Microsoft Ignite Australia 2017 – Day 3

After the excitement of the previous evening, the day kicked of a little later than the norm for me with the Elastic


One of the things I wasn’t especially aware of was the X-Pack by Elastic and that there is a free, basic version available of that after a 30 day trial. Elastic Cloud may also be an option if we do not want to have to run the underlying infrastructure but just be a consumer of the platform. Shortly after that the session became more of a deep dive into Azure provisioning Elastic with the ARM config files, which was a bit out of my depth.

Microsoft Azure Stack was next up and was certainly something that has recently caught my attention.


It was really interesting to hear that it’s not simply a case of downloading an appliance and deploying in your existing infrastructure to create an on-premises Azure presence. This is an integrated solution that requires the purchase of a particular infrastructure to create a “unit”, which you then have multiple units as necessary. It does make sense for this to occur given how closely Microsoft want to hardware to integrate with the software.

Also of great interest was the cost for the Azure  Stack software is based on a consumption model – after you pay for the hardware, the licensing fees are tied to the amount of resources you use – you don’t use it at all then you don’t have to pay anything for The Azure Stack (you do most certainly have to pay for the hardware hosting it though!).

I think this is definitely the technology to watch right now if you are in an enterprise that likes the concept of Azure platform, but have concerns about data being stored in a public cloud.

img_0179After lunch was a session that I was rather happily surprised as being quite relevant and interesting to some of the things I am doing now.

In particular, the cloud identity session introduced me to Azure AD pass-through authentication that is currently in preview.

Working somewhere that has not implemented ADFS, but where data sovereignty is a delicate topic, AD Pass-through provides a rather great way to provide authentication in the cloud without needing ADFS – but rather some lightweight connector proxies that communicate over port 443. I can’t wait to investigate this further once getting back from Ignite.

The last session for the day is Orin Thomas expanding on yesterday’s session about configuring and deploying Just Enough and Just-In-Time Administration

img_0182Just Enough and Just in Time administration is based on the premise that you should consider your network already compromised by attackers and that you now limit the ability for damage to occur by ensuring all administrative privileges are time limited and must be requested using PAM modules. This provides a means of knowing who has administrative access and when. This will probably be seen as lots of additional bureaucracy  for many “old school” admins, but is actually the way many modern infrastructure services are beginning to work, particularly in the cloud.

Just Enough Administration ensures that you only get the administrative access you need to do you job. An example of this is that traditionally PowerShell provides much more access to administrative functions than is usually required by some application admins, so it is possible to make a role to only allow access to the cmdlets needed to administer the service. This is a great idea where a server may hold multiple services that are administrated by different groups of people.

Of course, being the last night of MS Ignite, it can only mean one thing: After Dark!

Lots of food, friends and activities to keep everyone happy.

Tomorrow it will be all over. I’ve had a great time this year, and paced myself much better than my 2012 experiences, and am looking forward to the final sessions!