Session Information:

Azure governance and management

To the world we have today: Pierre Roman, with us. Pierre, if you could please join us.

Pierre is a Senior Cloud Operations Advocate at Microsoft. He engages with the operations and infrastructure communities on behalf of Microsoft. He's part of a team that drives growth and adoption of the zuri platform by provide upskilling guidance in bringing community feedback to the product groups. With over 25 years of experience in the industry, it brings a well rounded view of all facets of the infrastructure and operations life cycle, is skills enable him to relate to his audience and cultivate relationships at all levels, from the Nuts and Bolts, Ngai Ngai, and go to senior management levels. Pierre, it's an honor to have you with us, with very much look forward to your presentation.

Thank you for having me.

So I'm going to share my screen here.

All right.

So today, I want to talk about Azure Governance and Management. And first of all, for those of you who've looked at the agenda and think to yourself, this guy looks nothing like the head shots. That was on the agenda. This is my coven haircut.

That way, I don't have to go to a, a barber and have to wear the ... just to get my haircut.

So back to the back, to the topic at hand. So in this session, we're going to build up a little bit on what Domenech said in the last session. In terms of rethinking rethinking cloud governance.

You can reach me on Twitter is at.

Wired canuck is probably the easiest way for you to get in touch with me and while we say running with scissors, Azure governance and management is it's something that in a lot of cases it was almost an afterthought and let me show you a little bit, I'll tell you a little bit about why I think that is.

So when we're looking at, when we're talking to customers, and I've traveled the world and talked to many customers, big and small. And there's always things like, oh, we're a small company, so proper governance doesn't apply to us.

Well, we'll talk about why this is completely wrong.

Getting questions and questions, but comments. And it's all, we're just doing this little project in the Cloud, because our IT folks don't have time to get involved. So we're just gonna throw open the cloud for the duration of the campaign.

And then, when we're done, we're going to take it off.

And so we don't really need to build this big governance around. It is just going to be a one-time shot, or we're doing it little projects one at a time.

Again, this is not the way you want to think about this. We're new to the Cloud, so we're letting our development team figure it out.

This is very dangerous for many, many reason.

Most of what is, because you don't have control over which resources are being deployed, it's very easy for maybe somebody in your development team to say, hey, let me, let me spin up a five node Kubernetes cluster, spinning up, deploy a few workshop workloads on it, and then either forget to turn it off or to remove it when they're done, they're testing, and then you're incurring costs.

And the last one is, oh, this is just the prototype. We're trying this out. We'll think about proper governance when we're closer to production.

Again, all, this is just a very short, very small sample of some of the comments or or statements that customers, actual customers, have given me over the years of law since Cloud as it started.

So we have to start looking at this much differently, because that all of these comments are completely wrong.

So when we're looking at governance, or when we're looking at life cycle of any application or any workloads in cloud. And of course, I work for Microsoft. So I'm going to be talking about Azure. here, but this applies to pretty much all cloud deployment. So, first, you deploy, You migrate your workloads to the cloud.

Second, your should be securing, so making sure your security management, your threat protection.

Because cloud is an extension of your own data center, you're really looking at running your workload on somebody else's hardware, then you have to protect your workload. So, how do you backup the information? How do you backup?

The, the configuration. Do you do restores? What is your disaster recovery posture? Are you able to fail-over quickly?

Are you building a highly available multi region, uh, system that will be able to self heal?

Are you actually monitoring the application, the infrastructure? They, like all of the pieces.

That's Make up your situation, and your environment, your environment. Then, how do you have continuous configuration, So configuration, update, management, your automation, your scripting, this all has to be identified and configured.

And also, you have to set up your governance, typically, in cloud native, or small company, and I've worked with a lot of startups.

When they look at this life cycle, one of the things that happens is the security kind of goes, is the last thing they look at. So they really, They just migrate, and then they start working, They protect.

If they don't have an eye, A strong IT background, sometimes, the backup, or the disaster recovery kinda gets left behind, and a governance because governance is a business decision, not technical decision. So, it's a way to technically enforce business decision across your environment, which is either on prem or in the cloud, or in both are in a hybrid environment. So today, we're really going to look about governing.

When you're looking at governing your environment, the typical enterprise it's kind of walking a tightrope.

Because if you don't have any governance, you may end up with unexpected billing.

So VM size.

It's very easy for a developer, and as Dominic mentioned, in his session, you can spin up a new server in like NaN, to a minute.

But because it's not on your own hardware, you get to pick, Do I want a one machine, or a G five machine? A difference is, let's say, for sake of arguments, I don't know if the cost memorized top of my head. But the difference between $70 a month for an A one and $8000 a month for G five.

If you don't have any governance, or if you don't have any restrictions, or automation to prevent your IT and developers from spinning services, or VMs in your environment, and they spin a G, five machine, while you may end up with unexpected billing, you may not have budgeted for it.

And I'll tell you a real story that happened to me.

I was doing a presentation at a conference, much like this one, live, in this case.

And onstage I showed a script on how we can easily deploy a 10 node cluster using G two machines.

So G two machines are about $6000 a month.

The point was, I was able to deploy everything, and then resize it, and then resize it back to G two, to show growth, and to show scale, and to show all kinds of things. At the end of the presentation, I said, well, thank you very much. Have a good day. I closed my laptop and walked away. Forgot to turn them off.

The end of the month, I got my bill.

It was very unexpected. And then I realized what I had done. But there's no, there was no automation.

And there was no policies in place to keep me from doing that.

Number two, is, there's no way to associate costs with the profit and loss centers. So, if you're looking at your environment, and you have a marketing environment, and you have a sales group, and you have your core product group.

And each of them have campaigns and workloads that are running in the Cloud.

If you don't have proper tagging, if you don't have proper policies, if you don't have proper governance, there's no way for you to charge back to these individuals' department.

That way, when the bill comes in at the end of the month, all you end up with a is a very large dump, And then you have to manually figure out, OK, which server does that belong to? Which, which database does the marketing own, and so on.

Also, in Europe and in a, with the GDPR and in the Americas with the Patriot Act.

A lot of companies have compliance regulations, and it says that we're aware their data has to live.

If you're in healthcare in Canada, for example, your data must reside within company and within Canada, so we're looking at data sovereignty and data residency, which are two different things. Data sovereignty, is, which laws does that data, which laws apply to that data? And data residency is where does that data actually sits? Is it in Canada?

So, for example, if I'm a Canadian company, but I have an branch office in the US.

whether or not my data is in Canada or the US, because I have a foot, a corporate foothold in the US. The US laws, or the Patriot Act then applies to my data.

So for that, you absolutely have to talk to your legal department and figure out where your legal and compliance standpoint sits, but if you don't have any policies or governance, you are at risk on that end.

The other one is to resource without mandated security controls.

You can, very easily, in any cloud, deploy a virtual network, put a lot of workloads on them, open it up so that you can manage it remotely, and then leave open potential management ports. So RDP, SSH, all these ports, open to the Internet.

So how do you ensure that these ports are either turned off by default, that you've enabled?

Some security controls such as Git, so just in time administration or bastion servers or jump boxes within your network. So these are all kind of network security groups that may be added to your environment. But if you don't have a way to enforce that, then you're potentially leaving yourself open for some security issues.

So, and that's why we say that using the Cloud is like running with Scissors.

B, When businesses need to be agile, how can you be first to market? How can you grab that advantage or capitalize on new business trend? What do you do?

You run, you work fast, like you want to be first out there. You want to be first deployed to gamed at first the market advantage?

However, when you run without any kinds of safeguards around you, you can very easily.

Hurt yourself. That's why they did the analogy of running with scissors or you can make it to your end goal running with scissors, but if your trip anywhere along the way, you can stab yourself.

So, when we're looking at governance, we're really looking at technical governance, controlling access to resources, applying specific standard configuration that you have decided, and you have identified as a business, It's not a technology issue. It's a business issue. So you have to think about it that way.

How do you deny the creation of non conforming resources?

For example, if you're in the UK, and you have a requirement to keep all of your data and services within the UK, What happens if a specific cloud service is not yet available in the UK region? So you're thinking, I'm just going to put it in, in Western Europe, or in Ireland, or in the US, or anywhere else in the world. Do we have any of the 60 some other regions that we have in the world?

If you do that, your system will work and they'll function well.

That resources now are not conforming to your compliance regulations.

And the last thing is, how do you control and manage your cost, is really any system that is not cost efficient, will fail.

And when we're looking at Migrating, and Domenik talked a little bit about that, migrating from on prem to the Cloud, you really have to look at the workloads that you're upgrading, that you're moving the you're lifting and shifting. Lift and shift, by the way, is the first step, Because when you're lifting and shifting, you're going from VMs on prem to VMs in the Cloud. You're really not using any of the Cloud native.

Services that may bring a lot more cost efficient efficiencies, and also a lot more.

Flexibility and scale to your organization. So lifting and shifting is step one, then, re architecting, or replatforming, is the next step.

But if you're looking at a machine on prem that has just off the top of my head, 32 cores and a terabyte of ram and an en, um, 20 terabytes of disk space, and you take those specs, and you put them into the cloud, that machine may be a lot more expensive than you anticipated. You really have to look at what's your?

performance needs to me in terms of if you have 32 cores, but they're running at 5%, on average, then maybe you can afford in the cloud to be a little lower, and we'll get you in a little later in this presentation on how we have tools that can help you with that.

So, why should you care about governance?

Because without those Safeco, those safeguards, you can very easily end up in a ditch or or hurting yourself and your business.

So, those safeguards are really guardrails to keep you in the road.

Of course, you may bang yourself a little bit if you're not completely covered, and if you've not completely thought through all of your governance issues, all are areas such as security, access, control, cost management, policies, compliance, all of that.

But, at least, you are still within the road, and you're not completely a right off.

So, when we're looking about cloud native governance, it's really a way to remove the barriers to compliance so that it'll enable you to run fast without the fear that doing something really quickly will end up hurting yourself or costing you more than you than you expected.

So, period developers, the operators and management, they get together and they build policies, and they build restrictions and apply controls to this as the environment.

So, that's your development team, IT team.

Our business unit can go forward with their project, without having the fear, too, do something that may end up getting you in court or fined if it's out of compliance or even cost. You a lot more than expected at the beginning of your project.

It's all for governance in the Cloud for Azure, specifically.

We have multiple of tools that are built-in so the the you don't have to pay extra for any of those. These are built into your subscriptions. Number one is role based access control.

I used to say that, or I have better customer, to which I said, after a review, that all of their directors and VPs add full rights to change any resources in their environment.

Some of those peoples were non technical, There were great businesspeople, but what are not technical people don't, because they needed to view the information, in terms of what the cost was going on, the, how effectively, the resources were being used. They were given much more rights than they needed, because it was easy.

You can set up a role based access control. So an administrator can do this, a map management and above, and view all of the information, but not affect any changes.

Policies, so real-time enforcement policies, so to say that in the production environments, you cannot have a VM size that is outside of these families and outside of these particular sizes.

And, of course, you can have multiple policies that will apply to multiple environments, So your, your prod, and dev and testing environment may have several different policies, because you may not want to apply In your dev and test. The same horsepower that you would give to your production environment is, of course, your dev in your production and your dev in your testing environments. Don't have all of the load, that's all your customers.

And the regular business would apply to those services. So you can have real-time enforcement.

You can have compliance assessment to say, through your policy, does that apply to CPI compliance or anything? And you can even have them do remediation where something is deployed and it's out a policy. It will actually either roll back or effect some change to bring it back within policy.

So you have access control, and you have control over resources, can also setup, took to end. What too fast, you can also set of blueprints.

And when we talk about blueprints, we're talking about literally what a blueprint for a building is, where you have a document or a, a configuration for your environment. So if you wanted to deploy a new environment.

For testing, or for a new, a new campaign, then the role based Access control and the policies are already in it. They can have arm templates to automatically deploy a compliant network with proper security compliant compliance controls.

Already built-in.

So you can basically stamp that, built that blueprint on multiple different environments.

The resource graph, that within the Azure portal allows you to view a, kinda like a top-down, of all of the resources that you have.

You can export that to two, to the Power BI or spreadsheets in order for you to review our management group, because your systems, or your subscriptions, doesn't have to be a single subscription.

So you have an account, which is that company, basically who pays the bill, and under you can have multiple subscriptions for multiple departments. And those descriptions may have different resource groups that will hold a specific application and all of the dependencies for that application, that share the same life cycle for that, that workload.

And that year, our key can be defined.

So that's the resources on a specific resource group report, up to a specific subscription.

And then, you can break down all of the costs in your environment to basically define it to your organizational hierarchy. And, of course, all of these contribute to costs.

But you can also, through the Azure portal, very easily monitor your cost thier spent and optimize the resources through some tools that I will show you in a little bit.

So, there's a lot of things there. And what I typically tell my customers is to start off small, and then scale out. So, start one piece at a time. For example, Let's start with role based access control. When you're looking at role based access control, define specific roles of reader, so that people that need access to actually observe the environment, but not actually affect any changes.

You can do this at the subscription, or the Resource group level.

You can have resource specific or custom roles, in terms of your tech support. May be able to restart a VM, but not be able to create new ones.

Because their support, they're not architect. And they're not the people that are building your workloads. There are people that are supporting it.

Of course, contributor roles and owners, the owners have all rights. And that's basically your, your break glass accounts that you wouldn't want to have any, but nobody should be running with a owner account for their day-to-day work. There's too much in terms of risk to get anything done in there.

And of course, all of that can be also added to automated process.

Azure policy is a way to define encode what you are actually allowed to do.

So, for example, what you see there is a very, very, very minor policy that say they, that all of your resources have to be tagged and tagged with a cost center code if does, the field doesn't exist when the resource is deployed.

It will actually append one for you based on the tag that has been assigned to the resource group. So, there's multiple ways of applying policies.

You can apply a policy, and A observing, a methodology where the policy will not change anything mobile report, when things are out of policy.

You can have a policy that will, um, be applied, and then block things that are, or block, or meet remediate things that are outside of that policy. And of course, because of our GitHub action, you can use Policy as Code.

So as you change your policies and check it into your code repo, that policy or that change will automatically be applied to all the environments where it applies.

So there's the Automation.

The blueprints is a way to allow engineers to define and orchestrates automatic rollout of those environments, including role based access control, and policies that we talked about, but also they lay down, as I mention, that Foundation funding from dimensional infrastructure. So the work, the, that the network, the security group, who's got access, which IP address are going to be used, and so on.

So you get all of that information, And the way it works is you're a Cloud engineer or with management, of course, you create the blueprint, you add the artifacts, so your Azure resources that are going to be used within that blueprint. Identify which ones can be spun up by default, it creates a blueprint that can now be applied to any other environments, such as management group, or subscriptions, and so on.

So now we've talked about, we've talked about role based Access Control, we've talked about Policy, we've talked about Blueprint.

The last one is Controlling your spend with Azure and Cost Management.

And if we look at the Portal, and this is just a snapshot of my, my own portal for my own subscription.

And I wanted to show you that, in its use, you actually do see, very clearly, a cost analysis. So, what services are costing you, on a monthly basis, where are your spent actually being assigned to rich resource groups? Are you spending your in farm environment to?

And if you look on the left side, you can set up cost alerts.

So, when your budget goes over a certain amount to actually raise an alert, maybe some things, somewhere is not what you expected it to be, and that's fine.

We're not talking here at this point of blocking yet.

We're talking about bringing it up to the surface. So, giving you the environmental, giving you the visibility into it, you can see the invoice, You can actually see advisor recommendation, and those advisor recommendation will, let's say, look, for example, at your VMs.

And if you have a VM that's sitting at 10% utilization month over month, be advised our recommendation will suggest a new family of VMs or a new size for that VM. That will give you the same performance, but without the associated added cost.

Well, this is all part of the portal, and it's completely free and ready for you to use immediately.

So when we're looking at continuous cost management, but we're really looking at, is gaining visibility into your environment in terms of cost analysis. Where am I spending my money? What am I spending my money on and isn't really what I expected? You can export that to a storage account, so you can do historical analysis of your cost growth over time.

You can export it to a Power BI dashboard that you can customize so that you can show your management or your upper management, the state and the health of your environment in a easy to drill down dashboard that easy to understand.

Of course! We have accountabilities.

So, how do we make sure that we have budgets, that we set budgets, and now, we're notified when those budgets go over, set up alerts to, through the proper authorities and the proper people within your environment to need your enterprise?

That's Something has gone wrong. Something is above what we expected, and then we can have a discussion, as to whether it's warranted. Was the budget set too low, or did the implementation overstep?

Then you look at that and managed group in terms of All of these costs go to marketing. All of these costs go to sales. All of these costs go to products and that way you have a great understanding of where you're spending your money and whether or not the roi is worth it.

And last is Recommendation.

So the Azure Cost Advisor recommendation will look at all of that information and provide you with actionable feedback us, too, What your environment looks like, and whether or not there are options for lowering your costs, but providing you with the same performance in the same environment.

So, to get more information after that, there's a very easy link here, AKA dot ms. slash, Azure dash governance. This is, where are you going to get all of the information about policies, about role based, access control, about blueprints? All of our new information. You get all of the technical documentation, but also the overviews on how to set up proper governance. In your environment, Governance is not a technical issue.

As I mentioned earlier, it is a business decision meant to enforce business requirement and business limitation in terms of compliance to an environment that can very easily grow beyond what's expected or beyond what is required.

So I highly recommend that you go and check that out, AKA dot ms.

slash, Azure governance and get informed as to what is possible for you to manage your environments so that you can quickly deploy to market without having some issues and getting out of off the road and off the superhighway. I'm showing my age here.

So, with that being said, thank you very much. And we'll be on for more Q and A So my name is Pierre Roman, and you can reach me at at wired canuck on Twitter. Thank you.

Pierre, thank you very much for for the presentation. I'm going to ask you to stop sharing the presentation now so that the audience can see us on the full screen.

Perfect. So thank you so much for those insights. Again, for those in the audience, I have seen some of the questions that have come through here, and feel free to ask additional questions. I'll keep monitoring the Q&A box here for your, for your questions.

one of the, it's a similar kind of touched on some of the questions on our previous session and, curious to know about your insight about this related to the impacts of the pandemic on what's happening with cloud migrations nowadays beer. So, what are you seeing across industries across the different customers that you're working with? Is a slow down, it says, Acceleration of those migrations. What does that look like this days?

We have seen about three years worth of digital transformation, scrunched into 4 to 5 months.

People have realized that their staff now needs to work from home, therefore, they need to set up an environment where employees can connect, and that's just the internal facing applications. Then their staff can connect and manage and do their work. So a virtual desktop has been a great boom.

The other things like Office 365 for collaboration, and SharePoint Online, and Teams, Teams has just skyrocketed in terms of allowing organization to meet.

just like they would with if they were in the same office, But By doing it from anywhere in the world.

Um, so the work from home and the respecting quarantine without affecting productivity. This has been.

it's been huge and it actually has been a bit of a challenge in terms of of capacity for all of the Cloud providers, where, in some region, we quickly ramped up to a capacity where the hardware, because we we deploy new hardware and and and data centers as fast as we can get hardware.

But because of the pandemic, the, the parts and the, the material wasn't coming as fast because those manufacturers were also slowed down.

So we weren't able to keep up with some of the growth because we were also affected by the pandemic but we've actually resolved that now by issuing quotas on our own internal testing environment and so on to favor customers, so, capacity is back where it should be. But, yes, years' worth of digital transformations, crunched into a few months.

It's been, it's been actually quite exciting things to see.

And I think that the industries and the enterprises have now realized that there may have been a better way of doing things. And we didn't have to hold on to that. On prem footprint, that's like, I'm a server hugger. I liked my blinky lights and the comfort of knowing that server number three is right there and it's it's running because I can see it.

But the cloud does open so many possibilities in terms of efficiency, speed, and capabilities that now, I think, more than ever, enterprises are started to realize that.

And you touch on a point, that is a question that several of the participants have brought up. At least I'll paraphrase the theme, which is, a lot of organizations have move, have migrated to the cloud, and then, you know, there is much more than just a migration of storage to the cloud. There's processing on the cloud applications in the cloud, and the cloud keeps getting more, and more prevalent in the way that they work. For those organizations that have not taken advantage of those capabilities. What do you feel is, are the major hurdles that they have to overcome, is it a lack of knowledge about capabilities? It's about fear of losing control. Is it about security? What do you see as a major impediment on those who have not yet taken advantage of these opportunities?

I'll give you the consulting answer, which means it depends.

But, there are a lot of cases.

It's a combination of all of that. It's.

Comfort with your, on prem, change is hard, but when you're changing, something that's been running for, potentially, decades, in a in a very specific environment, and it's the, it's a well oiled machine to actually make a change is scary.

Unknown.

Because you don't exactly know how your system is going to react when you're move it.

What else is going to break? Because in every environment, you have, let's say, I'll take a database, for example, and you have a database that supports a specific workload.

But for a separate workload. They needed to do a lookup so they they made a connection to the database, just a lookup, let's say a part number or, or a customer name or a customer ID.

And, but this wasn't documented because, of course, a lot of these things happen because business need to work fast, so we need to get this going, where can I get that information? Or, If you connect to that database, it's got it, OK.

Done, and then we move on, then you move that database to the cloud and now you have now broken other workloads.

So there's that fear, that's OK if I move this, what else am I going to for A break.

There is the in some organization where cost is like the margins are really, really tight, especially in this day and age. How do you spend the money to train your employees, so that they would gain the knowledge that they need in order to move, not only move, but manage the environment into a cloud environment. Whether it's AWS, Azure, Google, or others?

There's a learning curve there, so if where, depending on where you are in the learning curve, there's going to be a fear and a need for you to train your employees. Or, if you're an independent, how do you make the time to get that knowledge?

And while you're doing that, you're not actually billing. And you're not actually getting revenue. So those are all, others are complaints.

If you're in health care, if you're in government, if you're in security of the guns and badges portfolios in terms of, like, the National Defense policing security, are they allowed to the cloud, or are they allowed to specific cloud, or are they allowed to different regions?

These are all legal requirements that, in a lot of cases, have not been drilled into because those legal requirements were written back when the cloud didn't exist or was just a gleam into somebody's some somebody's eye.

So, we're trying to comply to compliance documentation that was written when the technology did not exist.

So we have to start looking at that compliance as well, to see that that applies. So all of these are factors that affect companies that have not yet made the cloud, They, the jump.

And startups are typically cloud native, because they don't have that legacy, they don't have that.

That's that information or that that the environments that they've built on over decades are brand new. They can go and go quickly to the Cloud.

Larger organizations that have been around for a long time are a separate beast altogether, But governance is key to both of these.

And moving to the Cloud, as Dominic mentioned earlier, and now as I mentioned at the beginning, lifting and shifting is only step one.

Then you have to start looking at what other cloud services can I use to more efficiently run that environment with more performance and lower cost in order? Because, really, a VM is not a cloud service. Hosting the VM is, but the VM itself is not a native cloud service.

So we have to everybody, all environments, enterprises, have to look at all of these things to get comfortable enough to move on. And we've got lots of resources on, on learn, which is microsoft dot com slash learn, where you can actually run through some scenarios, in sandboxes and technical documentation, to help you gain that knowledge and that familiarity with the cloud, so that you can more easily migrate.

Very good. Appreciate the depth, and the transparency, and the on the On the answer. Very good insights you have, just share with us. one of the theme that has emerged here has to do a little bit more about keeping up with changes in the capabilities. And technology related to cloud is, it's almost a full-time job. And curious if you could summarize for us. If you look at the last 12 months or so, what may have happened in terms of development that people may not even be aware off in terms of capabilities. If you look back at the last 12 months, what would be 1 or 2 things that you think are worth talking about?

Oh.

one of the major things that has happened in cloud, especially in Azure, is the blurring of the lines in between Linux and Windows.

Of course, Azure is the best place to run a Windows server.

However, a large percentage of our capacity is now being run on Open Source. So.

Things like that are typically Linux, for example, like Kubernetes, and costs.

And, um, Docker containers and soft that typically, I've, I've been, historically, on the unix side, have now bled over and are running on Windows, and can run Windows Container, the same as our web services, or dot net.

That typically has been almost uniquely, a Windows world, is now blend with dot net Core, that you can deploy, or build an application and dot net, but deploy not only on the Windows platform, but deploy it on a Linux platform with the Linux backend.

So there's a blurring of those lines where it doesn't matter what you're deploying or what you're building in, which with language you're building it is the options for you to move it to the cloud, into an environment that fits your needs, are grown tremendously.

VDI that I mentioned earlier, so a virtual desktop infrastructure.

It has grown tremendously in terms of giving the opportunity and the capability of environments to dedicate specific resources to specific virtual desktop.

For example, if you're somebody that's doing CAD work for word for, for blueprints and so on, and you need highly available GPUs, too, for that display, you can actually assign GPUs to your VDI infrastructure. And the same with AI, where.

AI has now built into practically everything.

I'll take an example of the Azure Security Center, where there's an AI behind it that looks at all of the logs from all of your machines, and all of your services to detect things that are out of the ordinary.

Like when I started my career 25, 30 years ago, we had we had to basically log onto every server or dump the logs from every workloads. And then go through them either manually or with some kind of scripting engine, to actually pull out things that we weren't expecting. And it took a long time. And the human brain is not built to go over thousands of lines of logs to find a 1 or 2 that are out of place.

AI is specifically designed to look at stuff like that.

So our us, Azure Security Center will look at all of your logs and pull out the 1 or 2 things that are out of the ordinary and raise the alert for you to say mm care is in Ottawa.

And he's logged in and Ottawa, but somehow he's also logged in in our South Africa data center.

That's out of the ordinary as he been compromised, a, as his credentials been. Act. Or it could be very well be that I've got a remote session to that place and a remote session to North America.

It doesn't mean that it's bad but it's something that needs to be investigated. The same with phishing attempts there.

Who got the e-mail or who opened it, and so on so that they those AI.

An AI is now a building block of cloud service that really should be looked at by any enterprises that are looking at deploying more large workload in the cloud. Because of the thoroughness of the analysis that can be done on the large amounts of data that allow all of these enterprises gather.

So these are the few things that I've noticed in the last 6 to 12 months where there has been a great leap forward, in my opinion.

Fantastic appear. Unfortunately, we're out of time. Now, we could certainly keep going the conversation here. And I, and I encourage all of the participants, look up at the our LinkedIn, for our, for this conference, I have made a post. You can just look up my name and posted there, If you have a question, follow up on the question there, feel free to do that.

We'll try to connect back with the speakers, but, you will, very much thankful and grateful for your time and insights, very interesting review of governance and the and the and what's available, and how it should be done. So, on behalf of our global community, from Ottawa to the world, Merci Beaucoup, Miami. Millimeter, save, SC.

Thank you very much, And, have a great day. And stay safe, everyone.

Thank you very much. Thanks.

All right, ladies and gentlemen. That was Peoria Roman, Senior Cloud Operations Leader and Microsoft, and that he shared grading sites about cloud governance with us, and that sets us up for our last session, of our of the day, and the last session of or are they will come directly from Sweden and that we have the CEO and Founder of Innovation for 60 Magna Spanker talking to us directly about decision making in uncertain times and innovation acceleration at a global scale.

Magnus is an author and expert in the area of innovation, acceleration, and working with global Fortune 500 companies on implementations of innovation acceleration systems, and he's going to bring all of that to his talk, and to his live Q&A with us, as well. So do not miss the session, is starting at the top of the hour. I'll be back with you, and the Magna Spanker. Thank you.