If you are new to Nerdio – welcome! If you are already familiar with us, you know we eat, breathe, sleep, and get a bit giggly around native Microsoft technologies. Azure Virtual Desktop, Windows 365, and Microsoft Intune are our “bread and butter” so to speak, though our platforms incorporate Microsoft technologies related to compute, storage, directory and identity management, profile management, and security.
Given our unique Microsoft value-add and insights, I wanted to share other existing Azure services service providers can take advantage of for better internal operations and organization that can help you deliver better outcomes across your customer base.
Azure Boards via DevOps
Microsoft’s documentation talks about Azure Boards as a software development tool, but if you look at it and break it down, it’s really project management and tracking. At Nerdio, we’ve retooled it in many ways, used it for multiple projects, big and small. Even if it isn’t your MSP’s go-to or preferred development management tool, it is a great way to track what you or your team have done in the past, archive tasks, and give people the credit they deserve.
The great thing about this is Azure AD (Active Directory) is the authentication method here. It uses your Azure AD tenant, all your conditional access policies, MFA (Multi Factor Authentication), things like that already in place, to give permissions to the boards and other related tasks.
In terms of licensing, it includes five licenses. It costs $6 USD per user at the time of writing to add additional licenses. Maintenance-free backups are automated and everything’s stored and saved. Setup takes only a mere 5-10 minutes.
It’s out of the box, really! This is a monitor collecting data from Azure Resources, and not just Azure Resources on-prem. It sounds crazy, I know, using Azure to monitor on-prem. More people should be doing it, and getting started requires’ an agent that you install on your on-prem devices. It works really well, puts that data in Azure so it can go with applications, VMs, and hosts. For security events – Azure Monitor integrates with Azure Sentinel, and it stores data in log analytics and workspaces.
Azure Monitor requires a VM agent and there’s a monitoring agent. Nerdio Manager can install that agent for you on your AVD host. So, if you don’t have this enabled and you want to use Azure Monitor, go into your host pool tonight and enable in properties.
Additionally, here are a few of the capabilities that stand out in Azure Monitor:
- VM Insights – Granularly see CPU usage, memory, check disconnections, connection times for all your VMs in Azure.
- Alerts with Azure Monitor – Think about the logic of data…. We have all this data. What do we do with it? You can take VM statuses, CPU thresholds, memory thresholds, things like that – and leverage to create alerts.
Sentinel is your SIEM, your AI and automation for taking the same data from all your resources, including Defender and Azure, not just VM resources. The beauty of Azure Sentinel is it has integrations with virtually everything including GitHub. If you go on GitHub and look at Sentinel Playbooks, there’s some amazing stuff. Go to GitHub, look at what they have, mold it to what you need, mold it to what your team needs.
Sentinel’s fun to play with, maybe just internally for your teams, making sure you are secure. It could get a little pricey with storage, but it is a great play alongside Microsoft Defender, something we know many MSPs are investing in and curious about. In some cases, Sentinel’s cost could be seen as the cheapest employee you can hire to turn data into meaningful operations and processes.
Let’s use a great example including Power Automate to show how Sentinel can benefit your MSP. There was a Sentinel incident, maybe a blocked IP. Something looked fishy, right? Sentinel automatically creates a record, in this case, they use ServiceNow as an example. This ticket came in, it’s a security risk. Sentinel sends an automated approval required email so someone from the help desk doesn’t even have to look at ticket. Incident response can be coordinated all from one email triggered, and one click.
One of the reasons that we like Power Automate is we can give this to somebody who’s a little less technical maybe, and they can do the same things you’re asking a senior technical engineer to do. Which, from our perspective, is freedom and efficiency.
AVD Experience Estimator
You should run this on every local network that you are going to deploy AVD on for yourself or your customers. Any location they have, you should estimate before you execute.
The AVD Experience Estimator calculates a round trip time to the AVD services, and it has to be run locally. When you receive complaints about latency, start here, and run the Estimator on one of their local devices. You might see that their network is having an issue, or it could be a backbone issue and get a helpful head start on troubleshooting.
Additionally, Azurespeed.com is another alternative and is a really great site that can give you some speeds per region, things like that. Why do you need these monitoring tools and contextual insights?
You might think that your region is the best based on your proximity to it, but who knows where their ISP is really going? In using these tools, you might find another one that’s actually faster. We’ve seen partners find one region next to their current may actually have some price deltas.
Azure Function Apps
This one of those easy things where if you’ve got your sandbox, your Azure subscription, you could go in there as soon as you get back home and publish your first Hello World application. So, Function Apps was Microsoft’s strategy to try to make that whole compute environment much more simplified in terms of having it be serverless. You give us your code and we’ll go run it for you.
In many cases, the plan types are very flexible when it comes to Function Apps. It can run in the background, it can be scheduled, it can do a host of things and in some particular cases, you can inject it into a network and do all kinds of fun things with it. Linux is the native backend OS for this.
To use a healthcare example to show how powerful this can be. We’re doing a function app within an environment; we’re talking a file server. You have the function app, super simple to set up the Python code itself, and then a requirements dot txt file. When you put those three things together, you have automation in the cloud that can go a bunch of varied directions. In healthcare, aligning with policies and procedures can be accomplished through some code and nice little scheduled python script using a multitude of modules.
I worked in healthcare IT prior to Nerdio and one thing I know like the back of my hand is healthcare providers, they’ll stick things here, there, and everywhere. For instance, Excel spreadsheets become the place valuable data can live – for instance, social security numbers. We as IT pros want to be able to troll for social security numbers that might be stored outside of our oversight or according to proper process. So, with a regular expression – one Python module, a function app, a little bit of code and a requirements txt – I have the ability to look into the file shares, including Azure files, and open and review files while looking for a regular expression with a high potential of being a clear text social security number. Flag those files you have now provided a very functional method for protecting healthcare information.
Azure Service Health
The fact that we’re a lot of people’s first phone call still when there’s an Azure outage, it’s surprising. Within every subscription that you have with a Resource Group, there is Service Health that you can access via the portal. You can consolidate your alerts and monitoring instead of having to go to status.azure.com. This way the information comes to you as opposed to reacting to situations and checking status.
You can also take Azure Service Health to the next level with Azure Lighthouse. You can take Azure Lighthouse and become that service provider working across multiple tenants. And when you marry the management aspect of Lighthouse with alerts and monitoring like Service Health, and now you’ve got something that’s actually meaningful. It’s taking that combination of that cross-tenant communication, making it service health across the board.
That does it on our list!
I know these services are constantly evolving and Microsoft’s pace of innovation and development is impressive. We at Nerdio are happy to help with any type of Azure education. None of this should be too hard to approach – and we have a plethora of helpful resources and staff at hand and ready to be of help to ensure that’s the case.