-service for Azure-based test environments. With DevTest Labs developers can:

  • Quickly provision development and test environments.
  • Minimize waste with quotas and policy enforcement.
  • Set automated shutdowns to minimize costs.
  • Create a VM in a few clicks with reusable templates.
  • Get going quickly using VMs from pre-created pools.
  • Build within Windows and Linux environments.
  • Integrate directly with your preferred CI tool, IDE, or automated release pipeline.

A really cool feature is that the Dev VMs can be saved as templates and reused across organizational teams  of developers.


How Much it Costs?

Azure DevTest Labs is a free service. However, you will be charged for other Azure resources that are created in the Lab. For example, you will be charged for the virtual machines that are created in the DevTest Labs per our virtual machine.

See this new product here at the Azure DevTest Labs webpage


Azure Disk Encryption Now Available

Brand new feature deployed today on Microsoft Azure as preview: Disk Encryption

About Azure Disk Encryption

Azure Disk Encryption for virtual machines (VMs) is the answer to many organizations that could not have VMs running in the cloud mainly due to security and legislation compliance requirements.



What it Does?

What this technology does it to encrypt the VM disks, including boot and data disks, with keys and policies which are controlled in the Azure Key Vault.



It Works for non-Windows Systems

Disk Encryption for VMs works for both Linux and Windows operating systems. It also uses Key Vault to safeguard, manage, and audit the use of disk encryption keys. All the data in your VM disks is encrypted at rest using industry-standard encryption technology in your Azure Storage accounts.



What Encryption is Used?

Windows VMs uses BitLocker and the Linux VMs are using dm-crypt


How Much it Costs?

This is at no charge. Gratis! The reason for that is because this is brand new and still in preview mode. Microsoft is expected to start charging for it in some way when the product becomes live. Meanwhile it is a great opportunity for you to start playing around with it and testing your systems.


I’m Speaking at the Infrastructure Saturday 2015 Australia

Once again I am honoured to be part of the Infrastructure Saturday event in Australia. This is such a great opportunity to connect with the local IT community and talk about tech and experiences with a local flavour and feel.

Session Details

  • Title: “When a data breach happens, what’s your plan ?”
  • Abstract: Ashley Madison, Sony, Kapersky Labs, LastPass, CentreLink, G20 event in Brisbane…What do they all have in common? They were victims of data breaches. And as you probably know by now, some were handled better than others. In this session we will talk about strategies, from mitigation to handling, used when a data breach happens (not “if”) and what controls do we have if you are using Office 365.”
  • Local: Microsoft Offices, George St, 4000, Brisbane, Australia


Where Are the Slides?

You can find the slides here


Looking forward to talk about this topic!! Below are some of the art done to promote my session. Loved the work Smile






List of the Most Common Passwords

Ah the joys of working on a specialized cloud security company. This list got to my hands and I am quickly circulating them with you. These guys do a lot of pen testing, network and cloud vulnerability assessment, cloud assurance etc.

Is any of these your current password somewhere? I hope not! Smile


Full list you can get it here


Microsoft to Store Data in Germany. Make it Harder for Foreign Authorities. Safe Harbour Lesson #1.

Here’s a way to increase your data protection from US government access: Store it in Germany!

As you probably know, in October 2015 the European Court of Justice declared invalid a "Safe Harbor" agreement between the European Union and the U.S. that allowed Facebook and other firms to transfer data in huge quantities to their servers in the U.S.

The court threw this deal in the bin because it was worried about "mass indiscriminate surveillance and interception" of personal data by the U.S. authorities.

And that’s what’s Microsoft is proposing: to make it harder for Government authorities to put their hands in people’s data.



Why Germany?

After the whole saga between Microsoft vs. USA Justice Department, European consumers, rights groups and lawmakers have expressed concern about what U.S.-based companies share with American authorities.


The European Union has very rigorous rules to protect data, and Germany's regulations are considered especially strict. Besides that EU authorities have been clamping down on data protection in recent months over concerns about mass spying by U.S. intelligence services. Especially after the revelations made by former NSA contractor Edward Snowden that the U.S. spied on German officials, including Chancellor Angela Merkel, angered Berlin.


Where Will the Datacenters be Located in Germany?

They will be in Magdeburg and Frankfurt. These new datacenters will maintain the same level of expectations , security, service and quality standards as all Microsoft datacenters globally. The services offered will abide by the Microsoft trusted cloud principles of security, privacy, control, compliance and transparency, as well as consistency with Microsoft’s global cloud services.


The reason for 2 datacenters is to ensure business continuity. Also their data will be exchanged through a private network to ensure data resides in Germany even in transit.


What is Planned to be Stored in Germany?

As part of this big initiative, Office 365 customers will soon be able to choose to store all data from the following products in Germany:

  • Azure,
  • Office 365 and
  • Dynamics CRM Online


Who Will Oversee this Data?

Deutsche Telekom will be the assigned data trustee and will control and oversee access to all customer data.


What is a Data Trustee?

Data trustee is an entity that will handle data on your behalf. In this case, it will be a company called T-Systems, which is a subsidiary of Deutsche Telekom. It means that Microsoft will not be able to access this data without the permission of either:

  • customers or
  • the data trustee itself

and if permission is granted by the data trustee, will only do so under its supervision.

This is ground-breaking stuff. Never done it before in Europe and after the repercussion of the Safe Harbour case, this service is expected to grow rapidly.


What are the Impacts on Compliance for Customers?

These new cloud services in Germany will specifically address organizations and enterprises operating in data-sensitive areas such as the public, financial or health sector. The immediate effect on this is positive: Now you can even choose the datacenter within the EU jurisdiction which will translate in a better granularity of controls.

We are talking about the German Government which traditionally have a very high level of data handling regulations and security by default. As a matter of fact, Germany is one of the leaders in this quadrant. Together with Customer Lockbox, customers will be able to view how and where data is processed.


Will this Avoid the US Authorities to Access my Data?

Honestly, No. Any government that requires access to data stored in the cloud, regardless of the provider (Microsoft, AWS, Google etc) will get this access. In a fight between governments and private companies, governments always win.

However this move will make it increasingly harder for governments to have this access. And that’s the main goal here. It is not to block the access, but to put stronger controls around data access by other people except the data owner.

This move will be likely followed by Amazon and Google very soon.


Sounds Great! When Can I Move my Data to Germany?

There is a LOT of ground work to cover. Involving auditing, certifications, and buildings construction. Microsoft is releasing this information now to calm-down the nerves of some big customers. The expected timeline for availability will be around the 2nd semester of 2016

Read the official announcement here from Microsoft Europe.


CheckList to Buy an Used iPhone

I am in the market for a new phone. Got tired of my Windows Phone, which I gave so much love for years but unfortunately the market didn’t care for it. Windows Phone is like a beautiful princess locked in a castle that noone knows where it is.

I am going for an iPhone. You can’t beat its app store. Nowadays people don’t buy phones, they buy the app store.

I am thinking about buying a 2nd-hand device so I listed a few things to check when I found one and I am sharing these tips here with you. Hope it helps you as well if you’re in similar situation.

Here are my 9 checks to perform a good smoke-test on the device you want to buy:

  1. Check for Warranty and Support Status
  2. Check the iPhone Activation Lock Status
  3. Examine the Device
  4. Test the Display
  5. Access the Internet over Wi-Fi and Cell Network
  6. Make a Call and Send a Text to a Friend
  7. Take a Picture and Make a Movie
  8. Check the Battery
  9. Disassociate the Device from iCloud

And now let’s go into more details on how to check them.

1) Check for Warranty and Support Status

If the phone you’re buying is sold as “under warranty”, make sure it is.  Enter the iPhone serial number into the Apple’s site to see the report. You can check this here. 


2) Check the iPhone Activation Lock Status

Before transferring ownership of an iPhone make sure the Activation Lock has been disabled and the device is ready for the next user. This also applies for iPad, iPods and Apple Watches. You can check this here.


Note: Once an IMEI is blocked, let’s say due to theft or lost device,  it cannot be undone. It means the device has officially become a brick. With no use for noone except the recycling company. So if the IMEI is locked here, don’t bother testing anything else…actually, you CAN report it to the police.

3) Examine the Device

Scratches, chipped glass, dock connector. Then plug the phone in a charger to make sure it will take a charge. Listen to music through the headphones. Use the headphone’s controls to navigate music and volume.

4) Test the Display

This is tricky as well. Make sure you are in a place with good natural light when inspecting the phone screen. Visit this website iPhone Dead Pixel Tester to test for dead pixels. Make sure the screen displays a solid colour and it does not have any stuck pixels that won’t go away.


5) Access the Internet over Wi-Fi and Cell Network

Go and browse places like news or weather sites because they have tend to have small local caches.

6) Make a Call and Send a Text to a Friend

This is to make sure the phone perform trivial tasks as expected. During the call, put the volume up and down. Pay attention how you communicate with your friend and check if the call behaves as expected.

7) Take a Picture and Make a Movie

Make sure the photo does not look weird, too dark or too bright or have fuzzy spots.

8) Check the Battery

Go to  Settings/General/Usage and check the time when the device had the last full charge. This is a bit tricky, but once you have the phone use it as much as you can and see if you are getting the battery duration expected.

9) Disassociate the Device from iCloud

Hopefully you won’t be buying a stolen iPhone so make sure the current owner disassociates the device from the iCloud account otherwise you won’t be able to login using your credentials and activate your new phone. See how to do this here.


If you find out later that the previous owner did not disassociated it properly or he/she doesn’t know how to do it, ask him/her to go to iCloud, login and remove the device from their account. They can do this by going here.



Ethereum Blockchain as a Service Now Available on Microsoft Azure

Microsoft and ConsenSys are partnering to offer Ethereum Blockchain as a Service (EBaaS) on Microsoft Azure so Enterprise clients and developers can have a single click cloud based blockchain developer environment. The initial offering contains two tools that allow for rapid development of SmartContract based applications:

  • Ether.Camp - An integrated developer environment, and
  • BlockApps - a private, semi-private Ethereum blockchain environment, can deploy into the public Ethereum environment.



What is Ethereum?

If you’re not following closely the whole movement started with BitCoin, have a look at this video.


Why Ethereum?

The Enterprise Partner Group at Microsoft is on the front lines with some of our largest customers.  Everyone, particularly Financial Services, is interested in Blockchain technology. While a platform like Bitcoin has many great uses specifically as a Cryptocurrency, Ethereum provides the flexibility and extensibility many of our customers were looking for. 

In Financial Services particularly, Blockchain is a major disruptor to some of their core businesses, and FinTech companies are driving innovation in this space.  Ethereum is open, flexible can be customized to meet our customer’s needs allowing them to innovate and provide new services and distributed applications or Đapps.

Ethereum enables SmartContracts and Distributed Applications (ĐApps) to be built, potentially cutting out the middleman in many industry scenarios streamlining processes like settlement. But that is just scratching the surface of what can be done when you mix the cryptographic security and reliability of the Blockchain with a Turing complete programming language included in Ethereum, we can’t really image what our customers and partners will build.

‘'Ethereum Blockchain as a Service” provided by Microsoft Azure financial services customers and partners to play, learn, and fail fast at a low cost in a ready-made dev/test/production environment. “

It will allow them to create private, public and consortium based Blockchain environments using industry leading frameworks very quickly, distributing their Blockchain products with Azure’s World Wide distributed (private) platform.

That makes Azure a great Dev/Test/Production Environment for Blockchain applications. Surrounding capabilities like Cortana Analytics (machine learning), Power BI, Azure Active Directory, Office 365 and CRMOL can be integrated into apps launching a new generation of decentralized cross platform applications.


How to Try Ethereum?

It is available as an Azure VM Template. It means you need to spin up an Azure VM with the Ethereum template loaded. The virtual machine main system is Ubuntu, and it will contain a Go Ethereum client and a Genesys block. Also this template is available on GitHub, you can get it here.


Deploying with PowerShell

You will need Azure PowerShell to perform the deployment. You can install Azure PowerShell from here.

Switch-AzureMode AzureResourceManager
New-AzureResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri


All this is a pretty straight forward process, you will need to specify:


Read more about this exciting announcement here.


Western Australia Government Agencies Security Flaws

That’s appalling news. The Western Australian Office of the Auditor General engaged and was able to break into 2 Australian government networks. Worse, in the very first attempt! Both networks were using the login “admin” and password “password”. No joking here!



The Auditing team managed to download thousands of highly confidential documents into an USB drive.

And then they came back a week later…Smile

And then they used the same login and password, and downloaded more stuff…Nobody noticed anything. No alerts, no monitoring, no defensive measures. IT team, hello?


But Wait, It Gets Worse…

Check these findings:

  • Dozens of database administrator accounts using default passwords and usernames that had never been changed.
  • Several database accounts with passwords as: “test”, “password1” and “sqladmin”.
  • A database administrator account using password ‘DBA’.
  • Other administrator passwords had not been changed for over a decade. Leaving access to people who might have left the organization still intact.
  • A database server was being administered using 17 highly privileged accounts for which the passwords had never been changed!
  • All 13 Production databases were hacked. None of them had back-ups encrypted. All there for the taking.
  • At least one database server had never been patched.
  • Unexplained misconfigurations in at least two of the agency databases with opened backdoors.


The Full Story

The Office of the Auditor General compiled a damning report about the atrocious state of the security in WA into a report, you can see it here. This is stuff of movies Smile


Office 365 E5, Cloud PBX, PSTN Calling : Is Microsoft Becoming a Telephone Company?

Disclaimer: All this information is as of November 5th 2015. Make sure to remember that when reading in the future.

The new Office 365 E5 plan will include:

With this Microsoft’s goal is to expand the Office 365 market opportunity by more than $50 billion.


So the natural question is….

Is Microsoft Turning (also) into a Telephone Company?

Yes, absolutely they are. To make all these cloud PBX things to work they will be able to issue and manage individual telephone numbers for your business, which came to me as a surprise, and it is part of the new voice services that are coming in to Office 365. Not only this but if you have your own telephone number with a traditional telephone service, you can port your number to Microsoft. The new kids on the block are called: Cloud PBX and PSTN Calling.



How the Office 365 Plans Look Now?

Here you can see the new look of the Office 365 E plans and prices.



What About Customers Already on Office 365 E4 Plan?

Office 365 E4 will be phased-out and customers who are still interested in on-premise voice services can buy additional CAL subscriptions.


What is Cloud PBX?

Cloud PBX is your call control from the cloud. See this as a service that enables to control where the calls are going, but that's just one component. In order to allow a connection between an actual telephone network, a calling plan is needed. Customers can then either chose to:

  1. Have their call control in the cloud and route down to on premise and then call with one of the existing providers or
  2. They can choose to contract Microsoft Cloud Telephony services and connect their calls from the cloud.


What is PSTN Conferencing?

PSTN Conferencing Is the ability to be able to dial-in to conference meetings. Microsoft will be able to provide customers with actual real telephone numbers to call. As a trivia bonus, this is the same service used during the last Olympics for conferencing. It has initially a “limit” of 10.000 people connected to the same conference but according to Microsoft really this number is “in theory”. There is no limit except whatever is provided by the infrastructure. This service is provided by PSTN Calling


Will PSTN conferencing Be Available as Add-on for Skype For Business Subscription Plans and E3?

All services existing on the new E5 are already available as individual add-ons to E3 customers, assuming the pre-requisites are there. For example, you won't be able  to add PSTN calling if you don’t have cloud PBX service first, obviously. Any of the services available in E5 can be purchased individually. Dollar for dollar, for bigger deployments the best value will be go all the way to E5 instead of keeping E3 and adding individual add-ons.


For Hybrid Cloud PBX Scenarios, If a Customer Wants to Buy E5 and Wants to Integrate with Their Own PBX, How Easy Would That Be?

Hum…easy? Yes and no. At the moment, there is no easy answer for that. At this stage what we can confirm is that at least currently there is technology to deploy that sort of integration with existing PBX systems and take advantage of Cloud PBX services.

Having said that, if the question is not about integrating with current PBX systems but instead you just want to take advantage of your own existing telephone connectivity to your current provider, that's a much simpler proposition. This will require a small number of small virtual machines acting as gateways and depending on what you want to achieve there is likely a gateway appliance involved in that architecture. And according to Microsoft this is how most of the customers are thinking about doing it.

According Microsoft research, people want to do this on a hybrid setting because they are simply not ready to go to the cloud and move all the users up there and trust a telephone company to help them. Nobody has ever done this what Microsoft is doing it with E5, specially at this scale.

Another tip: If you are familiar with ExpressRoute, customers can use it to connect their on premise to the cloud with a private connection keeping their current telephony carrier. As a matter of fact, this is the recommendation from Microsoft: Use ExpressRoute because you won’t rely on the public internet and, according to them,  one will have more certainty and consistency in their telephony experience.


How Will the Billing System Work? How to Control Abuse/overuse of the Telephone Infrastructure with Office 365 E5?

Well, as of today, there are no over-usage charges as per-se in the new E5 plan. What is going to be put in place is monitoring of fraudulent behaviour and subsequent remediation. Let's say for example, someone left the telephone unattended for hours and hours and there is no audio. E5 will detect there is no voice coming through the endpoints so the call will be automatically disconnected. In that sense, it is expected there will be parameters that will monitor and manage and remediate issues/misuse when they occur, but MS at this stage did not signal any additional charges in the billion for over usage.

Also a cool thing if you live in the US is that the domestic service will be launched in the US with unlimited dial-in and out calls.


I love These Ideas. What Can I/We/My Company Do Now?

  • If you or your company have access, deploy Skype for Business internally as soon as you can, then deploy the preview cloud PBX, PSTN conferencing and calling before the December 1st launch. Visit for more info.
  • Learns about Skype for Business Cloud Services. What Microsoft is doing here is an unprecedented move, from any cloud provider as a matter of fact, and with it a lot of new concepts, considerations and technologies comes into play. Now is the best time to learn about it and to position yourself as an early adopter on this growing market.
  • If you’re a partner, start working on communications strategies to discuss opportunities on hybrid systems integration. A lot of people will be interested in learning more about it.

Customer Lockbox in the Office 365 E5 Plan

Every cloud service provider recognizes  that your data in the cloud is yours and you want to have full control over its access . Customer Lockbox is a feature for Office 365 that provides customers with unprecedented control over their content in the service by giving them explicit control in the very rare instances when a Microsoft engineer may need access to resolve an issue.


The whole Customer Lockbox service has been engineered to require nearly zero interaction with customer content by Microsoft employees.  Nearly all service operations performed by Microsoft are fully automated and the human involvement is highly controlled and abstracted away from customer content. As a result, only in rare cases a Microsoft engineer might have any reason to access customer data in Office 365, and when it does you, the customer, will be part of the process.


That technology, process and approval workflow is called Lockbox, and its approval process go through multiple levels of authorization. In addition, all access control activities in the service are logged and audited to make sure all compliance and regulatory needs are matched.

No other cloud service at this day offer this level of access and control where the customer can scrutinize the request and either approve or reject it.

A Matter of Trust

All this transparency and control are to make sure a satisfactory level of trust is maintained between Microsoft cloud services and the customers. All Customer Lockbox activity will be available to customers via the Office 365 Management Activity logs for easy integration into customer security monitoring and reporting systems.

The Office 365 E5 Plan

Microsoft announced a new E5 Office 365 plan and the E5 will contain that service by default. Customer Lockbox will be available for Exchange Online by the end of 2015, and for SharePoint Online by the first quarter of 2016.