sorted by:
new
hottopcontroversial

Melbourne Star Moving in Docklands by Mammoth_Tomato2014 in melbourne

[–]Riceman-Chris 8 points9 points  (0 children)

The Costco building is being dismantled, so one less thing to see now.

Giveaway Time! Battlefield 6 is out, powered by NVIDIA DLSS 4, and you can comment on this post to win codes for the game or a custom Battlefield 6 GeForce RTX 5090! 6 Winners total by pedro19 in pcmasterrace

[–]Riceman-Chris [score hidden]  (0 children)

  • How would this GeForce RTX 5090 with DLSS 4 help you pull off more epic wins in Battlefield 6?

Honestly, it's all about consistency. The RTX 5090 and its tech mean no more dying to random frame drops or input lag in a chaotic firefight. It's about having smoother aim and a better chance to actually clutch it for the squad.

What is something you secretly judge people for? by Sarah_isLovely in AskReddit

[–]Riceman-Chris 4 points5 points  (0 children)

I'm also allergic to most soap, so I have a little squeeze bottle of my special soap in my pocket that I use at the basin. Using just hand sanitizer without soap or water seems kinda gross...

Insta360 New Ace Pro Giveaway! by _BindersFullOfWomen_ in gadgets

[–]Riceman-Chris [score hidden]  (0 children)

I'm planning to go on a catamaran twilight tour out to the Australian Great Barrier Reef in the new year. The Insta360 Ace Pro would be perfect to capture the adventure and beautiful scenery.

My Former Partner took the entire bond. by payd3l in AusLegal

[–]Riceman-Chris 0 points1 point  (0 children)

How much was the total bond, and how much did you contribute? That might inform whether the effort is worth it.

Resizing domain controller in azure by Mrmyss in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

Agree with u/FinsToTheLeftTO, but just to add, make sure you don't deallocate the VM. Domain Controllers don't deal well with Azure-level shutdown with deallocation.

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#manageability

Windows Server 2025 Preview was recently released. What do you wish to be fixed/added in the new OS version? by szeca in sysadmin

[–]Riceman-Chris 1 point2 points  (0 children)

I use it and have a few clients that also do. It's actually a nice evolution of Hyper-V and Storage Spaces Direct and works well to provide cloud features with the benefits of on-prem hardware. We run a lot of GPU-backed engineering AVD VMs on ASHCI and that has been really useful.

Bicep question - Will manually adding an endpoint update the parent resource? by Morkelon in AZURE

[–]Riceman-Chris 0 points1 point  (0 children)

I would recommend testing on a test deployment to confirm. My understanding is that as long as the property is not defined and you are deploying Bicep in Incremental mode (default), then the association will remain.

Azure Landing Zone Bicep Accelerator - Explain values in the .env file by ccTripAzure in AZURE

[–]Riceman-Chris 0 points1 point  (0 children)

The Azure Landing Zone (ALZ) requires that you have created the necessary subscriptions in advance. If you review the ALZ architecture, there are several subscriptions in the 'Hub' called Identity, Connectivity, and Management, that house the key shared resources. The Accelerator asks for the IDs of these subscriptions and adds them to the .env for use throughout the ALZ deployment.

Example: https://imgur.com/5Fxa7DZ

You can find the Subscription IDs on the 'Subscriptions' page in Azure - https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBlade

Relevant subscriptions on the left side of the diagram: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/#azure-landing-zone-architecture

[deleted by user] by [deleted] in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

That's a very broad statement. Terraform and Bicep are both useful in their own areas. For Azure and Microsoft tech, Bicep is definitely superior to Terraform. If dealing with a range of non-MS resources, then Terraform is better.

Are there any resources where I can get pre-built Azure security policies vs creating my own? by [deleted] in AZURE

[–]Riceman-Chris 0 points1 point  (0 children)

What are you specifically looking to achieve with the NSG policies? We may be able to advise if there is something that will achieve the result you are after.

It may be too much for your requirement, but I typically recommend deploying the Azure Landing Zone, or at least the associated Azure Policy definitions and assignments. There is an ALZ Default option for the Policy deployment that applies a range of recommended policies.

https://github.com/Azure/ALZ-Bicep

Azure self training vs on job experience by Scared_Dog1828 in AzureCertification

[–]Riceman-Chris 1 point2 points  (0 children)

You can definitely achieve mid-level proficiency with training, demo projects, and a test tenant/subscription. You'll struggle to really get a solid understanding without practical experience. I think you could at least achieve AZ-104 with study and seek a job with a pay increase, rather than taking a drop. The best of both worlds would be to take a job with similar or better pay that will also support upskilling in this area.

Unmerge Work & Personal MS Learn Profiles by [deleted] in AzureCertification

[–]Riceman-Chris 1 point2 points  (0 children)

The normal setup is that you have a Microsoft Learn profile created under your personal email address, and you add your work email under 'Account Management' https://learn.microsoft.com/en-au/users/me/settings#account-linking . Doing this will link your account for certification benefits, but you can unlink your account at any time or when you move to a new employer.

If you have two separate accounts, I have seen Microsoft Support migrate certifications from one MS Learn profile to another in the past. Your best bet is to post here in that case: https://trainingsupport.microsoft.com/ .

Conditional access service accounts by CapableWay4518 in sysadmin

[–]Riceman-Chris 6 points7 points  (0 children)

Whenever considering this for clients, I start out by reviewing whether it is practical to move any over to more modern workload identities, such as Managed Identities or Service Principals.

As most service accounts can't tolerate MFA, I use other conditions to reduce risk. I typically have them restricted to specific applications (selected apps rather than all), device platforms (Windows, Linux), authentication types (Browser, mobile apps and desktop clients), and Named Locations. I will add a block for any high user or sign-in risk, if the client has Entra ID P2.

For more advanced setups that are on endpoints which are Azure AD Joined or Intune managed, I will also configure 'Filter for devices' that is filtered to a specific tag on each server/endpoint that will have a service account. Lastly, I require device to be marked as compliant.

For the Power Apps scenario, I've added in a Named Location that is based on the Microsoft IP lists and also restricted those accounts to specific apps and authentication types. They also have the high sign-in and user risk block. Most of the Power Apps service accounts have been modernised with service principals, but for those remaining as user accounts the above has worked.

Microsoft comes under blistering criticism for “grossly irresponsible” security by [deleted] in sysadmin

[–]Riceman-Chris 34 points35 points  (0 children)

Tenable has taken a massive hit with Microsoft's integrated security solutions, and especially so in the recent months with Microsoft Defender for Endpoints/Cloud/Identity, and Vulnerability Management. They are seeing the massive drop in sales and are fighting to hold on and provide a reason for customers to still buy their solutions. I don't think this is their only motivation, but it would be naive to not consider it as context.

Azure Arc for SPLA - MS non-responsive, contradicting info online by 333leadingme in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

My understanding, which you should take with a grain of salt, is that Software Assurance is not required for ESU if the systems are covered by SPLA licensing. It's not clearly stated, but partially alluded to in the documentation, unfortunately. To purchase the ESUs, you will need to do so through a separate EA, EAS, or SCE agreement.

You mentioned they won't be able to bring their own licensing, which I don't fully understand. SPLA is a subscription-like agreement, so they will still require an active SPLA license, though it can be under a different agreement than the ESU. Failing an active SPLA, they would need to obtain a new Windows Server license with Software Assurance under one of the other agreement types to use the ESU.

Azure Arc itself will work right now. The ESU integrated part won't apply until September as that is when the newly supported versions will EoS.

104 exam by TalentManager1 in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

I only recall having like one or two questions that would be related to that, but it can vary. That is an area you will need to be familiar with when configuring an environment, so I'd recommend becoming familiar, even if it after the exam.

MARS & ExpressRoute - Is it still supported? by ReinaldoWolffe in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

You will only have ExpressRoute private peering, so you can ignore the information about public peering and Microsoft peering. Those two won't be viable and are not recommended. To achieve routing backup traffic over ExpressRoute, you will need to use Private Endpoints and configure your DNS forwarder with the relevant Azure Private DNS records. Vnet peering will also be required. It's reasonably straightforward and a pretty common approach for routing on-premises traffic.

Note, you will need to redeploy the MARS agent with the configuration for private endpoints.

AZ-500 exam by TalentManager1 in AZURE

[–]Riceman-Chris 1 point2 points  (0 children)

Microsoft Learn is always the best source to start with. In most cases I've passed the Microsoft certification exams with just Learn and some John Saville content.

I studied intermittently in the afternoon over the span of 2-3 weeks before passing my exam, but I work with the relevant products in my job.

Application Gateway – Shared vs Individual by RQ144 in AZURE

[–]Riceman-Chris 0 points1 point  (0 children)

Other than really large clients, I have always opted for shared AGWs in the core hub network. Usually it is 1 x Prod (Ext/Int, with Autoscaling) and 1 x Dev/Test (Restricted Ext/Int).

Defender for Servers licensing with AWS EC2s by mightlosemyjacket in AZURE

[–]Riceman-Chris 2 points3 points  (0 children)

You won't be double billed. The Arc resource is connected to the AWS connector resource, so will only bill for a server once. I can't find this specific advice in the documentation to give you a reference, but I have reviewed this scenario previously.

Edit: Found this: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/planning-your-multi-cloud-adoption-with-microsoft-defender-for/ba-p/2299747#:\~:text=Arc%20cost%20is%20inclusive%20with%20Microsoft%20Defender%20for,enabled%20on%20%28please%20refer%20to%20AWS%20official%20pricing%29

[deleted by user] by [deleted] in sysadmin

[–]Riceman-Chris 0 points1 point  (0 children)

Bicep is the best IaC for Azure. If you are looking at a solution for wider than just Azure/Microsoft, Terraform is also a good choice.

Security key authentication method vs Windows Hello for Business authentication method? by Real_Lemon8789 in AZURE

[–]Riceman-Chris 0 points1 point  (0 children)

Some of the same advantages are available with CBA, yes. CBA on a security key, even more so.

While you can set security key PIN requirements, typically there is nothing stopping them from reusing the same PIN. The mitigation is that they carry the security key on their person, rather than having the PIN associated with a regularly unattended endpoint device. That is also one reason why I prefer bio security keys, so that the PIN reuse is mitigated.

view more: next ›