Navigating confidential computing across Azure

by Contributed | Jul 7, 2021 | Technology

This article is contributed. See the original author and article here.

What is confidential computing?

Confidential computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). While cloud native workloads data is typically protected when in transit through networking encryption (i.e. TLS, VPN), and at rest (i.e. encrypted storage), confidential computing enables data protection in memory while processing. The confidential computing threat model aims at removing or reducing the ability for a cloud provider operator and other actors in the tenant’s domain to access code and data while being executed.

Technologies like Intel Software Guard Extensions (SGX), or AMD Secure Encrypted Virtualization (SEV-SNP) are recent CPU improvements supporting confidential computing implementations. These technologies are designed as virtualization extensions and provide feature sets including memory encryption and integrity, CPU-state confidentiality and integrity, and attestation, for building the confidential computing threat model.

Figure 1 – The three states of data protection.

When used in conjunction with data encryption at rest and in transit, confidential computing eliminates the single largest barrier of encryption – encryption in use – by moving sensitive or highly regulated data sets and application workloads from an inflexible, expensive on-premises IT infrastructure to a more flexible and modern public cloud platform. Confidential computing extends beyond just generic data protection. TEEs are also being used to protect proprietary business logic, analytics functions, machine learning algorithms, or entire applications.

Customers like Signal, for example, adopt Azure confidential computing to provide a scalable and secure environment for its messenger app. Signal’s private contact discovery service efficiently and scalably determines whether the contacts in their address book are Signal users without revealing the contacts in their address book even to the Signal service, making contact data inaccessible to any unauthorized party, including staff at Signal or Microsoft as cloud provider.

“We utilize Azure confidential computing to provide scalable, secure environments for our services. Signal puts users first, and Azure helps us stay at the forefront of data protection with confidential computing.” Jim O’Leary, VP of Engineering, Signal

Royal Bank of Canada (RBC) is currently piloting a confidential multiparty data analytics and machine learning pipeline on top of the Azure confidential computing platform, which ensures that participating institutions can be confident that their confidential customer and proprietary data is not visible to other participating institutions, including RBC itself.

“Now with Azure confidential computing, we can protect data not only at rest and in transit, but also while it is in use, which completes the life cycle around data privacy.” Bob Blainey, RBC Fellow, Royal Bank of Canada

Confidential computing use cases

We have observed a variety of use cases for protecting data in regulated industries such as Government, Financial services, and Healthcare institutes. For example, preventing access to PII (Personally Identifiable Information) data helps protect the digital identity of citizens when accessing public services from all parties involved in the data access, including the cloud provider that stores it. The same personally identifiable information may contain biometric data that can be used for finding and removing known images of child exploitation and prevent human trafficking, as well as in digital forensics investigations.

Business transactions and project collaboration require the sharing of information among multiple parties. Often, data being shared is confidential, whether it’s PII, financial records, medical records, private citizen data, etc. Public and private organizations require data protection from unauthorized access, including the people who regularly deal with that data. This includes computing infrastructure admins or engineers, security architects, business consultants, and data scientists.

The use of machine learning for healthcare services has grown massively with the broader access to large datasets and imagery of patients captured by medical devices. Disease diagnostic and drug development benefit from  access to datasets from multiple data sources. Hospitals and health institutes can collaborate by sharing their patient medical records with a centralized trusted execution environment (TEE). Machine learning services running in the TEE aggregate and analyze data and can provide a higher accuracy of prediction by training their models on consolidated datasets, with no risks of compromising the privacy of their patients.

Figure 2 – Some of potential business use cases that confidential computing help address.

Navigating Azure confidential computing offerings

Microsoft’s offerings for confidential computing extend from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and as well as developer tools to support your journey to data and code confidentiality in the cloud.

Figure 3 – The Azure Confidential Computing technology stack.

Azure offers different virtual machines for confidential computing IaaS workloads and customers can choose what’s best for them depending on their desired security posture. Figure 4 shows the “trust ladder” of what customers can expect from a security posture perspective on these IaaS offerings.

Figure 4 – The “trust ladder” of Azure confidential computing IaaS.

Our services currently generally available to the public include:

• Intel SGX-enabled Virtual Machines. Azure offers the DCsv2 series built on Intel SGX technology for hardware-based enclave creation. You can build secure enclave-based applications to run in the DCsv2-series of VMs to protect your application data and code in use.


• Enclave aware containers running on Azure Kubernetes Service (AKS). Confidential computing nodes on AKS use Intel SGX to create isolated enclave environments in the nodes between each container application.


• Microsoft Azure Attestation, a remote attestation service for validating the trustworthiness of multiple Trusted Execution Environments (TEEs) and verifying integrity of the binaries running inside the TEEs.


• Azure Key Vault Managed HSM, a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated Hardware Security Modules (HSM).


• Azure IoT Edge supports confidential applications that run within secure enclaves on an Internet of Things (IoT) device. IoT devices are often exposed to tampering and forgery because they are physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge by protecting the access to telemetry data captured by and stored inside the device itself before streaming it to the cloud.

Additional services are currently in public preview, including our recent announcements at Microsoft Build 2021:

• Confidential Virtual Machines based on AMD SEV-SNP technology are currently in limited preview and available to selected customers. To sign up for access to the limited preview of Azure Confidential VMs, please fill in this form.


• Trusted Launch is a Generation 2 VM that is hardened with security features – secure boot, virtual trusted platform module, and boot integrity monitoring – that protects against boot kits, rootkits, and kernel-level malware.


• Always Encrypted with secure enclaves in Azure SQL. The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE when the SQL statement contains any operations on encrypted data that require the use of the secure enclave where the database engine runs.


• Azure Confidential Ledger. ACL is a tamper-proof register for storing sensitive data for record keeping and auditing or for data transparency in multi-party scenarios. It offers Write-Once-Read-Many guarantees which make data non-erasable and non-modifiable. The service is built on Microsoft Research’s Confidential Consortium Framework.


• Confidential Inference ONNX Runtime, a Machine Learning (ML) inference server that restricts the ML hosting party from accessing both the inferencing request and its corresponding response.

We have seen different workloads having different requirements based on their ability to modify their code, or when they would instead prefer to “lift and shift” to be confidential. Figure 5 can be useful to help navigate the Confidential IaaS, Containers, Enclaves and the PaaS offerings in Azure.

Figure 5 – Navigating the Azure confidential computing offerings.

Conclusion

Our vision with confidential computing is to transform the Azure Cloud to the Azure Confidential Cloud and move the industry from computing in the clear to computing confidentially in the cloud as well as the edge. Join us as we create this future!

For more information on the current services please visit https://aka.ms/azurecc or visit our docs.

New transactable offers from Cyberus Labs, Imburse, and Palo Alto Networks in Azure Marketplace

by Contributed | Jul 7, 2021 | Technology

This article is contributed. See the original author and article here.

Microsoft partners like Cyberus Labs, Imburse, and Palo Alto Networks deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about these offers below: Cyberus Key: Built on Microsoft Azure for high scalability and strong security, Cyberus Key is a one-touch, two-factor authentication system for user identification and transaction confirmation. Cyberus Labs’ multi-layer, smartphone-based authentication platform offers password-free logon that enables businesses and online users to conduct streamlined yet highly secure web transactions. Imburse Payment Solution: Eliminate costly IT integrations and empower your insurance customers to choose their preferred payment provider with Imburse, a payments-as-a-service platform on Microsoft Azure for solving the complexity of individual payment provider integrations. Simply connect to Imburse once and gain access to multiple payment providers and technologies. VM-Series Next-Generation Firewall: Palo Alto Networks’ VM-Series virtualized next-generation firewall allows developers and cloud security architects to automate and deploy inline firewall and threat prevention with application deployment workflows. Integrate VM-Series firewall with Microsoft Azure Sentinel for a unified view of monitoring and alerting on the security posture of your Azure workloads.

Log Analytics – Open In Excel

by Contributed | Jul 7, 2021 | Technology

This article is contributed. See the original author and article here.

Intro

Log Analytics is a great way to gain insights and explore your logs.

In some cases, you might want to export your logs for additional uses. 

We are happy to introduce Open In Excel – a new Log Analytics capability allowing you to open your Log Analytics data in an Excel Workbook.

This allows Log Analytics users to create an Excel Workbook that is connected to Log Analytics and allows refreshing the data in the workbook using M-query integration to Log Analytics. 

To learn more about how M-query integration between Log Analytics and Excel works, click here.

Using Open In Excel in Log Analytics

To create an Excel workbook connected to Log Analytics, start by creating a query in Log Analytics.
Once you have a result set you are happy with, click the ‘Open In Excel’ button, located under the ‘Export’ menu in Log Analytics:

Log Analytics will create and download an Excel workbook that is connected to Log Analytics using M-Query integration:

Open the downloaded file and continue in Excel. 

Excel integration

Depending on your Excel settings, you may need to  click enable editing in Excel to allow the file to update.

Additionally, depending on your settings you may need to allow Excel to access external data connections, as the workbook uses a Log Analytics workspace as its data source.

Note: when using the ‘Open In Excel’ feature for the first time, you may be prompted to authenticate with Log Analytics. 

Refreshing data 

One of the great advantages of the ‘Open In Excel’ capability is the fact that the Excel workbook created is connected to Log Analytics and is refreshable.

This means that whenever you want, you can refresh your Excel workbook with new data from Log Analytics and all related Excel artifacts, like charts and pivot tables may be refreshed based on the new data.

To refresh your workbook, click on the ‘Refresh’ button located in the ‘Data’ tab in Excel:

Some notes:

1. ‘Open In Excel’ supports up to 500,000 records. Please note that the number of records may vary according to the response size. 

2. ‘Open In Excel’ uses the Log Analytics API – all API limitations, including result set size and query timeout applies on the ‘Open In Excel’ option. to learn more about the Log Analytics API click here.

3. Excel runs on your local machine, this means that if you open a large enough result set or perform complex calculations in Excel your local resources may be exceeded.

Summary and feedback

‘Open In Excel’ is a great new addition to the already extensive and powerful set of integration and export tools available in Log Analytics.

We hope you enjoy this addition.

We appreciate your feedback! comment on this blog post and let us know what you think of the this feature.

You may also use our in app feedback feature to provide us with additional feedbacks:

Discover Microsoft Certified: Power Platform Developer Associate

by Contributed | Jul 7, 2021 | Technology

This article is contributed. See the original author and article here.

Are you a software developer who extends and customizes Microsoft Power Platform? The Microsoft Certified Power Platform Developer Associate certification is designed for you. Do you wonder how you can use your Microsoft Power Platform skills to help advance your career and to earn the recognition you deserve? A Microsoft Certification validates to the world that you have these development skills—whether you’re just starting out and growing your dev skills, looking to use your dev skills to advance your career, or wanting to change to a new, in-demand development career.

Software development is core to the digital transformation in organizations around the world. Companies are investing in evolving technology, and they need devs who understand the next generation of automation. A Microsoft white paper on role-based tech training and certifications explains that the need for workers who are deeply knowledgeable about the latest technology is skyrocketing. If you want to pursue these opportunities, certification could give you a boost. Sixty-one percent of respondents in a Nigel Frank survey believe that certifications can give you an edge in the job market. In that survey, one participant observed, “Certifications are ‘worldwide,’ so I am able to prove to partners worldwide that I am familiar with the product, and not just based on local references.”

You can add your certifications to your résumé and LinkedIn page to alert employers to your expertise. In this post in our series on discovering your career path, we look at the benefits of achieving an industry-recognized Microsoft Certified: Power Platform Developer Associate certification after passing Exam PL-400, and we suggest other certifications that can be useful for devs—whether you’re just starting out or brushing up on your skills as a seasoned professional. 

The developer role and certification

Greg Hurlman, a Microsoft developer with more than 20 years of experience and a member of the Microsoft Power Platform Advocacy team, shares a helpful message with the traditional developer community—using Power Apps saves time and development effort. He points out, “I’ve been coding forever, but I will create an app with Power Apps first before I try to create anything with custom code—just because it’s so much faster and does so much of what you’re trying to do.”

You fit the profile for this developer role if you’re passionate about designing, developing, securing, and extending Microsoft Power Platform solutions. Developers who earn this certification must be able to create solution components (including application enhancements), custom user experiences, system integrations, data conversions, custom process automations, and custom visualizations. You need a strong applied knowledge of Microsoft Power Platform services and a basic understanding of DevOps practices for Microsoft Power Platform. In addition, your background should include development experience using JavaScript, JSON, TypeScript, C#, HTML, .NET, Azure, Microsoft 365, RESTful Web Services, ASP.NET, and Power BI.

You should have experience working with app makers, functional consultants, solution architects, and IT administrators. Your responsibilities are typically varied and include:

• Creating technical designs and Power Apps.


• Configuring Dataverse, Power Apps, and business process automation.


• Extending the platform and the user experience.


• Developing integrations.

Benefits of certification

Even developers with established skills need to stay ahead of the continuing changes in IT and technology. The role-based technical training white paper, mentioned earlier, reports that data shows the average life of a skill is about five years and that many technical professionals are only somewhat confident in their cloud computing abilities. Training and certification can help build that confidence.

There’s a growing demand for workers to build the next generation of automation. In the Global Knowledge 2020 IT Skills and Salary Report, over half of global IT decision-makers report that they expect their organization to invest in Microsoft technology this year. The survey also uncovered that IT professionals have plenty of opportunities to boost their pay. Those who earned a certification or learned a new skill could see an increase of as much as $12,000 a year.

In addition to highlighting your specific technical skills, a certification also indicates that you’re willing to learn new technology to get ahead and stay ahead. Employers are building tech-intensive organizations where people have not only the skills they’re looking for but also a willingness to embrace a culture of learning.

In the Pearson VUE report on the value of IT certification, many professionals report numerous personal benefits from having earned certifications, such as more credibility in the workplace and greater self-confidence. In the Global Knowledge survey, mentioned earlier, 93 percent said certified employees add more value, close skills gaps, are more productive than their non-certified peers, and meet their clients’ needs better.

Obtaining a variety of certifications can help you as you explore different pathways to success. Certifications give you career flexibility and earning options. The Global Knowledge survey found that the more certifications someone holds, the higher their salary tends to be.

Other certifications for you

Depending on your development skills and what you want to do with them, investigate the different Microsoft Power Platform certifications available to you. A Microsoft Certification signals that you have the skills that organizations are looking for when they hire and advance employees. Certification, combined with your drive and abilities, can help open career doors for you.  

Many developers hold multiple certifications. We recently profiled April Dunnam, a Microsoft developer on the Microsoft Power Platform Advocacy team. Dunnam, who had been a Power Apps and Power Automate Most Valuable Professional (MVP), noted that certification helped her break into her development career during a recession and that her multiple certifications signaled to prospective employers her readiness for other roles.

Those with experience creating application enhancements, custom user experiences, system integrations, data conversions, and custom visualizations with Microsoft Power Platform might consider earning a Microsoft Certified: Power Platform Functional Consultant Associate certification (pass Exam PL-200). This and your Microsoft Power Platform Developer Associate certification can help set you up for later success with a Microsoft Certified: Power Platform Solution Architect Expert certification (pass Exam PL-600).

How do I get started?

Technical acumen, agility, and flexibility characterize traditional developers. You’re driven to solve problems and create automated solutions. These days, you might not be following a traditional career path, but you have successfully built, customized, and extended Microsoft Power Platform apps.

However, if you don’t feel ready to take the development certification exam just yet, we recommend that you work closely with a Microsoft Power Platform or Power Apps developer that you know and take on a project or two to deepen your skills. Get some real-life experience designing, configuring, and customizing Power Apps. Explore training opportunities to deepen your programming skills, or take an instructor-led course. No matter where you are on your journey, we have training that can help you get underway.

To get started with this certification, check out our Microsoft Power Platform Developer Associate certification journey map. You can also find the journey map in the resources section on the Microsoft Power Platform Developer Associate certification and exam pages.

To map out your journey, follow the sequence on the Microsoft Power Platform Developer Associate journey map. Start at the beginning by deciding whether this certification is a good fit for you.

Next, choose the training you’ll need to be prepared. To understand what you’ll be measured on when you take the exam, review the Exam PL-400 skills outline guide. Then sign up for the training that fits your learning style and experience:

• On the certification page, choose curated learning paths and modules for Microsoft Power Platform on Microsoft Learn. Explore hours of free, self-paced online learning to help you get ready.


• If you prefer to learn from an instructor, review the instructor-led training from Microsoft Learning Partners. To learn more, check out Microsoft Learning Partners: Teaching the skills of tomorrow, today.

A practice exam is available for this certification. You can take a trial run for the Microsoft Power Platform App Maker Associate exam with the PL-400 Microsoft Official Practice Test. All the exam objectives are covered in depth, so you’ll find what you need to be ready for any question.

After you pass the exam and earn your certification, you can continue to broaden your technical expertise by taking one of the other certifications described in this blog post or by exploring other certification offerings. Consider our associate and expert certifications when you achieve the next milestones on your career journey. Map out the possibilities with Microsoft Power Platform and Dynamics 365 certification paths.

Where’s my community?

Join other developers in a community! Share your career journey with devs who have similar interests in Microsoft Power Platform technologies. Here are some places where you can share and gather information and learn from your peers and others.

• Microsoft Learn Community


• Business Applications Community


• Microsoft Power Apps Community


• Microsoft Power Automate Community


• Microsoft Power BI Community


• Microsoft Power Virtual Agents Community


• LinkedIn: Microsoft Power Platform job board


• Microsoft Power Platform Community: Forums, blogs, videos, support

Celebrate with the world: Post your badge on LinkedIn

When you earn a certification or learn a new skill, celebrate your accomplishment with your network. It often takes less than a minute to update your LinkedIn profile and share your achievements, highlight your skills, and help boost your career potential. Here’s how:  

• If you’ve earned a certification already, follow the instructions in the congratulations email you received. Or find your badge on your Certification Dashboard, and follow the instructions there to share it. (You’ll be transferred to the Acclaim website.)


• For more information on badges, check out the Certification Badges FAQ.


• To add specific skills to your LinkedIn profile, go to your profile page and update the Skills and endorsements section. Tip: We recommend that you choose skills listed in the skills outline guide for your certification.

It’s easy to renew your certification

When your Microsoft Power Platform Developer Associate certification expires, we’ve got good news. You can renew your current certifications by passing a free renewal assessment on Microsoft Learn—anytime within six months before your certification expires. For more details, read our blog post, Stay current with in-demand skills through free certification renewals.

Microsoft Power Platform resources

• Blog: Microsoft Power Platform


• April Dunnam’s Power Apps blog


• Microsoft Learn resources: Microsoft Power Platform


• Udacity: Training from Cloud Advocates for Microsoft Power Platform


• “Introducing Microsoft’s Power Platform Solution Architect Certification” | The Launch Space | Channel 9


• Microsoft Learn TV for Developers


• Discover your career path: Get started with fundamentals


• Video (April Dunnam): How to get started with Power Apps


• Video (April Dunnam): Microsoft Power Platform videos


• Video (April Dunnam): Power Platform Certification Guide

Ready to discover your career path?

Career prospects for developers are looking good. You’ve probably heard that millions of apps will be created in the next few years. To set yourself apart and ensure that you’re ready to be part of this tech intensity, remember that certifications validate your technical skills and experience. They’re a sign to employers that you’re ready to build for the future.