Experts Live Europe 2024 Recap: Key Takeaways from Budapest

Introdocution

The Experts Live Europe 2024 took place from September 23 to September 25 in the stunning Congress Center of Budapest.

Over the course of three days, attendees experienced more than 60 sessions presented by over 50 speakers, diving into a wide array of topics within the Microsoft ecosystem. Highlights included insights into Microsoft CoPilot, security advancements, and strategies for application deployment as well operation within the Microsoft Azure Cloud.

This year, Michele and I returned as participants, much like we did last year in Prague. It was fantastic to reconnect with familiar faces from the Microsoft community, while also forging new connections through our network.

In this blog post, I’ll briefly summarize some of the most impactful sessions we attended and share our key takeaways.

Pre-Conference Tracks: Setting the Stage for Experts Live Europe 2024

As is tradition, the day before the official opening of Experts Live Europe featured a Pre-Conference Track. This year, attendees had the opportunity to participate in three engaging sessions:

• Protecting Against Ransomware: Proven Concepts / Sami Laiho
• Laying the Foundation: Building Your SaaS on Azure / Jonah Andersson & Steve Buchanan
• Develop, Evaluate, and Deploy an End-to-End RAG Solution with Azure AI / Carlotta Castelluccio & Korey Stegared-Pace

These tracks provided valuable insights and practical strategies, setting the tone for an exciting and informative conference ahead.

Protecting Against Ransomware – Proven Concepts / Sami Laiho

Sami emphasized the importance of adopting robust cybersecurity concepts rather than merely focusing on products, urging enterprises to Buy the Concept, Not the Product.

Key Statistics:

• Average ransom payments have surged from $5,000 in 2018 to $1.5 million in 2023.
• A VMware 0-day vulnerability last summer commanded a price tag of $1.7 million.

Essential Concepts:

1. Immutable Backups:

   • Ensure that backups cannot be altered or deleted.
   • Isolate domains, fabric, and backup systems to enhance security.
   • Attackers typically take about 180 days to compromise systems.
   • Maintain logs for at least 365 days for effective incident response.

2. Immutable Logs:

   • Logs must be tamper-proof to ensure their integrity.
   • Using BitLocker is critical for maintaining log integrity.

3. Device Security:

   • Devices are commonly stolen at security checks; precautions must be taken.
   • Recovery keys should be managed securely, as they’re visible in Entra ID under user accounts.

4. Administrative Control:

   • AdminByRequest should be implemented to manage permissions.
   • Organize on-premises systems into three tiers (Tier 0, Tier 1, Tier 2) for better management and security.
   • Utilize Remote Server Administration Tools (RSAT) to manage Group Policy Objects (GPOs) directly from the end systems.

© Petra Katanic

Day 1

Keynote: Fireside Chat with the First-Ever Female Stormtrooper in Star Wars movies

This year’s keynote kicked off on Tuesday at 9:00 AM, featuring an engaging introduction by Isidora Katanic and Carla Martinez Sagastume. Peter Szabo, the Microsoft Managing Director of Hungary, also welcomed participants with some kind remarks.

The highlight of the keynote was the appearance of Samantha Alleyne, the first-ever female Stormtrooper in a Star Wars movie. She shared insights about her role in the franchise, provided a sneak peek into upcoming projects, and addressed questions from the audience. This refreshing change from a typical technical keynote offered attendees a unique glimpse into the world of acting and storytelling within the iconic Star Wars universe.

© Petra Katanic

Zero Trust – Dope or Nope? / Sami Laiho

Sami discussed the concept of Zero Trust, emphasizing that it should be viewed as a principle rather than a product. He criticized the term Zero Trust, deeming it ineffective in conveying its purpose.

Key Principles of Zero Trust:

• Verify Explicitly: Emphasize multi-factor authentication (MFA).
• Least Privileged Access: Minimize access rights to the bare minimum necessary.
• Assume Breach: Always operate under the assumption that a breach may occur.

Sami noted that Google pioneered this approach with their BeyondCorp initiative. He highlighted that using a Windows PIN can be considered a form of MFA.

He humorously pointed out that hedgehogs share the same fingerprints as humans, suggesting a unique angle for MFA. He also criticized Remote Desktop Protocol (RDP) as a common vector for ransomware attacks and emphasized that there is no security when logging in as an admin. Lastly, he advocated for the importance of microsegmentation in enhancing security.

© Petra Katanic

Enhance API Data security with Defender for APIs / Joylynn Kirui

Joylynn emphasized the critical importance of API security, highlighting several key statistics:

• API Traffic: 83% of internet traffic is driven by APIs.
• Web Applications: 90% of web applications expose an attack surface through APIs.
• Attack Surge: There has been a 7x increase in API attacks over the past year.

She discussed the capabilities of CNAPP (Cloud Native Application Protection Platform), noting that Defender for APIs specifically supports API management.

Additionally, she introduced the Microsoft Threat Modeling Tool, which aids in identifying potential security vulnerabilities. She also highlighted the significance of code scanning within Azure DevOps infrastructure as a proactive measure for enhancing security.

© Petra Katanic

How to manage Healthcare data in Microsoft Azure / Péter Herbel & Janos Köskösi

Péter and Janos discussed effective strategies for managing healthcare data in Microsoft Azure, highlighting several key use cases for storing health data and potential data flows:

Data Flows:

• Device to Cloud: Utilizing smart devices (IoT).
• Patient to Cloud: Implementing mobile or web applications.
• Practitioner to Cloud: Supporting medical diagnostics.

They also addressed the DICOM standard, relevant in various areas, including:

• X-ray
• CT
• MRI
• Eye examinations

Health Data Formats and Standards:

• Azure Health Data Services: Supports standards such as FHIR (Fast Healthcare Interoperability Resources) and DICOM.

Azure DICOM Service Security Features:

• Virtual Network Isolation: Ensures secure data paths.
• Identity and Authorization: Controls access to sensitive data.
• Data Encryption: Protects data both at rest and in transit.

© Petra Katanic

52 mins from initial access to ransomware — is your defensive team ready? / Marteen Goet

Maarten discussed the pressing threat of human-operated ransomware (HumOR), highlighting the following points:

Key Characteristics of HumOR:

• Targets entire organizations with tailored attacks driven by human intelligence.
• Involves calculated data encryption and exfiltration, leading to significant business disruption.
• A successful defense requires a holistic security approach.

Impact of Ransomware:

• Business operations can come to a halt, necessitating expensive consulting hires.
• A significant 75% of consumers are willing to sever ties with brands affected by breaches.

Threat Statistics:

• 41% of ransomware victims choose to pay the ransom.

Main Vectors for Initial Access:

1. Exploit vulnerabilities in internet-facing systems.
2. Abuse authentication mechanisms.
3. Use malware to infiltrate systems.
4. Gain physical access to devices.

Key Takeaways:

• The threat landscape is rapidly evolving.
• Organizations should have a comprehensive response plan.
• Focus on securing identities as a foundational step.
• Enhance visibility using technologies like xDR (Extended Detection and Response) and SIEM (Security Information and Event Management).
• Invest in learning and leveraging Microsoft Security tools for better defense.

© Petra Katanic

Build your security data lake with Microsoft Sentinel & Data Explorer; a match made in Azure! / Koos Goossens

Koos discussed the integration of Microsoft Sentinel and Data Explorer, emphasizing their combined potential for creating a security data lake in Azure.

Key Points:

• Security Data Lake vs. Azure Data Lake: Clarified that the security data lake focused on Microsoft Sentinel and Log Analytics, not just a general Azure Data Lake.

Analytics Capabilities:

• High-performance, real-time detection.
• Comprehensive dashboard support across all tables with a data retention period of 720 days.

Basic Features:

• High-performance analytics at a reduced cost.
• Pay-per-request dashboard usage.

Auxiliary Features (in Preview):

• Low-touch data management with minimal costs.

Log Management:

• Defender logs have a retention window of only 30 days, but can be sent to Sentinel’s Log Analytics, which can be expensive.

Azure Data Explorer:

• Offers fully managed data analytics with high-speed data ingestion.
• Utilizes Kusto Query Language (KQL) for data queries.
• Features elastic compute and storage for auto-scaling and cost efficiency.

Storage Capabilities:

• Can retain data for up to 100 years.
• Supports data compression and optional SSD caching.

Log Ingestion Options:

• Data can be ingested through various sources, including Event Hub, Event Grid, IoT Hub, Cosmos DB, Functions, and APIs.

Benefits:

• Logstash can be effectively used for log management.
• Ingestion can be easily parsed using ADX commands.

Resources:

• Available GitHub repository for auto-deployment: https://github.com/TheCloudScout/m365defender-adx

Closing Notes:

• Caution advised regarding high-volume logs due to potential costs.
• More affordable tiers in Sentinel come with limitations.
• Azure Data Explorer (ADX) can serve as a cost-effective alternative.

Negative Note:

• Currently, there is no CoPilot feature for security in this context.

© Petra Katanic

Attack of the clones: multiply your Microsoft 365 governance superpowers with Azure Functions / Emanuele Bartolesi & Kas Nowicka

Emanuele and Kas led a session highlighting the importance of agility in enforcing governance policies and managing resources in Microsoft 365. They focused on strategically deploying Azure Functions to automate governance tasks and enhance compliance.

Key Highlights:

• Serverless Computing: Explored how serverless architecture can streamline user lifecycle management and facilitate real-time compliance audits.
• Robust Governance Strategy: Emphasized the need for a resilient governance framework to protect Microsoft 365.
• Practical Demonstrations: Attendees experienced hands-on demos illustrating how to effectively use Azure Functions as guardians for maintaining order and security in their Microsoft 365 environments, guarding against potential threats.

© Petra Katanic

Day 2

Zero-Trust Network Access to any legacy resource with the Power of Entra Private Access! / Pim Jacobs & Ronny de Jong

Pim and Ronny discussed the significance of Entra Private Access in enhancing Zero-Trust Network Access, especially in the context of a cloud and hybrid workforce.

Key Points:

1. Importance of Private Access:

   • The rise of remote work creates challenges for VPN capacity.
   • Entra Private Access facilitates secure connections to on-prem resources, Microsoft 365, and the internet.

2. GSA Components:

   • Involves users and devices.
   • Supports three potential tunnels to the Microsoft Edge.
   • Offers secure access designed with Conditional Access (CA).
   • IPSec tunnel support is available but not for private access.

3. Timeline for Private Access Development:

   • Development began in July 2020, featured prioritization in December 2020, and a public preview launched in June 2023 with General Availability expected in July 2024.

4. Moving Beyond VPNs:

   • Unlike traditional VPNs that provide extensive network access, Private Access allows for network segmentation through application publishing secured by CA.

5. Implementation Requirements:

   • Deployment of the GSA client and Private Access connector on-prem.
   • Hybrid identities in Entra ID for single sign-on (SSO).
   • Enablement of new diagnostic logging settings.

6. Implementation Steps:

   • Deploy the Private Access Connector and enable traffic profiles.
   • Use Quick Access for a streamlined experience.

7. Private Access Support:

   • Supported by Windows Hello for Business (WHfB) and requires proper DNS configurations for connectivity.

8. Preparing for Per App Access:

   • Involves configuring diagnostic settings, analyzing data, and creating application access configurations.

9. Considerations:

   • Issues may arise if the client is installed during the Out-of-Box Experience (OOBE) process.
   • Traffic profiles can be applied at various levels.
   • Not compatible with networks that do not support Private Access.

© Petra Katanic

The Graph API StarterKit for AVD and W365 Automation / Esther Barthel

Esther introduced the Graph API StarterKit, focusing on automating Azure Virtual Desktop (AVD) and Windows 365 (W365).

Key Points:

1. AVD Infrastructure:

   • Operates within Azure using ARM (Azure Resource Manager).
   • Utilizes Infrastructure as Code (IaC) through declarative templates.

2. W365 CloudPC Configuration:

   • Exists within Microsoft 365 and leverages Graph API.
   • Employs Configuration as Code (CaC) using imperative scripts.
   • PSCloudPC is referenced as a key resource by Stefan Dingemanse and Niels Kok.

3. Getting Started with APIs:

   • Graph Explorer: A tool to help users begin exploring the RESTful API landscape.
   • Postman: Recommended for initial experimentation with MS Graph API, with available resources in Microsoft Learn documentation.

The session aimed to empower attendees with the tools and knowledge needed for effective automation in Azure and Microsoft 365 environments.

© Petra Katanic

Empowering Azure: Lenovo’s Innovations in Edge and Azure Stack HCI / Esper Spokke

Espen addressed the distinctions between Azure Stack Hub and Azure Stack HCI, emphasizing their unique roles within cloud architecture.

Key Points:

1. Differences Between Azure Stack Hub and Azure Stack HCI:

   • Clear differentiation highlighted; they serve different purposes.

2. Importance of Certified Hardware:

   • Emphasized the necessity of using certified hardware, specifically mentioning Lenovo’s reliable solutions.
   • Built on Windows Server 2022, focusing on essential features only.

3. Licensing Considerations:

   • Licensing for Windows Data Center with Software Assurance (SA) is included, with the option to rent from Azure if not previously acquired.

4. Usage of Azure Stack HCI:

   • Primarily for running virtual machines (VMs) on Azure Stack HCI, enhancing infrastructure flexibility.

5. Lenovo LOC-A Integration:

   • Discussed integration features specific to Lenovo’s hardware, further strengthening their offerings in edge computing and hybrid cloud environments.

The session aimed to showcase Lenovo’s innovations in empowering Azure users through efficient hardware and software solutions.

© Petra Katanic

How to handle Azure Firewall policies & rules in IaC & DevOps – a personal story / Didier Van Hoye

Didier shared insights on managing Azure Firewall policies and rules using Infrastructure as Code (IaC) and DevOps practices.

Key Points:

1. Managing Azure Firewall with IaC:

   • Discussed the importance of Infrastructure as Code for efficient management of Azure Firewall.

2. Parameters and Orchestration:

   • Highlighted the use of PowerShell for handling parameters and orchestrating processes.

3. Firewall Rules Configuration:

   • Emphasized the use of JSON files for defining firewall rules.

4. Utilizing Git Submodules:

   • Suggested that using Git submodules could streamline management and organization of code.

5. Dot Sourcing Techniques:

   • Mentioned dot sourcing as a method for importing scripts in PowerShell.

6. File Management:

   • Recommended merging files via PowerShell and validating against schema files for consistency.

7. Auto-Submodule Updates:

   • Explained that automatic updates of submodules are possible, enhancing workflow efficiency.

This session aimed to share practical strategies and personal experiences in effectively managing Azure Firewall configurations within DevOps frameworks.

© Petra Katanic

Mastering Your Logging Ninja Skills with LogAnalytics v2 / Morten Knudsen

The session held by Morten focused on enhancing skills in LogAnalytics v2, covering several key topics:

1. Data Collection Rules and Endpoint: Understanding how to effectively set up and manage data collection processes.

2. Table Management and Schema Management: Learning to handle and optimize data tables and schemas for better organization and performance.

3. Data Transformation: Exploring methods to modify data for cost optimization and compliance with regulatory standards.

4. Auxiliary Plan: Introducing a new plan that can reduce log ingestion costs by up to 95% in specific use cases.

5. Monitoring Log Ingestion: Highlighting the importance of monitoring to ensure effective data collection practices.

6. Custom Log Data: Encouraging beginners to utilize custom log data for improved reporting, monitoring, and troubleshooting.

7. PowerShell Module: Presenting a new PowerShell module created by Morten, endorsed by Microsoft, which facilitates the transition to log ingestion APIs. This module has seen over 1.3 million downloads in its first year.

By the end of the session, attendees were equipped with valuable strategies for leveraging LogAnalytics to enhance their logging and data management capabilities.

© Petra Katanic

Cloud Migration and Modernization Mistakes You Should Avoid / Jonah Andersson

Jonah discussed the opportunities and challenges associated with cloud migration, sharing insights from her experiences as a developer and IT architect.

Key Points:

1. Opportunities in Cloud Migration: Cloud offers businesses avenues for innovation, scalability, and operational optimization.

2. Challenges and Pitfalls: The migration journey can be fraught with mistakes that hinder progress, emphasizing the importance of identifying and avoiding common pitfalls.

3. Critical Mistakes to Avoid: Jonah highlighted essential errors that developers, IT architects, and business leaders must steer clear of to ensure a successful migration.

4. Recommended Tools: Introduced useful tools for migration, including:

   • Cloud Adoption Framework for Azure
   • Well-Architected Framework
   • Additional tips for effective migration strategies.

5. Targeted Audience: The session provided valuable insights for developers, IT architects, and business leaders alike, with lessons drawn from Jonah’s own migration journey, which inspired her to write a book on Microsoft Azure.

6. Strategic Takeaways: Attendees were encouraged to leverage the knowledge shared to enhance their migration strategies and succeed in today’s cloud and AI-driven landscape.

Overall, the session aimed to equip participants with lessons learned and practical strategies to navigate the complexities of cloud migration successfully.

© Petra Katanic

Reflection

This year’s conference in Budapest was an exciting experience for both of us. There were numerous intriguing topics that we plan to explore further and many valuable tips and tricks that we will bring back to our professional lives.

As with any conference, there were some sessions that were less engaging, but that’s part of the experience.

A big thank you goes out to Isidora and her team, the speakers, and the sponsors—without whom this event would not have been possible.

We are already looking forward to Experts Live Switzerland in 2025 and are considering attending more Experts Live conferences across Europe, either as attendees or speakers.

Photo Gallery