Managing Patching – Who Loves It and Why It Matters

Managing Patching – Who Loves It and Why It Matters

by | Dec 18, 2018 | Patch Management, Patch Releases

Automate Patch Management with SnaPatch

Patch management doesn’t have to feel like a gamble. If you’re still relying on manual processes, you’re exposing your systems to unnecessary risks. SnaPatch streamlines patching for SCCM environments by combining automation, snapshot protection, and alerts to keep your infrastructure secure.

Why Manual Patch Management Is Risky

Every month brings new vulnerabilities via Microsoft’s Patch Tuesday. Without proper testing and automation, deploying patches manually can be time-consuming and risky—especially in environments with custom or sensitive server configurations. Missed patches or failed updates could lead to outages or security gaps.

Many IT teams use testing environments to simulate patch impact before rolling out updates. But when time or resources are tight, User Acceptance Testing (UAT) gets skipped, and patches go live untested—opening the door to potential issues.

Introducing SnaPatch

SnaPatch is a powerful add-on for Microsoft SCCM that automates patch deployment while giving you a rollback safety net. It creates snapshots of your VMs before patches are applied, and if something goes wrong, you can easily revert the changes. After a defined time, those snapshots are automatically deleted to free up storage.

Roll the Patch Management Dice

SnaPatch also provides real-time email notifications so you’re always in the loop during patch deployment. From start to finish, you’ll have visibility, control, and peace of mind.

SnaPatch Benefits

  • Automated snapshot creation and deletion around patch deployment
  • Email notifications to track patch progress and outcomes
  • Faster recovery in case a patch causes system failure
  • Less time spent on UAT and manual intervention
  • Greater consistency and compliance across environments

The Bottom Line

Patch management may never be fun, but it can be fast, safe, and reliable. With SnaPatch, you take the risk out of patching and put time back in your day. Don’t roll the dice—automate your patching strategy and protect your VMs with SnaPatch.

→ Learn more about SnaPatch

Microsoft Azure IaaS (Infrastructure as a Service) Overview

Microsoft Azure IaaS (Infrastructure as a Service) Overview

by | Dec 9, 2018 | Azure, Cloud Computing

Microsoft Azure Infrastructure as a Service (IaaS) Platform

What is Infrastructure Service (IaaS)

Infrastructure as a Service (IaaS) is an IT infrastructure provided and managed on the Internet. IaaS is a form of cloud computing that provides virtualized computing resources on the Internet. Microsoft Azure IaaS offers a variety of platforms to build application and deliver value to your user, from IaaS (infrastructure as a service), platform offerings like managed SQL in PaaS (platform as a service) and fully managed offers in SaaS (software as a service).

Azure IaaS helps you avoid the costs and complexity of purchasing and managing your physical servers and other data center infrastructures. Each feature is offered as a separate service component, and only one rental is required. The cloud service provider manages the infrastructure during purchase, installation, and configuration.

What is the difference between IaaS, PaaS and SaaS?

IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) are all models of cloud computing that provide different levels of access to computing resources and application management.

IaaS provides virtualized computing infrastructure, such as servers, storage, and networking, over the internet. The user manages the operating systems, middleware, and applications.

PaaS provides a platform for developing, testing, and deploying applications, including web and mobile apps. The provider manages the underlying infrastructure and provides development tools, such as databases and programming frameworks.

SaaS delivers applications over the internet, which are managed and maintained by the provider. The user typically accesses the applications through a web browser, without having to manage any underlying infrastructure.

In summary, IaaS provides the most basic level of access to computing resources, while PaaS offers a more complete platform for application development and deployment, and SaaS provides fully managed, turnkey access to applications.

What are the drawbacks of IaaS?

While IaaS offers a range of benefits, it also has some drawbacks. IaaS solutions provide a virtual environment, and the security of the infrastructure is the responsibility of the customer. Therefore, it is important to have a robust security strategy in place to protect against cyber-attacks, data breaches, and other security threats. Using IaaS can be complex and challenging, especially for organizations that are not familiar with cloud computing and virtualization technologies. IaaS solutions can also be expensive, especially when considering the cost of purchasing and maintaining the necessary hardware, software, and storage solutions. IaaS requires ongoing maintenance and management, which can be time-consuming and costly, and often come with limited customization options, which can make it difficult for organizations to fully meet their specific requirements.

Security Risks: IaaS solutions provide a virtual environment and security of the infrastructure is the responsibility of the customer. Therefore, it is important to have a robust security strategy in place to protect against cyber-attacks, data breaches, and other security threats.

Complexity: Using IaaS can be complex and challenging, especially for organizations that are not familiar with cloud computing and virtualization technologies.

Cost: IaaS solutions can be expensive, especially when considering the cost of purchasing and maintaining the necessary hardware, software, and storage solutions.

Maintenance: IaaS requires ongoing maintenance and management, including software updates, security patches, and backups, which can be time-consuming and costly.

Lack of Customization: IaaS solutions often come with limited customization options, which can make it difficult for organizations to fully meet their specific requirements.

Network Latency: The network latency can be an issue with IaaS, especially for organizations that require real-time data processing and access to mission-critical applications.

Microsoft Azure Locations

Benefits of IaaS Azure

Eliminate capital expenditure and reduce current costs.

Azure IaaS offers a fully maintained and scalable data centers throughout the world (known as Azure regions (54 regions worldwide) and (currently available in 140 countries) and eliminates the initial cost of managing it, making it an economical choice for companies and start-ups testing new ideas.

Improve business continuity and disaster recovery.

Achieving high availability, business continuity and disaster recovery is expensive as it requires a significant amount of technology and personnel. However, with the correct Service level Agreement (SLA), IaaS can reduce this cost and regularly access applications and data in the event of a disaster or disruption.

Innovate quickly.

Azure offers IAAS on a large scale; with an almost infinite amount of infrastructure available within minutes rather than weeks or months. When you decide to use a new product or initiative, the IT infrastructure you need may be available in minutes or hours instead of days, months or months for internal configuration. This scale allows you to deliver solutions quicker, faster, more often than not and lower cost solutions to provide real value to users and clients.

Respond more quickly to changes in business conditions.

IaaS enables you to quickly increase resources (with auto-scaling and content delivery networks) to meet the demand levels of applications and users, for example during peak periods (or big sales, considering Black Friday sales), and to reduce them when activities decrease in order.

Focus on your core business.

Instead of having a team of engineers to manage your on-premise infrastructure, Azure IaaS removes the need for hardware to be managed. This allows your team to focus on their core business and not managing your IT infrastructure.

Better security

Azure Security and compliance has the following features: Detects and Investigate Security Concerns

It gets new applications faster for users.

With almost infinite infrastructure availability and availability from anywhere in the globe, Microsoft Azure can save you time and money and most importantly, deploy applications to your user base faster than your traditional on-premise environment.

Microsoft Azure IaaS Features

Virtual Machines

Microsoft Azure IaaS offers a wide range of virtual machines (VMs) that can be customized to meet the specific needs of organizations. VMs can be created in minutes, and can be easily scaled up or down based on demand. Azure VMs also support a wide range of operating systems, including Windows, Linux, and SQL Server.

Virtual Networks

Azure Virtual Networks allows organizations to create and manage virtual private networks (VPNs) in the cloud. This enables secure communication between different parts of an organization, and also allows for remote access to the organization’s resources.

Storage

Azure Storage provides a scalable, secure, and highly available storage solution for organizations. It supports different types of storage, including blob, file, queue, and table storage, and also offers backup and disaster recovery capabilities.

Load Balancers

Azure Load Balancer distributes incoming traffic across multiple VMs, ensuring high availability and scalability of the organization’s applications. It supports both inbound and outbound scenarios, and can also be used for cross-region scenarios.

Autoscaling

Azure Autoscaling allows organizations to automatically adjust the capacity of their applications based on demand. This enables organizations to handle sudden spikes in traffic without compromising performance, and also reduces costs by scaling down when demand decreases.

Azure Resource Manager

Azure Resource Manager is a management layer that enables organizations to manage and organize their Azure resources. It provides a unified view of all resources, and also allows organizations to create templates that can be used to automate the deployment of their resources. Resource Manager also enables organizations to group resources into resource groups, which can be used to manage and monitor the resources together.

Azure Security

Azure Security provides a comprehensive set of security features to protect the organization’s resources. This includes Azure Security Center, which provides threat protection across all Azure resources, Azure Active Directory, which provides identity and access management, and Azure Key Vault, which provides secure storage of cryptographic keys and secrets.

Azure Monitoring and Management

Azure Monitoring and Management provides a set of tools and services to monitor and manage the organization’s Azure resources. This includes Azure Monitor, which provides real-time monitoring and alerts, Azure Automation, which enables organizations to automate their Azure resources, and Log Analytics, which enables organizations to collect and analyze log data from different Azure resources.

Azure Cloud

Common IaaS corporate scenarios

Typical things that companies do with IaaS:

Testing and development.

Teams can quickly set up and remove test and development environments, and enable new applications to reach the market faster. IaaS makes development test environments faster and cheaper.

Website Hosting

The use of IaaS may be less than the cost of traditional web hosting.

IaaS is cost effective with no system administration skills required. Hosted platforms are a subset of cloud computing that allows you to virtually set up technologies such as web applications.

Archiving, backup and recovery.

Organizations avoid the complexity of storage management, which requires qualified personnel to manage the data and typically meet data and legal compliance requirements from storage-related capital cost. IaaS is useful for managing unpredictable demand and increasing storage needs. It can also simplify the planning and management of backup and recovery systems.

Web Applications

IaaS provides all the infrastructure required to support Web applications, including storage, web servers, applications, and network resources. Companies can quickly implement IaaS Web applications and easily scale their infrastructure when the application demand is unpredictable.

High performance computing.

High-performance computing (HPC) in supercomputer, computer networks, or computer clusters can solve complex problems with millions of variables or calculations. Examples include earthquake and protein folding simulations, climate and weather forecasting, financial models, and product design assessment.

Big data analysis.

Big data is a popular term for large data sets that contain potentially valid models, trends, and associations. Working with datasets to identify or reveal these hidden models requires a large amount of processing power that IaaS offers at low cost.

Why choose Microsoft Azure IaaS for your infrastructure requirements?

Protect and manage your workloads with integrated tools

Azure IaaS offers a complete intergrated, intelligent service package for all your security and management needs. Activate Azure Security Center to gain complete visibility into the security status of virtual machines, proactively identify and mitigate risk and quickly detect and respond to advanced threats.

Safely implement your hybrid cloud strategy

Move beyond connecting your data center to the cloud. Azure IaaS is the only cloud that delivers truly consistent hybrid cloud capabilities across all on-premises and cloud environments.

Reduce and optimize infrastructure costs

For virtual machines with Azure IaaS, you only pay for the infrastructure you use per second billing, reduce the dedicated Azure VM instances to the workloads you expect, and take advantage of the Azure Hybrid for more savings.

Quickly provide infrastructure for all your workloads

With Azure IaaS, if critical applications are running on Linux, Windows Server, SAP, or Oracle, Azure IaaS will provide certification and support for these and other workloads, including preferred open source technologies.

Now that you know some more about Microsoft Azure IaaS, you should see how our Azure Management tools will assist you to quickly and easily manage your Azure environment. For more information click here

Use Cases of Microsoft Azure IaaS

DevOps

Microsoft Azure IaaS provides a great platform for DevOps teams to build, test, and deploy their applications. It provides a wide range of tools and services, including Azure DevOps, which enables organizations to build, test, and deploy their applications on Azure.

Disaster Recovery

Microsoft Azure IaaS provides a reliable and cost-effective disaster recovery solution for organizations. It allows organizations to replicate their on-premises infrastructure to the cloud, providing a backup in case of an outage or disaster.

Hybrid Cloud

Microsoft Azure IaaS also provides a great platform for organizations to build a hybrid cloud. This allows organizations to use both on-premises and cloud resources, providing increased flexibility and scalability.

Azure IAAS FAQs

Question Answer
What is Microsoft Azure IaaS?
 Microsoft Azure IaaS (Infrastructure as a Service) is a cloud computing service that provides virtual machines, storage, and networking services.
Is Microsoft Azure IaaS or PaaS or SaaS?
 Microsoft Azure provides all three types of cloud services – IaaS, PaaS, and SaaS. Azure IaaS is a part of its IaaS offerings.
What are the 4 types of Azure services?
 Microsoft Azure offers four types of cloud services – compute, storage, networking, and app services.
What is the difference between Azure PaaS and IaaS?
 The main difference between Azure PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) is that PaaS offers a platform for developing and deploying applications, while IaaS provides virtual machines and other infrastructure components.
What are some benefits of using Microsoft Azure IaaS?
 Microsoft Azure IaaS offers benefits such as scalability, flexibility, cost savings, increased security, and global reach.
How does Microsoft Azure IaaS help with disaster recovery?
 Microsoft Azure IaaS offers features such as automated backups, replication, and failover, which can help with disaster recovery.
What are some popular use cases for Microsoft Azure IaaS?
 Some popular use cases for Microsoft Azure IaaS include hosting websites and applications, running virtual machines, and storing and analyzing data.
Can I use my own operating system with Azure IaaS?
 Yes, you can use your own operating system with Azure IaaS. Azure offers a variety of virtual machine images, including those with Linux and Windows.
Is Microsoft Azure IaaS suitable for small businesses?
 Yes, Microsoft Azure IaaS can be suitable for small businesses as it offers scalability and cost savings, allowing businesses to pay only for the resources they use.
How does Azure IaaS compare to other cloud providers?
 Azure IaaS offers competitive pricing, a wide range of virtual machine sizes, and integration with other Microsoft services, making it a popular choice among businesses.

Conclusion

Microsoft Azure IaaS provides a wide range of features and benefits for organizations looking to migrate their IT infrastructure to the cloud. Its features include virtual machines, virtual networks, storage, load balancers, and autoscaling, which can be easily managed and customized using the Azure Resource Manager. Azure Security provides a comprehensive set of security features to protect the organization’s resources, while Azure Monitoring and Management provides a set of tools and services to monitor and manage the organization’s Azure resources. Additionally, Azure Pricing is based on a pay-as-you-go model, providing organizations with cost-effective and scalable solutions.

Azure AD Connect – How to hard match user accounts

Azure AD Connect – How to hard match user accounts

by | Nov 9, 2018 | Azure, How To

How to hard match user accounts in Azure AD

Azure AD Hard Match User Accounts

Recently we were asked if we could help out one of our clients with something I’m sure many other companies have found themselves in, user account separation. They have been using Office 365 and manually creating users that match their existing on premise accounts. It started innocently enough, with just a few test users and over time grew to 300! Of course this created huge managed overhead as they had to manage the same user in Azure and on premise AD. Of course AD Connect will allow you to synchronise your on premise users but they didn’t want to disrupt their cloud based users in the process.

Now, if you attempt to sync your on-prem users to Azure AD that have the same UPN, the sync will fail with an error indicating that the user already exists – duplicate account.

OK, so what are our options here?

One option is to delete the cloud account and have AD Connect recreate it. However, this could have issues with licensing, mailbox access and you may still have other sync issues and end up with some users missing.

Either way, the client did not want to go down this path, so the only other option is to “hard match” the cloud account with its relevant on premise object.

AD Connect uses an attribute called the “ImmutableID” to match the Azure AD object with the on premise object. However, the on premise account doesn’t have an ImmutableID attribute so you can’t just find it and apply it, instead it uses the ObjectGUID and converts it to a base64 string to get the ImmutableID.

You can see the ObjectGUID for any  user by looking in ADUC, Attribute Editor tab.

OK, a bit to take in there. So here’s a quick table outlining it all.

User On-prem AD ObjectGUID On-prem AD ObjectGUID (converted to Base64) Azure AD ImmutableID
John.Smith@smikar.com 4acbdc47-2a79-4836-9285-593ea01e9d3f R9zLSnkqNkiShVk+oB6dPw== R9zLSnkqNkiShVk+oB6dPw==

As you can see, when the ObjectGUID attribute is converted to a Base64 string, the value matches the ImmutableID. If these 2 objects match, AD Connect sees them as one object and happily syncs them.

Now, when a user is manually created in Azure AD, the ImmutableID is blank. So if you have an on premise user with a UPN of john.smith@smikar.com and you manually create the same user name in Azure AD, the ImmutableID will be blank, and when AD Connect sees the object it will kick out a “duplicate object” error.

OK, so how do we fix this mess?

What we need to do is get a list of all the cloud accounts, find their equivalent on premise account, get the objectGUID, convert it to Base64 and then apply that value to the cloud account. AD Connect will then match the 2 objects.

How do we do this?

PowerShell of course.

You will need a few things for this:
The MSOnline powershell module
The ActiveDirectory powershell module
Global Admin access to the tenant containing your users
Read access to your on prem AD

If you don’t have the MSOnline module, open up PowerShell and run Install-module MSonline

Below is the code we used to hard match the user objects, it’s far from pretty but it did the job in the time we had.

WARNING: If you decide to use our script in your environment, you do so at your own risk, we accept no responsibility for any negative impacts it may cause.

Import-module msonline

Import-Module activedirectory

Connect-MsolService

#Get a list of all the Azure users

$users = get-msoluser

foreach ($user in $users) {

#Ensures the object has an @CompanyX UPN, has never been synced, and contains details for a first and last name

if ($user.UserPrincipalName -match “@companyX.com” -and !$user.LastDirSyncTime -and $user.FirstName -and $user.LastName) {

#Put the SAM account together by getting the last name, adding an underscore and adding the first name (eg. smith_john). This will need to be modified to match whatever your company uses as a SAM account format.

$sam = $user.LastName + “_” + $user.firstname

#Get the AD user object based on the created SAM above, get the ObjectGUID value and convert it to a base64 value.

$ImmID = Get-ADUser -identity $sam -Properties ObjectGUID | select ObjectGUID | foreach {[system.convert]::ToBase64String(([GUID]($_.ObjectGUID)).tobytearray())}

#Sets the converted ObjectGUID as the ImmutableID for the user

set-msoluser -UserPrincipalName $user.UserPrincipalName -ImmutableId $ImmID

}

}

After the script was executed we kicked off a sync of AD Connect which matched up all the user objects with their on premise user account and had the 300 plus manually created user accounts now synced.

MICROSOFT’S January 2017 PATCH RELEASES

MICROSOFT’S January 2017 PATCH RELEASES

by | Jan 11, 2017 | How To

MICROSOFT’S January 2017 PATCH RELEASES

Microsoft have released 4 new Patch Tuesday releases for deployment this month of January. Quite a small deployment of updates this month 🙂

January 2017 Patch Tuesday

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS17-001 – Important

Security Update for Microsoft Edge (3199709)
This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

MS17-002 – Important

Security Update for Microsoft Office (3214291)
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS17-003 – Critical

Security Update for Adobe Flash Player (3214628)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS17-004 – Important

Security Update for Local Security Authority Subsystem Service (3216771)
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

KB3209501 Update for SCCM 1610

KB3209501 Update for SCCM 1610

by | Dec 15, 2016 | Fixes, How To, Patch Releases, SCCM

How to update to KB3209501 for Microsoft SCCM 1610

If you’re experiencing issues with Microsoft SCCM 1610, the recently released update KB3209501 might just be the fix you need. This update resolves various problems related to Configuration Manager version 1606 to version 1610 upgrade, Software Center, BITS for Windows Express Update Files, Task Sequences, and more. In this article, we’ll guide you through the process of updating SCCM 1610 to KB3209501, step-by-step.

KB3209501 FAQs

Question Answer

What is KB3209501?

 KB3209501 is an update for Microsoft SCCM 1610 that was released in December 2016. It fixes various issues with SCCM 1610.

What issues does KB3209501 fix?

 KB3209501 fixes issues such as the SMS Agent Host process using 100% of available CPU time, Task sequence deployments failing, and more.

How do I update to KB3209501 for Microsoft SCCM 1610?

 To update to KB3209501, open your SCCM console, navigate to Administration > Cloud Services > Update and Servicing, and follow the steps.

Should I install updates in preproduction prior to production?

 It is always good practice to install any updates in preproduction prior to production.

Is KB3209501 installation time-consuming?

 Yes, KB3209501 installation may take some time to finish, so be prepared to be patient.

 Update to KB3209501

So now that you know what KB3209501 fixes now just follow the below tasks to update your SCCM environment.

Open your SCCM console and navigate to Administration, Cloud Services and highlight Update and Servicing

KB3209501 Installing

Next, highlight update KB3209501, then right click and choose Run Prerequisite Check.

KB3209501 prerequisite check

Give the prerequisite checks sometime to complete.

KB3209501 checking prerequisites

Keep refreshing the console to see when it has completed.

KB3209501 prerequisite passed

Once the KB3209501 prerequisite checks have passed, again highlight the update and then right click and choose Install Update Pack.

KB3209501 Install

You are now presented with the Configuration Manager Updates Wizard. Select whether you want to ignore any prerequisite check warnings if you received them or not and then click Next.

KB3209501 Install 2

On the Client Update Options tab, you can select to update without validating against your preproduction environment before updating your production environment. As this is one of our many labs, I have chosen to go ahead without validating. While this is a lab, not everyone can has his luxury, so remember It is always good practice to install any updates in preproduction prior to production.

KB3209501 Install 3

On the License Tab page, confirm you accept the license terms and privacy statement and then click Next.

KB3209501 Install 4

Confirm what is shown is on the Summary Tab is correct and then click Next.

KB3209501 Install 5

The installation will no be performed in the background, so on the Completion Tab click Close.

KB3209501 Install 6

As you can see, KB3209501 is installing in the background. For my lab, it did take some time to finish so prepare to be patient.

KB3209501 Installing

Updating SCCM 1610 to KB3209501 is a straightforward process that can help you resolve a range of issues and improve the overall performance of your Configuration Manager environment. By following the steps outlined above, you can ensure a smooth and successful update. Don’t forget to install updates in pre-production first to avoid potential conflicts