All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s
I agree there is room for improvement but your arguments are weak. The user interface (whoever is using it?) is questionable in AWS and in GCP as well, IMO it is because of the underlying complexity in all clouds. Reliability statement should be backed by the existing SLA, or is it some complaint that MS does not provide four/five 9s for every service? The bit about it being expensive depends on what you compare it with, AWS is notorious as well, every time you need something to build you do not know if that will cost 1k or 10k per month.
I am not some sort of Azure fanboi and love AWS but there are things MS is good at as well, however people hate that.
[0] https://learn.microsoft.com/en-us/shows/visual-studio-visual...
The most uncomfortable part is their log in. The amount of re-directs and glitches there are insane. Its hard to believe that it works as intended.
As an example, for some reason I could not download the BAA because trying to download it lead to a login loop on their trust website, while I was still able to see the Azure console ok in the same browser.
When I signed out of my Azure account to try if a fresh login helped, it did not trigger my 2FA at the next login. In my mind, if I actively logged out from a browser window, I withdraw my trust in that device. So not being triggered for 2FA is a massive red flag.
(no I still could not download the BAA, nor file a ticket for it, but somehow a colleague could download it ok.)
I know these are different divisions, but it does say something about the culture. Windows has always been a dumpster fire, but when it was built by nerds and not managers, it felt more, uh, tolerable.
I believe that multiple article, e.g. on The Register, has mentioned that people who have left the Azure team has routinely complained that the pace was to high, and that everything is pretty much duct taped together. This was years ago, so it may have changed.
Microsoft, Google and others, have created a culture that are no longer able to produce high quality solutions, because they can't focus on a single vision for their products. Or in some cases the vision does not align with creating good products.
SQL Server is a really good example, it's highly focused, it exists outside the current hype bobble, there's no advertising, no subscription, just a database server and it's a really good product. Exchange sucks, because it been pulled in to new subscription based world, and it's going to suffer for it.
To be fair, not a lot of things were user-friendly back then, and Windows was the standard consumer OS for a good reason. It was solidly OKAY.
Using the latest versions of Windows, however, is just infuriating even without any complicated setup.
There is no incentive, as long as monopoly money from captures audience keeps rolling in.
Well, it's not like there are that many alternatives. macOS is out of the price range for public service and most large companies, in addition to a lot of specialist software not being available for macOS.
Linux has it even worse regarding application compatibility on desktop - and no, WINE is not an option, because the kind of software used in public services comes with strict stipulations where you can run it, sometimes down to minor versions, and if you violate that, the vendor can and will refuse support. For a lot of FOSS software, there isn't even commercial support available so it gets automatically off the list because companies actually want to pay people so that they have someone to talk to when they get issues. And that's before you hit the cost wall that is employee (re)training.
IMHO, it would have been the role of our governments to mandate MS get their shit together first before diving into AI and advertising crap.
The 'WIN32_LEAN_AND_MEAN' era. Ye. Way more relatable than todays malware riddled joke of an OS. It is too bad since the Windows 7 foundation seems OK.
These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.
Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)
If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.
*nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked), but MS really doubled down on systematic improvements that Linux is only now going through.
See the recent CUPS fiasco, C-code from 1999 running as root, and the "stuck in the mud" mentality that Linux has because there isn't the appetite for consistent investment and wholesale overhauls.
It has to do with "activation energy" and "local maxima". Linux feels like it's reached the local maxima, and it's a pretty tall peak to start from, so we can't get over the hump to make a step-change or drop back to a hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0" (eg: take the loss for a decade or so in reduced functionality to end up on a more sane "other side" with better security principles and systematic depreciation of inefficient or insecure API-types).
There was a LWN article which talked about "permissions should be managed at the mount level, not the file level", and honestly that makes so much more sense, but it "loses" POSIX, and no one person is willing to "break linux" to admit to that mistake. Tons of other examples (eg: file race conditions, unprivileged by default, more protections on /usr than /home, etc)
Them offering the ~same product but cheaper is good.
Doesn't seem to have really worked for MS though, as evidenced by their many significant security lapses over the last several years.
The US Gov even officially called them out on it a few months ago, specifically singling out MS for their atrocious repeated security fuck ups.
Last i heard the "state actors" had access to AD master credentials.
On every first try, I cannot log in into Azure Portal. I chlick "try again", it works. And it's like that for months, if not years.
IMHO it says a lot of your culture if every first interaction of your customers with your product end with an error - and you simply don't care to fix it.
1. Executive Support - can you assure me that MSFT will have my back when (not if) the shit hits the fan? Can I count on Satya or Jason Zander calling my CEO to reassure them if we’re working through a catastrophic issue? Because as an executive my career at this company is over otherwise when that happens.
2. Industry and analyst landscape - Which of my competitors / peers use your technology? I won’t be first in the pool. What does Gartner tell me about your company behind closed doors?
3. Competitive - Do any of your divisions compete directly with any of ours? Because I’ll be fired at the next board meeting if they read in the WSJ that we’re funding an adversary.
Cost is negotiable, what is a UI?, and sorry, I don’t care if all of the above is good but Azure isn’t the engineers’ favorite thing. Y’all work for me.
Really? I did a quick search and azure charges 2.08 cents per GB for "hot" storage compared to 2.3 cents for aws. That's not that big of a difference. Am I missing something?
Look at the CVEs for azure, msal and Active Directory for some good laughs.
Now realise most governments, large companies and education works on this
https://www.itprotoday.com/attacks-breaches/the-story-behind...
https://www.microsoft.com/en-us/security/blog/2022/01/21/cel...
...while they may also (deservedly) be getting flack now, 20 years ago it was orders of magnitude worse.
I've also encountered strange bugs, like asking to log into tenant A and getting logged into, instead, tenant B. In a loop, effectively locking me out.
The exact quirks and bugs seem to come and go, I presume as the code is changed & updated.
From what I can tell, they use it as proving ground for whatever crap they’re going to force on other applications.
After getting it to work on a raspberry pi, I decided I wouldn’t use any logged in Microsoft product in a professional setting.
Anyway, I’m sure they’ll eventually unify GitHub and LinkedIn login the same way they did with Minecraft. At that point, our industry will implode.
One example is if you have multiple subscriptions and you want to select a particular subscription; the UI is so horrendous that even after using it everyday it’s so confusing. It’s such a simple thing that I am sure MSFT implemented it a million times but they just can’t do it in Azure.
It’s the worst of the three cloud providers.
The main reason they are second is because they have a sales org that sells well to naive cto’s.
This is a big point that others in this thread are missing. Amazon is increasingly competing in more and more spaces, and companies are rightly hesitant to get into bed with Amazon when they are a direct competitor. Azure is the only other serious choice, GCP isn't even going to be considered.
Silicon Valley might run on AWS but the rest of non-tech company corporate America runs on Azure (or on-prem still). The IT landscape looks a lot different outside of the SF Bay Area SaaS bubble.
Logins that redirect to odd places. Jolting issues because you changed a seemingly innocuous security setting (i.e. OneNote refuses to sync on specific versions of the app/software if you don't grant them full access). Or just inconveniences, like having to login multiple times across their own sites when I dive into Office settings management. Seemingly forced use of the Microsoft Authenticator app from time to time.
Multiple computers, multiple devices. I can usually work around it, but it is a pain.
I imagine they can beat any record with a simple single-table CRUD.
Windows NT started as a multi-user, permissioned, and network-aware OS. The team that built NT came from DEC, not the MS-DOS team.
Windows Me was the last version of Windows that had any form of DOS underpinnings.
It is probably my "fault" by using Safari (no extensions) and not the all-praised(tm) Edge.
I couldn't add a billing profile to my MPN account the other day - endless loading without any indicator of success. It did work in Chrome though, except the "save" action which resulted in endless loading too, but still saved everything as expected.
I will say, they made a change to the auth system recently that made log-in significantly worse. Now several times a day my session expires or something and I go through a 5-10 second redirect flow which visibly jumps between different login APIs to refresh my log in state. (And of course this happens at the start of the day.)
https://www.theregister.com/2023/12/14/linkedin_abandons_mig...
As an administrator of around 10,000 servers and devices, I have never had this ability before.
I am sure there are better products out there, but this is what the company purchased, and the visibility it has given us into our organization has been a game changer for us.
I apologize for not hating it just because it is Microsoft.
Fwiw, for as much rightful criticism as Google receives for things like killing consumer products and behaving badly with user data, its internal IT runs better than -- in my opinion as an ex-employee -- any other large enterprise in the world. And it's secure.
cod? Call of Duty?
I’m an engineer on the vendor side that begrudgingly got promoted into CTO role where I was helping get deals done with F100 c-levels. So I know how these people think. I hated it, left enterprise a few years ago and never looked back.
My guess is that some change to the login process is not compatible with the cookies I have sitting around from the last time I logged in.
Big Enterprises need alot of bells and whistles and for the longest time, Google Cloud didn't have those bells and whistles. For example, App Engine for longest time didn't have internal IP only. It has it's now but whole point, most people have already evaluated their cloud and picked it.
Also, Google used to be or still is terrible at talking to customers. Big Enterprises require people at Google to actually talk to customers, something Google is notoriously terrible at.
Finally, Google Deprecation Policy has done them in. Many CTOs are scared to get into bed with Google due to it: https://steve-yegge.medium.com/dear-google-cloud-your-deprec...
I opened bug with the Microsoft Premier support and they told me that this works as intended.
So when Microsoft says, it works as intended, it can still be bugged to hell and back. They just don't care.
Yes, for years.
Their dashboard is not great but way better than the competition. As for the cloud service itself, it has been reliable in my experience.
> Google used to be or still is terrible at talking to customers
Aren't all clouds like this unless you're a big org?
> Google Deprecation Policy has done them in
I'm sure some people feel this way but I doubt it's the majority.
>Aren't all clouds like this unless you're a big org?
Our spend is only 10k/mth and Microsoft talks to us. They are overworked but it's better than 1 million Spend/mth I had at $TwoJobs ago and getting anyone at GCP to pick up the phone was pulling teeth.