RunAs Radio

How do you test your database? While at NDC Porto, Richard chatted with Dan Mallott about building unit tests for transactional databases like SQL Server. Dan talks about using testing frameworks constructed for the purpose, like TSQL-T, to make it easier to test individual database elements, from stored procedures to column constraints. The conversation digs into the challenges around testing, tolerating the changes to the database, and tweaking how you write your T-SQL code to be more testable. But the power of getting database tests into your CI/CD pipeline is enormous - catch more problems in testing before they become problems in production!

Links

• tsqlt
• DbFit

Recorded October 17, 2024

What's happening with SQL Server Management Studio? Richard chats with Erin Stellato, now at Microsoft, about the big jump coming for SSMS. Erin talks about how folks felt SSMS was a bit neglected when the reality is that there was a push to catch up with its parent codebase in Visual Studio. However, the next version of SSMS makes that jump, which opens the door to some excellent extension models. The conversation dives into the role of the Copilots in SQL Server through SSMS - helping you understand databases, write queries, and diagnose problems - eventually!

Links

• SQL Server Management Studio
• Azure SQL Database
• SQL Server Integration Services
• SQL Server Data Tools
• SQL Formatter

Recorded September 26, 2024

How does Software-Defined Networking in Azure work? Richard chats with Aidan Finn about his experiences working with the suite of Azure networking products, including Firewall and Route Server. Aidan talks about the training available on Microsoft Learn to get up to speed with the power of Azure Firewall, including building policy rule sets. The conversation also explores the power of defining how traffic can move within your network to clarify when potentially malicious software is active.

Links

• Azure Firewall
• Secure Networks with Zero Trust
• Azure Route Server
• Azure Firewall Training
• Azure Firewall Policy Rule Sets

Recorded September 24, 2024

ARM for Windows is here in the form of the Snapdragon Copilot+ PCs - how do you update them? Richard talks with Aria Hanson about how Windows Updates treat ARM like just another Windows device - all the updates! Aria talks about the transition time with Windows 24H2 update, which has some specific Copilot+ PC features. But when looking at ARM-based Windows devices, don't just focus on the Copilot part; check out the great battery life and the simpler architecture that should lead to long-life machines. The conversation also digs into the Windows Insider program, which now has four channels for updates, in order of likelihood to blue screen: Canary, Dev, Beta, and Release Preview.

Links

• Windows Insiders
• Copilot+ PCs
• Windows Insider Blog
• Windows Autopatch
• Windows Autopilot
• Pluton

Recorded September 18, 2024

How can you secure your company information with Azure Virtual Desktop? Richard talks to Jim Duffy about his work helping companies comply with NIST SP 800-171 security standards. These are the new standards required for Department of Defense contracting - including all subcontractors and suppliers. The security standard is thorough, with over 100 requirements. And you have to be audited to show that you comply! Even if you don't work with the government, the NIST security standard is excellent, and Jim talks about how you can use AVD to create a secure enclave for protecting data. And if you need help complying with NIST 800-171, Island Systems can help!

Links

• Azure Virtual Desktop
• NIST SP 800-171 Rev 3
• Secure Future Initiative
• Island Systems

Recorded August 12, 2024

Can you pen test yourself? Paula Januszkiewicz says yes! Richard talks to Paula about taking an active role in understanding your organization's security vulnerabilities. Paula talks about the low-hanging fruit she often finds as a professional penetration tester - typically on poorly maintained infrastructure like PKI servers. The conversation digs into tooling you can use to find vulnerabilities - just make sure you trust the source of those tools. Not everyone is a good guy in open source! And, of course, there's always a time to bring in professionals to do a deeper level of testing. Don't wait until the breach happens to take some action!

Links

• Cqure
• Penetration Testing
• GitHub Secrets Scanning
• HaveIBeenPwned

Recorded August 22, 2024

How can OpenAI help you with PowerShell? Richard talks to Doug Finke about his experiences with ChatGPT and GitHub Copilot to help him write PowerShell and how he incorporated the OpenAI API into a PowerShell library to create a conversational interface in his PowerShell scripts! Doug talks about his productivity gains using OpenAI to write better quality PowerShell faster - helping him understand the code, automate test writing, and explore aspects of PowerShell he had never dug into. But beyond writing code for him, adding the conversational interface to a PowerShell script opens a whole new interactive opportunity to make it easier for folks to use scripts and do more with them!

Links

• GitHub Copilot
• PSAI
• GPT-4o
• Doug's Blog
• Doug's YouTube Channel

Recorded August 7, 2024

Microsoft 365 Data Governance has always been critical - but it's only getting more important! Richard talks to Nikki Chapple about her experiences working with companies trying to get their "data estate in order." That phrase is what Microsoft recommends before turning on tools like Copilot for M365. Nikki talks about how hard the goal of data security is - that it is just as tricky as any other security goal. Data security is an endless process that needs refining and work on routinely as new data and classes of data arrive in the organization. In the meantime, users are taking advantage of LLMs like ChatGPT for their work whether we want them to or not - so there is a need to act quickly to provide secure capabilities!

Links

• Data. Privacy, and Security for Microsoft Copilot for M365
• Exabeam Business Rewards vs Security Risks Report
• Microsoft 2024 Work Trend Index Report
• Microsoft Purview Data Security and Compliance Protections for Generative AI Apps
• Microsoft Copilot Studio for M365
• Entra Entitlement Management
• Shareable Links in OneDrive and SharePoint in M365
• Nikki's M365 Governance Blog
• All Things M365 Governance on YouTube

Recorded August 16, 2024

What does Windows Server 2025 bring to Active Directory? Richard chats with Orin Thomas about the new version of Windows Server coming and what to expect around Active Directory. Orin talks about how mature the Windows Server space is, so only incremental improvements are warranted, but they are important ones - like retiring NTLM once and for all. And when it comes to Active Directory, there are new secure features you're going to want, but you do need to up your functional level to get them, and that means getting to at least Server 2016 functional level first... then moving everything else. When was the last time you transferred a FSMO role? Orin also digs into the new certification practice options available, where instead of answering questions, you do the work and get evaluated - cool!

Links

• What's New in Server 2025
• Sandworm
• Active Directory FSMO Roles in Windows
• Windows Server Hybrid Administrator Associate
• Windows LAPS

Recorded August 6, 2024

Do you know how asymmetric encryption works? While at the Kansas City Developers Conference, Richard sat down with Eli Holderness to discuss many of the encryption technologies being used today—and the new options coming in the future! Eli talks about how symmetrical encryption and public key encryption have been the focus of modern encryption, especially on the web. But the ongoing security arms race means we have to keep tweaking encryption—what if we made a bigger leap? Asymmetric encryption offers huge potential - but there's still a long way to go!

Links

• Passwordless Identity with Eli Holderness
• Elliptic-Curve Cryptography
• Shor's Algorithm
• Isogeny Key Exchange
• Learning with Errors
• Chrome and Hybrid Kyber KEM
• liboqs
• Lets Encrypt

Recorded June 27, 2024