Active Directory admins, decision makers, consultants, & architects: we've created an anonymous survey about the future of managing AD. Your feedback will help us plan & prioritize. Please share this broadly with your peers https://forms.office.com/r/Dv9w9B8Zt9

@NoTheOtherNick good point. And very well!

Join us for live Windows Server vNext "Ask Microsoft Anything" January 25 at 9am Pacific. Ask questions & give feedback on the next version of Windows Server, chat with MS technology experts like Jeff Woolsey, Elden Christensen, Rick Claus, & yours truly https://techcommunity.microsoft.com/t5/windows-server-news-and-best/windows-server-quot-ask-microsoft-anything-quot-january-25/ba-p/4036765

Windows Server 2019 mainstream support ends today. 5 years remain for free security updates

For more info what you get by upgrading to WS2022, see https://learn.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2022

For more info on what's coming in Windows Server vNext, see https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions

Finally, if you are joining us downtown, I'll be at The Hub on level 5 at the infrastructure experts station all Wednesday & Thursday, available to answer questions or find you someone who can help. A real value of attending MS Ignite is the conversations

See you soon /f

"What's new in Windows Server vNext" covers Active Directory, File Server, Storage, Hyper-V, Security, hardware support, etc. The presenter is Jeff Woolsey, who always puts on a great talk. I contributed, so at least one demo has cute dogs 😅 https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions /2

IT Pros: #MSIgnite is this week & while the in-person event has sold out, you can still livestream the keynote, breakouts, Q&As for free. The sessions are recorded for afterwards, including one not to miss:

"What’s New in Windows Server vNext"

Https://ignite.microsoft.com 🧵

@98codes you have my address

@ThomM 🥰

“Enjoy your weekend!”

@SwiftOnSecurity I personally find explaining relay attacks, AitM, & PtH too hard for decision makers. So I’d just tell them that MS is making SMB signing mandatory by default & we are removing and replacing NTLM by default. Both are true, both are public, & both are being done because unsigned SMB and NTLM are simply too unsafe to be allowed to exist anymore. They can wait for us to force them or they can do it now

Https://aka.ms/ntlm
https://aka.ms/SMBSigningOBD
https://aka.ms/SmbNtlmBlock

@alex_02 get to it

@DoctorDNS all of them

Finally, SMB over QUIC client access control that we announced in Insider Build 25977 now supports using certs with subject alternative names. This means CAC no longer requires a single subject, like the current SMB over QUIC https://aka.ms/SmbOverQUICCAC

More big news next week 😮 /f

SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using alternative network ports using NET USE & New-SmbMapping. An admin can disable this. The next Server Insider will support alternative QUIC server ports (not TCP/RDMA) /4 https://aka.ms/SMBAlternativePorts

The new SMB NTLM blocking option announced in Insider build 25951 now supports exception lists for NTLM usage. An admin can configure a general block on NTLM usage while still allowing clients to use NTLM for specific servers that don't support Kerberos /3 https://aka.ms/SmbNtlmBlock

Creating the first SMB share changes a longtime Windows Defender Firewall default behavior: NetBIOS ports no longer open. SMB2+ don't need these ports. A future Insider change will likely remove ICMP, LMNNR, & Spooler from this list also /2
Https://aka.ms/SMBfirewall

IT Pros & Infosec: we released a number of new SMB features & behavior changes to Windows Insiders today https://aka.ms/wip25992 Short 🧵

- Firewall default ports change for SMB shares
- SMB NTLM blocking exception list
- SMB alternative ports
- SMB over QUIC CAC improvements

The Matrix: Wow this Anderson guy is a slave to the system

The Matrix 2023: Wow this guy had his own cube at work

@sqlchick thanks!