Extended Security Updates for SQL Server and Windows Server | Microsoft | Michael Durkan "Just one more year of ESUs. Then we'll migrate." Support for Windows Server 2012 ended October 2023. The ESU bills are escalating. The security exposure is compounding. The migration still hasn't started. And on October 13th (6 months time), the ESUs run out. We've been here before. WannaCry in 2017 caused billions in damages. The organisations hit hardest weren't running XP because they didn't know the risk. They were running it because migration felt harder than "one more year." Windows Server 2012 is the same conversation, and the threat landscape is significantly worse than it was in 2017. The difference now is that the tools have caught up with the problem: ✅ Azure Migrate automates discovery and dependency mapping (including File Servers) — the part of migration planning that used to take months of manual spreadsheet work. The inventory excuse is gone. ✅ Azure Arc delivers ESUs to on-premises servers securely while migration planning is underway. It's not a permanent strategy, but it closes the exposure gap while you build the exit plan properly instead of reactively. ✅ Azure Virtual Desktop is the path for organisations whose real blocker isn't the OS — it's the legacy applications running on it. AVD keeps those apps accessible without having to migrate the underlying infrastructure first. Most Server 2012 migrations aren't stalled because the technical path is unclear. The tools and roadmap exists. The blocker is usually a conversation that hasn't happened yet. Oh by the way - once you get past October 13th, you're on the run-in to Windows Server 2016 EOL on January 11th 2027. And don't forget SQL is also within this timeline as well. Are you going to sign up for another cycle of ESUs? https://lnkd.in/d33_3-a5 #Azure #HybridCloud #Migration #Security #MVPbuzz

Server 2012 ESUs end Oct 13. Costs rising, risk growing, migrations stalled.
It's not a tooling problem:

👉 Azure Migrate = discovery
👉 Azure Arc = ESU bridge
👉 AVD = legacy app access

It’s a decision problem.

tinyurl.com/htnkr5bz

#Azure #Migration #Security

Azure Quotas: Why They Exist and How They Actually Work If you have spent any meaningful time provisioning resources in Azure, you have almost certainly hit a quota limit at least once. Maybe a Virtual Machine deployment failed because the vCPU limit fo…

Quota errors in Azure aren’t billing issues — they’re capacity limits.

Scoped per region + SKU, and easy to hit if you’re not planning ahead.

I break down why they exist and what to do when you hit them 👇

michaeldurkan.com/20...

#Azure #CloudArchitecture

Create a fileshare assessment - Azure Migrate Learn how to create an Azure Files assessment in Azure Migrate to evaluate readiness, cost, and migration options for on-premises file shares.

Azure Migrate now supports Azure Files assessments (Preview) 🚀

Discover SMB/NFS shares, assess capacity, and get SKU recommendations before migrating.

Finally makes file share migrations less guesswork.

tinyurl.com/3tu5b62s

#Azure #Migrate #FileShares

What is a network security perimeter? - Azure Private Link Learn how Azure Network Security Perimeter secures PaaS resources with logical network boundaries. Control public access, prevent data exfiltration, and manage access rules for Storage, Azure AI Search, and Key Vault.

NSP now GA for Azure Service Bus 🚀

You can secure multiple PaaS services (Storage, SQL, Key Vault, Service Bus) with one perimeter.
⚠️ Requires Entra ID auth — no SAS.

Cleaner, simpler PaaS security.

tinyurl.com/4922bh6p

#Azure #Networking #Security

Three Azure Networking Assumptions That Will Burn You in Production Azure networking documentation covers a lot of ground. What it is less good at is surfacing the assumptions embedded in common configurations — the things that appear safe on paper but create real …

3 fundamental Azure networking rules:

👉 AzureCloud ≠ just Microsoft IPs
👉 0.0.0.0/0 UDR = all traffic, including Azure services
👉 NSGs don’t apply to Private Endpoints by default

No alerts or errors. The fix?

New blog👉 tinyurl.com/4zj7jwfb

#Azure #Networking #Security

AKS Identity and Access Control: Securing Your Cluster In the previous post on AKS Networking, we defined how traffic flows into, through, and out of an AKS cluster. We designed ingress entry points, internal service communication patterns, and control…

Most AKS clusters have a hidden security gap: identity.

Networking looks solid, RBAC is “configured”—but Workload Identity is often missing or over-permissive.

Least privilege doesn’t happen by accident.

Blog: tinyurl.com/3ffbdcfn

#Azure #AKS #Security #ZeroTrust #MVPbuzz

Azure Subnet Delegation: The Three Words That Break Deployments I’ve been working with a customer who wants to migrate from Azure SQL Server to Azure SQL Managed Instance. It was the right choice for them – they want to manage multiple databases, so…

SQL Managed Instance deployment failed. VNet fine. NSGs fine. Subnet size fine.

The issue? Subnet delegation.

Some PaaS services need exclusive control of a subnet—and Azure won’t always point you there first.

tinyurl.com/mrh24m5y

#Azure #Networking #MVPbuzz

“Why a Landing Zone?”: How to avoid Azure sprawl from day 1 (and still move fast) A Landing Zone is never the first thought when a project starts. When the pressure is on to deliver something fast in Azure (or any other cloud environment, the simplest path looks like this: Creat…

Azure sprawl rarely starts with bad planning. It starts with “we’ll sort the Landing Zone after the POC”, and the POC never ends.

My Azure Spring Clean post looks at how that happens—and how a Landing Zone prevents it.

tinyurl.com/32ww76fc

#Azure #AzureSpringClean #MVPbuzz

AKS Networking – Ingress and Egress Traffic Flow In the previous post on AKS Networking, we explored the different networking models available in AKS and how IP strategy, node pool scaling, and control plane connectivity shape a production-ready …

Most AKS networking issues aren’t Kubernetes problems — they’re traffic flow problems nobody mapped before deployment.

Plan ingress & egress early to avoid security gaps and performance issues.

michaeldurkan.com/20...

#Azure #AKS #Kubernetes #Networking #MVPbuzz

Microsoft’s Sovereign Cloud Strategy: is it really “Disconnected”? Image Credit: Microsoft Microsoft have just announced the General Availability of Disconnected Operations for Azure Local, M365 Local and Foundry Local. Reading between the lines of the announcemen…

Azure Local Disconnected, M365 Local & Foundry Local are now GA.

“Cloud without continuous connectivity” is compelling for regulated environments — but what does “disconnected” really mean in practice?

tinyurl.com/4hackadd

#Azure #Hybrid #SovereignCloud #Security #MVPbuzz

AKS Networking – Which model should you choose? In the previous post, we broke down AKS Architecture Fundamentals — control plane vs data plane, node pools, availability zones, and early production guardrails. Now we move into one of the most co…

AKS networking is a Day 1 decision. Get it wrong and it’s hard to change later. IP exhaustion or performance issues can force a rebuild.

Overlay = scalable & IP-efficient.

Node Subnet = direct connectivity but higher IP usage.

tinyurl.com/4nj9m8bf

#Azure #AKS #Networking

#azure #hybridcloud #azurearc #mvpbuzz | Michael Durkan If there's one thing that busines leaders and architects agree on, its this: hybrid isn't a temporary layover on the way to the cloud. For most enterprises, it's a 5 to 10+ year destination. The speed at which Cloud and AI advancements have evolved leads to pressure on business leaders and CTOs to go "all in" on cloud. The way these services are now bundled into licensing for the likes of Entra, Microsoft 365, Azure and Security offerings can lead to "FOMO" fears, as well as license-wastage worries. But that doesn’t always acknowledge real-world business factors. Many workloads remain on-premises for very good reasons: ✅ Data sovereignty and strict regulatory rules.   ✅ Ultra-low latency requirements for industrial or edge scenarios.   ✅ Legacy vendor applications tied to specific hardware.   ✅ Cost optimization for stable, predictable workloads. Recognising this reality reflects practical architecture, not a lack of innovation. The goal is to manage your entire estate consistently, wherever it runs. That's where tools like Azure Arc come in, extending the Azure control plane (think Policy, Monitor, and Defender) right to your on-premises servers. For VMware shops, Azure VMware Solution (AVS) provides a cloud bridge while keeping the operational model familiar. And of course, proactive FinOps remains critical. It’s not just about continuously optimising costs and avoiding surprises like orphaned or oversized resources that often lead to cloud repatriation, its also about ensuring that the licenses and SKU's you have purchased are providing maximum benefit. The best strategy is one that matches your business realities—not forcing your organisation into a cloud-only box. Thinking about your environment, which workloads do you see as likely to stay on-premises long term? #Azure #HybridCloud #AzureArc #MVPbuzz

Hybrid isn’t a stopover—it’s a 5–10+ year reality for many enterprises.

Data sovereignty, latency, legacy apps, and cost all matter.

Use tools like Azure Arc + AVS to manage consistently, and keep FinOps front and centre.

tinyurl.com/46abafxz

#Azure #HybridCloud #AzureArc

AKS Architecture Fundamentals In the previous post From Containers to Kubernetes Architecture, we walked through the evolution from client/server to containers, and from Docker to Kubernetes. We looked at how orchestration beca…

New Blog Post: AKS Day 1 architecture + governance decisions.

Get the foundations right before your first container goes live—avoid rework and security gaps later.

michaeldurkan.com/20...

#Azure #AKS #Kubernetes #MVPbuzz

#azure #techleadership #architecture #mvpbuzz | Michael Durkan Solution Architects can design a technically solid cloud infrastructure that is secure, compliant and resilient. Presenting to business stakeholders and budget approvers in a language they understand and is relevant to their business requirements is another matter. It's easier to connect the solution to the problem we are trying to solve if we lead with the "how" before explaining the "why." In the boardroom, it’s less about:   ✖️ The specific tools you're using   ✖️ Intricate technical implementations   ✖️ The latest security frameworks by name   ✖️ All the acronyms  What truly resonates with them is the business impact, including:   ✅ Business risk   ✅ Financial impact   ✅ Competitive advantage   ✅ Regulatory compliance   ✅ Customer trust  Shifting from a hands-on engineer mindset to becoming a trusted advisor means framing our architecture as the solution to real business challenges—not just ticking technical boxes. That’s how we move from useful diagrams to strategic projects with funding and impact. #Azure #TechLeadership #Architecture #MVPBuzz 

In the boardroom, no one cares about tools or acronyms—they care about risk, cost, compliance, and competitive edge.

Move from engineer to trusted advisor by framing tech as a business solution.

tinyurl.com/bdcpejtf

#Azure #Architecture #TechLeadership #MVPbuzz

Now GA: Azure WAF Default Rule Set 2.2. Aligned to OWASP CRS 3.3.4 + Microsoft Threat Intel for stronger zero-day protection.

Tip: start with PL1 before moving to Prevention—watch for common false positives.

azure.microsoft.com/...

#Azure #Security #MVPbuzz

Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog Learn how Windows is moving toward an NTLM-independent future with enhanced auditing, Kerberos enhancements, and a phased roadmap.

Microsoft is disabling NTLM by default in upcoming Windows versions.

If legacy apps still rely on it, time to prevent silent auth failures.

Audit NTLM usage now, explore IAKerb + Local KDC, and tackle the tech debt early.

tinyurl.com/3kmec9yw

#Security #Hybrid #Azure

What is Azure savings plans for compute? - Microsoft Cost Management Learn how Azure savings plans help you save money by committing an hourly spend for one-year or three-year plan for Azure compute resources.

That first Azure bill of the year hits always hits a nerve. Time to hunt the zombies: orphaned disks/IPs, oversized services.

Actions: run the Orphan Workbook, check Azure Advisor, fix tagging, model a 1-yr Savings Plan.

tinyurl.com/562z7jsh

#Azure #FinOps #CostOptimization

From Containers to Kubernetes Architecture In the previous post, What Is Azure Kubernetes Service (AKS) and Why Should You Care?, we got an intro to AKS, compared it to Azure PaaS services in terms of asking when is the right choice, and fi…

Kubernetes didn’t appear overnight—it evolved from real infrastructure pain.
Monoliths → VMs → Containers → Microservices.
At scale, manual management breaks down—that’s where orchestration (and AKS) becomes essential.

tinyurl.com/yjhmerwn

#Azure #Kubernetes #AKS #MVPbuzz

Have you submitted for #AzureSpringClean yet? CfS is open and we’re starting to build the bones of our schedule! Come be a part of it www.azurespringclean.com

"Security is too expensive"

Security costs are predictable. Breaches aren’t.

Build the right patterns early—identity-first, strong network boundaries, continuous monitoring. Invest in resilience, not overhead.

www.youtube.com/watc...

#Azure #Security #SecureByDesign #MVPbuzz

What Is Azure Kubernetes Service (AKS) and Why Should You Care? In every cloud native architecture discussion you have had over the last few years or are going to have in the coming years, you can be guaranteed that someone has or will introduce Kubernetes as a…

Kubernetes comes up in every cloud-native conversation, but running it isn’t trivial.
AKS gives you managed Kubernetes while keeping flexibility over networking, security, and scheduling when PaaS isn’t enough.

Blog: tinyurl.com/2rzzj8np

#Azure #AKS #Kubernetes #MVPbuzz

FinOps isn’t a cleanup task after migration—it’s an engineering discipline.
Build it in from day one: tag early, design for efficiency, and enforce cost governance continuously. Treat cost like security or performance, not an afterthought.

tinyurl.com/mtjpkjvh

#Azure #FinOps

GitHub - dolevshor/azure-orphan-resources: Centralize orphan resources in Azure environments Centralize orphan resources in Azure environments. Contribute to dolevshor/azure-orphan-resources development by creating an account on GitHub.

One of the easiest Azure cost wins: hunt the “ghosts” 👻

Orphaned disks, IPs, NICs, and idle LBs quietly drain budgets.
The Azure Orphan Resources Workbook makes finding and cleaning them up simple—and builds momentum for FinOps.

github.com/dolevshor...

#Azure #FinOps #MVPbuzz

Azure PaaS Security in a Nutshell RIP to the traditional Virtual Machine. Everyone wants serverless these days. PaaS-this. Cloud Native-that. You can see why though - PaaS services will always win when it comes to cost control, resilience, scalability, and most importantly agility for Development and Operations teams to create solu

Private networking in Azure boosts security—but it’s not a simple switch.
It changes architecture, CI/CD, DNS, and cost models. Teams that succeed treat it as strategy, not configuration, and invest early.

www.youtube.com/watc...

#Azure #Security #Networking #MVPbuzz

The Azure Pricing Calculator now includes a “Cloud-native apps on Kubernetes” scenario. It provides a TCO baseline for prod AKS—covering nodes, ACR, Monitor, and Defender—plus an architecture diagram. A great tool for planning and FinOps.

#Azure #Kubernetes #FinOps #MVPbuzz

You’re Already a Public Speaker (You Just Don’t Know It Yet) 2025 was a great year for me from a community speaking perspective. I had the opportunity to speak in-person at conferences like South Coast Summit, Nordic Integration Summit, and Global Azure and …

People often ask me - how do you get started as a public speaker? You may not realise it, but it's likely that you already are one.

tinyurl.com/4e56dyw7

#PublicSpeaking #Community #Azure #MVPbuzz

#azure #aks #security #avd #agenticai #2026goals | Michael Durkan My feed is full of "Here's what you need to learn in 2026" posts. If you're trying to follow every single recommendation, you’ll likely end up overwhelmed and not gaining much at all. I've seen it lead to burnout, and I've felt it myself. My advice is always to learn at your own pace, with an achievable goal that build's on top of a skillset you already have. 👉 For the experienced Cloud Engineer with strong networking skills: Build on that foundation by diving into Kubernetes and AKS. Your knowledge of the “plumbing” is a huge advantage for container orchestration. (Check out Microsoft Docs on AKS here: https://lnkd.in/dwY88E2n) 👉 For the Security Specialist: Mastered identity? Your next move is exploring Microsoft Sentinel to extend your skills into proactive cloud security. (Here’s a great starting point: https://lnkd.in/deBdypa4) 👉 For the End-User Computing Admin: Coming from RDS or Citrix? Focus on Azure Virtual Desktop. You’re leveraging familiar concepts but with cloud scalability. (Official docs: https://lnkd.in/dEFviS5d) 👉 For the Developer: Comfortable in your IDE? Layer on Azure Container Apps or look at how Agentic AI can be integrated into your applications. (Azure Container Apps info: https://lnkd.in/dTAGvg5U; For Agentic AI training path, see https://lnkd.in/dzVn_A67) Real growth comes from building depth, not just ticking boxes. It’s about making your learning manageable and tying it to your day-to-day work. What’s the next skill you’re planning to build that fits with where you’re at right now? #Azure #AKS #Security #AVD #AgenticAI #2026Goals

Seeing lots of “Here's what you need to learn in 2026” posts.

Trying to do all of it leads to burnout.

Build on the skills you already have—go deeper, not wider. Progress sticks when learning fits your day job.

www.linkedin.com/pos...

#2026Goals

One of my 2025 highlights was speaking at #NIS25 where I tackled a classic integration question: AKS or Azure PaaS?

Control vs simplicity matters—but the key is choosing what fits your team, not just the tech.

www.youtube.com/watc...

#Azure #AKS #PaaS #Integration #MVPbuzz

Azure Container Hosting – which service should you use? Its Christmas time, and that means its time for another month of the always fantastic Festive Tech Calendar. This was one of the first events that I participated in when I was trying to break …

Choosing the right Azure container hosting doesn’t have to be complex. From AKS to Container Apps, ACI, Web Apps & ARO, the key is picking the right tool for the job.

tinyurl.com/3y6s3czy

#Azure #Containers #MVPBuzz #FestiveTechCalendar2025

Azure Lab Services Is Retiring: What to Use Instead (and How to Plan Your Migration) Microsoft has announced that Azure Lab Services will be retired on June 28, 2027. New customer sign-ups have already been disabled as of July 2025, which means the clock is officially ticking for a…

Azure Lab Services retires on June 28, 2027. Now’s the time to plan your migration. Microsoft points to AVD, Windows 365, DevTest Labs, or Dev Box. It’s also a great chance to optimise costs.

More details: tinyurl.com/3c59sryh

#Azure #AVD #Windows365 #CloudStrategy #MVPBuzz