Joey on SQL Server

On the Floor of Microsoft Ignite: Day 1 Announcement Thoughts

Despite a smaller floor presence, Microsoft jumped out of the gate with some big announcements for IT and database managers.

• By Joey D'Antoni
• 10/12/2022

This week I am reporting and speaking from Microsoft Ignite in Seattle. This is my first visit to Seattle since the fateful month of February 2020, and my first visit to an in-person Ignite since 2019. From picking up my badge and dealing with speaker preparation call, this Ignite is a very different conference than Ignite 2019 (Microsoft expects to have 5,000 attendees worldwide this week, and around 3,000 in Seattle). There was no attendee check-in at the Seattle airport, and it only took me a minute or two to check in at the conference center. However, that does not mean Microsoft won't be making big announcements this week.

Microsoft CEO Satya Nadella's keynote on Wednesday framed digital imperatives that spanned across infrastructure, data, hybrid work and, of course, artificial intelligence (AI). I went through the keynote and assorted announcements from Ignite and identified what I thought were some of the most interesting things to come out of the conference. In coming weeks, you will read deeper dives on some of these solutions as I speak to program managers at Microsoft. There are a lot of announcements -- I chose the ones I thought were most interesting.

Autoscale Database IO for Azure MySQL
While I write, speak and consult on a wide variety of technical topics, databases are still at the heart of what I do, and database performance management is one of my favorite tasks. Hence, when I saw that Microsoft was introducing auto-scaling IO (input/output, or how many reads and writes the database has the capacity to perform) I was super excited.

While we still don't have a lot of detail on this, the general concept is that the performance capacity of the storage can change dynamically as the workload increases or decreases, overcoming one of the major performance challenges of PaaS database offerings. You will learn about this in deeper detail in an upcoming Joey on SQL column.

PostgreSQL on CosmosDB
When Microsoft acquired Citus Data (builder of extensions to PostgreSQL to support tables that were distributed across databases) several years ago, it seemed promising. On the NoSQL of CosmosDB, one of its biggest strengths is complete API protocol comparability with MongoDB. This feature allows you to use the wire protocol of PostgreSQL to talk to CosmosDB.

While the hyperscale features of Azure Database for PostgreSQL were compelling, the introduction of PostgreSQL support for CosmosDB is an exciting offering, considering that CosmosDB supports multi-master, multi-region configurations, and a common development experience between NoSQL and SQL deployments.

Introducing the Microsoft 365 App
Microsoft has made several attempts in the past to create centralized Web, mobile and Windows apps to perform various administrative and user tasks in the Office apps. This new app will allow for new experiences around creating documents, accessing files and content, discover applications that users have access to and perform common quick actions without having to context switch between various applications.

Beyond that, there is a feed showing files created by other users, and tagging, which allows users to organize their work by the use of metadata tags, like those commonly used by admins in Azure. This app is expected to launch next month.

Defender for DevOps -- OSS Vulnerabilities
Writing software in 2022 is a scary thing -- not only do you have to write code that is secure and avoids common vulnerability, but your applications also have to interact with any number of third-party open source libraries. A number of recent large-scale application vulnerabilities including Log4J and the SolarWinds attacks were through application components. At Ignite, Microsoft introduced GitHub Advanced Security and Defender for DevOps, which help secure your application code.

GitHub Advanced Security helps eliminate one of the most common risks in software development: secrets, keys and passwords that are stored in application code repositories. This solution will also block any code pushing containing secrets into Azure Repos. Additionally, GitHub Advanced Security will identify both direct and transitive dependencies for open source packages in your application code, and provide guidance from the central GitHub vulnerability database on how to upgrade those packages to mitigate vulnerabilities.

Finally, and near and dear to my heart, GitHub Advanced Security will use the CodeQL static analysis engine to detect code vulnerabilities, including SQL injection attacks and authorization bypass across a number of programming languages including C#, C++, Python, JavaScript/TypeScript, Java and Go. These scans run directly within Azure Pipelines, so your code never has to leave your environment.

Managed Environments for Power Platform
While low- and no-code solutions like Power Automate can deliver a great deal of productivity for end users, frequently IT administrators get nervous about traditional concerns data and application security. The introduction of Power Platform Managed Environments allows admins to have governance over these solutions. From my reading of the news release, it seems like this will integrate with many of the other Microsoft 365 governance features like data-loss prevention and the ability to limit sharing controls. Additionally, this solution will provide a weekly digest for administrators to identify the most-used and least-used apps in their Power Platform environments.

Entra Identity Governance
In case you missed it, earlier this year Microsoft rebranded its identity-related services as Microsoft Entra. At Ignite Wednesday, Microsoft announced Entra Identity Governance, which aims to help organizations ensure that the right people (or resources) have access to the proper resources at the right time. This preview aims to cover both cloud (Azure AD) and on-premises (Windows Server Active Directory) directories. Microsoft hopes this will further enable separation of duties and ensure consistent policies for all users.

Beyond this governance component, Microsoft has introduced risk-based policies for Conditional Access, which will allow admins to force more secure authentication methods for risky log-ins (you'll read more about that in a forthcoming article), and is allowing certificate-based authentication as a multi-factor authentication method.

Final Thoughts
You may have noticed SQL Server 2022 was not announced at Ignite. All I can say there is stay tuned.

While there are a number of themes around these keynotes, and there are always are, the big two themes that I noted are security and governance. While these two themes are slightly different, they heavily align -- you can't secure data and application assets that you don't know belong to your organization. Microsoft is doing its best to enable these solutions all within common frameworks.