You will hear cutting-edge perspectives from across the developer industry, discussing the developer landscape and opportunities for the coming year and beyond. By registering, you’ll be automatically signed up for all global content.

Every developer is welcome

At Microsoft Build, you’ll leave a better developer than when you arrived. It’s where you can solve challenges, meet the engineers behind the Microsoft platforms you use every day, and connect with a diverse group of developers who want to hone their skills.

On the day, you can expect all of this and more:

• Keynotes: Headlines and announcements delivered by executives.
• Technical/Breakout Sessions: More in-depth coverage of keynote content.
• Ask the Experts: Sessions with experts in cloud, desktop, mobile, and web development for guidance specific to your project or interests.
• Table Topics: Gather the community for live discussion on camera, and in chat! Get inspired by community experts, learn best practices, and discover helpful resources with other attendees.
• Learn Live: Guided online with a subject matter expert to walk and talk through Microsoft Learn modules​.
• Partner Sessions: Connect with Microsoft Partners in either an Ask the Expert or Table Topics session.

On top of that, there are a variety of theme sessions for you to tune into, with topics from all over the developer ecosystem. Whether you want to learn about app development, AI or DevOps, there’s a session for you.

Register now!

In the coming weeks, you’ll be able to use the Microsoft Build session planner to sign up for these talks and more. It’s a great way to view all of the technical content on offer, while tailoring the event specifically to your interests.

Microsoft Build will provide the key developer content for which the event is known, while tailoring the event experience towards topics that developers the world over are looking for.

This digital event starts on May 23 at 8AM BST, at no cost, so register today to avoid disappointment!

Useful links

• Register for Build 2023 today!
• Follow the conversation on @MSDevUK, as well as on the #MSBuild hashtag!
• Check out Microsoft Learn TV

The post Microsoft Build returns May 23-25! appeared first on Microsoft Industry Blogs - United Kingdom.

This is my first time writing for the TechNet UK blog, so let me introduce myself: I’m Sarah Young, I’m a Cloud Security Advocate based in Melbourne. I’ve been working in tech for longer than I care to admit, and I started working in the security space before it was cool. I’m writing this piece on my flight home from Sydney to Melbourne after wrapping up the Australian Ignite Recap session that was run in the Microsoft office in Sydney (it has great views of the famous harbour bridge, if you ever get a chance to visit!).

This month I’m going to talk about some security announcements at Ignite that I think are the ones that are the most interesting.

“Just security?!” I hear you say? Well, security is everyone’s responsibility nowadays, to a certain extent. My personal favourite phrase on this comes from one of our lead security architects and my Azure Security Podcast co-host, Mark Simos who says “Security is a team sport” – very accurate!

The announcement I’m most excited about from Ignite was the new features of Microsoft Purview. If you’re not familiar with this product, this is the name for a suite of tools that help with data governance. Too often in security we focus on technical security controls to protect malicious actors compromising environments and don’t talk about the controls on the data itself in our environment, which is usually what attackers are targeting. With Purview you can use e-discovery to find and classify data in Azure, other clouds and on-premises, apply classification labels to it and then create policies to restrict and control how that data is shared both internally and externally. Purview also has an insider risk feature that can highlight and track anomalous data usage within your organisation.

The second security announcement from Ignite that I want to highlight is even more tools to monitor and manage security hygiene and baselines across all manner of infrastructure. We announced additional capabilities in this space as part of Defender for Cloud (formerly known as Azure Security Center). We now provide a multi-cloud security baseline that you can measure all your environments against for a holistic view of how you’re tracking with your security baseline. Microsoft Defender for Servers will support agentless scanning and an agent-based approach to VMs in Azure and AWS.

Finally – as it was Halloween recently – I want to encourage you to watch the DART talk about ransomware from Ignite. The Detection and Response Team (DART) team are Microsoft’s incident responders, and they help customers who have been compromised. Any real-life stories from that team are worth listening to, and I guarantee it will give you nightmares.

And on that note, I’ll wish you all a lovely November. Keep securing all the things!

The post Digging into the security announcements from Microsoft Ignite appeared first on Microsoft Industry Blogs - United Kingdom.

Day 1 of GitHub Universe is complete! Here’s a quick recap of what was announced during the keynote. If you missed the keynote, or want to catch up on any of the on-demand sessions, you can watch them on the GitHub Universe website.

GitHub Copilot

GitHub Copilot is an AI pair programmer that uses OpenAI Codex to suggest code and entire functions in real time, right from your editor. AI will soon be integrated into every aspect of the developer experience, so GitHub Copilot is becoming even more accessible.

One such area is the addition of voice commands. “Hey, GitHub!” enables voice-based interaction with GitHub Copilot, enabling the benefits of an AI pair programmer while reducing the need for a keyboard.

Soon, businesses will be able to purchase and manage seat licenses for GitHub Copilot for their employees.

GitHub Codespaces

Getting stuck into a new codebase or a new tool can be daunting, from downloading the correct dependencies to setting up your environment. GitHub Codespaces makes this easier with its new search and navigation functionality, which lets you easily find what you need for your projects.

Individual developers will get up to 60 hours of GitHub Codespaces for free every month, and you can get building in a matter of seconds. The powerful code search and code view features enable you to rapidly search, navigate, and understand code, right from GitHub.com.

GitHub Projects

With GitHub Projects being developer-first and truly flexible, it not only adapts to your current planning processes, but it encourages you and empowers you to evolve and iterate as you go.

There have been over 100 new features and updates since the launch of the new GitHub Projects last year. There are many more to come, including the following:

The Roadmap feature provides you with next level visualisation of your projects. Alongside tables and boards, you can create a roadmap view to visualise your work items across a timespan, plan and track a body of work over time, or watch the progress towards a deadline.

Tasklists can turn issues into tasks, converts tasks to issues, visualises your relationships in GitHub Projects, and more. This is all presented in a polished, new UI.

Projects on GitHub Mobile bring the power of GitHub to the palm of your hand, enabling you to contribute and collaborate from anywhere.

More from GitHub Universe

That’s not all! There were also important updates to GitHub Enterprise Cloud, new security features, and how GitHub remains focussed on open source software. You can find all of these updates, as well as more information on the new features covered above, on the GitHub Universe announcement article.

Useful Links

• Check out Microsoft Learn TV!
• Check out on-demand sessions you might have missed
• Follow the conversation on the #GitHubUniverse hashtag!
• Why GitHub Actions is invaluable for devs

The post A look at the announcements from GitHub Universe appeared first on Microsoft Industry Blogs - United Kingdom.

This year’s digital edition of Microsoft Ignite has now wrapped up, but don’t worry if you missed it! The high-quality sessions and keynotes from across the two days are available to watch on-demand from the Session Catalogue on the official Ignite website.

2022’s instalment has brought us plenty of news and reveals, so just in case you missed it, let’s walk through some of the key Azure-centric announcements. If you’re looking for announcements on other topics, you can check the Microsoft Ignite 2022 Book of News, which details everything from across the two day stream.

Azure AI

• Numerous updates to Azure Cognitive Services, including Azure Cognitive Service for Language, Azure Cognitive Service for Speech and Computer Vision
• New Azure Form Recogniser and Azure Machine Learning capabilities in preview
• Microsoft Project Bonsai adds AI features

Azure Data

• ​​​​​​​Microsoft Intelligent Data Platform adds integrated Partner Ecosystem
• Azure Cosmos DB adding distributed PostgreSQL support
• ​​​​​​​New machine learning updates in Azure Synapse
• Azure Data Explorer adds new sources for near real-time analytics

Azure Hybrid, Multicloud and Edge

• ​​​​​​New, cloud-like capabilities available for Azure Arc-enabled SQL Server
• ​​​​​​New deployment options for Azure Kubernetes Service enabled by Azure Arc
• New feature release for Azure Stack HCI

Azure Infrastructure

• Azure Automanage is now available for Azure Arc-enabled servers and Azure virtual machines
• ​​​​​​​New Virtual Machine Scale Set and Spot Virtual Machines capabilities
• ​​​​​​​New Azure Monitor capabilities and features
• New features in Azure Networking
• New Windows Server benefits and features

Azure VMWare Solution

• New features for Azure VMware Solution support availability, security

Developer Tools and DevOps

• Azure Kubernetes Fleet Manager simplifies cluster management and organization
• Independent software vendors can now create one-click Kubernetes apps
• ​​​​​​​New Azure Monitor features for app modernization and innovation
• Microsoft Dev Box now in preview
• ​​​​​​​GitHub Advanced Security for Azure DevOps in preview
• Latest version of Visual Studio 2022 now generally available
• Azure App Service updates

Power Platform

• ​​​​​​​Power Automate introducing new way to automate using natural language and AI, and innovations for user engagement, robotic process automation deployment
• Optimise workflows and document processing with AI Builder
• Power Platform Managed Environments features automated low-code governance and security capabilities at scale
• Microsoft Power Pages updates provide enhanced design studio, new templates
• Power BI updates enable self-service data analytics, adds connectivity to OneDrive and SharePoint
• Power Apps updates enable collaboration, fusion development, micro-apps
• Microsoft Dataverse enables developers to connect to external data sources

…and more!

There were so many announcements during Microsoft Ignite 2022 that we can’t do justice to all of them here. If you want to see the full list of announcements, you can do so by Microsoft Ignite 2022 Book of News. This handy website contains everything you need to know from the event, on topics from Microsoft 365 to Security and Windows. Be sure to make use of the contents page, as there’s a lot to go through!

Kathleen Mitford, Corporate Vice President of Azure Marketing, has written an in-depth blog about how Microsoft Azure helps drive agility and optimisation in business. There’s also a great article by Jared Spataro, Corporate Vice President for Microsoft 365, on how you can re-energize your workforce, wherever they’re working.

In case you missed it, there’s also a blog post written by Frank Shaw, Corporate Vice President at Microsoft, introducing this year’s Microsoft Ignite. It contains a lot of interesting information about what topic areas Ignite covers, so it’s a great starting point if you’re looking at exploring particular areas of the Microsoft ecosystem.

Useful Links

• Check out Microsoft Learn TV!
• Check out the sessions you might have missed in the official Ignite website
• Follow the conversation on the #MSIgnite hashtag!

The post A look at the announcements from Microsoft Ignite 2022 appeared first on Microsoft Industry Blogs - United Kingdom.

The Microsoft Ignite digital experience returns October 12-14 2022, giving you access to experts, new technology, and networking opportunities within your community. All of the keynotes and sessions will be available for free, live-streamed on the Microsoft Ignite website across three days, so be sure to check in over the event duration as you’re sure to find many talks and sessions that are of interest to you.

After registering you’ll be able to create a schedule, picking breakout sessions on topics that you want to learn more about. Don’t worry though – if you can’t make the talks, or there are two you’d like to see at the same time, sessions will be available for viewing on-demand following the event.

Talks to look out for

There are over 800 sessions during the event, so be sure to browse the session catalogue and save the talks you’re interested in to your personal schedule! We’ve also picked out a handful of talks that might be of interest:

Microsoft Ignite Opening Keynote – Satya Nadella (5pm, Oct 12)

Satya Nadella will highlight how Microsoft is helping customers do more with less across the Microsoft Cloud.

How Customers Build Agility and Drive Innovation with the Microsoft Cloud – Alysa Taylor and Scott Guthrie (5.50pm, Oct 12)

Join Microsoft leaders Scott Guthrie, EVP, Cloud + AI Group, and Alysa Taylor, CVP, Industry, Business Applications, and Data & AI for a wide-ranging discussion, as they share their insights about how our customers and partners across industries are innovating, driving business impact, and realizing faster time to value with the Microsoft Cloud.

Power Pages: Low-Code Web Development – Cindy Kwan, Robert Moyer and Sangya Singh (8pm, Oct 12)

In this session, learn how to take web app development to the next level with Microsoft Power Pages. Quickly and easily build secure, responsive business websites using a low-code design studio and data workspace. We will show you how you can set site administrative configuration, and enable developers of all backgrounds to achieve more, including Pro Developers who can leverage cloud-native integrations, API/APIM, Azure Functions and more.

How customers have accelerated innovation using Azure – Rich James and Matt Quinn (11.30am, Oct 13)

The business world is moving into the digital space faster than ever before and success depends on making best use of applications to communicate and interact with customers. Find out how these Microsoft customers have accelerated their innovation, improved their time-to-market, reduced costs and increased developer productivity.

Deliver efficiency with automation and AI across your business – Jamie Barker and Nir Evron (1.45pm, Oct 13)

Find out how AI at Microsoft (including Open AI, conversational AI, and speech translation) is transforming end to end customer and employee experiences. Follow Nir Evron, AI GBB, and Mark Hamblin, Customer Care TS Lead, as they highlight how a customer in the Insurance Industry has transformed their business by automating their claims management process end-to-end

Automated AI: how can it revolutionise your business? – Richard Conway and Darshna Shah (2pm, Oct 14)

Automated AI has revolutionised almost every industry on the planet and is expected to grow by an additional 44% by 2025. Whilst there are great success stories associated with automated AI, what does it really take to get there and what are challenges teams may face? In this session we consider MLOps success stories and tools across the Azure stack that facilitate best practise, but also consider challenges teams may face such as model drift, correction cascades, data dependencies and more.

Microsoft Ignite UK Spotlight

This year’s Microsoft Ignite will also include a spotlight on the UK. Microsoft Ignite Spotlights are a market-specific event experience, using the Microsoft Ignite global event content as the foundation of all content themes. Each Microsoft Ignite Spotlight will discuss the news and announcements from the Keynote and Core Themes, along with market-specific discussions.

Connect with your local community, discuss what’s important to you, and get your questions answered by local and global Microsoft experts, plus much more!

The Microsoft Ignite Spotlight on the UK runs from October 13-14 2022, and you can register today!

Register for Microsoft Ignite

You can register for Microsoft Ignite with a variety of different sign-in methods, including your Microsoft account, a LinkedIn account or a GitHub account. Be sure to visit the registration page for the full list of options, as pre-registering for the event will will allow you to access your personal information, custom event agenda and more across multiple devices.

More resources

• Register for Microsoft Ignite
• Get stuck into more Azure on Microsoft Learn
• View live and on-demand sessions on Azure and more on Microsoft Learn TV

The post Build your schedule from over 800 sessions at Microsoft Ignite appeared first on Microsoft Industry Blogs - United Kingdom.

We’re welcoming in the autumn here in the northern hemisphere, with kids going back to school and everyone returning from summer holidays. The summer was filled by many events going back to in-person and it seemed that June and July were packed with them! Black Hat, Tech Live London, Cisco Live, Women in Tech Conference, and the Gartner Symposium were some of the big names out there this summer. Hopefully you were able to attend, be it virtually or physically.

Here at Microsoft, the product groups have been a bit quieter as they’re all getting ready for Microsoft Ignite. As we saw with Microsoft Build, we’ll be hosting regional live events. If you are fortunate enough to live in the UK, France, Germany, Latin America, or Asia you could attend the event LIVE and in-person! Keep watching the event page here for updates and information to register.

We’re also keeping an eye out on other events that are happening in October and November around the globe. You can keep up to date on the Microsoft-led events near you on this website.

Keeping up to date on the latest product releases can be tough. To keep up to date on products and community technical posts I’d like to recommend subscribing to Azure Weekly, as it’s a great way to see all the updates in Azure in your inbox. Also, every product group at Microsoft has made their product roadmaps publicly available. You can also subscribe to Azure Updates to keep yourself up to date on the new features being released.

I’d also recommend following the ITOps Talk Blog, a great source of regular blog updates for you, the IT Pro community.

On September 20th, we hosted the Microsoft Tech Days event ‘Putting the Ops in DevOps.’ This event was created for IT Pros, to understand a few DevOps principles (Git, Source Control, CI/CD), delivered by community experts that have all been on the journey to embracing a DevOps mindset. The event is available on-demand, and I strongly recommend tuning in if you missed it.

I hope that everyone is staying healthy and hopefully that autumn colours are not starting too soon!

Yours technically,

April Edwards

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Microsoft Ignite returns October 12th – register today!
• New Azure features and functionality for August​ 2022

The post Upcoming events for IT Pros appeared first on Microsoft Industry Blogs - United Kingdom.

Join us for the Microsoft Ignite digital experience on October 12-14 2022, where you will gain access to experts, new technology, and networking opportunities within your community. You’ll participate in deep technical trainings, breakout sessions, keynotes, and immersive learning experiences with the teams that build the products.

All of the keynotes and sessions will be available for free, live-streamed on the Microsoft Ignite website across three days, so be sure to check in over the event duration as you’re sure to find many talks and sessions that are of interest to you.

After registering you’ll be able to build your own schedule, picking breakout sessions on topics that you want to learn more about. Don’t worry though – if you can’t make the talks, or there are two you’d like to see at the same time, as sessions will be available for viewing on-demand following the event.

Microsoft Ignite UK Spotlight

New this year, Microsoft Ignite will include Spotlights in multiple countries, including the UK. Microsoft Ignite Spotlights are a market-specific event experience, using the Microsoft Ignite global event content as the foundation of all content themes. Each Microsoft Ignite Spotlight will discuss the news and announcements from the Keynote and Core Themes, along with market-specific discussions.

In addition to market-specific content, connect with your local community, discuss what’s important to you, and get your questions answered by local and global Microsoft experts, plus much more!

The Microsoft Ignite Spotlight on the UK runs from October 13-14 2022, and you can register today!

Register for Microsoft Ignite

You can register for Microsoft Ignite with a variety of different sign-in methods, including your Microsoft account, a LinkedIn account or a GitHub account. Be sure to visit the registration page for the full list of options, as pre-registering for the event will will allow you to access your personal information, custom event agenda and more across multiple devices.

More Resources

• Register for Microsoft Ignite
• Get stuck into more Azure on Microsoft Learn
• View live and on-demand sessions on Azure and more on Microsoft Learn TV

The post Microsoft Ignite returns October 12th – register today! appeared first on Microsoft Industry Blogs - United Kingdom.

This article is based on my Microsoft Build 2022 session ‘Securing Applications’. I only had 15 minutes allocated to speak – this is what I squeezed in and delivered!

As organisations navigate digital transformation – there is no topic more important than defending yourself from attack.

Security is a complex topic because its wide ranging and has many facets, and therefore needs different skills and roles to be involved.

To be successful, organisations must eliminate the silos between the different teams and embed a security first culture into their processes and tooling.

Information Security

Security is about protecting an organisation to ensure the resilience and continuity of its business operations.

A subset of security is Information Security (infosec). Infosec is about the protection of data and associated applications, and it’s so critical for the ongoing existence and success of an organisation.

There are three areas at the core of infosec – these are:

• Confidentiality – making sure that data is protected from unauthorised access.
• Integrity – making sure that data is kept accurate/consistent, and protected from
  unauthorised modification.
• Availability – making sure that data is available when and where it is needed.

Whilst infosec is often associated with defending against malicious attackers, it also needs to consider other types of events that can cause loss, such as ‘acts of god’. For example a lightning storm which might cause a power outage and bring down systems/corrupt data.

It’s also about making sure everyone does the right things and that those things are right. For example, there is no point having a manual backup policy if people aren’t doing it regularly in accordance with the defined schedule.

Cybercrime

Cybercrime is a global threat and huge industry. Bad actors will attack organisations of any size, whatever their purpose. In most cases the motivation is financial gain, but some have political objectives and others just enjoy the challenge of causing mayhem and getting publicity.

Exploits are traded on the dark web at low cost, enabling less skilled people to be involved in malicious activity and swelling the number of attacks.

It’s often the case that exploiting just one vulnerability can open the door and provide a stepping stone into a network. An attacker can then move laterally through the network and systems to unleash further wide-ranging hostile actions, ultimately impacting the confidentiality, integrity, and availability of data.

Bad actors do bad things:

• In many cases it will cause severe financial impact (for example – loss of customer trust, loss of intellectual property, severe compliancy fines, corrupted data).
• In the worst cases, it will cause business ruin.
• In the most catastrophic case, a malicious cyber-attack can cause loss of life.

The following is the Attacker’s Advantage and the Defender’s Dilemma:

• Defender must defend all points – Attacker only needs one weak point.
• Defender must defend against known attacks – Attacker can probe for unknown vulnerabilities.
• Defender must be constantly vigilant – Attacker can strike at will.
• Defender must play by the rules – Attacker can play dirty.

This problem can be compounded when there are huge numbers of attackers targeting the defender.

Risk Management

A key part of information security is the practice of protecting systems/data by mitigating risks. The risk management process identifies risks, and for each risk the following is assessed:

• The likelihood of that risk being exercised.
• The impact that it will cause.

This process will result in a register of risks with a wide spectrum of ‘level of concern’. It’s then a business decision, based on their appetite for risk, to decide how to address each risk – the options are:

• Avoid – is to resolve the risk so as to completely eliminate it.
• Accept – is to acknowledge the risk and choose not to avoid, transfer or mitigate. Might do this if the assessed impact is small or the likelihood of it happening is remote.
• Transfer – is to move the risk to a third-party, perhaps by taking out insurance.
• Mitigate – is to do something to reduce the likelihood or impact of the risk.

This will be an iterative process, so that the results of ongoing monitoring are fed back into subsequent cycles of the process.

We can reduce risk by doing the right things, and this breaks down into four distinct categories:

• Secure by Design.
• Secure the Code.
• Secure the Environment.
• Secure the Operations.

Secure by Design

Security starts with the design before any code is written.

The design will transform user requirements into an architecture containing the platform components and software modules to be developed, and will define how they interact.

Threat modelling is done by people with a mindset that will think like an attacker rather than a defender. They will use a threat modelling methodology to tease out flaws in the design – which can then be addressed early, when they are relatively easy and cost-effective to resolve.

Zero Trust is a response to the way networks have changed. We used to have an internal network and an external network with a firewall between to keep the bad guys out. Today, your trusted people are working on untrusted networks, and most likely there will be untrusted people on your trusted networks. Today you have to protect resources and not network segments.

The core principal is that everything is a threat – don’t trust anything or anyone at anytime until identity has been fully verified and you have a high level of assurance that it is what it claims to be.

• Verify explicitly – Always authenticate and authorise based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
• Use least privileged access – Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.
• Assume breach – Minimise blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defences.

Identity is key and has become a popular attack vector. Do not reinvent your own identity – instead use industry standards and products/services from specialised organisations that have invested substantially in this and have offerings that are battle proven.

Data Classification is knowing your data – is it Highly Confidential, Confidential, Public, Business or Non-Business? Protect personal identifiable information (PII) because the Data Protection laws and regulations around that can impose heavy fines for any breach.

Confidential data should always be protected using encryption when sending over the wire or when stored at rest.

Secure The Code

This is about your code and external code – namely open source.

Use code scanning tools to ensure submitted code is high quality, safe and reliable – and conforms to best practice. You can do this with automated code reviews, that previously peers would have done.

Static code analysis tools helps identify areas in which areas of the code under analysis is suspect and may be compromised.

Secure your secrets and put in the source code. Once application source code is loaded into source control, it can spread widely and potentially be read by many. Secrets – like API keys, security tokens, certificates and passwords – are extremely sensitive as they open doors, so they must not be embedded into source code or they will leak. Put such secrets in a safe storage service and then get the application to retrieve them at run time.

Software Composition Analysis tools should be employed to analyse the dependency graph and keep an inventory of third-party components being used to build applications. More on this later when we discuss the software supply chain.

For private development, store source code in well-secured code repositories. Fully understand your branch management so you know what code is in dev/test/production, and have processes for hotfixes.

Secure The Environment

When using cloud there are shared responsibilities for securing the environment. The cloud vendor will handle the physical security but the users must secure their own environments and resources. Analogy is a castle – doesn’t matter how high the walls are or how many crocodiles are in the moat around the castle – if you leave the drawbridge down then an intruder can easily walk in.

Access controls are used to impose rules on who can access what and what level of access they have. Dev environments may be more relaxed, but access to production environments should be strictly controlled and limited. Access controls need to combine with a strong identity foundation and use features such as conditional access, multi-factor authentication, just-in-time and just-enough-access (JIT/JEA).

Policy services are used to centrally set guardrails throughout your resources to help ensure cloud compliance, avoid misconfigurations, and practice consistent resource governance.

‘Infrastructure as Code’ is the practice of keeping infrastructure topology specified in scripts/templates and are stored in version control – in a similar fashion to the way developers manage code and deploy solutions. It then enables consistency, quality, repeatability and accountability of the configuration.

Network security controls and devices may be implemented to mitigate against various known attack vectors. Application security often involves discussion around networking such as firewalls, gateways and load balancers – ensuring the infrastructure is locked down from certain types of network attacks.

Patching ensures all known vulnerabilities in virtual machines and operating system instances are resolved. If you’re using PaaS then it’s not an issue, as it’s handled automatically/transparently by the underlying system. But it’s still a relevant topic in some cloud-native services – such as if using Kubernetes.

Secure The Operations

Operations are responsible for managing the live environments – their duties can be summarised as Protect | Detect | Respond. It’s important that response actions are scripted and so can be triggered as needed, as opposed to having to think and act on the fly/under the pressure of a live incident.

They must monitor everything that is happening and should be looking for the unexpected events or failures, and should it happen implement incident response protocols to take the appropriate preventative measures or contain any damage.

Threat intelligence is knowing the latest security landscape and possible threats, and so can help by planning in advance how to respond. It’s the need to avoid surprises and the unexpected.

After any incident, forensics and root cause analysis should be done – in particular to determine if there is any compromise to the confidentiality, integrity and availability of the data and associated applications.

And finally there’s business continuity – having processes in place to keep the business running during major disruption or disaster, such as earthquake, power outage, fire, cyber attack, etc.

Automation

There’s a lot here and this wasn’t an exhaustive list of all things to do, but it highlights the variety of skills needed. The only way to be effective and achieve success is to automate as much as possible.

Embrace Everything as Code changes the focus from manual, repetitive tasks to workflows based on end-goals and desired states. Store things like configuration rules in version control – so enabling that consistency, quality, and accountability that DevOps offers.

Software Supply Chain

Open source is software made available with source code that anyone can inspect, modify, and enhance. It’s provided with a license that dictates how the software can be used, for example it might impose commercial restrictions or mandate that any modifications must also be shared back with the community.

It’s important that organisations understand and mitigate against the risks of open source. When an open source library is imported/used, then all the dependencies that library uses is also included and there could be many levels of dependencies resulting in the use of considerable amounts of software from unknown sources.

Infecting popular open source libraries with malware and vulnerabilities is on the rise – this is known as a software supply chain attack. It can wreak maximum havoc as the malware will be further distributed to all users of the software that includes the library code.

Software Composition Analysis tools should be employed to analyse the dependency graph and keep an inventory of third-party components being used to build applications. These can then provide ongoing monitoring to:

• Report on known security vulnerabilities and software bugs.
• Alert when updated versions are available.
• Accurately track the open source licensing conditions to fulfil all the legal requirements helping to avoid any unfortunate surprises, such as jeopardising exclusive ownership over proprietary code.

Such tools can help software vendors document their Software Bill of Materials (SBOM) which lists any components, libraries and tools used. There has been discussion that future legislation may force software companies to make SBOM declarations public.

DevOps

DevOps is the engine that drives innovation – and reduces the time to deliver value.

A DevOps approach enables organisations to develop, deploy and improve products at a faster pace than they can with traditional software development approaches.

But DevOps is not just a product – it requires a culture of collaboration that is critical for DevOps to be successful.

In DevOps, we often discuss the inner and outer loop. The inner loop is the iterative process that a developer performs when they write, build and debug code. The outer loop is the build/deploy/monitoring and then driving the plan for subsequent development.

DevSecOps

DevSecOps is the evolution of DevOps. It focusses on integrating security practises within the DevOps inner and outer loops to create a security first culture.

Furthermore, it mandates a shift left mentality – that is addressing security in the earliest stages in the development lifecycle. So not only is the development team thinking about building a high quality product efficiently, but they are also implementing security as they go.

Addressing security earlier will improve the robustness, saves costs and accelerates delivery.

Learn more

• Azure security documentation
• GitHub Security
• See more from Mark at https://markharrison.io/

The post Considerations for Securing your Applications appeared first on Microsoft Industry Blogs - United Kingdom.

This year’s Microsoft Build has come to a close, but despite the event being over there’s still plenty of content for you to enjoy. There are a wealth of on-demand sessions and supplemental content that cover everything from announcements to tech deep-dives, so it’s absolutely worth your time to dig into the session catalogue.

What our MVPs thought

With so many sessions available, it might be hard to know where to start. Fortunately, we had the perfect group of people to ask for pointers!

Following the conclusion of this year’s Microsoft Build, we spoke to some of the Microsoft MVPs in the UK about what they thought about the event, as well as their personal highlights.

Kevin McDonnell, Microsoft 365 Solutions Architect and co-host of the GreyHatBeard podcast, said:

Options are what helps us feel better mentally, and Build brought those in abundance. Whether it was to enjoy from the comfort of home or to head into TVP to attend in person (including a great choice of food). Whether it was to focus on dev in Azure, GitHub pipelines, the best of Graph or the magic of Power Platform. Whether it was tech content, how to build a community or the emotional Humans of IT track. There was content for all and how you wanted it. I learnt, I chatted with old friends and I met new people – exactly what I want from a conference!

Chris Hoard, Partner Education Lead at Vuzion, said:

This year’s Microsoft Build was the first major post-pandemic event which truly embraced hybrid, and one which I think will be the template for events moving forward. On the one hand, we had the digital core delivered out of the Microsoft Media Hub in Redmond, and on the other we had regional spotlights where you had the opportunity to meet up and attend sessions in person. Whether you want to watch remote, attend in real life or even watch sessions remotely whilst being there in real life: this event showed us that the choice is yours, which is far more inclusive and personalises how each of us like to consume content.

Attending in person, I met many of my friends and fellow MVPs, we enjoyed street food and had a great time delivering and supporting each other’s sessions. The hospitality was second to none, the atmosphere and organisation was second to none – and at the end of the day it was easy to be without – let’s admit – all the drawbacks and cost of the old events. Looking forward to Build 2023!

Thomas Thornton, Azure Technical Specialist at Kainos, said:

It was an awesome event for my first in-person event after two+ years! There was a great mixture of content for all, and a lot of getting to meet those who I have spoken to/communicated with for over two years and not met! A really great event – looking forward to the next!

It terms of being a hybrid event, it worked well. The expert sessions in particular had a good collaboration between both those online and in-person.

Marcel Lupo, Cloud Solutions and DevOps Architect at Avanade, said:

The event was awesome!! Great content and speakers, plus it was great to just get together and meet so many people from the community and other MVPs I’ve not spoken to in person. As a connection zone speaker at the event, I think the hybrid sessions went down really well. The event was super awesome and I’m looking forward to doing this again!

Thoughts from other viewers

During the two-day event, viewers from all over the world were sharing their thoughts on the #MSBuild hashtag on Twitter. Here’s a small selection of what sessions and announcements people were talking about:

#PowerPages the new hero in @MSPowerPlat! 🤩 Handy links:
1⃣Power Pages new docs site – https://t.co/PPCwmYX20C
2⃣Power Pages go live checklist – https://t.co/EloaRsgPJ5
3⃣New Power Pages community site – https://t.co/MqsOXfazH4
4⃣Watch #MSBuild session – https://t.co/Up3KRHorcS pic.twitter.com/JdISZuHeZj

— Elaiza Benitez #LetsAutomate (@benitezhere) May 24, 2022

This must be the coolest session from #MSBuild @stevensanderson teaches you about running .NET on WASM and WASI.
You can even run ASP .NET Core server apps, client side in the browser, not Blazor 🤯

Check it out here: https://t.co/DHWI9KuJt7 pic.twitter.com/yyIotMlQEJ

— Niels Swimburger.NET 🍔 (@RealSwimburger) May 26, 2022

My writeup of #MSBuild this week. I was particularly impressed by the #AI dev software, which comes from @OpenAI. Can see this eventually being used to create complex next-gen web software like metaverse. https://t.co/LWvOralKLu

— Richard MacManus (@ricmac) May 27, 2022

THE BEST video of #MSBuild I've seen so far is @danroth27 demo'ing a single C# based codebase running in Web, iOS, Android, PC, MacOS and then mixing in native controls. Blazor+MAUI=INSANE. https://t.co/CtQD2gpMBA

— Lee (P )?Richardson 🚨 (@lprichar) May 27, 2022

From developer flow to the metaverse, I highlighted 10 technologies at #MSBuild that are coming together as one powerful platform to help developers build what’s next. You can watch my keynote here: https://t.co/OWqPAGbfVL pic.twitter.com/46WqJ7m7I3

— Satya Nadella (@satyanadella) May 24, 2022

With over 300 sessions it’s impossible for us to cast a spotlight over each and every one, however the session catalogue is a great way of finding the right talks for you. With filters for session language, type and solution area, you’ll be able to find sessions to boost your existing skills, as well as kickstart new ones. Be sure to check it out!

Useful links

• Watch Build 2022 on-demand today!
• A look at the announcements from Microsoft Build 2022
• New Azure features and functionality for May​ 2022 – Microsoft Build edition
• Catch-up on the conversation on @MSDevUK, as well as on the #MSBuild hashtag!
• Check out Microsoft Learn TV

The post What to catch up on from Build 2022 appeared first on Microsoft Industry Blogs - United Kingdom.

This year’s edition of Microsoft Build has now wrapped up, but don’t worry if you missed it! The high-quality sessions and keynotes from across the two days are available to watch on-demand via the Microsoft Build Session Catalogue.

The event brought us many surprises, so just in case you couldn’t tune in live, let’s walk through some of the announcements.

Azure AI

Microsoft Azure AI is introducing two updates to Azure Cognitive Services to help developers deploy high-quality models as APIs and infuse language capabilities into their apps more efficiently and responsibly.

Azure OpenAI Service, an Azure Cognitive Service, is now available in preview. OpenAI Service helps customers enable new reasoning and comprehension capabilities for building cutting-edge apps for use cases such as writing assistance, code generation and making sense of unstructured data.

Azure Cognitive Service for Language now offers summarization for documents and conversations, a new capability that helps developers quickly surface key information in documents and contact center calls, such as the reason for the call and resolution.

The full list of updates is as follows:

• Azure OpenAI Service helps customers accelerate innovation with large AI models; Microsoft expands availability
• Azure Machine Learning responsible AI dashboard is now in preview
• Azure Form Recognizer has new capabilities in preview, including updates to Azure Bot Service, Power Virtual Agents and Azure Metrics Advisor.

Azure Cloud Native and Application Platform

The Azure Communication Services Mobile UI Library, now generally available, helps save time and reduce complexity for app developers by providing production-ready UI components for mobile apps. The release includes support for 13 languages, accessibility for UI components and the ability to view shared screen content – including pinch-to-zoom, a key feature for mobile users.

The full list of updates is as follows:

• Azure Container Apps, now generally available, enables customers to run microservices and containerized apps on a serverless platform.
• The Azure Communication Services Mobile UI Library, now generally available.
• To reflect the expanded scope of the service as a platform for all types of Spring apps, Microsoft is renaming Azure Spring Cloud to Azure Spring Apps.
• Several key enhancements have been made to Azure Kubernetes Service (AKS) to aid the developer experience.
• Service Bus Explorer capabilities are now generally available in the Azure portal.
• Azure API Management provides a hybrid, multicloud management platform for APIs across all environments.
• Several updates to Microsoft Azure App Service are either generally available or in preview.

Azure Data

The Microsoft Intelligent Data Platform, now generally available, is a new, integrated platform that unifies databases, analytics and governance, empowering organizations to invest more time creating value rather than integrating and managing a fragmented data estate.

SQL Server 2022 is the most Azure-enabled release of SQL Server with improvements in performance, security and availability. You can try it out here.

The full list of updates is as follows:

• For the first time, anyone can download the SQL Server 2022 preview to test the new features in the release.
• New features for Azure Cosmos DB, now in preview, enable developers to build scalable, cost-effective cloud-native apps and add enterprise-grade features to their apps.
• Azure SQL Database is releasing new features that help simplify and expedite app development and reduce time to market.
• Azure Synapse Analytics has new updates to the service are now in preview.
• The Azure Database for MySQL Flexible Server Memory Optimized service tier improves mission-critical workloads with lower input/output latency, higher availability service level agreements, higher resiliency and faster recovery from database failures.
• Microsoft Purview Data Policy for SQL DevOps roles is now in preview.
• Microsoft Purview’s multicloud and extensibility capabilities are expanding.

Azure Developer Tools and DevOps

Developers today face long onboarding times, conflicting development workstation settings and difficulty switching between tasks. It can also be difficult for IT admins to maintain secure, compliant and up-to-date dev environments while providing developers the flexibility needed to remain agile.

Microsoft Dev Box will give developers self-service access to high performance, cloud-based workstations that are preconfigured and ready-to-code for specific projects. Azure Deployment Environments will make it easy for developer teams to quickly spin up app infrastructure with project-based templates that establish consistency and best practices.

Both services will centralise management and governance, enabling developers to focus on coding while maximising security, compliance and cost efficiency.

The full list of updates is as follows:

• GitHub OpenID Connect (OIDC) with Azure Active Directory (Azure AD) workload identity federation is now generally available.
• .NET Multi-platform App UI (.NET MAUI) is now generally available.
• Microsoft is sharing updates on the investments in large language models and is providing a glimpse into the next generation of AI capabilities.

Azure Hybrid

Azure Arc helps customers get the most from their hybrid environments by bringing the best of Azure to on-premises and multicloud environments. New features include the landing zone accelerator for Azure Arc-enabled Kubernetes, which gives customers tools to accelerate and simplify hybrid and multicloud, and the Business Critical service tier for Azure Arc-enabled SQL Managed Instance, which delivers strong business continuity requirements, increased performance and continuous security to customers’ most database-intensive use cases. Learn more about these updates here.

The new single node Azure Stack HCI, now generally available, fulfills the growing needs of customers in remote locations while maintaining the innovation of native integration with Azure Arc. Specifically, it offers customers the flexibility to deploy the stack in smaller spaces and with less processing needs, optimizing resources while still delivering quality and consistency.

Azure Infrastructure

NGINX for Azure, in preview, is a natively integrated software as a service (SaaS) solution with advanced traffic management and monitoring. Customers can purchase this solution through the Azure Marketplace, get a unified bill for all services they use on Azure and leverage existing enterprise agreements.

Dynatrace for Azure is a natively integrated software as a service (SaaS) solution that will provide deep cloud observability for proactive identification and resolution of issues impacting mission-critical apps. Dynatrace for Azure will be available in preview in June.

The full list of updates is as follows:

• The Azure DCsv3 VMs with Intel Software Guard Extensions is generally available.
• AIOps powered Smart Maps in Application Insights is now in preview.

Power Platform

Microsoft Power Pages is a low code development and hosting platform ideal for building business-centric websites, allowing low code makers and professional developers to design, configure and publish sites for both desktop and mobile through a fluid, visual experience.

Previously, Power Pages existed as a feature within Power Apps called Power Apps portals. Power Pages will become the fifth member of the Power Platform family as a standalone offering within the Power Platform portfolio.

The full list of updates is as follows:

• Express design capability, now available to all Power Apps makers, leverages Azure Cognitive Services object detection models.
• Power Virtual Agent’s new intelligent bot authoring experience, in preview soon, will unify the sophistication of Azure Bot Framework Composer’s pro-code capabilities with the simplicity of Power Virtual Agent’s low code platform.
• Datamart in Power BI, now in preview, is a new Power BI Premium self-service capability that enables users to uncover actionable insights through their own independent and dependent data sets.
• Unattended robotic process automation (RPA) and virtual machines (VMs) in Power Automate are now in preview.
• Low-Code Trend Report 2022: Building a learning culture on a low-code platform

Windows

As an open platform, Windows welcomes developers and apps across platforms and coding languages, including .NET, web, Android, C++ and Linux. Developers can design app experiences for Windows with their technology of choice. This keeps costs low and allows them to build with tools and software they are familiar with.

Several updates and improvements have been made across Windows developer technologies and include:

• The Windows Subsystem for Linux (WSL) is available in the Microsoft Store.
• Windows Subsystem for Android is now running on Android Open Source Project (AOSP) 12.1.
• The latest Windows App SDK 1.1 update is currently in preview and will be generally available soon.
• Tooling updates include Template Studio for WinUI 3 to help build Windows apps, .NET Upgrade Assistant to migrate Universal Windows Platform (UWP) apps to WinUI 3 and updated Edge developer tools.
• Widgets in Windows 11 provide a fresh, glanceable and useful view into app content for users.
• Hybrid Loop is a cross-platform development pattern for building AI experiences that span the cloud and edge.
• The new Microsoft Store on Windows was rebuilt from the ground up for developers because of the tremendous growth in the number of developers bringing their apps and games to the Microsoft Store.

Useful Links

• Tune into Microsoft Learn TV!
• Check out the sessions you might have missed in the Session Catalogue
• Follow the conversation on the UK Twitter channel, @MSDevUK, as well as on the #MSBuild hashtag!

The post A look at the announcements from Microsoft Build 2022 appeared first on Microsoft Industry Blogs - United Kingdom.